Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
Are you one of those businesses who does not know what devicesare attached to your network? If so, you are not alone, but you should understandthat this can lead to a significant increase in risk and unknown gaps in your organisation’ssecurity.
Based on research conducted by Security firm Forescout, 49% of the 500 UK companies that were polled, said that they did not fully understand their IT assets and believed they had unknown devices connected to the network.
Although this is a small sample, this could mean that up to 2.8million businesses in the UK are exposed to unknown cyber threats, related tounmanaged or even malicious devices.
The Internet of Things (IoT) has caused a huge explosion inthe amount of internet connected devices, across both business and home networks,and this shows no sign of slowing down.
Security Researchers at RIPS Technologies (RIPSTECH) have disclosed a critical remote code execution vulnerability that has been present in WordPress for over 6 years.
By taking advantage of two separate vulnerabilities and theuse of a low privilege account an attacker can launch a code execution attackthat leads to full compromise of the WordPress site.
WordPress is one of the most popular website creation contentmanagement systems, and powers approximately 30% of the worlds websites.
The vulnerability which was bought to the attention of theWordPress security team back in October 2018, affects all previous versionsprior to 5.0.1 and 4.9.9.
After a turbulent week or so, VFEmail are fighting their wayback to full health. Last week we covered the destructive hack that left the companyin turmoil and fighting for its survival.
Hackers had infiltrated the systems at VFEmail and wiped alltheir servers and backup systems leaving the service inoperable, and userswithout their email data.
This week they have continued to update their customers viathe website and twitter feed, with promising news for their customers that theyare close to successfully restoring service.
!!!ALERT!!!! Update Feb 17 2019
We're not at full power yet, but we're getting there. Please see the Incident page for a timeline (last updated 2/17/19 9pCST)
A blog post on Infosecurity Magazine has covered a recent ThreatReport by CrowdStrike, that highlights the importance of speed when it comes tostate sponsored attacks.
State sponsored attacks continue to rise and grab headlinesin the news, with the main focus typically on the Russian and Chinese actors.
CrowdStrike’s 2019 Global Threat Report includes the stats onthe new ‘breakout time’ metric that focuses on how quickly a hacker can achievelateral movement during an attack, after initial infection.
On average state actors achieved a breakout time of 4 hours and37 mins, but there is quite a gap between the two ends of the timing spectrum. Atthe bottom we have an average of over 9 hours, while the Russians sit at thetop, achieving lateral movement in only 18 minutes.
CrowdStirke’s George Kurtz states in his blog:
“This report’s findings on adversary tradecraft and speed reflect what many defenders already know: We are in a veritable “arms race” for cyber superiority. However, there are some important differences between an arms race in the cybersphere versus the physical world: In cyberspace, any player can potentially become a superpower.
The capital costs are alarmingly low, compared to funding aphysical war machine. Even some of the world’s most impoverished regions provedtheir ability to make a global impact through cyber campaigns in 2018 — andthis is one genie that is not going back in the bottle.”
The CrowdStrike Report can be downloaded here and for the full Infosecurity Magazine post click Read More below.
Cisco have disclosed several high impact vulnerabilities in multiple products.
CVE-2019-5736 covers a privilege escalation in the runc container tool and affects multiple products including the Cisco Container Platform and Cisco Defence Orchestrator. If exploited an attacker could replace the runc binary file with a malicious file and run arbitrary commands with root privileges.
The extent of this vuln is not yet known and products such as the ASA firewall, Identity services engine and Nexus switches are included in the devices being investigated.
CVE-2018-15380 & CVE-2019-1664 highlight two vulns in the Hyperflex Software suite. The first is a command injection flaw, due to a lack of input validation and exploiting this can allow running commands with root privileges. The second is an unauthenticated access vuln that when exploited provides root access to all member of the HyperFlex cluster.
Software updates are available,so please get reviewing these CVE’s and plan in your firmware updates as soonas you can.
For all the latest Cisco Security Advisories please click Read More below.
And that’s it for this week, please don’t forget to tune in forour next instalment.
Why not follow us on social media using the links providedon the right.
Edition #30 – 22nd February 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
