fbpx
Open post

Cisco has a severe VPN bug, Patch immediately!

This just in, Cisco, the “worldwide leader in IT and networking”  has a severe but, that has been rated a “10 out of 10” by a security researcher.

The bug has to do with Cisco’s ASA software (Adaptive security Appliance). This bug is identified as a severe double-free vulnerability that is located in the Secure Sockets Layer VPN.  The danger in this vulnerability of the VPN service, is that an unauthenticated person may gain access via remote, and gain the ability to reload an affected system, or remotely execute code.

Furthering the potential danger, if an unauthenticated person were to use a specially crafted XML packet, they could gain complete control of the affected system. This information is all from Cisco’s advisory which is now lighting up the net.

As for the rating that is applied with this bug, which is identified as “CVE-2018-010”, there is a scoring system that indicates the vulnerability level of such bugs, and it was indicated that this specific bug rates a full 10 out of 10 on the scoring system.

Cisco want’s to stress that the bug is only exploitable if the ASA devices have the webvpn  feature enabled. Users may check this setting and ensure it is disabled by following the command-line interface instructions that is being provided by Cisco. Those commands can be found here.

The following is a list of known vulnerable technology:

  • 3000 Series industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches
  • Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • ASA Virtual appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Securtity Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD)

The bug is also known to apply to Cisco’s first remote access supported VPN, FTD 6.22 which was released last September. Versions before FTD 6.22 are not vulnerable.

You can check which versions you have through the instructions provided by Cisco here.

As of right now there are no known attacks involving this vulnerability, however Cisco is expecting reports of abusing this vulnerability.

Go check your systems and patch what you can. Stay vigilant in your defenses and don’t open any phishing emails!

 

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

Have you taken precautions? Is your sensitive information at risk?

Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!

Phone: 952-223-4422

helpdesk@re2tech.com

Open post

Googles discovered CPU vulnerabilities, and how it can affect you

Google is a forerunner in the online world for many aspects, but one of the main focuses of Google is security. Google has a “Project Zero” team dedicated to researching vulnerabilities their customers may be facing while also doing their best to provide solutions to the problems.

Last year the Project Zero team had come across a security flaw due to something called “speculative execution”, which is described as a technique used by most modern processors (CPUs) to optimize performance.

This security flaw is seen as a more serious flaw, due to it’s capabilities for leaking vulnerable information to an unknown party. Malicious persons may take advantage of the said vulnerability in the speculative execution process to read system memory that should otherwise be inaccessible. This may lead to the exposure of information such as passwords, encryption keys, or even sensitive information that is present in open applications. It was also noted that a virtual machine attacked through the vulnerabilities of speculative execution could also lead to access of physical memory in the host machine, further enhancing the dangers.

The affected CPUs are rather wide, but include AMD, ARM and Intel, as well as devices and OS running on those CPUs. Google has stated that the research team has updated their systems to defend against the speculative execution attacks, and cooperated with hardware and software manufacturers across the industry to protect a more broad range of technology and people. This cooperation has lead to mitigation of the affected from this form of attack.

Google has released a list of products and machines that have the mitigation and protection in place, the following are secured from the speculative execution attacks.

  • Android- Those with the latest security update are secure. Nexus and Pixel devices are also secure with the latest security update.
  • Google apps/ G Suite- no action needed
  • Google Chrome- There may be some necessary actions required on the users end. A link to the page is here
  • Google Cloud Platform- Google App engine is secure.
    Google Compute Engine: additional action required here
    Google Kubernetes Engine: additional action required here
    Google Cloud Dataflow: additional action required here
    Google Cloud Dataproc: additional action required here
  • All other Google Cloud products have been cleared and are secured.
  • Google Home/Chromecast -no action needed
  • Google Wifi/OnHub – no action needed

Google has stated that in order to take advantage of this new method of attack that uses speculative execution, the attacker must first run malicious code on the system they targeted.

Google has stated that there are three variants of the attack, which cant be mitigated with one method, but needs a specific method for all three attack variant. Some vendors have patches for one or two of the attack variants, and Google is working with them to ensure all three get mitigated over time.

It is good to know Google is helping to spread the necessary information for others to protect themselves against such a potentially dangerous attack! As for other means of protection, why not give us a call at Re2tech! We will ensure a strong security for your network and help teach you about your own system along the way! We make I.T. happen!

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

Have you taken precautions? Is your sensitive information at risk?

Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!

Phone: 952-223-4422

helpdesk@re2tech.com

 

Open post

Cloud security going into 2018

The cloud is becoming more and more preferred as times goes by. Data and applications are streaming to it at a faster rate every hour, and more people are deciding to turn to cloud services on a daily. There is no question as to why this is happening, the cloud services are extremely convenient and offer functionality that you cant find anywhere else! In saying that, this also means cloud services are under a watchful eye by everyone, even the nefarious types.

Threats to the cloud

Generally when we have something good, people like to mess it up. The cloud is no different, there are people who have already interfered with the cloud and it’s services to steal data for very selfish and rather rude reasons. 2018 will be no exception to this, for there are quit a few issues with the newly born service that can easily be manipulated. Despite popular belief, cloud services and their security are not in the hands of the service provider, rather the customer. Knowing that, we should evaluate the potential risks with cloud technology and understand the vulnerabilities of the information stored on the cloud.

  • Data breaches– This can occur in multiple ways, ranging from intent to steal information on the cloud, human error, vulnerabilities in applications relating to the cloud, or just poor security understanding and practices.
  • Insufficient identity, credentials, and access management– Persons with ill intent may gain access to cloud stored information and cause all sorts of trouble due to a lack of credential security, which would enable unauthorized access to your data.
  • Insecure interfaces and application programming interfaces– Cloud technology providers expose UI’s and API’s that customers may use to manage their cloud experience. This is both great and bad, for this means the protection you could have is in your hands, and were you to become accessed by some unwanted party, they now have full access to your cloud security, and the providers of that cloud will have little to no feasible way to rescue you. There is a lacking of accidental and malicious attempts of policy circumventing.
  • System vulnerabilities– This is the big contender that has gained spotlight this last year for cloud tech. These are exploitable bugs in the program that allow malicious actions to gain access to a system and steal data, taking control of the system, or disrupting service operations.  Vulnerabilities within the components of the operating system put security of all the services and data at significant risk. Because the cloud has systems from various organizations placed close to each other, if the cloud is breached, that means those other systems are now vulnerable as well.

The cloud is a fantastic service that will no doubt lead to other great systems and functionality in the world, however right now while it is still young, it has quit a few quirks to work out before it can be considered a fully safe and developed system. Now that doesn’t mean don’t use the cloud, it means be mindful of what you put on there, and the risks that are present in the technology your using.

Open post

Net neutrality and the FCC’s use of deceased people’s name

Lately the internet has been abuzz about net neutrality and preventing it from being stolen from us, lest we want to see a degradation in our society. Even knowing this, and having sent the FCC millions of petitions and signatures, the chair of the FCC still ignored the pleas of the masses and voted for tearing down our rights to online access and freedom to roam. Not only did the FCC ignore the masses, but the FCC also decided to revive the dead and use them against us.

 

What is net neutrality? 

First lets quick cover the basis of what net neutrality is. Net neutrality is basically a guiding rule or principle. It preserves our right to roam and communicate freely online, without the interference of those in a higher power position. It is free speech for the internet. This allows us to have access to all forms of information without any bias in the mix, restricting what we see and read and learn. For example, if net neutrality does become history, Fox news could pay to have specific internet providers show news from them, and them alone. This would cause a great tunnel vision in our society, and depending on peoples specific situations, cause a rift in general knowledge and understanding, leading to more chaos separation in our society.

Deceased commentators 

So back to the first paragraph, deceased persons coming to life. On multiple instances, there has been a realization that people who have passed away are somehow posting onto the FCC’s site, tickets that are in favor of getting rid of net neutrality. Family members of these deceased commentators have outright called on the FCC for their immoral and illegal actions, demanding they stop such horrid actions and be taken to court for just desserts.

Comments by the deceased were sometimes word for word, the same as other comments by other deceased persons. This shows the action as being a form of spam. But the issue at hand is that the FCC is using identities of Americans who have died to try and defend their actions by putting words in their mouths and pretending they were still alive.

As a response, the FCC has said that unvetted commentary has lost all forms of power online, and will therefore be dismissed. The only way comments will be considered is if they are cryptographically secure identities, tied to living persons.

The FCC has stated they will not help in the pursuit of those using deceased Americans identities.

Net neutrality is obviously something very important for more than just online surfing, it gives access for students and education, for keeping the world in mind and staying up to date on global events and being able to read both sides and come to ones own conclusions. Net neutrality is so much more than just “the internet” it is a necessity in a world ever growing in technological involvement.

Educated yourself on the issue

Learn about net neutrality, make an educated, well thought out decision on the matter, and then give your comments to the FCC. Here is a helpful link to the FCC’s site where you can submit your comments. http://gofccyourself.com

Open post

Companies who have been breached are still confident in their defenses

There has been a lot of articles and news covering companies and businesses who have security breaches and had people’s vulnerable information out in the hands of some hackers. Despite this news, APAC organisations are still confident in their online security measures, and feel like they don’t need to change or enhance those measures.

Fortinet recently took a poll with an enterprise security survey and the results were, unique. If we look at the companies who took the poll we see that 86% of those organizations had actually been the victim of a breach, and yet 48% of the IT decision makers at APAC are still confident in their security defenses.

There were a total of 1,801 respondents across 16 countries globally. 82% percent of the APAC IT decision makers see themselves in a higher standard  when it comes to cybersecurity compared to other organisations. However there was an honest 6% that said they felt they were lagging behind. This curious insight tells a bigger picture of the false sense of security an organization can have, which can lead to a self detrimental outcome down the road.

The reasons for this confidence are found in the method that caused their data breach in the past. There is a lack of fear in their cybersecurity because most organizations chalk up their data breaches to things like social engineering, ransomware and email phishing, things that are less to do with cybersecurity and more to do with human error.

When questioned what these organisations would do differently in their security career, 46% said they would invest more into employee training when it comes to cybersecurity awareness, which would in turn prevent their security breached past to begin with.

As a follow up from the Fortinet poll, organisations have planned to employ an IT education program for 2018 to enhance user security in the organisations. This is a great start. but it was also made aware that only 26% of the APAC businesses plan to employ network segmentation to reduce the spread of malware.

It is important to not only be aware of threats online like email phishing, but also to enhance your understanding of cybersecurity methods that would prevent things like the spread of malware, or open back doors to the network!

If you have any networks that could use some beefing up, or your looking for some insight into online security, give us a call today and let Re2tech be your source of cybersecurity!

Open post

Data breach at the Department of Social Services

This just in, the department of Social Services credit card system has been breached, as of yesterday. This isn’t something to be thankful for that’s for sure.

8,500 people have received warnings that their personal data held by a contractor has been breached. Past and current employees alike are vulnerable. The breach included employee names, user names, work phone numbers, work email, credit card information, Australian government  service number, public service classification, organisation unit and system passwords. In early November, the department alerted it’s employees to the system breach prior to 2016.

There was not a communication of how long the data was exposed for, however a DSS spokesman said the contractor, business information services, said the data was open from June 2016 until October 2017. The data related to the period 2004-2015.

So far the DSS is putting blame on the third-party providers actions, stating that the breach is in no way a fault of the DSS. Recently stated, the DSS said the data has now been secured, and that there was no evidence of improper use of the departments credit cards. It was stated that the type of information that was stolen can be a strong factor to identity theft, fraud and masquerading, where the attacker is pretending to be an authorized user.

 

Open post

FCC is pushing out low-income subscribers, because apparently they’re not good enough

Recently made public, is the news arriving about the FCC and their customer base.

The federal Lifeline program that lets low-income people use a 9.25$  monthly household subsidy to buy internet or phone access, is being scaled back due to a recent vote by the FCC. This change comes in response to a new spending cap that basically prevents people who qualify for the subsidies, to actually receive them. It doesn’t stop there, apparently the FCC is going to lengths to ensure resellers- telecom providers that don’t operate on their own infrastructure- from offering a Lifeline service subsidized plan.

Some of the aforementioned changes take place immediately, as for other aspects, the FCC is taking into account public approval first. The FCC has put out a public comment to see what everyone thinks about a potential ban on resellers participating in the program.

This news from the FCC may affect up to 70% of wireless phone users with Lifeline subsidies, which may force them to find new providers. If resellers are excluded from the program, there would be a limitation of other options on the market. This may result in low-income people from finding any provider that will accept Lifeline and essentially forsaking those people and limiting them even more so. So much for a lifeline.

There has also been a change in the eligibility for Tribal residents. The FCC eliminated the 25$ extra subsidy for Tribal residents who live in urban areas. Only in rural areas will the 25$ extra subsidy be available for Tribal residents.

The FCC stated that they took these measures to help prevent fraud and abuse  as well as waste. They also stated that they are beginning to create a new implementation to help ensure minimal abuse and falsification.

When a representative was asked about how many Lifeline subscribers they had talked to before commencing with these changes, their answer was more so an avoidance of the question, rather than a response. 

Open post

Phishing or data breaches? Which should you be worried about?

As of late, there has been a lot of talk about data breaches and online security failures. Naturally these instances can be concerning due to their involvement with their customers, like you! It is important to secure your network and be aware of any gaps that may be taken advantage of, however it is also important to watch out for phishing attempts, some believe even more so.

Recently, Google and UC Berkeley researchers have stated that the real fear should lie with the phishing hook waiting for unsuspecting persons. While data breaches can be devastating, it is thought that phishing can lead to more devastating results in the end, for example losing access to accounts and having your life’s work or personal documents/information out of reach. A strong example would be the loss of your Google account, that most persons now use regularly and hold superfluous  amounts of life activities and records on. Phishing generally has a much higher encounter rate than data breaches.

Last year Google did a study, with their services as the focal point, to study the commonalities of phishing, key logging, and data breaches. Through the study, it was noticeable that phishing was much more relevant than key logging or data breaches. Through the process of this study, the gained knowledge was put to use almost immediately, helping to secure around 67 million Google accounts from possible abuse.

Google used large amounts of sources to help discern accounts that have already been compromised by key logging, phishing and data breaches, and it became known that most of those using phishing kits reside in the following order.

  • Nigeria
  • United States
  • Morocco
  • South Africa
  • United Kingdom
  • Malaysia

The basis of the phishing attacks, involve a false sense of insecurity. They are emails or something of the like, that state there is a problem and that the message can take you to the solution. These messages are often portrayed very convincingly which tends to be the reason they are believed more often than naught. Another part of the ponies tricks is using Google against itself. Often the messages attempt to gain excess forms of information under the premise of being Google asking for these other forms of information. The other forms of information include IP addresses, device make and model, phone numbers, and location, all of these things are something Google may ask for at times, meaning you need to be that much more vigilant. Through gaining access to these other forms of information, those doing the phishing can extend their area of activity and possibly cause even more of a stir-up on your life.

 

Google found that, while data breaches can be a serious problem, there has only been about 7% of accounts that experienced data breaches, and those accounts have long since been inactive before being breached. In saying that, key logging and phishing accounted for around 12 or 25% of account passwords being used by persons other than the account owners. Most of the phishing victims were in the United States, while Brazil and India being the majority of key logging victims.

No matter the form of security breach, it’s important to continually be conscious of your activity online, and ensure your keeping yourself, life, and information safe. 

Open post

Android security update! KRACK be gone and band-aid adhesion!

Android deployed its recent patch for their phones. This patch holds significant updates, that involve KRACK (Key Reinstallation Attack) and also some fixes for the newly released Pixel 2 phones!

Surprisingly, Google actually released three updates for November. There is the main update that involves the normal bug fixes and performance updates. The second patch is in relation to the Qualcomm bug that left users vulnerable to Wi-Fi breaches.

The Qualcomm bug comes second to the Krack update. Earlier this year a weakness was found in the WPA2 Protocol that put thousands of people in a vulnerable position, allowing them to be hacked through most all Wi-Fi points. Krack is all about that new vulnerability in the WPA2, those most vulnerable however would be the Linux and Android 6.0+ devices, this is because their system can be tricked into installing an all-zero encryption key.

The 2017-11-06 patch that addresses KRACK issues affects versions ranging from Android 8.0 Oreo and all the way back to 5.0.2 Lollipop. As for Google’s Pixel and Nexus, the patches thus far released are only up to 2017-11-05, so the KRACK update has not hit those customers yet, but it is presumed they will receive the 2017-11-06 update sometime closer to December.

Along with bug fixes and security reinforcement, Google is now adding functional updates in the mix. When the Google Pixel was released, the XL variation received a lot of criticism due to the screen brightness and burn of the battery that occurred passively. To help diminish these concerns, Google updated the phone with new functionalities. The first would be a new dimming navigation bar, that dims the navigation bar when it is not in use, while also changing to white while in some applications. The patch also lowers the max brightness.

Another complaint was the colors of the display were dull. It seems Google anticipated this possibility and had installed a “Vivid color” check box in the settings menu. However this saturation wasn’t enough for some customers so Google released a new “colors” option that gives three options for saturation, ranging from natural, to saturated, to boosted. Supposedly there have been reports of clicking noises while on the phone with the Pixel, but Google states the November patch fixes that as well.

Open post

Update on the wild Bad Rabbit

Ukraine speaks out on the Bad Rabbit running rampant in Russia, stating that the hackers behind the NotPetya virus were the probable group responsible for the release of Bad Rabbit.

A Ukrainian official stated that the attacks from Bad Rabbit could have been mitigated greatly had organisations followed the recommended methods of malware handling, as well as basics on not clicking on suspicious messages. A prominent characteristic of the Bad Rabbit virus is the coding  and method of approach, which leads to further believing that the same group who released the NotPetya, also released Bad Rabbit.

Thus far, it is believed that the hacker group known as Black Energy are responsible for the NotPetya and Bad Rabbit virus’. This hacker group is a Ukrainian hacker group know to work in favor of Russia.

As of late, Ukraine has been the victim of multiple cyber attacks, having power knocked out in thousands of homes, frozen super market tills, and government computers that were left paralyzed. Ukrainian officials have stated that they think Russia sees the Ukraine as a testing ground for cyber attacks.

The US and Ukraine have been working together to teach comprehensive hacking combat techniques and skills.

Ukrainian officials believe there are many more cyber attacks on the way.

Posts navigation

1 2 3
Scroll to top