Microsoft Ties Executive Pay to Cybersecurity Performance

Microsoft is linking executive compensation to a successful cybersecurity strategy in response to criticism from the US government and rival tech companies over its failure to prevent a Chinese hack of its systems last summer. The hack, attributed to China, was described as "preventable" by a government review board, which pointed to a "cascade of errors" and a corporate culture that deprioritized enterprise security investments and rigorous risk management. The move is part of Microsoft's Secure Future Initiative, which aims to prioritize cybersecurity and protect against nation-state attacks, and is seen as a positive step by some experts, who note that it sends a strong message about the importance of cybersecurity and could help instill a security-first culture within the company.

Critical Bug in Fluent Bit Logging Service Allows A Plethora of Attacks in Major Cloud Platforms

A critical vulnerability in the Fluent Bit logging service, used by major cloud providers including AWS, Microsoft, and Google Cloud, has been discovered. The bug, dubbed "Linguistic Lumberjack," allows attackers to cause denial of service (DoS), data leakage, or remote code execution (RCE) in cloud environments. The issue lies in how Fluent Bit's embedded HTTP server parses trace requests, and can be exploited by passing non-string values to a specific endpoint. The bug affects Fluent Bit versions 2.0.7 through 3.0.3 and has been assigned a critical CVSS score of over 9.5 out of 10. Users are advised to update to the latest version or restrict access to the monitoring API to prevent exploitation.

GitHub Patches Critical Authentication Bypass Flaw in Enterprise Server

GitHub has fixed a critical vulnerability (CVE-2024-4985, CVSS score: 10.0) in GitHub Enterprise Server (GHES) that allowed attackers to bypass authentication and gain unauthorized access to instances, potentially with administrator privileges. The issue affected all versions prior to 3.13.0 and has been addressed in versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4. The flaw only impacted instances using SAML single sign-on (SSO) with encrypted assertions, which is not enabled by default. Organizations using vulnerable versions are advised to update to the latest version to prevent potential security threats.

Rockwell Automation Warns Customers to Disconnect Industrial Control Systems from Internet

Rockwell Automation has issued a security notice urging customers to disconnect their industrial control systems (ICS) from the internet due to heightened geopolitical tensions and adversarial cyber activity globally. The company is concerned about potential attacks on internet-exposed ICS devices, which could lead to unauthorized access, privilege escalation, and even Stuxnet-style attacks. A Shodan search revealed over 7,000 Rockwell devices, including Allen-Bradley programmable logic controllers (PLCs), exposed to the web. Rockwell Automation advises customers to remove public internet connectivity to reduce the attack surface and prevent exploitation of vulnerabilities, including several recently patched flaws. The US cybersecurity agency CISA has also posted an alert to bring attention to Rockwell's notice.