Security Safari

New Threats in the Wild

This section is devoted to threats of particular note that have been seen in the past month. A select few of particular interest will be highlighted in greater detail. NIST NVD data is used to make these determinations.

HIGHLIGHT

Active Exploits on Chrome Zero-Day

What does it do?

A recently-patched Chrome zero day was confirmed by Google to have been exploited for use in the wild. CVE-2021-21148 was patched as of February 4th after a North Korean government-based hacking group likely used it against vulnerability researchers. This is a heap buffer overflow bug.

Potential Impact

If left unpatched and unchecked, heap buffer overflows can cause crashing, infinite program looping, or in this case, a way to introduce arbitrary code and access unauthorized data.

Remediation

Google has released a patch on Chrome version 88.0.4324.150 that addresses this issue.

More Information:

https://www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-actively-exploited-in-the-wild/
https://cwe.mitre.org/data/definitions/122.html https://nvd.nist.gov/vuln/detail/CVE-2020-20269

HIGHLIGHT

Android Packet Injection via Bluetooth

What does it do?

A series of vulnerabilities patched on 1/5 included a critical security vulnerability in the Android System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process. This is due to improper input validation on the packet fragmentation process. Other vulnerabilities repaired in the same patch also used varying methods of remote code execution.

Potential Impact

Arbitrary code execution through this method would allow for unauthorized escalation of privileges without user interaction.

Remediation

Users of Android should install the latest security updates to mitigate risk of attack.

More Information:

https://nvd.nist.gov/vuln/detail/CVE-2020-0471
https://source.android.com/security/bulletin/2021-01-01

From The Field

Real World Use Cases in Action

In this section, we’ll be covering a significant use case that our teams recently saw and remediated, along with some of the benefits of doing so. It is our hope that this section can give some ideas for both current and future customers as to what problems can be seen in the real world and how they can be solved using LogicHub automations.

Customer Use Case

CIS AWS Benchmarking

Summary

The CIS benchmarking framework is a set of guidelines that allows organizations to make detections against a wide variety of vendors and products. These benchmarks can also function as a sort of high-level security checklist, ensuring that all corners of a network can be checked and covered. When specifically applied to Amazon Web Services, users are checked daily for security violations.

Automated Solution

In the LogicHub solution, a flow is created to look at credential age, access keys, and policy violations. Whitelists are made to monitor for known permitted activity, then matched against daily monitoring data. In this way, thousands of users can easily be monitored for compliance and security risks with very little effort.

Benefits to This Approach

  • Quick and easy compliance based on CIS benchmarks
  • Easily modifiable to improve detections
  • High volume with low effort/processing power

Recommended Reading

This section contains some interesting reading related to the state of infosec today. These articles have a simple summary that explains the basic idea of the news and links to more information.

Card Resellers Facing Shutdown

This month, not only did we see the famous Joker’s Stash card market shutdown, but we watched ValidCC’s sudden seizure by law enforcement. Both of these credit card markets were larger players in the world of stolen credential marketing, with Joker’s Stash having a history since late 2014. Though this is not the end of the line for the stolen card market, it is sure to make resale more difficult in the coming months as vendors search for a place to sell their ill-gotten wares.

Read More
Read More

U.S. Cybersecurity Funds Announced

The new presidential administration has laid out plans for $10 billion in cybersecurity spending, mostly targeting hiring efforts for the Cybersecurity Infrastructure Security Agency. With more nation state actors causing trouble for government entities, this new spending plan is a definite relief, but experts like Tom Kellermann with VMWare Carbon Black insist that the number should definitely be more, ‘... about $100 billion over time’.

Read More

Increase In Industrial Network Security Holes Over Past Year

Industrial networks have been steadily increasing in popularity for threat actors over the past decade given their high value and their (typically low) security prowess. This year, a massive 33% increase over 2018’s industrial network vulnerabilities show just how far new threat efforts have come, especially with 71% of bugs being remotely exploitable.

Read More

Twice As Nice: Company Pays Ransomware Twice

Getting hit by ransomware is already hard enough on a company. In one organization’s case, lightning struck twice. A blog post by the U.K.’s National Cyber Security Centre spoke of this example in a trend of recent ransomware cases, noting that the organization had not been able to confirm and resolve the security hole after the first incident, causing it to be hit again by the same actor and method.

Read More

Myanmar Blackout

In an ongoing event, Myanmar has been facing significant internet blackouts across the country following a successful coup. As citizens protest, the Myanmar Ministry of Transport and Communications released a statement demanding that service providers block Twitter and Instagram. Facebook was blocked earlier this week.

Read More

LET'S GET STARTED

I would like to

Submit

Request a Demo

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO