Hello Digital Defenders! 

From the bustling streets of digital commerce to the intricate circuitry of embedded systems, our first story takes us into the world of API security. With cases like the myIDENTITI API breach, it's clear that no API is an island, and securing these digital bridges is more critical than ever.

Next, we shift gears to an exciting collaboration in the embedded software and hardware realm, where Narf Industries, MITRE, and Red Balloon Security are joining forces. Their mission? To develop the EMB3D framework, ensuring our critical infrastructure stays fortified against evolving cyber threats.

Lastly, we spotlight a vulnerability that hit close to home for many Outlook users. The discovery of zero-click RCE exploits in Microsoft Windows is a chilling reminder of the perpetual game of cat and mouse played in the cyber world.

Secure Your APIs: The OWASP 2023 Update

In the digital age, API security is more crucial than ever. Recent breaches, like the May 2022 myIDENTITI API incident affecting 22.5 million Malaysians, and the December 2022 SevenRooms data leak, highlight this urgency. These examples underscore the reality that APIs are prime targets for cybercriminals.

With the increasing reliance on APIs, companies must strengthen their defenses. The OWASP API Security Top 10 for 2023 provides a roadmap. Key areas include safeguarding against broken object level authorization, broken authentication, unrestricted resource consumption, and server-side request forgery. The Optus and Experian breaches are stark reminders of the consequences of overlooking such vulnerabilities.

The Splunk 2023 State of Security report indicates a significant rise in API integration over the next two years. This makes it imperative for businesses to revisit their API security strategies. Like a house, it's not just the doors and windows that need securing; the walls, representing overlooked API vulnerabilities, must also be fortified.

To stay ahead, companies should consider the entire spectrum of potential API threats and ensure their strategies are comprehensive and up-to-date. This proactive approach is crucial for protecting sensitive data and maintaining customer trust in our increasingly connected world.

Quick Stats:

• API Security Incidents: The myIDENTITI API breach impacted 22.5 million individuals, while the SevenRooms leak involved over 400GB of sensitive data.

• Future Trends: By 2025, half of businesses will prioritize API integration, as per the Splunk report.

• OWASP 2023 Focus: Includes broken authentication, server-side request forgery, and improper inventory management among the top ten API vulnerabilities.

Let's secure our digital future by addressing API vulnerabilities today. What's your API security plan?

Collaborative Cybersecurity: Narf Industries Teams Up with MITRE and Red Balloon Security

Narf Industries plc is stepping up its game in the cybersecurity world. In a significant collaboration with MITRE and Red Balloon Security, they aim to develop a new threat model, EMB3D, focusing on enhancing security for embedded software and hardware crucial to critical infrastructure.

MITRE, a powerhouse with over $2.2 billion in annual revenues, and Red Balloon Security, known for its firmware-level security solutions, bring invaluable expertise to this venture. The goal? To tackle the often-overlooked vulnerabilities in embedded devices, which are integral to our critical infrastructure but frequently lack robust security measures.

EMB3D is not just another framework. It's designed to be a living, evolving tool. As new cyber threats emerge and security researchers uncover fresh vulnerabilities, EMB3D will adapt and update. Set for a public release in early 2024, it promises to be a valuable community resource, with open access and collaborative inputs from the broader security community.

This initiative signals a pivotal shift in the cybersecurity landscape, focusing on the critical infrastructure sector that's increasingly at risk. The collaboration's scope encompasses device vendors, manufacturers, asset owners, security researchers, and testing organizations, offering them a comprehensive tool to evaluate and mitigate risks.

Key Highlights:

• Collaboration: Narf Industries, MITRE, and Red Balloon Security join forces.

• Focus: Enhancing security for embedded software and hardware in critical infrastructure.

• Framework: EMB3D, a living, evolving tool to address cybersecurity challenges.

• Community Involvement: Open access for contributions and updates by the security community.

With EMB3D, Narf Industries and its partners are not just responding to current threats but also preparing for the future, ensuring our critical infrastructure remains secure and resilient.

Outlook’s Zero-Click Vulnerability: A Cybersecurity Wake-Up Call

Microsoft Outlook users, brace yourselves. Akamai's Ben Barnea has unearthed two critical security flaws, now patched, which could enable remote code execution (RCE) without any user interaction. These vulnerabilities pose a serious threat to the security of Outlook email service users.

The first vulnerability, CVE-2023-35384, involves a security feature bypass in Windows HTML Platforms, while the second, CVE-2023-36710, concerns a remote code execution vulnerability in Windows Media Foundation Core. Together, they form a dangerous combination that could be exploited to execute code remotely on an Outlook client, simply by sending a malicious email.

CVE-2023-35384 is a bypass to a previously patched critical security flaw, CVE-2023-23397, which could lead to NTLM credential theft. This vulnerability, along with its predecessor CVE-2023-29324, allows attackers to trick Outlook into connecting to a malicious server to download harmful sound files.

CVE-2023-36710, on the other hand, is rooted in an integer overflow vulnerability within the Audio Compression Manager component, particularly when playing a WAV file. This flaw, when combined with CVE-2023-35384, can execute code on the victim's machine without any clicks or user interaction.

Microsoft, along with cybersecurity firms Proofpoint and Palo Alto Networks’ Unit 42, have reported that APT29, a Russian threat actor, has been exploiting these vulnerabilities. Organizations are advised to implement microsegmentation to block outgoing SMB connections and consider disabling NTLM or adding users to the Protected Users security group.

Key Points:

• Vulnerabilities: CVE-2023-35384 and CVE-2023-36710 in Microsoft Windows.

• Impact: Zero-click remote code execution on Outlook clients.

• Response: Microsoft has patched these vulnerabilities in August and October 2023.

• Prevention: Microsegmentation, disabling NTLM, or adding users to the Protected Users group are recommended.

This revelation is a stark reminder of the evolving landscape of cybersecurity threats and the need for constant vigilance and proactive defense strategies.