Security

Situation A critical vulnerability has been found in Cisco’s wireless VPN and firewall routers Problem The vulnerability, CVE-2019-1663, is an improper validation error found in Cisco’s RV110W Wireless-N VPN Firewall, Cisco’s RV130W Wireless-N Multifunction VPN Router, and Cisco’s RV215W Wireless-N VPN Router. The vulnerability allows an attacker with any browser to execute code of their choice via the web interface. Implication A successful exploit could allow the attacker to execute… Read More

In a recent global survey, The Conference Board found that U.S. CEOs rank cyber security as their #1 external concern and acquiring/retaining talent as their #1 internal concern for 2019. With high-profile data breaches becoming more and more common, the fear is warranted. And for organizations looking to hire and retain cyber security experts, the intersection of these leading concerns is well, concerning. “As global competition increases while the pool of… Read More

In the past 2 weeks, there have been three (more) high-profile cybersecurity breaches disclosed, impacting three very different organizations – and hundreds of millions of individuals worldwide. Marriott reported hackers have had access to the reservation systems of many of its hotel chains for the past four years, a breach that exposed private details of up to 500 million customers; Quora, the crowdsourced question and answer site, reported the potential exposure of 100 million users… Read More

1 of  2: Vulnerability uncovered in Kubernetes open-source container softwareSituationA critical privilege-escalation vulnerability (CVE-2018-1002105) has been uncovered in the Kubernetes open-source container software.ProblemA hacker can send specially crafted requests to establish a connection through the Kubernetes API server. Once that connection is established, there’s no check on the ability to send arbitrary requests directly to those backends because the requests will be automatically authenticated with the Kubernetes API server’s TLS… Read More

Situation A critical vulnerability was found in the Zoom meetings platform that affected all Zoom products. Problem The vulnerability could allow a malicious user to control Zoom meeting functions and, if a user was sharing their desktop, take control of the mouse and keyboard. Implication If a malicious user were to take control of the desktop mouse and keyboard, they would have full access of the system. Need Zoom has… Read More

Situation A critical vulnerability was found in the Xorg X.Server package that is used on most major Linux operating systems. Problem The X.Server program does not properly handle and validate arguments for two command line options -modulepath and -logfile. Implication This allows an unprivileged user who has access to the system to elevate their permissions and then execute malicious code or overwrite any file on the system. Need Xorg and… Read More

Excerpts from NorCal CyberSecurity Summit on September 5, 2018; session presented by Shahin Pirooz, CTO/CISO of DataEndure. You can watch the full presentation here. More and more organizations and agencies are getting attacked on a daily basis, with newer threat vectors emerging faster than ever and even new business models developing to take advantage of the extremely lucrative cybercrime market. The city of Atlanta serves as a recent example (and warning)… Read More

Situation Two high-severity vulnerabilities were found within the Cisco Umbrella platform. Problem Within the Cisco umbrella platform, the Umbrella Roaming Client runs as System on startup and consumes several files within a directory.  It has been discovered that local users had the ability to write data to this directory. As a result, malicious files could be placed within the directory and ran to create or elevate user permissions. Implication  An… Read More

From ransomware to DDoS attacks, companies are under siege. To effectively mitigate breach risk today requires enormous expertise, resources and budget. Companies are losing more each year on cybercrime than they are spending to prevent it. Security Incident and Event Management (SIEM) tools are one example of how organizations are attempting to combat the problem of cybercrime. A SIEM scans your network and provides visibility into suspicious/illegitimate activity. Unfortunately, as… Read More

Situation AZORult is a trojan malware designed to extract data from the attacked system. Data can include passwords, cookies, files, wallet.dat data and more. Problem In July 2018, AZORult was substantially updated with Hermes ransomware. The update includes the ability to steal from non-Microsoft browsers, an improved loader, ability to use system proxies, and added support for cryptocurrency wallets. Implication The new version was seen in a large email campaign on July… Read More