Something as dynamic as the world of information or cyber security witnesses scores of activities every day. It is an ever raging battle between the attackers and the security providers. Keeping up with the numerous developments can be a daunting task, but for a cyber-security enthusiast, these updates become a necessity to be better prepared to tackle all the threats. Here are the top events of the past week in the world of cybersecurity.
1) US Cyber Command Appoints New Vice Admiral As A Security Measure
The head of the US Cyber Command, Army Gen. Paul Nakasone, promoted serving Rear Admiral, Ross Myers of the US Naval Command, to the rank of Vice-Admiral to ensure a safe, secure and un-interrupted electoral process for the nation. They are keen on preventing any foreigner or outsider, intending to target and disturb the election process, from succeeding in their vicious attempts.
Why Ross Myers as the new No. 2?
- He holds good experience in the military.
- He has served as the director of plans and policy, at the US Cyber Command, and has also been the assistant deputy director for global operations of the Joint Staff, and the executive assistant to the vice chairman of the Joint Chiefs of Staff.
- In spite of not having a digital background, Myers has tremendous experience in running the day-to-day operations of large organizations in addition to a thorough knowledge of Cyber Command.
2) Trump Warns UK Of Potential Disruption To The US-UK Intelligence Sharing
After having sent many of his aides to convince the British authorities to defer their alliance with the Chinese tech giant Huawei, US President Donald Trump has now decided to take the matter into his own hands. Huawei is working closely with the UK to build a part of its 5G mobile Network. Trump is all set to begin a three-day state visit to the UK in June, where he will address the issue, both publicly and privately.
Defying the US demand for an absolute ban on the Chinese tech giant Huawei’s participation in the latest digital infrastructure technology, UK had allowed Huawei to build parts of its 5G Network, which shall facilitate faster internet speeds and lower lag times, thus transforming the way people interact with new technologies. However, Britain is firm on not letting Huawei provide any “core” technology. The company shall merely provide “non-core” technology, to the country’s mobile operators for the next-generation networks.
Why doesn’t the US want interaction with Huawei?
- The US seems to have trust issues with Huawei and claims that the company’s equipment could be used for espionage by the Chinese government.
- To add to this, Huawei is facing criminal charges from the Justice Department for allegedly stealing trade secrets and skirting US sanctions on Iran. The company has, however, denied all the accusations.
It is because of this reason that the US continually urges its allies, to keep out of engagements with Huawei for their 5G networks. Major countries like Japan and Australia have adhered to this instruction and blocked the company’s equipment.
3) Ill-equipped National Guard Members Develop A New System For Cybersecurity
Analyzing and finding themselves to be ill-equipped in meeting advanced security obstacles, the National Guard members decided in unison, to build a security system on their own. The developed method can detect abnormal behavior on the Network, reduce the number of analysts, and enrich the network data provided to data scientists.
The Task Force Echo team sought the help of their counterparts in Missouri, who had already developed a system called “RockNSM” which stands for Response Operation Collection Kit Network Security Monitoring. The RockNSM system works on an array of open source technologies and provides a scalable sensor platform for both enduring security monitoring and incident response missions.
What does RockNSM do?
The RockNSM system enriches the data so that the data scientists can do the needful to ensure adequate security posture. The system enables a commander to understand his network signature.
4) Tripwire’s Patch Priority Index (PPI) Addressing System Vulnerabilities
Tripwire’s May 2019 Patch Priority Index (PPI) brings to light the critical vulnerabilities in Microsoft and Adobe. Besides, there are patches available for download this month to resolve the BlueKeep (CVE-2019-0708) Remote Desktop Services remote code execution vulnerability.
Following is a list of the patches brought forth:
- Patches for unsupported versions of Windows, including Vista, Windows XP, Server 2003 R2, Windows 7, Server 2008, and Server 2008 R2. Newer versions of Windows are not prone to BlueKeep vulnerability.
- Patches for Microsoft’s Browser and Scripting Engine that resolve 23 vulnerabilities including fixes for memory corruption, security feature bypass, spoofing, and information disclosure vulnerabilities.
- Patches for Adobe Flash Player (APSB19-19) that resolve a critical use-after-free vulnerability in Adobe Flash Player that can lead to arbitrary code execution in the context of the current user.
- Patches for Adobe Reader and Adobe Acrobat via the APSB19-18 security bulletin that resolve 84 vulnerabilities including out-of-bounds read, out-of-bounds write, type confusion, use-after-free, heap overflow, buffer error, double free and security bypass vulnerabilities that can lead to information disclosure and arbitrary code execution.
- Patches for Microsoft Office Access and Word that resolve four vulnerabilities, including fixes for remote code execution vulnerabilities.
- Patches for Microsoft Windows that resolve 30 vulnerabilities including elevation of privilege, information disclosure, security feature bypass, and remote code execution vulnerabilities.
- Patches for the .NET Framework and .NET Core that resolve four denials of service vulnerabilities.
- Server-side patches are available for Microsoft SharePoint, Team Foundation Server, Azure DevOps Server, SQL Server and Microsoft Dynamics that resolve 13 vulnerabilities including elevation of privilege, spoofing, cross-site scripting, security feature bypass, remote code execution, and information disclosure vulnerabilities.
5) Majority Of Organizational Data Breaches Occur Due To Unpatched Vulnerabilities
In the twelfth edition of the Data Breach Investigations Report (DBIR), the Verizon Enterprise analyzed a total of 41,686 security incidents of which about 52 % reported breaches involved some form of hacking. To address the question of how the organizations are dealing with vulnerabilities today, Tripwire, in association with Dimensional Research, surveyed 340 information security professionals with regards to trends in Vulnerability Management (VM).
Findings of the survey:
- As reported by employees, 27% of employers undergo a data breach because of an unpatched vulnerability.
- 21% of IT security professionals said that it took their organizations a matter of days to detect new IT assets. Whereas another 10% revealed that it took them much longer to do the same, and another 11% of participants confessed that their employer could not discover new hardware and software altogether.
- 50% of participants reported that their employers only had enough resources to apply their program to high-severity vulnerabilities, while for some, the vulnerability scans were conducted only to meet compliance or other requirements.
- Only 88% of employers have vulnerability scans in place, while the remaining 12 remain perennially vulnerable. Of the 88% with vulnerability scans, only 63% have adopted authenticated scans.
The research findings resonate something that is very basic and yet very easily forgotten – not having proper and authenticated vulnerability scans can be harmful. It merely gives a partial picture of the vulnerability risk in the enterprise systems. There is still a lot of scopes for organizations to improve their security posture through better vulnerability management.
6) Apple’s new Privacy Update Raises the Bar for the rest
An underlying theme of Apple’s annual developers’ conference held on June 3rd, Monday was to discuss its latest privacy measures. With the “Sign in with Apple” feature, the users can now log in without having to create a separate username and password. Apple claims that this solution doesn’t gather any personal data of users like other apps and websites from Facebook or Google. Instead, it goes a step further and provides users with the option to scramble their email address so that an adversary never gets access to it.
Essential features of “Sign in with Apple.”
- Separating Apple from its data-hungry rivals, the “Sign in with Apple” now makes it mandatory for any app that offers the option to sign in with Google or Facebook, to provide an opportunity to sign in with Apple.
- Apple very skillfully shall make its user base of more than 900 million people more vigilant and aware of the privacy practices of its Tech rivals. Apple will continuously keep reminding its users that those companies are not very reliable when it comes to data collection.
However, it is still felt that there is room for improving its privacy options for Apple, considering the amount of power it exercises over its rivals!
7) Major Data Breach Puts The Security Of 7.7 Million Users At Stake – LabCorp
Not very long after Quest Diagnostics announced a data breach of its customers, Laboratory testing giant LabCorp too made a statement that it has undergone a data breach during which, confidential data of over 7.7 million customers has been compromised. The third-party billing collections vendor of LabCorp – American Medical Collection Agency informed LabCorp of the access hackers gained into AMCA’s online payment system. LabCorp had referred millions of customers to AMCA for billing collections and when email phishing attack took place, vital details such as first and last names, credit card and bank account numbers, birth dates, addresses, phone numbers, dates of service, health care provider information, and the amount owed, etc. of 7.7 million customers had been compromised.
However, the silver lining amidst all this is that certain parts of information, such as Social Security numbers were not involved in the breach. As an immediate solution to minimize the losses, AMCA is sending notices to over 200,000 LabCorp customers whose bank information was compromised.
8) Researchers Unearth 40,000+ Containers Exposed Online with default configurations
Security firm, Palo Alto Networks’ Unit 42 revealed its latest research reports in a blog post as they discovered over 40,000 Kubernetes and Docker cloud container (A container is a standard unit of software that packages up program code and all its dependencies so that the application can run quickly and reliably from one computing environment to another such as an application code, runtime variables, system tools, system libraries, and settings.) hosting devices exposed to the public internet through default misconfigurations. As per the blog post, there were around 23000+ Kubernetes containers found with the default configuration, located mainly in the US, as well as Ireland, Germany, Singapore, and Australia. Researchers also discovered 20000+ misconfigured Docker containers exposed to the internet, mainly in China, the US, Germany, Hong Kong, and France.
Unit 42 also identified and reported that many of the cloud systems not only hosted an Elastic database without any form of authentication mechanism in place which helps to secure the information it contained but also hosted an additional unsecured service, i.e., an instance of Kibana running alongside the Elastic instance.
Unit 42, in its blog post, has proposed the following steps to improve the overall security of cloud container platforms.
- Organizations should invest in cloud security platforms or managed services which are focused on container security policies and strategies.
- The enterprise should limit the access to cloud services hosted on containers to their internal networks, or prior designated employees
- Establish basic authentication (such as multi-factor authentication) requirements for the cloud containers.
Use of firewall controls for cloud or use of container platform network policies to prevent breaches.