critical

now browsing by tag

 
 

#cybersecurity | #hackerspace | Exploring The Critical Components Of DevOps

Source: National Cyber Security – Produced By Gregory Evans

In a world where development is conducted on a variety of operating systems and hosted on the cloud, having a well-structured development system with integrated security is vital to ensuring that customer solutions are functioning optimally and are secure. This is achieved through DevOps.

https://securityboulevard.com/

*** This is a Security Bloggers Network syndicated blog from Uptycs Blog authored by Rags Kinnigoly. Read the original post at: https://www.uptycs.com/blog/critical-components-devops

Source link

The post #cybersecurity | #hackerspace |<p> Exploring The Critical Components Of DevOps <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | December 2019 Patch Tuesday – 36 Vulns, 7 Critical, Actively Attacked Win32k vuln, Adobe vulns

Source: National Cyber Security – Produced By Gregory Evans

This month’s Patch Tuesday is rather light and addresses 36 vulnerabilities, with only 7 labeled as Critical. Five of the seven Critical vulns are in Git for Visual Studio. The others are for Hyper-V and Win32k. Also, there is one actively attacked “Important” vuln in Win32k. Adobe released patches today covering Acrobat/Reader, ColdFusion, Photoshop, and Brackets.

Workstation Patches

Win32k patches (CVE-2019-1468 and CVE-2019-1458) should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.

Though listed as Important, Microsoft has disclosed that CVE-2019-1458 is actively attacked in the wild.

Hyper-V Hypervisor Escapes

A remote code execution vulnerability (CVE-2019-1471) is patched in Hyper-V that would allow an authenticated user on a guest system to run arbitrary code on the host system. Microsoft notes that exploitation of this vulnerability is less likely, but these patches should still be prioritized for all Hyper-V systems.

Git for Visual Studio

Microsoft patched 5 vulnerabilities (CVE-2019-1354, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387, and CVE-2019-1349) in Git for Visual Studio. Exploitation requires that a user clones a malicious repo. Based on the details provided, the vulnerabilities appear to all be Command Injection. These patches should be prioritized for any Visual Studio installations that use Git.

Adobe

Adobe’s Patch Tuesday covers Acrobat/Reader, ColdFusion, Photoshop, and Brackets. The patches for Acrobat/Reader (21 vulns) and ColdFusion (1 vuln) are listed as Priority 2, while the patches for Photoshop (2 vulns) and Brackets (1 vuln) are labeled Priority 3. The Acrobat/Reader patches should be prioritized for Workstations with this software installed, and the ColdFusion patches should be prioritized on ColdFusion servers.

Source link

The post #cybersecurity | #hackerspace |<p> December 2019 Patch Tuesday – 36 Vulns, 7 Critical, Actively Attacked Win32k vuln, Adobe vulns <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Adobe Releases Patches for ‘Likely Exploitable’ Critical Vulnerabilities

Source: National Cyber Security – Produced By Gregory Evans

adobe software update

The last Patch Tuesday of 2019 is finally here.

Adobe today released updates for four of its widely used software—including Adobe Acrobat and Reader, Photoshop CC, ColdFusion, and Brackets—to patch a total of 25 new security vulnerabilities.

Seventeen of these flaws have been rated as critical in severity, with most of them carrying high priority patches, indicating that the vulnerabilities are more likely to be used in real-world attacks, but there are currently no known exploits in the wild.

The software update for Adobe Acrobat and Reader for Windows and macOS operating systems addresses a total of 21 security vulnerabilities, 14 of which are critical, and rest are important in severity.

Upon successful exploitation, all critical vulnerabilities in Adobe Acrobat and Reader software lead to arbitrary code execution attacks, allowing attackers to take complete control of targeted systems.

Adobe Photoshop CC for Windows and macOS contains patches for two critical arbitrary code execution vulnerabilities that were discovered and reported to the company by Honggang Ren of Fortinet’s FortiGuard Labs.

The last two flaws the company patched this month affect Brackets, a source code editor, and ColdFusion, a commercial rapid web application development platform by Adobe.

Web Application Firewall

The software update for Brackets addresses a critical code execution flaw, which was disclosed by Tavis Ormandy of Google Project Zero.

Adobe ColdFusion update comes with a security patch for an important privilege escalation bug, which occurs due to insecure inherited permissions of the default installation directory.

The company has released updated versions for all four vulnerable software for each impacted platform that users should install immediately to protect their systems and businesses from cyber-attacks.

If your system hasn’t yet detected the availability of the new update automatically, you should manually install the update by choosing “Help → Check for Updates” in your Adobe software.

The Original Source Of This Story: Source link

The post Adobe Releases Patches for ‘Likely Exploitable’ Critical Vulnerabilities appeared first on National Cyber Security.

View full post on National Cyber Security

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices

Source: National Cyber Security – Produced By Gregory Evans Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices. One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution flaw that can be exploited […] View full post on AmIHackerProof.com

#cybersecurity | #hackerspace | Fortress Information Security Strives to Help Protect Critical Infrastructure

Source: National Cyber Security – Produced By Gregory Evans

The agencies and businesses that make up the backbone of our critical infrastructure have a larger bullseye on their backs than an average company. When it comes to the electric utility providers that manage the power grid, the exposure to risk is exacerbated by the fact that much of the equipment, software, and services come from a limited set of vendors. Fortress Information Security just launched the Asset to Vendor (A2V) Network to mitigate these risks and improve the security posture of the power grid.

The Federal Energy Regulatory Commission (FERC) recognizes the unique threats posed to the power grid and understands that it’s crucial to address these challenges and protect the critical infrastructure. FERC has issued requirements for standardized risk assessments and mandated that electric utility providers prioritize supply chain vendors based on their relative risk. The problem is that many of the 3,000 or so electric providers are small, regional companies that don’t have the budget or resources to do this effectively on their own.

The A2V Network was launched as a joint venture between Fortress and AEP (American Electric Power) to address this challenge and help all electric utility companies collaborate to comply with the FERC regulations and improve protection of the critical infrastructure more efficiently and effectively. Organizations that join the A2V Network will be able to purchase completed vendor assessments for significantly less than it would cost them to conduct a redundant assessment of their own, and participating companies can also contribute completed assessments to build out the A2V Network library.

Reluctance to Share

I had an opportunity to chat with Alex Santos, CEO of Fortress, about the A2V Network and some of the challenges it addresses. He described the supply chain like streets in a community. Just as each person is responsible of their own home and property, but share the roads and pay taxes to share the burden and ensure the roads are taken care of, each company is responsible for itself, but they share risk exposure from the supply chain and it makes sense to collaborate and share the burden to mitigate the risk and secure the critical infrastructure.

I asked Santos for his thoughts on why businesses in general—not just electric power providers—seem so reluctant to engage in this sort of sharing and collaborative effort. The two main issues, according to Santos are that some information is very proprietary, and some information is not very good. Companies want to maintain the privacy of intellectual property and sensitive information. In some cases, there is a competitive advantage associated and sharing it is just bad for business. In other instances, organizations are reluctant to engage in sharing information because what they receive is not useful. If the information is not properly vetted and curated to ensure it is correct and relevant, it creates more problems than it solves.

Santos explained that the A2V Network strives to address both of those challenges. The A2V Network takes information about supply chain risk assessments and provides a platform to easily share it while anonymizing it and protecting the privacy of proprietary data. Part of what the A2V Network also does is to validate the information and make it actionable.

Gaining Momentum

Santos was especially grateful for having AEP as a partner for the launch of the A2V Network. He noted that even though there are 3,000 electric utility providers, only about 150 of those are large enough to be regulated by the North American Electric Reliability Corporation (NERC)—and that the top 15 largest deliver power for 75% of consumers. That leaves nearly 2,900 companies that must comply with the FERC regulation but lack the resources to do it effectively on their own.

He said that having AEP on board is huge because any new movement or initiative requires a first big company to get the ball rolling. AEP showed leadership in taking that initiative and having a company with the size and prestige of AEP involved creates a snowball effect that will entice other electric utility providers to jump on board.

The more companies get involved, the more momentum the A2V Network will have and the greater value it will provide to every participating organization. That, in turn, will attract more companies. It becomes a self-feeding cycle of momentum that will ultimately lead to a more secure critical infrastructure.

Source link

The post #cybersecurity | #hackerspace |<p> Fortress Information Security Strives to Help Protect Critical Infrastructure <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig

Source: National Cyber Security – Produced By Gregory Evans

rConfig network configuration management vulnerability

If you’re using the popular rConfig network configuration management utility to protect and manage your network devices, here we have an important and urgent warning for you.

A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote code execution vulnerabilities in the rConfig utility, at least one of which could allow unauthenticated remote attackers to compromise targeted servers.

Written in native PHP, rConfig is a free, open source network device configuration management utility that allows network engineers to configure and take frequent configuration snapshots of their network devices.

According to the project website, rConfig is being used to manage more than 3.3 million network devices, including switches, routers, firewalls, load-balancer, WAN optimizers.

What’s more worrisome? Both vulnerabilities affect all versions of rConfig, including the latest rConfig version 3.9.2, with no security patch available at the time of writing.

Discovered by Mohammad Askar, each flaw resides in a separate file of rConfig—one, tracked as CVE-2019-16662, can be exploited remotely without requiring pre-authentication, while the other, tracked as CVE-2019-16663, requires authentication before its exploitation.

  • Unauthenticated RCE (CVE-2019-16662) in ajaxServerSettingsChk.php
  • Authenticated RCE (CVE-2019-16663) in search.crud.php

In both cases, to exploit the flaw, all an attacker needs to do is access the vulnerable files with a malformed GET parameter designed to execute malicious OS commands on the targeted server.

rConfig vulnerability

As shown in the screenshots shared by the researcher, the PoC exploits allow attackers to get a remote shell from the victim’s server, enabling them to run any arbitrary command on the compromised server with the same privileges as of the web application.

Meanwhile, another independent security researcher analysed the flaws and discovered that the second RCE vulnerability could also be exploited without requiring authentication in rConfig versions prior to version 3.6.0.

“After reviewing rConfig’s source code, however, I found out that not only rConfig 3.9.2 has those vulnerabilities but also all versions of it. Furthermore, CVE-2019-16663, the post-auth RCE can be exploited without authentication for all versions before rConfig 3.6.0,” said the researcher, who goes by online alias Sudoka.

Askar responsibly reported both vulnerabilities to the rConfig project maintainers almost a month back and then recently decided to release details and PoC publicly after the maintainers failed to acknowledge or respond to his findings.

If you are using rConfig, you are recommended to temporarily remove it from your server until security patches arrive.

The Original Source Of This Story: Source link

The post Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig appeared first on National Cyber Security.

View full post on National Cyber Security

Cybersecurity a #critical area for #closer #cooperation between #Asean and #Australia

Asean and Australia should work closer together on cybersecurity issues, which range from Internet crimes to fake news, Prime Minister Lee Hsien Loong said on Sunday (March 18).

In a speech to other Asean leaders and Australian Prime Minister Malcolm Turnbull during a plenary session at the Asean-Australia Special Summit, he noted that cybercrimes are a transboundary problem that is difficult to police.

“It can have a drastic impact on our populations, for example in terms of critical infrastructure; and it can be insidious – undermining the trust which holds our societies together, for example through fake news.”

The world is getting more vulnerable to cybersecurity threats, not less, he added, and so it is essential for governments to develop new rules and norms to cope with the challenge.

There is also potential for this region to play a role in the international discourse on cyber-security, Mr Lee said, noting that a proposed Asean-Australia Cyber Policy Dialogue can be a platform for greater policy exchange and capacity-building.

Another promising area for strategic cooperation is in developing smart cities, he said.

A new Asean-Australia Smart Cities Initiative, announced by Mr Turnbull on Saturday, complements the Asean Smart Cities Network initiative and Asean’s Masterplan on Asean Connectivity 2025, he added.

Read More….

advertisement:

The post Cybersecurity a #critical area for #closer #cooperation between #Asean and #Australia appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber Security for Critical Assets (CS4CA) USA

Source: National Cyber Security – Produced By Gregory Evans

General Cybersecurity Conference

 March 6 – 8, 2018 | Houston, Texas, United States

Cybersecurity Conference Description 

The Annual Cyber Security for Critical Assets Summit (USA) boasts two dedicated streams for IT and OT, allowing delegates to hone in on their specialist areas of interest, as well as plenary sessions addressing the common issues that bind both groups of professionals. Each stream is curated by a group of industry-leading experts to be as relevant, as cutting-edge and as in-depth as possible over two days.

Expect to be challenged, learn new techniques from some of the world’s top cyber security innovators and network with your peers at Europe’s leading critical infrastructure security event. You’ll hear exclusive keynotes from leading industry execs, you’ll get the chance to take part in interactive panel debates to benchmark your approach with others, you’ll get in-depth case studies relevant to your sector with tangible, actionable insights and you’ll get platform presentations showcasing the best of tomorrow’s technology.

The post Cyber Security for Critical Assets (CS4CA) USA appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Why #Cybersecurity in the #Travel and #Hospitality #Sector is So #Critical?

Source: National Cyber Security – Produced By Gregory Evans

For many years now, cybersecurity has been a primary concern of government organisations and the banking sector, but the hospitality and travel industry is beginning to acknowledge the importance of online security in its day-to-day operations.

Each travel operator, hotel or transport company handles all kinds of sensitive data on their customers, as well as their own staff and suppliers. The consequences of organisations experiencing online data breaches are now higher than ever before. For instance, if a travel operator is hacked, leaking thousands of personal addresses of customers, they face significant financial, legal and reputational ramifications. The loss of customer confidence in the operator and the legal costs of any resulting identity theft would hit any travel operator big or small right where it hurts – the profit and loss sheet.

As businesses within the travel and hospitality sector grow, so too does their global footprint of sensitive data. There is an increasing need for these brands to maintain the privacy, integrity and security of all personal information that is in their care. A sure-fire data security 101 tip is to implement a robust user rights management hierarchy. This can help to control the level of sensitive data an individual can access in line with their seniority within the organisation as well as their job description. It requires travel companies – particularly those with global workforces – to keep a tight reign on their user rights systems to remove dormant users that may have left the company; mitigating the possibility of any revenge attacks. Organisations should also closely monitor and audit their employees’ data usage to pinpoint any signs of access abuse, which is not always malicious but can still have ramifications for the company when it’s not.

The major elephant in the room for travel and hospitality brands operating in and out of Europe is the new impending European regulations designed to safeguard customer data. The new General Data Protection Regulation (GDPR) has been devised by the European Union (EU) and will come into force next year. Although GDPR is aimed at giving the average consumer or holidaymaker greater control over how their personal data is used and stored, it also gives travel and hospitality organisations greater clarity about data protection law, creating one legislation across the entire single market.

Under the GDPR rules, travel and hospitality firms that fail to comply in time for 25th May 2018 could experience hugely damaging financial penalties which could plunge brands into difficult times; perhaps even closure. The upper limit penalty for non-compliance will be €20m or 4% of an organisation’s annual global turnover; whichever is greater. GDPR will affect all kinds of departments of travel firms; from legal and compliance teams to IT and marketing divisions. Those within the travel and hospitality industry must therefore take the protection of customer and employee data as seriously as their revenue.

Regular security audits, increased encryption of data and watertight password control are no longer something that can be ignored. So too are lawful marketing campaigns and privacy policies, while teams should be educated and briefed on how to handle a data breach if – and when – the time comes. Travel professionals handle more data than you realise and meeting those new obligations will not only keep brands on the right side of the law, it will increase consumer confidence and strengthen brand reputation overall.

The post Why #Cybersecurity in the #Travel and #Hospitality #Sector is So #Critical? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

IRANIAN #HACKERS HAVE BEEN #INFILTRATING #CRITICAL #INFRASTRUCTURE #COMPANIES

THE INTERNATIONAL INTELLIGENCE agency always has a keen interest in Iran’s hacking activity. And new research published by the security firm FireEye on Thursday indicates the country’s efforts show no signs of slowing. In fact, a new network reconnaissance group— FireEye calls them Advanced Persistent Threat 34—has spent the last few years burrowing deep into critical infrastructure companies.

Given how aggressively Iran has pursued infrastructure hacking, previously targeting the financial sector and even a dam in upstate New York, the new findings serve as a warning, and highlight the evolving nature of the threat.

FireEye researchers tracked 34 of the group’s attacks on institutions in seven Middle Eastern countries between 2015 and mid-2017, but says APT 34 has been operational since at least 2014. The group appears to target financial, energy, telecommunications, and chemical companies, and FireEye says it has moderate confidence that its hackers are Iranians. They log into VPNs from Iranian IP addresses, adhere to normal Iranian business hours, their work has occasionally leaked Iranian addresses and phone numbers, and their efforts align with Iranian interests. Namely, targeting the country’s adversaries.

New APT in Town

There isn’t definitive evidence of a direct link between APT 34 and APT 33, an Iranian hacking group and malware distributor FireEye published findings on in September. But researchers have seen APT 34 operating concurrently inside many of the same target networks as other Iranian hackers.

“We have seen, and this is with a lot of the Iranian actors, a very disconcerting or aggressive posture towards critical infrastructure organizations,” says John Hultquist, director of intelligence analysis at FireEye. “APT 33 has targeted a lot of organizations in critical infrastructure in the Middle East and so has APT 34. They obviously represent opportunities for intelligence collection. But we always have to think about the alternative use of those intrusions or accesses as possible means for disruption and destruction, especially given the destructive incidents we’ve already seen with other Iranian actors.”

To establish what Hultquist describes as beachheads, APT 34 uses involved operations to move deeper and deeper into a network, or exploit a toehold within one organization to pivot into another. FireEye has observed the group compromising someone’s email account at a target company, rifling through their archive, and restarting threads as old as a year, to trick the recipient into clicking a malicious attachment. The hackers also use compromised email accounts to spearphish other companies, and leapfrog into their systems as well.

While the APT 34 Iranian hacking activity doesn’t appear to target the United States, any Iranian efforts in that space are noteworthy. The countries have a long history of cyber antagonism, which includes the deployment of Stuxnet, malware thought to be a product of the NSA and their Israeli counterparts, to cripple Iran’s uranium enrichment activities. Tensions between the countries have escalated recently as well, with President Donald Trump recently taking steps to decertify the nuclear agreement between the US and Iran.

‘A Multilayered Approach’
APT 34 uses malicious Excel macros and PowerShell-based exploits to move around networks. The group also has fairly extensive social media operations, deploying fake or compromised accounts to scope out high-profile targets, and using social engineering to get closer to particular organizations. FireEye researchers speculate that APT 34 may be a reconnaissance and persistence unit, focused on finding ways into new networks and broadening access within existing targets. Some evidence indicates that the group may work directly for the Iranian government, but it’s also possible that the hackers are effectively contractors, selling backdoors to the government as they find them.

“When you look at this, it’s a multilayered approach,” says Jeff Bardin, the chief intelligence officer of the threat-tracking firm Treadstone 71, which monitors Iranian hacking activity. “They get in and make a lot of modifications, download new malware, manipulate the memory, so it’s definitely pretty sophisticated. And the Powershell activity has been largely a hallmark of Iranian activity lately. They change their tactics constantly. The more we divulge things we know about them, the more they’ll shift and change.”

Though much remains unknown about APT 34, its capabilities and prowess make the group’s interest in critical infrastructure targets all the more noteworthy, whether it’s tasked with carrying out full operations itself, or charged with laying the groundwork for others to do so.

“This is yet another example of Iranian cyber capability, which only seems to grow every day,” FireEye’s Hultquist says. “It’s a challenge for people who are concerned with Iranian actors, and as geopolitics shifts, the number of people who should be concerned with Iranian actors will probably only increase.”

View full post on National Cyber Security Ventures