Cyber Round-up for 22nd February
Welcome to the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
- Do You Know What’s on Your Network?
- The 6 Year WordPress Vulnerability
- VFEmail Are Not Done Yet!
- Russian State Sponsored Hackers Top Speed Charts
- Cisco Release Several High Impact Vulns
Do You Know What’s on Your Network?
Are you one of those businesses who does not know what devices are attached to your network? If so, you are not alone, but you should understand that this can lead to a significant increase in risk and unknown gaps in your organisation’s security.
Based on research conducted by Security firm Forescout, 49% of the 500 UK companies that were polled, said that they did not fully understand their IT assets and believed they had unknown devices connected to the network.
Although this is a small sample, this could mean that up to 2.8 million businesses in the UK are exposed to unknown cyber threats, related to unmanaged or even malicious devices.
The Internet of Things (IoT) has caused a huge explosion in the amount of internet connected devices, across both business and home networks, and this shows no sign of slowing down.
Security Researchers at RIPS Technologies (RIPSTECH) have disclosed a critical remote code execution vulnerability that has been present in WordPress for over 6 years.
By taking advantage of two separate vulnerabilities and the use of a low privilege account an attacker can launch a code execution attack that leads to full compromise of the WordPress site.
WordPress is one of the most popular website creation content management systems, and powers approximately 30% of the worlds websites.
The vulnerability which was bought to the attention of the WordPress security team back in October 2018, affects all previous versions prior to 5.0.1 and 4.9.9.
VFEmail Are Not Done Yet!
After a turbulent week or so, VFEmail are fighting their way back to full health. Last week we covered the destructive hack that left the company in turmoil and fighting for its survival.
Hackers had infiltrated the systems at VFEmail and wiped all their servers and backup systems leaving the service inoperable, and users without their email data.
This week they have continued to update their customers via the website and twitter feed, with promising news for their customers that they are close to successfully restoring service.
!!!ALERT!!!! Update Feb 17 2019
We’re not at full power yet, but we’re getting there. Please see the Incident page for a timeline (last updated 2/17/19 9pCST)
Russian State Sponsored Hackers Top Speed Charts
A blog post on Infosecurity Magazine has covered a recent Threat Report by CrowdStrike, that highlights the importance of speed when it comes to state sponsored attacks.
State sponsored attacks continue to rise and grab headlines in the news, with the main focus typically on the Russian and Chinese actors.
CrowdStrike’s 2019 Global Threat Report includes the stats on the new ‘breakout time’ metric that focuses on how quickly a hacker can achieve lateral movement during an attack, after initial infection.
On average state actors achieved a breakout time of 4 hours and 37 mins, but there is quite a gap between the two ends of the timing spectrum. At the bottom we have an average of over 9 hours, while the Russians sit at the top, achieving lateral movement in only 18 minutes.
CrowdStirke’s George Kurtz states in his blog:
“This report’s findings on adversary tradecraft and speed reflect what many defenders already know: We are in a veritable “arms race” for cyber superiority. However, there are some important differences between an arms race in the cybersphere versus the physical world: In cyberspace, any player can potentially become a superpower.
The capital costs are alarmingly low, compared to funding a physical war machine. Even some of the world’s most impoverished regions proved their ability to make a global impact through cyber campaigns in 2018 — and this is one genie that is not going back in the bottle.”
The CrowdStrike Report can be downloaded here and for the full Infosecurity Magazine post click Read More below.
Cisco have disclosed several high impact vulnerabilities in multiple products.
CVE-2019-5736 covers a privilege escalation in the runc container tool and affects multiple products including the Cisco Container Platform and Cisco Defence Orchestrator. If exploited an attacker could replace the runc binary file with a malicious file and run arbitrary commands with root privileges.
The extent of this vuln is not yet known and products such as the ASA firewall, Identity services engine and Nexus switches are included in the devices being investigated.
CVE-2018-15380 & CVE-2019-1664 highlight two vulns in the Hyperflex Software suite. The first is a command injection flaw, due to a lack of input validation and exploiting this can allow running commands with root privileges. The second is an unauthenticated access vuln that when exploited provides root access to all member of the HyperFlex cluster.
Software updates are available, so please get reviewing these CVE’s and plan in your firmware updates as soon as you can.
For all the latest Cisco Security Advisories please click Read More below.
And that’s it for this week, please don’t forget to tune in for our next instalment.
Why not follow us on social media using the links provided on the right.
Ironshare – Security Simplified
Edition #30 – 22nd February 2019