September 2023 Security Update: API Security, Government Security Risks

The security landscape continues to expand and evolve with risks to API security, new vulnerabilities discovered, and government agencies in the crosshairs.

ransomware-security

OWASP Top 10 API Security Risks

OWASP released its Top 10 API Security Risks for 2023. The list includes:

  1. Broken object-level authorization
  2. Broken authentication
  3. Broken object property-level authorization
  4. Unrestricted resource consumption
  5. Broken function-level authorization
  6. Unrestricted access to sensitive business data
  7. Server-side request forgery
  8. Security misconfiguration
  9. Improper inventory management
  10. Unsafe consumption of APIs

Action Items:

  • Implement authorization checks for every function that requires user ID to access data.
  • Implement authentication mechanisms correctly.
  • Restrict resource consumption to mitigate risks of DDoS attacks.
  • Ensure clear access control policies with a clear separation between admins and users.
  • Properly inventory hosts and deployed versions to limit exposure.
  • Strengthen security when using third-party APIs.
  • For more information, visit OWASP’s Top 10 API Security Risks landing page.

Cyberattacks Against Governments Are Rising in 2023

Data from the Atlas VPN team show 49 significant cyberattacks against government agencies, an 11 percent increase over the same period in 2022. The attacks impacted government organizations in at least 27 countries.

An analysis of the data by the Center for Strategic and International Studies shows that 16 percent, the largest portion of the attacks, targeted the U.S. government and its agencies. These attacks included a hack of remote desktop software in January 2023 and a worldwide cyberattack in June linked to Russian hackers.

Action Items:

  • Solutions providers that work with government agencies should take a security-first approach to providing technology, patch vulnerabilities as soon as they are discovered, and monitor systems for suspicious activity.
  • Comply with software bill of materials (SBOM) requests.
  • Assist agencies with data management, storage, and secure backup.
  • Review the Executive Order on Improving the Nation’s Cybersecurity.

Ransomware Actors Exploit Cisco Vulnerability

Cisco warned that ransomware groups are exploiting a zero-day vulnerability in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD). The vulnerability, CVE-2023-20269, is medium severity impacting the VPN feature of ASA. It allows attackers to conduct brute force attacks against accounts and then establish clientless SSL VPN sessions to execute actions in the victim’s system.

Action Items:

Bleeping Computer reports that until Cisco fixes the vulnerability, system administrators can:

  • Use dynamic access policies to stop VPN tunnels with DefaultADMINGroup or DefaultL2LGroup.
  • Deny access with Default Group Policy.
  • Implement LOCAL user database restrictions.
  • Point all non-default profiles to a sinkhole AAA server (dummy LDAP) server and enable logging to detect attacks early.
  • Use multifactor authentication (MFA) for VPN connections.

Ransomware Actors Indicted

On September 7, 2023, the U.S. Department of Justice announced indictments against TrickBot malware and Conti ransomware group members. The nine Russian nationals had allegedly attacked more than 900 victims around the world, including hospitals, schools, and businesses. Trickbot was a suite of malware tools developed to install Conti ransomware as well as to steal money.

Conti, a Ransomware as a Service variant, used vulnerabilities in remote monitoring and management software and remote desktop software as backdoors. Then, actors used tools on the victims’ networks to obtain credentials and escalate privileges.

Action Items:

  • Read the details of the indictments here.
  • Learn more about Conti, Trickbot, and cyberattack exploits.

CISA Adds Two CVEs to Its Catalog

The Cybersecurity & Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities Catalog with two new entries:

CVE-2023-41064: ImageIO buffer overflow for Apple iOS, iPad OS and macOS

CVE-2023-41061: Wallet code execution vulnerability for Apple iOS, iPadOS, and watch OS.

Action Items:

  • Review these and other known vulnerabilities.
  • Reduce exposure by updating software or fixing with patches.

For more security updates and insights, visit DevPro Journal’s Security resources page.

Jay McCall

Jay McCall is an editor and journalist with 20 years of writing experience for B2B IT solution providers. Jay is co-founder of XaaS Journal and DevPro Journal.


Jay McCall is an editor and journalist with 20 years of writing experience for B2B IT solution providers. Jay is co-founder of XaaS Journal and DevPro Journal.