Recent security vulnerabilities have been identified in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners. If exploited, these vulnerabilities could enable attackers to execute unauthorised code on the affected systems.
In August, Bitdefender, a Romanian cybersecurity company, uncovered a significant flaw in the Bosch BCC100 thermostats. An attacker could manipulate this vulnerability, identified as CVE-2023-49722 with a CVSS score of 8.3, to modify the device's firmware and install harmful versions. The flaw resides in the thermostat's WiFi microcontroller, which serves as a network gateway, and was addressed by Bosch in a firmware update in November 2023.
Additionally, over twenty vulnerabilities have been discovered in Rexroth Nexo cordless nutrunners. These weaknesses could allow an unauthenticated attacker to disrupt operations, alter important settings, and potentially install ransomware. Such attacks could compromise the safety of products assembled using these tools, by causing either inadequate or excessive tightening.
Bosch plans to release patches for these vulnerabilities, affecting several NXA, NXP, and NXV series devices, by the end of January 2024. Until then, users are advised to restrict the devices' network accessibility and monitor accounts with device login access.
Furthermore, Pentagrid identified various vulnerabilities in the Lantronix EDS-MD IoT gateway used in medical devices, with one allowing command execution as root via the web interface.
Risks:
Compromised Device Functionality: Attackers could render Bosch thermostats and nutrunners inoperable or use them as a backdoor for further malicious activities.
Safety Hazards: Particularly with the smart nutrunners, incorrect usage due to tampering could result in safety risks in product assembly.
Data and Network Security: Compromised devices could be used to access other devices on the same network, posing a risk to personal data and network integrity.
Disruption of Medical Services: The vulnerabilities in the Lantronix EDS-MD gateway could disrupt essential medical services if exploited.
Recommendations:
Update Firmware: Immediately update Bosch devices to the latest firmware version to patch the vulnerabilities.
Network Segmentation: Limit the network accessibility of vulnerable devices to minimise risk.
Regular Monitoring: Keep track of accounts that have access to these devices and monitor for unusual activities.
Stay Informed: Follow updates from the device manufacturers for the latest patches and security advisories.
In November 2023, Fidelity National Financial (FNF), a major real estate services corporation, suffered a ransomware attack, compromising the data of over 1.3 million customers. This attack temporarily halted the company's operations for a week. FNF disclosed in an SEC filing that an unauthorised entity accessed their systems, deploying non-self-propagating malware and extracting certain data.
The extent of the breach and the specific nature of the stolen information were not detailed in the filing. However, FNF is offering affected individuals two years of credit and web monitoring and identity theft restoration services through Kroll, a financial advisory firm. LoanCare, an FNF subsidiary, said Social Security numbers were among the compromised data.
FNF is still collaborating with law enforcement, customers and regulators. The company believes this cyberattack won't significantly impact its operational capabilities. However, it is currently facing several lawsuits related to the breach and plans to robustly defend against these legal actions.
The cyberattack was first detected on November 19, with the last known activity of the hackers in FNF’s systems recorded on November 20. FNF responded by engaging cybersecurity experts, notifying law enforcement, and restricting access to certain systems, which led to some operational disruptions.
The ransomware group BlackCat, also known as ALPHV, has claimed responsibility for the attack. This group, linked to Russia, is known for targeting various sectors, including financial services, education, and healthcare. They have been implicated in over 1,000 attacks and have amassed substantial ransoms. The DOJ and FBI reported taking down BlackCat's online operations and creating a decryption tool to assist the victims.
The financial services sector remains a prime target for cybercriminals. A report by Sophos highlighted an increase in ransomware attacks in this industry. Additionally, other financial services firms like loanDepot and Mr Cooper have also recently reported data breaches.
Risks:
Personal Data Exposure: Sensitive information, including Social Security numbers, addresses, and bank account details, may be at risk.
Identity Theft: The stolen data could be used for fraud or identity theft.
Financial Loss: Compromised financial details may lead to unauthorised transactions or financial losses.
Privacy Breach: Personal privacy is jeopardised, with potential long-term implications.
Recommendations:
Credit Monitoring: Enrol in the credit and web monitoring services offered by FNF.
Vigilance for Phishing Attempts: Be alert for suspicious communications that may be phishing attempts using stolen data.
Change Passwords and Security Settings: Update passwords and enhance security settings for all relevant financial accounts.
Monitor Financial Statements: Regularly check bank statements and credit reports for any unauthorised activity.
GitLab has issued critical security updates to address two significant vulnerabilities in its DevSecOps platform. These vulnerabilities, if exploited, could lead to severe security breaches including account takeover and unauthorised command execution.
Critical Vulnerabilities:
CVE-2023-7028:
Severity: Rated 10.0 (maximum) on the CVSS scoring system.
Issue: A flaw in the email verification process that could lead to account takeover.
How it Works: The vulnerability allows password reset emails to be sent to an unverified email address, facilitating unauthorised access.
Affected Versions: All self-managed instances of GitLab Community Edition (CE) and Enterprise Edition (EE) from versions 16.1 to 16.7, with specific older subversions being more vulnerable.
CVE-2023-5356:
Severity: Rated 9.6 on the CVSS scoring system.
Issue: Allows a user to execute slash commands as another user via Slack/Mattermost integrations.
Affected Components: Specific to the integration with Slack/Mattermost.
Patch Details:
Addressed Versions: GitLab has released updates for various versions - 16.1.6, 16.2.9, 16.3.7, 16.4.5, 16.5.6, 16.6.4, and 16.7.2. The bug was first introduced in version 16.1.0 on May 1, 2023.
Two-Factor Authentication (2FA): Users with 2FA are less vulnerable to account takeover but still susceptible to password resets due to the CVE-
2023-7028 vulnerability.
Recommendations:
Immediate Update: Users are strongly advised to upgrade their GitLab instances to the patched versions as soon as possible to mitigate these vulnerabilities.
Enable 2FA: For added security, especially for users with elevated privileges, enabling two-factor authentication is recommended.
Implications:
Account Security: Without the update, accounts are at risk of unauthorised access and takeover.
Integration Security: The flaw in Slack/Mattermost integration poses a risk to communication integrity within teams.
Overall Impact: These vulnerabilities highlight critical security risks in software development and operations platforms, emphasising the importance of timely updates and robust security practices.
Urgency:
Given the severity of these vulnerabilities and their potential impact on account security and software integrity, immediate action is required. Users of GitLab CE and EE should prioritise updating their software and reinforcing their security measures to protect against these vulnerabilities.
*Subscribe to our newsletter
.svg)
.png)
.png)