Security News

Researchers discovered several potentially serious vulnerabilities in Pepperl+Fuchs Comtrol's RocketLinx industrial switches, including ones that can be exploited to take complete control of devices. SEC Consult told SecurityWeek that exploitation of the vulnerabilities requires network access to the targeted switch - no permissions are needed on the device itself.

Cybersecurity researchers have found critical security flaws in two popular industrial remote access systems that can be exploited to ban access to industrial production floors, hack into company networks, tamper with data, and even steal sensitive business secrets. The flaws, discovered by Tel Aviv-based OTORIO, were identified in B&R Automation's SiteManager and GateManager, and MB Connect Line's mbCONNECT24, two of the popular remote maintenance tools used in automotive, energy, oil & gas, metal, and packaging sectors to connect to industrial assets from anywhere across the world.

SecureCloud addresses a daunting challenge for business, DevOps, and security leaders: rapid deployment of applications and services to customers - without sacrificing security measures or privacy protections. "We greatly benefited from Anitian's Compliance Automation Platform to migrate our application to the AWS cloud and achieve our FedRAMP authorization," said Ignacio Martinez, vice president of security, risk, and compliance for Smartsheet.

Cohesity announced Cohesity SiteContinuity, an automated disaster recovery solution that is integrated with the company's backup and continuous data protection capabilities - making it the only web-scale, converged solution to protect applications across tiers, service levels, and locations on a single platform. "The new solution from Cohesity is very timely as it allows us to protect our mission and business-critical applications on a single platform. We can now automate our business continuity and disaster recovery strategy, all from Cohesity's data platform, making it easier for us to manage SLAs, and reduce downtime with automated, rapid failover and failback."

Despite an 8% decrease in overall malware detections in Q2 2020, 70% of all attacks involved zero day malware - variants that circumvent antivirus signatures, which represents a 12% increase over the previous quarter, WatchGuard found. Zero day malware made up more than two-thirds of the total detections in Q2, while attacks sent over encrypted HTTPS connections accounted for 34%. This means that organizations that are not able to inspect encrypted traffic will miss a massive one-third of incoming threats.

In one of the attack vectors, attackers can attack the victims using a specifically crafted website. The second attack vector, attackers can attack the victim by just remotely communicating with the CodeMeter server that is located on the machines.

If you're administrating Windows Server, make sure it's up to date with all recent patches issued by Microsoft, especially the one that fixes a recently patched critical vulnerability that could allow unauthenticated attackers to compromise the domain controller. Dubbed 'Zerologon' and discovered by Tom Tervoort of Secura, the privilege escalation vulnerability exists due to the insecure usage of AES-CFB8 encryption for Netlogon sessions, allowing remote attackers to establish a connection to the targeted domain controller over Netlogon Remote Protocol.

Cisco flagged threats like Kovter, Poweliks, Divergent and LemonDuck as the most common fileless malware. Another prevalent critical threat to endpoints in the first half was dual-use tools that are typically leveraged for both exploitation and post-exploitation tasks.

The Department of Homeland Security has given system administrators until today to patch a critical vulnerability in Windows Server that could allow an attacker to hijack federal networks, via a flaw in the Netlogon authentication system. On 18 September, the DHS's cybersecurity division issued an emergency directive giving government agencies a four-day deadline to patch the CVE-2020-1472 vulnerability, also known as Zerologon, citing the "Unacceptable risk" it posed federal networks.

Bruce Schneier coined the phrase security theater to describe "Security measures that make people feel more secure without doing anything to actually improve their security." That's the situation we still face today when it comes to defending against cyber security risks. Broaching a concern such as security theater with security professionals can result in defensiveness or ire from disturbing a well-established process, or worse, practitioners assuming there is some implied level of foolishness or ineptitude.