Microsoft took the rare step of issuing security fixes for both the server and desktop versions of Windows that are long out of support, so you know this is serious.The vulnerability (CVE-2019-0708) is in the Remote Desktop Services component built into all versions of Windows. RDP, formerly known as Terminal Services, itself is not vulnerable. CVE-2019-0708 is pre-authentication and requires no user interaction, meaning any future malware could self-propagate from one vulnerable machine to another.CVE-2019-0708 affects Windows XP, Windows 7, Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008. It does not impact Microsoft’s newest operating systems; Windows 8 through 10 and Windows Server 2012 through 2019 are not affected.To read this article in full, please click here
WhatsApp’s recent spyware hack took advantage of a security vulnerability and allowed attackers to access private, digital communication. In this episode of TECH(feed), Juliet walks through the hack, who was affected and how you can secure your devices ASAP.
Extreme Networks has taken the wraps off a new security application it says will use machine learning and artificial intelligence to help customers effectively monitor, detect and automatically remediate security issues with networked IoT devices.The application – ExtremeAI security—features machine-learning technology that can understand typical behavior of IoT devices and automatically trigger alerts when endpoints act in unusual or unexpected ways, Extreme said.
More about edge networkingTo read this article in full, please click here
Four vulnerabilities were publicly disclosed related to Intel microprocessors. These vulnerabilities allow unprivileged attackers to bypass restrictions to gain read access to privileged memory. They include these common vulnerabilities and exposures (CVEs):
CVE-2018-12126 - a flaw that could lead to information disclosure from the processor store buffer
CVE-2018-12127 - an exploit of the microprocessor load operations that can provide data to an attacker about CPU registers and operations in the CPU pipeline
CVE-2018-12130 - the most serious of the three issues and involved the implementation of the microprocessor fill buffers and can expose data within that buffer
CVE-2019-11091 - a flaw in the implementation of the "fill buffer," a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache
[ Also read: Linux hardening: a 15-step checklist for a secure Linux server ]
Red Hat customers should update their systems
Security updates will degrade system performance, but Red Hat strongly suggests that customers update their systems whether or not they believe themselves to be at risk.To read this article in full, please click here
Cisco has added support for Advanced Malware Protection (AMP) to its million-plus ISR/ASR edge routers, in an effort to reinforce branch and core network malware protection at across the SD-WAN.Cisco last year added its Viptela SD-WAN technology to the IOS XE version 16.9.1 software that runs its core ISR/ASR routers such as the ISR models 1000, 4000 and ASR 5000, in use by organizations worldwide. Cisco bought Viptela in 2017.
More about SD-WAN
How to buy SD-WAN technology: Key questions to consider when selecting a supplier
How to pick an off-site data-backup method
SD-Branch: What it is and why you’ll need it
What are the options for security SD-WAN?
The release of Cisco IOS XE offered an instant upgrade path for creating cloud-controlled SD-WAN fabrics to connect distributed offices, people, devices and applications operating on the installed base, Cisco said. At the time Cisco said that Cisco SD-WAN on edge routers builds a secure virtual IP fabric by combining routing, segmentation, security, policy and orchestration.To read this article in full, please click here
Cisco has released a patch for a critical vulnerability in software used to control large virtual environments.The weakness gets a 10 out of 10 severity score and is found in Cisco’s Elastic Services Controller (ESC), which the company describes as offering a single point of control to manage all aspects of Virtual Network Functions and offers capabilities such as VM and service monitoring, auto-recovery and dynamic scaling. With ESC users control the lifecycle all virtualized resources, whether using Cisco or third-party VNFs, Cisco stated.RELATED: What IT admins love/hate about 8 top network monitoring tools
The vulnerability in this case lies in the REST API of ESC and could let an unauthenticated remote attacker to bypass authentication on the REST API and execute arbitrary actions through with administrative privileges on an affected system. The vulnerability is due to improper validation of API requests, Cisco wrote in its advisory.To read this article in full, please click here
The internet of things is growing at breakneck pace and may end up representing a bigger economic shift in networking than the internet itself did, making security threats associated with the IoT a major concern.This worry is reflected by investments being made in startups that focus on stopping threats to the IoT, the industrial IoT (IIoT) and the operational technology (OT) surrounding them.To read this article in full, please click here(Insider Story)
Cisco issued some 40 security advisories today but only one of them was deemed “critical” – a vulnerability in the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode data-center switch that could let an attacker secretly access system resources.The exposure, which was given a Common Vulnerability Scoring System importance of 9.8 out of 10, is described as a problem with secure shell (SSH) key-management for the Cisco Nexus 9000 that lets a remote attacker to connect to the affected system with the privileges of a root user, Cisco said.To read this article in full, please click here
Firewalls have been around for years, but the technology keeps evolving as the threat landscape changes. Here are some tips about what to look for in a next-generation firewall (NGFW) that will satisfy business needs today and into the future.Don't trust firewall performance stats
Understanding how a NGFW performs requires more than looking at a vendor’s specification or running a bit of traffic through it. Most firewalls will perform well when traffic loads are light. It’s important to see how a firewall responds at scale, particularly when encryption is turned on. Roughly 80% of traffic is encrypted today, and the ability to maintain performance levels with high volumes of encrypted traffic is critical.To read this article in full, please click here
Cloud access security brokers (CASB) insert security between enterprises and their cloud services by providing visibility and access control, but IPv6 could be causing a dangerous blind spot.That’s because CASBs might not support IPv6, which could be in wide corporate use even in enterprises that choose IPv4 as their preferred protocol. [ Related: What is IPv6, and why aren’t we there yet?
For example, end users working remotely have a far greater chance of connecting via IPv6 than when they are in the office. Mobile providers collectively have a high percentage of IPv6-connected subscribers and broadband residential Internet customers often have IPv6 connectivity without realizing it. Internet service providers and software-as-a-service (SaaS) vendors both widely support IPv6, so a mobile worker accessing, say, DropBox over a Verizon 4G wireless service might very well connect via IPv6.To read this article in full, please click here(Insider Story)
The group behind the Domain Name System attacks known as DNSpionage have upped their dark actions with new tools and malware to focus their attacks and better hide their activities. Cisco Talos security researchers, who discovered DNSpionage in November, this week warned of new exploits and capabilities of the nefarious campaign.
More about DNS:
DNS in the cloud: Why and why not
DNS over HTTPS seeks to make internet use more private
How to protect your infrastructure from DNS cache poisoning
ICANN housecleaning revokes old DNS security key
“The threat actor's ongoing development of DNSpionage malware shows that the attacker continues to find new ways to avoid detection. DNS tunneling is a popular method of exfiltration for some actors and recent examples of DNSpionage show that we must ensure DNS is monitored as closely as an organization's normal proxy or weblogs,” Talos wrote. “DNS is essentially the phonebook of the internet, and when it is tampered with, it becomes difficult for anyone to discern whether what they are seeing online is legitimate.”To read this article in full, please click here
Cisco this week issued 31 security advisories but direct customer attention to “critical” patches for its IOS and IOS XE Software Cluster Management and IOS software for Cisco ASR 9000 Series routers. A number of vulnerabilities also need attention if customers are running Cisco Wireless LAN Controllers.The first critical patch has to do with a vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to send malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device, Cisco said.To read this article in full, please click here
Security experts at Cisco Talos have released a report detailing what it calls the “first known case of a domain name registry organization that was compromised for cyber espionage operations.”Talos calls ongoing cyber threat campaign “Sea Turtle” and said that state-sponsored attackers are abusing DNS to harvest credentials to gain access to sensitive networks and systems in a way that victims are unable to detect, which displays unique knowledge on how to manipulate DNS, Talos stated.
More about DNS:
DNS in the cloud: Why and why not
DNS over HTTPS seeks to make internet use more private
How to protect your infrastructure from DNS cache poisoning
ICANN housecleaning revokes old DNS security key
By obtaining control of victims’ DNS, the attackers can change or falsify any data on the Internet, illicitly modify DNS name records to point users to actor-controlled servers; users visiting those sites would never know, Talos reported. To read this article in full, please click here
The Department of Homeland Security has issued a warning that some VPN packages from Cisco, Palo Alto, F5 and Pusle may improperly secure tokens and cookies, allowing nefarious actors an opening to invade and take control over an end user’s system. The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) warning comes on the heels of a notice from Carnegie Mellon's CERT that multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files.To read this article in full, please click here
The Department of Homeland Security has issued a warning that some VPN packages from Cisco, Palo Alto, F5 and Pulse may improperly secure tokens and cookies, allowing nefarious actors an opening to invade and take control over an end user’s system. The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) warning comes on the heels of a notice from Carnegie Mellon's CERT that multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files.To read this article in full, please click here
If you use the internet (which you clearly do), you likely know how important it is to protect your data in an increasingly dangerous cyber environment. But like other essential tasks that tend to be tedious (like filing taxes early and brushing your teeth for the full two minutes), most installing and running a VPN can sound unappealing to many: sure, they encrypt your internet traffic and hide your location — but they can also run frustratingly slowly, delaying the way you’d usually use the internet for entertainment and work. That’s where Ivacy VPN is different: not only will the speedy service let you browse and stream lag-free, it also offers real-time threat detection technology, removing malware and viruses at the server level. It ensures that all your downloads and devices stay totally secure, so you can stay safe online without being inconvenienced.To read this article in full, please click here
Building and deploying lightweight apps is becoming an easier and more reliable process with the emergence of unikernels. While limited in functionality, unikernals offer many advantages in terms of speed and security.What are unikernels?
A unikernel is a very specialized single-address-space machine image that is similar to the kind of cloud applications that have come to dominate so much of the internet, but they are considerably smaller and are single-purpose. They are lightweight, providing only the resources needed. They load very quickly and are considerably more secure -- having a very limited attack surface. Any drivers, I/O routines and support libraries that are required are included in the single executable. The resultant virtual image can then be booted and run without anything else being present. And they will often run 10 to 20 times faster than a container.To read this article in full, please click here
Network-as-a-Service (NaaS) is growing in popularity and availability for those organizations that don’t want to host their own LAN or WAN, or that want to complement or replace their traditional network with something far easier to manage.With NaaS, a service provider creates a multi-tenant wide area network comprised of geographically dispersed points of presence (PoPs) connected via high-speed Tier 1 carrier links that create the network backbone. The PoPs peer with cloud services to facilitate customer access to cloud applications such as SaaS offerings, as well as to infrastructure services from the likes of Amazon, Google and Microsoft. User organizations connect to the network from whatever facilities they have — data centers, branch offices, or even individual client devices — typically via SD-WAN appliances and/or VPNs.To read this article in full, please click here