Fortinet Security Updates

Fortinet addressed a critical vulnerability that gave remote access to numerous services and was being exploited by threat actors in the wild.

The company described the vulnerability as an authentication bypass on the admin interface, allowing unauthenticated users to connect to FortiProxy web proxies, FortiGate firewalls, and FortiSwitch Manager on-prem management instances. Specifically, the flaw (CVE-2022-40684) is an authentication bypass on the administrative interface that allows remote threat actors access to the previously mentioned services.

In a customer support bulletin released today, Fortinet explains that “an authentication bypass using an alternate path or channel [CWE-88] in FortiOS and FortiProxy may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.”

The company stated, “This is a critical vulnerability and should be addressed with the utmost urgency.”

Fortinet advised customers using the vulnerable versions to upgrade immediately since it is possible to exploit the problem remotely.

Over 100,000 FortiGate firewalls may be accessed from the Internet, according to a Shodan search; however, it’s uncertain if their control interfaces are also affected.

In addition, the business stated that the fix was deployed on Thursday and alerted some of its clients via email, asking them to disable remote management user interfaces “immediately.”

A few days after issuing the fix, the business provided more information, stating it had discovered proof of at least one real-world campaign using the flaw.

According to the company, “Fortinet is aware of an instance where this vulnerability was exploited and recommended immediately validating your systems against the following indicator of compromise in the device’s logs: user=”Local_Process_Access.”

The following products are susceptible to attacks attempting to exploit the CVE-2022-40 flaw:

FortiOS: From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1

FortiProxy: From 7.0.0 to 7.0.6 and 7.2.0

FortiSwitchManager: Versions 7.0.0 and 7.2.0

In today’s customer support advisory, Fortinet stated that susceptible devices should be updated to FortiOS 7.0.7 or 7.2.2 and above, FortiProxy 7.0.7 or 7.2.1 and above, and FortiSwitchManager 7.2.1 or above after the company published security fixes on Thursday.

The Fortinet CVE-2022-40684 authentication bypass vulnerability is a critical flaw that allows remote access to numerous services. The company has released security fixes and advises customers to upgrade immediately. Additionally, Fortinet recommends that the internet-facing HTTPS Administration be immediately deactivated until the upgrade can be completed.

Toyota T-Connect Database Exposed

On October 7, 2022, Toyota Motor Corporation made an announcement that the personal information of approximately 296,000 consumers had been compromised.

The Toyota T-Connect system enables owners of Toyota automobiles to link their cell phones to their vehicles. By doing so, users can monitor the status of their engines, listen to music, navigate, and track fuel consumption.

Recently, Toyota discovered that a source code section was published on GitHub. Included in the source code were access keys to the T-Connect data server.

Anyone possessing these keys could gain access to the T-Connect data server. The data server stores customers’ email addresses when they register through the T-connect application. Due to this, unauthorized third parties could access the records of customers between December 2017 and September 2022.

The database keys were updated on September 17, 2022, to prevent any other unauthorized access.

The compromised information did not include the consumers’ personal information, such as their names, credit card numbers, or phone numbers.

In addition, Toyota issued an apology for any inconvenience caused by the improper handling of customer information and stated that a subcontractor was responsible for the mistake.

There are no indications that data has been misused. However, the Japanese automobile manufacturer cannot rule out the possibility of the information being accessed and stolen.

T-Connect users enrolled between July 2017 and September 2022 are cautioned to avoid accepting email attachments from unknown senders. Threat actors may attempt to commit phishing attacks by posing as Toyota officials.

Firefox 106 Update: What’s New and Improved

On October 18, 2022, Firefox 106 Stable and Firefox 102.4 ESR were released to the public.

New features

A new Colorways theme, Firefox view, PDF editing, text recognition, and extraction on macOS are all included in the most recent Firefox Stable release.

While Firefox 106 introduces several brand-new features, the version also resolves security concerns. Mozilla corrected six unique vulnerabilities in Firefox 106 and four vulnerabilities in Firefox 102.4 ESR.

Firefox view

One of the most notable new features is Firefox view. The accessibility of previously opened tabs in the web browser is improved with Firefox view. However, Firefox view also enables users to access tabs from desktop or Android Firefox browsers. This distinct feature will allow users to switch between devices, making it a more convenient browsing experience. Firefox View has three sections: Tab pickup, Recently closed, and Independent voices. However, if consumers are not interested in Firefox View, it is simple to disable it. Users can right-click the Firefox symbol in the browser’s upper left corner and select “Remove from Toolbar.”

Tab Pickup

A Firefox account is necessary to use the tab pickup function. Mozilla uses Firefox Sync to display recently visited pages on other devices within this section. The title, favicon, URL, time stamp, and name of the device the user used to view the tab are all displayed. Additionally, a context menu is visible by right-clicking on a tab. This capability also imports tabs from previous versions of Firefox on the same device. This unique feature allows users to pick up where they left off reading from their phone, tablet, or computer.

Recently Closed

The recently closed section displays the most recent tabs that have been closed in the current window. Details about the closed tab are shown here, such as its title, URL, favicon, and timestamp. Unfortunately, there is no ability to conceal specific closed tabs. However, the arrow button allows you to collapse the recently closed tabs section.

Users can also recover closed tabs by left-clicking. This functionality is helpful if users mistakenly close a tab. However, because recently closed tabs are not synced between devices, Firefox will only show the tabs that were closed in the current browser. Therefore, when users close a tab and exit the browser, the tab is not recoverable through the recently closed section.

Colorways

Firefox users can alter themes, set intensity, and apply themes with one click by enabling Colorways to provide a customizable browsing experience. There are eighteen new themes currently available through January 16, 2023.

PDF Viewer

Firefox’s built-in PDF viewer supports basic PDF editing with version 106 Stable. In addition, the integrated options allow users to write, draw, and add signatures to PDF documents opened in Firefox.

Features for macOS

Users of macOS 10.15 (Catalina) or later can benefit from text recognition and extraction. Unfortunately, the feature currently only supports English on macOS 10.15. However, macOS 11.0 (Big Sur) or later support a more comprehensive range of languages. Users can right-click the image and select “Copy Text from Image.”

Following the text recognition prompt, a modal box with a loading animation will analyze the text in the image and automatically copy the text. Additionally, VoiceOver is also compatible with text recognition.

Developers

In the 106 release, Mozilla made sure to include improvements for developers.

Developers can expect several new features, including improvements to the WebRTC platform and manifest key properties. In addition, the upgrade improves screen sharing on Windows and Linux Wayland, lowers CPU usage, and increases macOS screen capture FPS.

Update

Most versions of Firefox will update automatically. However, users can see what version of Firefox they are using by going to the menu and selecting Help > About Firefox and manually upgrade. As of right now, the release date for Firefox 107 Stable is November 11, 2022.

Overall, Firefox 106 adds a slew of new features and enhancements for all users. Whether you’re a casual user or a developer, this update has something for everyone. Check out all of the new features that Firefox has to offer.

 

Personal Information Compromised in City of Tucson Data Breach

 In light of a recent data breach, the City of Tucson, Arizona, is alerting approximately 123,000 citizens that their personal information has been compromised. The issue was detected in May 2022, but the city’s investigation didn’t conclude until last month.

As detailed in the notification addressed to those impacted by the data breach, an attacker infiltrated the city’s network and exfiltrated a large number of sensitive files.

Between May 17 and May 31, the threat actors obtained access to the network and stole essential documents containing the personal information of over 123,000 people.

The data breach notification states, “On May 29, 2022, the City learned of suspicious behavior using a user’s network account credentials.” Additionally, “On August 4, 2022, the City discovered that certain files may have been copied and removed from its network.”

The city disclosed in a separate notice, “On September 12, this review concluded, and the review determined that the information at issue included certain personal information.”

The city began contacting potentially affected individuals on September 23, informing them that the attackers may have gained access to their names and Social Security numbers, among the sensitive personal information exposed during the incident.

The notification letters issued to the affected individuals also stated that, at the moment, there’s no proof of personal data being used for fraudulent activities.

Affected individuals are encouraged to monitor their credit reports for any unusual activities that may point to identity theft or fraud using their personal information.

For those affected, the city is giving free credit monitoring and identity protection services from Experian for an entire year, as well as advice on how to avoid being a victim of identity theft.

The city is committed to protecting residents’ personal information as it continues to review its existing policies and procedures regarding cybersecurity and evaluate additional measures and safeguards to protect against this type of event.

Akamai Finds 13 Million Malicious Domains Each Month

According to a new Akamai analysis, the company’s experts classified about 79 million domains as dangerous in the first half of 2022; based on a NOD (newly observed domain) dataset, this is about 13 million malicious domains per month, representing 20.1% of all the successfully resolved NODs.

According to Akamai, a NOD is any domain queried for the first time in the last 60 days. And by “malicious,” it means a domain name that leads to a site meant to phish, spread malware or do some other kind of damage online.

Akamai said, “[The NOD dataset] is where you find freshly registered domain names, typos, and domains that are only very rarely queried on a global scale.” The company observes about 12 million new NODs daily, of which slightly more than 2 million are successfully resolved.

The organization uses relatively simple procedures to determine whether a domain is harmful or not. With the assistance of the larger cybersecurity community, Akamai compiled a 30-year predictive list of known domain generation algorithms (DGAs) that may be used to detect domains registered with DGAs.

Since DGA domains may be created in quantity for even temporary campaigns, hackers frequently use them to distribute malware and host phishing pages. Think of DGAs as places on the internet where malware and other things can meet up and use them.

According to the company, most of Akamai’s malicious domain detections come from the “more than 190 NOD-specific detection criteria” it employs for NOD-based detection. They also mentioned that among the 79 million malicious NODs it discovered in the first half of the year, there were only 0.00042 percent false positives.

There are other options than Akamai’s NOD detection, such as Cisco’s “newly seen domain” detection system, which scans DNS data and alerts users to potentially dangerous websites.

Although it’s unclear how those services stack up against Akamai’s, their end objectives seem to be comparable and indicate that NODs are a well-known security issue that other businesses are seeking to address.