fbpx
Open post

Cisco has a severe VPN bug, Patch immediately!

This just in, Cisco, the “worldwide leader in IT and networking”  has a severe but, that has been rated a “10 out of 10” by a security researcher.

The bug has to do with Cisco’s ASA software (Adaptive security Appliance). This bug is identified as a severe double-free vulnerability that is located in the Secure Sockets Layer VPN.  The danger in this vulnerability of the VPN service, is that an unauthenticated person may gain access via remote, and gain the ability to reload an affected system, or remotely execute code.

Furthering the potential danger, if an unauthenticated person were to use a specially crafted XML packet, they could gain complete control of the affected system. This information is all from Cisco’s advisory which is now lighting up the net.

As for the rating that is applied with this bug, which is identified as “CVE-2018-010”, there is a scoring system that indicates the vulnerability level of such bugs, and it was indicated that this specific bug rates a full 10 out of 10 on the scoring system.

Cisco want’s to stress that the bug is only exploitable if the ASA devices have the webvpn  feature enabled. Users may check this setting and ensure it is disabled by following the command-line interface instructions that is being provided by Cisco. Those commands can be found here.

The following is a list of known vulnerable technology:

  • 3000 Series industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches
  • Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • ASA Virtual appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Securtity Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD)

The bug is also known to apply to Cisco’s first remote access supported VPN, FTD 6.22 which was released last September. Versions before FTD 6.22 are not vulnerable.

You can check which versions you have through the instructions provided by Cisco here.

As of right now there are no known attacks involving this vulnerability, however Cisco is expecting reports of abusing this vulnerability.

Go check your systems and patch what you can. Stay vigilant in your defenses and don’t open any phishing emails!

 

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

Have you taken precautions? Is your sensitive information at risk?

Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!

Phone: 952-223-4422

helpdesk@re2tech.com

Open post

Ransomeware inbound! Another threat is looming on the web

This year alone, there has already been three large outbreaks involving online security and breaches.

Recently a new ransomware campaign has begun, and the targets have been high profile, for example Russia and Eastern Europe. This new threat has been named Bad Rabbit. The appearance of Bad Rabbit had been a grand event, simultaneously hitting organisations causing those affected to reminisce about the attacks earlier this year, like WannaCry and Petya.

So let’s break down what Bad Rabbit is

  • Russia, Ukraine, Germany, Turkey, Poland, South Korea, have all had reports of Bad Rabbit hoping out of it’s hole and causing a stir.
  • Bad Rabbit sent out file-encrypting malware to at least three media organisations in Russia, while also taking one news agency offline for a time.
  • Other organisations include the Odessa International Airport and Kiev Metro.
  • This far it is thought that 200 targets have been infected, and continue to be causing problems for infected organisations.

Bad Rabbit is a ransomware, which means once your infected, your at the mercy of the host of the hostile program.

  • Once the ransomware is active there is a note that takes up the screen informing the reader that all files are locked out unless payment is received and the acquired password is typed in.
  •  Victims are directed to a Tor payment page, where further instructions lie. The hackers demand payment through bitcoins and give a timer, to enhance the tension, saying the price will rise once the timer reaches zero.
  • The encryption used in the ransomware is called DiskCryptor. DiskCryptor is a open source software that is also legitimate and widely used. Keys are generated using CryptGenRandom and then protected by a hardcoded RSA 2048 public key.

Bad Rabbit takes it’s inspiration from one of the earlier malicious outbreaks known as Petya.

  • There is speculation that this ransomware is an alteration of the Petya dynamic link library. This being said, means there is a strong correlation between Bad Rabbit and Petya in terms of functionality/looks and possibly both stemming from the same group/person.
  • The way Bad Rabbit has spread is through drive-by downloads on hacked websites. A website is hacked and will begin to feature a false flash update that will begin to download if clicked at all.
  • It is estimated that some site have been hacked since June, featuring Bad Rabbits strong presence.

How far does Bad Rabbit go?

  • It’s important to know that Bad Rabbit spreads laterally across networks.
  • This means that Bad Rabbit can propogate without user interaction. So while your counting the timer down, the ransomeware is spreading across infected networks.
  • The ability to spread laterally across networks is due to the list given to Bad Rabbit, that has combinations of simple usernames and passwords which it uses to force itself into networks.

Bad Rabbit may have targets in mind.

  • Researchers have noticed a curious movement of Bad Rabbit, suggesting it has specific locations in mind, rather than indiscriminately infecting. Corporate networks seem to have the most focus, possibly suggesting that corporations are the enemy of the hacker/group.

Last bits of information.

  • There is still no claim as to who is behind this ransomware. Some believe that it’s the same group involved with the Petya virus.
  • Some believe it is not a Russian group due to Russia being under alot of heat from Bad Rabbit, and customarily Eastern Europe cyber-criminals avoid attacking the “Motherland”.
  • The code of Bad Rabbit has references to Game of Thrones.
  • It is possible to protect yourself from becoming infected. A way to prevent the execution of the file is to block ‘c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat.’ to help avoid infection at all.

Another day, another hacker, another virus. It’s never too late to up your defenses and avoid the mess of a breached network. 

Open post

Network Segmentation Security

As we all know, cyber attacks are becoming more and more commonly talked about. Defending yourself against a cyber attack can be difficult, there are so many forms of cyber attacks and multiple ways you can try to anticipate them. However, network segmentation is effective for anyone and everyone in helping to slow down the damage a cyber attack can do!

How does segmenting a network help defend or slow down the spread of a cyber attack?

By splitting up your network into smaller subnetworks you are able to micro manage different forms of cyber security. For example you can have one subnetwork with a form of security that looks specifically for one type of cyber attack, while having a different subnetwork with a different form of cyber defense. This multi segmented network gives a stronger control to role and functionality and if you were to be hacked in some way, this would not allow the breach to infest everything all at once. There would be time to discover the location of the problem and fix it before it spreads to a different segment of your network!

This form of security is especially useful for small businesses who manage everything on one network and rely on websites, smartphones and connected devices.

Firewalls are the corner stone for segmented networks, they ensure agility and security by managing traffic to and from network devices, as well as eliminate the threat of excess access to your network.

Give us a call at re2tech today and let us help spread your network into a more defensive state to mitigate any damage if you were to be the victim of an online attack! While were at it, let us increase your security through measures like VPN (virtual private network) to ensure your at your strongest to begin with and help avoid any attacks all together! 

Open post

Layered email security

We all have loads of emails coming in on a daily, especially if your a business. However we all also receive a bunch of spam, and some that have very bad intent for your security! Phishing attacks are becoming some of the most prominent forms of security breaches.

Phishing attacks: Phishing is the attempt to obtain sensitive information such as usernames, passwords, credit card details, all through the guise of a trustworthy entity over electronic communication.

As a solution to email spam and the ever malicious phishing attacks, a layered email security set-up is ideal. Layered security can be hosted locally or on the cloud. Layered security combines multiple mitigating controls to protect resources and data.

Here’s the breakdown for each layer and their involvement in adding to your security measures!

Layer 0 or 6: SIEM, spam control and monitoring

This layer focuses on the generating data about quantities of emails that can be cataloged as spam. This can be the initial or final step in the layers. Using this information we can improve the process of our current antispam protection system.

Spam control through SIEM (Security Information and Event Management) allows the generation of statistics to determine the number of attacks stopped by the other layers of protection, validating our security system.

 

Layer 1: Mail scanning via external services

Not all businesses start out with antispam protection technology, so its important to incorporate some platform that holds a continuously updated source of threat intelligence data. Detection systems, sensors and other information gathering mechanisms that summarize the data of potential new attackers or existing actors/suspects.

 

Layer 2: Perimeter protection

Ensure the computers have a form of firewall and spam detection system. Firewalls generally provide perimeter protection to internal networks, however its important to test these security measures to make sure they are configured correctly and catch the correct forms of spam/emails.

 

Layer 3: Internal network, mail servers and antispam solutions

Many next-gen email platforms have local spam protection, but need to be configured correctly for your specific business needs and pointing to internal antispam servers.

 

Layer 4: Final devices

Each host should have protection mechanisms connected to the mail client. This mechanism must be able to identify threats, email spam, and spear phishing attack. These systems can be connected to Outlook, Notes, and Thunderbird.

 

Layer 5: Training end users to avoid phishing attacks

Users are one of the most important layers of protection. Its important to teach the basics to your employees about security awareness, because ultimately when it comes to phishing attacks through email, each individual user has to know what to look for and avoid!

Give us a call at Re2tech today and let us ensure your security is in place and ensure all forms of protection are in place to prevent any susceptibility to phishing attacks among the other online dangers!

Open post

Man-In-The-Middle-Attacks, dont get caught in the middle!

the Man in the Middle (MitM), is a form of cyber attack that abuses public WiFi access to hack into peoples information that may pertain to messages to transactions, and even saved passwords.

How it works-

  • Clients (which is you) use an access point in a public location, simply put, public wifi, for example caribou.
  • Hackers can use this same access point as a cloak.
  • When you attempt to access a website or some online service, the hacker acts a relay between you, the client, and the access point.
  • While this is happening, the hacker may store the information you use while surfing the web and use it to invade your security, be it financial or other personal forms of information.
  • During the process, there is little to no evidence that you are being used.
  • Weak passwords are a common problem allowing clients to be abused. Weak password encryption will slow down the hacker little to non.

Due to the increasing prominence of these forms of attacks, its important to recognize which public hotspots are legitimate. Hackers are able to create their own open network with a name that would relate to the surroundings.

Example: Client is at caribou

Hotspots available:

Caribou WiFi

Free Caribou WiFi

WiFi Caribou

So which one is the real WiFi and which one is made by a hacker attempting to gain your sensitive information? Its important to be conscious of the networks your connecting to, especially when using devices with important stored information. When in doubt ask someone who is working at the establishment your at to ensure you connect to the safe network, or wait until your at a location with a network you already are familiar with and know is safe!

Hackers may also use these situations to insert a form of Malware through the guise of ‘free upgrades’ or some other fake advertisement.  Read our article on malware to understand what it is! Knowledge is power!

To help ensure your safety when connecting to networks, you can set up a VPN, or virtual private network. A security measure that works wonders for these situations especially.

Call us at Re2tech today and ask us to create a VPN for you to help ensure your information doesn’t fall into the wrong hands! While your at it, check out our article relating to passwords and how to enhance their security!

Open post

You may not be as secure online as you think you are

Today, you might think you’re secure online, but the chances of that being true are very slim. The problem with what we know about cyber-security is not that we remain illiterate on the topic, it is that we assume we know what we are doing. The Pew Research Center located in Washington D.C. did some research to see just how much Americans know about internet security.

The pew report which was based on an online survey done between June 17th and June 27th of 2016, on 1,055 U.S. internet users aged 18 and older, found that the people who surveyed only really knew information about two different points. One was passwords. Most were able to identify that something like “HT!23g@” was a better more secure password then “123456”. The survey however did not ask whether respondents actually refrained from using passwords like 123456 for any accounts.

Also, a majority of the survey takers knew about the risked posed by public wifi. They agreed that just having a network password protected doesn’t mean it will be safe for activities like online banking or something similar.

About a third of the survey respondents knew that a website starting with “Https” means that the site is encrypted, Meaning that the site would prevent people on the same network from spying on your traffic. About 13% knew that a VPN routes all of your internet traffic over a link that is encrypted, which further improves your security on public wifi.

The bad news is that only about 50% of people who took the survey could identify a phishing attack designed to steal your username and passwords at a fake site. Only 50% of the people knew that disabling a smartphone’s GPS won’t make your phone stop tracking your location.

This just shows that there is a lot of things people don’t really know about the internet and how it works. Security is becoming more and more complex, and even more confusing to the general public, and people tend to think they know what they are doing. This is the main problem, and people should really be more concerned about this type of thing.

If you have any issues with cybersecurity, we at RE2 Tech are here to help you today ! Contact us here for inquires!

contact_us_button

Source : https://www.yahoo.com/tech/internet-security-215507003.html

Scroll to top