In your efforts to fix everything, here’s RedLegg’s cyber-news update, featuring some of the top vulnerabilities, risks, and happenings in the industry.
1. CVE-2019-0708
A remote Execution vulnerability. Microsoft has issued an Urgent Fix/Update Now in what is being dubbed as Wannacry 2.
The vuln covers Windows 7, 2008 and 2008 R2, XP, and 2003. While these are older versions, a lot of them may still exist in your organization. We encourage patching before a nasty worm or other Malware attack occurs. This is pre-authentication and requires no user interaction, meaning it can run rabid through a network.
Microsegmentation and application segmentation may be good with helping to mitigate some of the risk by limiting the potential damage.
2. Microsoft Releases Fixes for 88 Security Vulnerabilities.
Patch Tuesday brought us patches to fix 88 security vulnerabilities in Windows and other software. Four of these represent a big danger, as exploit code is already available. These include CVE-2019-1064 & CVE-2019-1069 (which affect Windows 10 and later) and CVE-2019-0973 & CVE-2019-1053 which affect all currently supported versions of Windows. Most other critical vulnerabilities reside in Internet Explorer and Edge, as well as a few potentially dangerous vulnerabilities for Microsoft Word in CVE-2019-1035 & CVE-2019-1034.
RedLegg recommends implementing the critical patches as soon as possible.
3. Multiple Vulnerabilities discovered in Android OS.
Can lead to a complete takeover of the Operating System.
- Multiple vulnerabilities in Framework could allow for escalation of privilege (CVE-2019-2090, CVE-2019-2091, CVE-2019-2092).
- A vulnerability in Framework could allow for information disclosure (CVE-2018-9526).
- Multiple vulnerabilities in Media framework that could allow for arbitrary code execution (CVE-2019-2093, CVE-2019-2094, CVE-2019-2095).
- A vulnerability in Media framework that could allow for escalation of privilege (CVE-2019-2096).
- A vulnerability in System that could allow for arbitrary code execution (CVE-2019-2097).
- Multiple vulnerabilities in System that could allow for escalation of privilege (CVE-2019-2102, CVE-2019-2098, CVE-2019-2099).
- A vulnerability in Kernel components could allow for information disclosure (CVE-2019-2101).
- Multiple High severity vulnerabilities in Qualcomm components (CVE-2019-2260, CVE-2019-2292).
- Multiple Critical severity vulnerabilities in Qualcomm components (CVE-2019-2269, CVE-2019-2287).
- Multiple Critical severity vulnerabilities in Qualcomm closed-source components (CVE-2018-13924, CVE-2018-13927).
- Multiple High severity vulnerabilities in Qualcomm closed-source components (CVE-2018-13896, CVE-2019-2243, CVE-2019-2261)
If your business uses Android phones, tablets, and IoT devices powered by Android, we recommend patching ASAP to prevent an attacker from being able to exploit these devices and leveraging them as a way to gain a foothold into the network.
4. Triton
Capable of disabling safety systems designed to prevent catastrophic accidents, Triton is killer malware. Originally targeting the Middle East, this malware is making its way to the US.
5. Deepfakes
Heads up, voters! Technology meets politics for “synthetic media.”
6. Bitcoin Mining
Read about Bitcoin’s environmental impact.
7. Anatomy of a Propaganda Campaign
Twitter bots can be used to mount propaganda campaigns and spread disinformation. Learn more about this Twitter bot threat intel.
8. Baltimore
The Baltimore Ransomware takedown was brutal. With over $18 million in cleanup costs, and crippled computer systems for multiple weeks, this was one of the worst ransomware attacks RedLegg has seen. If your business makes controversial products, offers controversial services, or takes controversial stands, we recommend the following protections:
- Leverage a governance framework to help ensure that strategic planning covers best proactive security principles and needs. A framework like the NIST CSF is a great jumping off point. Our vCISO and Gap Assessment services can help identify gaps, create strategic road mapping, and help your company with planning on how to implement elements of the road map. The CIS Top 20 can also help with identifying products and services to focus on.
- Purchase Cyber Security Insurance.
- Create a Vulnerability Management Program – Vulnerability Scanning and Patching will help significantly reduce risk especially with Malware and Ransomware attacks. It’s not a silver bullet, but it goes a long way to reduce risk. Patching needs to be not only OS level, but application level as well. Services like our RedLegg Vulnerability Scanning service will help identify vulnerabilities, and tools like Manage Engine will help discover and remediate these vulnerabilities.
- Use Privilege Access Management – Incorporating Least Privilege principles into the environment helps to prevent Ransomware from being able to gain a foothold. A tool like this goes a long way here to automate changing local admin and service accounts. This tool also makes it easier to remove local admin access so that users can’t install items without permission but without impeding their ability to work.
- Ensure Backups/Disaster Recovery – Being able to quickly restore devices would have saved Baltimore’s bacon. For customers with a heavy VM environment, a tool will help recover from this attack.
- Set Minimum Security Standards – Setting minimum security standards on all deployed desktops, servers, and network devices helps to prevent many potential risks. RedLegg recommends the standards put out by the Center for Internet Security (CIS) for hardening systems.
Want more? Read about today's top security risks in the industry or how to create a threat and vulnerability management program.
