Situation A critical vulnerability was found on Linux Exim mail transport agent (MTA) versions 4.87 to 4.91. Problem The vulnerability found on Exim, allows for improper validation of the recipient address, which may lead to remote command execution. Implication Successful exploitation of this vulnerability can allow an attacker to perform command executions as root. The attacker can then install programs; view, change, or delete data; or create new accounts with… Read More
Security Advisory: Slack for Windows 3.3.7 Vulnerability
Situation Vulnerability found in Slack, a common messaging platform. Problem A vulnerability in Slack for Windows, version 3.3.7, can allow an attacker to change the destination of downloaded files and the data integrity of files. Implication An attacker can gain access to confidential and sensitive files by forwarding documents on Slack to their own SMB server. An attacker can also redirect the user’s links so that malware and ransomware is downloaded…. Read More
Lessons from Verizon’s 2019 Data Breach Investigations Report
Verizon’s 2019 Data Breach Investigations Report (DBIR) was published last week and continues to be one of the most valuable annual “state of the union” reports in the security. This year’s report is the most extensive to date, with 73 contributors and an analysis of 41,686 security incidents including 2,013 confirmed breaches. At DataEndure, we use the insight from this report to validate what we are seeing in the market,… Read More
Security Advisory: Microsoft Vulnerability CVE-2019-0708
Situation The critical vulnerability CV3E-2019-0708 affecting Windows Server 2008 and Windows 7. Problem This vulnerability allows unauthenticated users to make requests through RDP (remote desktop protocol). Implication Unauthenticated actors can exploit this vulnerability to “view, change, or delete data; or create new accounts with full user rights.” Need Temporarily disabling RDP is the immediate mitigation for this vulnerability. Updating affected systems is the preferred mitigation. Workarounds include enabling NLA (network level authentications)… Read More
Security Advisory: Critical Vulnerability Found on Cisco, F5 Networks, Palo Alto Networks and Pulse Secure VPN Applications
Situation A critical vulnerability has been found on Cisco, F5 Networks, Palo Alto Networks and Pulse Secure VPN applications. Problem A vulnerability, CVE-2019-1573 was found. This vulnerability is caused by the VPN application storing the authentication and/or session cookies insecurely in memory and/or log files. Implication A successful exploit could allow the attacker to replay the session and bypass other authentication methods. The attacker would then have access to the same applications that… Read More
Developing Resilience to Withstand Cyberattacks has Never Been More Important
Highlights from DataEndure’s recent Keynote and Cocktails event featuring Shahin Pirooz, CTO/CISO, DataEndure and Jeff Gallager, VP Events, IDC Companies are increasingly dependent on technology to drive innovation and their digital transformation strategies. With people and data everywhere the simple act of being connected – whether it’s through mobile devices, IoT, or other areas – creates risk. And where there is risk, there is opportunity for attack. When we say… Read More
Security Advisory: Critical Vulnerability Found in Cisco Wireless VPN and Firewall Routers
Situation A critical vulnerability has been found in Cisco’s wireless VPN and firewall routers Problem The vulnerability, CVE-2019-1663, is an improper validation error found in Cisco’s RV110W Wireless-N VPN Firewall, Cisco’s RV130W Wireless-N Multifunction VPN Router, and Cisco’s RV215W Wireless-N VPN Router. The vulnerability allows an attacker with any browser to execute code of their choice via the web interface. Implication A successful exploit could allow the attacker to execute… Read More
Hiring & Retaining Cyber Security Talent is a Top Concern for CEOs
In a recent global survey, The Conference Board found that U.S. CEOs rank cyber security as their #1 external concern and acquiring/retaining talent as their #1 internal concern for 2019. With high-profile data breaches becoming more and more common, the fear is warranted. And for organizations looking to hire and retain cyber security experts, the intersection of these leading concerns is well, concerning. “As global competition increases while the pool of… Read More
7 Questions You Need to Be Able to Answer After a Cybersecurity Event
In the past 2 weeks, there have been three (more) high-profile cybersecurity breaches disclosed, impacting three very different organizations – and hundreds of millions of individuals worldwide. Marriott reported hackers have had access to the reservation systems of many of its hotel chains for the past four years, a breach that exposed private details of up to 500 million customers; Quora, the crowdsourced question and answer site, reported the potential exposure of 100 million users… Read More
Security Advisory: Critical Vulnerabilities Found in Kubernetes & Abobe Flash
1 of 2: Vulnerability uncovered in Kubernetes open-source container softwareSituationA critical privilege-escalation vulnerability (CVE-2018-1002105) has been uncovered in the Kubernetes open-source container software.ProblemA hacker can send specially crafted requests to establish a connection through the Kubernetes API server. Once that connection is established, there’s no check on the ability to send arbitrary requests directly to those backends because the requests will be automatically authenticated with the Kubernetes API server’s TLS… Read More