InfoSec Island

Cisco Patches Critical Flaw in Vision Dynamic Signage Director

InfoSec Island - Sat, 07/20/2019 - 3:45pm

Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system. 

Tracked as CVE-2019-1917, the vulnerability was found in the REST API interface of Vision Dynamic Signage Director and could be exploited by an unauthenticated, remote attacker to bypass authentication on an affected system.

“The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system,” Cisco explains.

An attacker able to exploit the vulnerability would execute arbitrary actions through the REST API with administrative privileges. 

Enabled by default, the REST API cannot be disabled. According to Cisco, there is no workaround for this issue, but a software update has been released to address the bug. 

This week, Cisco also addressed High severity vulnerabilities FindIT Network Management Software, and IOS Access Points Software 802.11r. Tracked as CVE-2019-1919 and CVE-2019-1920, these bugs could be exploited to log in with root-level privileges or cause a denial of service (DoS), respectively.

Cisco also releasedfixes for several Medium severity vulnerabilities in Industrial Network Director (IND), Small Business SPA500 Series IP Phones, Small Business 200, 300, and 500 Series Switches, and Identity Services Engine (ISE).

These vulnerabilities include information disclosure, local command execution, open redirect, Cross-Site Scripting, and blind SQL injection flaws. 

Additionally, Cisco updated the advisories published for several older vulnerabilities, including a High severity flaw in its Secure Boot implementation, which could allow an attacker to modify a device’s firmware, and which impacts a large number of Cisco products. 

The advisories for three command injection vulnerabilities in NX-OS software, namely CVE-2019-1776, CVE-2019-1783, and CVE-2019-1784, were updated as well, along with those for a Cross-Site Request Forgery bug in OS XE software Web UI and a Denial of Service in IOS software.

RelatedCertificates Issued to Huawei Subsidiary Found in Cisco Switches

RelatedCritical Flaws Found in Cisco Data Center Network Manager

Copyright 2010 Respective Author at Infosec Island
Categories: InfoSec Island

Cybersecurity: Drones Will Soon Become Both Predator and Prey

InfoSec Island - Fri, 07/19/2019 - 9:47am

In the coming years, commercial drones will become a predator controlled by attackers to conduct targeted assaults on business. Drones will become smaller, more autonomous with increased range and equipped with cameras for prolonged surveillance missions. Flying in close proximity to operating environments, they will also be used to conduct advanced man-in-the-middle attacks, degrade mobile networks or spoof and jam other signals.

Conversely, drones will become prey as they are targeted by attackers in order to disrupt dependent businesses. Drones will be knocked out of the sky and hijacked. Information collected by drones will be stolen or manipulated in real time. Industries that leverage drones to become more efficient, such as construction, agriculture and border control, will see their drones targeted as attackers’ spoof and disrupt transmissions.

Technological breakthroughs in drone technologies, combined with developments in 5G, big data, the Internet of Things (IoT), and the relaxation of aviation regulations, will mean that drones will become increasingly important to operating models. Organizations will rely upon them for delivery, monitoring, imagery and law enforcement, whilst attackers will embrace drones as their new weapon of choice. The threat landscape will take to the skies.

Justification for This Threat: Predator

Drones used in the military for reconnaissance, targeted missile attacks and battlefield intelligence have been commonplace for years now. However, the line between military and civilian usage has somewhat blurred over the last few years as smaller, unmanned aerial vehicles or quadcopters have become more popular and commercialized. Close calls have been reported more frequently in the media with cases of assassination attempts, near fatal crashes, injuries and spying all being recorded. Moreover, two high-profile incidents of drones grounding flights at London’s Gatwick and Heathrow airports took place in late December 2018 and early 2019, illustrating significant business disruption from drone activity.

Quadcopter-style drones, supposedly capable of carrying out electronic warfare and cyber-attacks, are currently being developed. For example, American-Italian contractor, Selex Galileo, recently built a small drone that can interfere with communication systems such as Bluetooth or Wi-Fi and can self-destruct if captured. Septier Communications is developing a drone that can eavesdrop on mobile phone calls, intercept other mobile data or force devices on a high-security 4G network to downgrade to an older, lower quality and less secure network. If terrorist groups, hacking groups or hacktivists managed to get their hands on this technology then their armory would be significantly enhanced.

Justification for This Threat: Prey

Drone-based delivery is expected to start in European countries in 2019 following the relaxation of air traffic regulations, allowing drones to fly out of sight and above 400 feet. This will revolutionize the supply chain, opening up a range of new attack vectors that hackers will undoubtedly target. According to Goldman Sachs, the forecasted market opportunity for drones will grow to $100 billion by 2020, helped by growing demand from commercial and government sectors. There are over one million active drone devices currently operating in test environments in the US alone, with over 100,000 pilots registered with the FAA.

Drone usage will be particularly prominent across the agricultural, construction and oil and gas industries as business models are adapted to take advantage of drone technology. Activities such as monitoring of crop yields, airborne inspection of oil pipelines and safeguarding of construction sites will be entrusted to drones as businesses look to further automate key processes. Fire and police services will use drones to greatly enhance their capability to locate people, whether that be survivors of an incident or persons of interest. All industries that leverage this relatively immature technology will find themselves targeted as attackers aim to take advantage of drones.

Like other IoT devices, drones currently have very poor security controls, making them vulnerable to hijacking. Commercial drones will become a fresh privacy concern as they begin to store sensitive information on board. The majority will be fitted with cameras or a range of sensors, collecting information such as GPS location, credit card numbers, email addresses or physical addresses. This type of information will be a prime target for attackers over the coming years.

How Should Your Organization Prepare?

If an organization is reliant upon drones for critical operations then diligent risk assessments need to be conducted, and controls must be implemented or upgraded to mitigate risk to the business. As drones take to the skies, organizations must become more vigilant and wary.

In the short term, organizations should determine how drones are likely to be used across the business and incorporate business continuity arrangements should these drones be disrupted and regularly update or patch drones.  Additionally, organizations should apply specialized technical controls such as signal jamming, geofencing and hardening Wi-Fi and protect locations from drone spying by installing blinds and curtains, mirrored windows or white noise generators.

In the long term, lobby drone manufacturers or providers to ensure that drones have security features incorporated and keep up to date with future legal and regulatory requirements, considering that they may differ or conflict across jurisdictional boundaries.

About the author: Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include strategy, information technology, cyber security and the emerging security threat landscape across both the corporate and personal environments.

Copyright 2010 Respective Author at Infosec Island
Categories: InfoSec Island

The Automotive Industry: Stepping up on Defense

InfoSec Island - Fri, 07/19/2019 - 9:41am

We are midway through 2019, and automotive hacks continue to rise. The global market for connected cars is expected to grow by 270% by 2022, with more than 125 million passenger cars with embedded connectivity forecast to ship worldwide by 2022.

The amount and quality of data is only destined to grow as manufacturers add more technology into the driver and the passenger experience, especially as we approach a time when cars will be capable of autonomously taking passengers from point A to point B.

Cyberattacks on automotive players were not very common until recently, likely due to the fact that not too long ago, there was simply nothing to hack in an automobile. In recent years our dashboards have grown from basic entertainment systems to computers. As the incentive for hackers is growing we should assume as are the efforts to breach the data in automobiles. There has been astounding progress with car technology in recent years, particularly in the connectivity channels, WiFi, GPS systems, Bluetooth and now cellular SIM cards embedded in the vehicle. The significant increase in mobility endpoints and the sheer amount of code that runs the modern car means that there is a great opportunity for hackers.

A Great Infotainment System means Great Vulnerability

Car dashboards today are a full computers, with a multitude of different functions, such as in-vehicle entertainment, mobile phone integration, navigation systems, and soon, payment systems. While advancements in technology have improved the user experience, there is also increased  vulnerability.

In addition, infotainment and telematics systems have become a gateway to the car’s advanced driver assistance systems, by linking to data that can affect a car’s safety features, such as sensors, anti-lock brakes, lane departure warnings, adaptive cruise control, and automatic stopping the car.

Black Hat Attacks

Recently a black hat attack was carried out that was far from simplistic. A hacker named L&M has gained access into two prominent applications companies [mention their names] use to monitor and manage fleets through GPS tracking devices. This hacker boldly called the companies requesting money for the information he or she stole from over 27,000 accounts. This was not a white hat attack nor was it a bug bounty – this was ransom.

What is unique about this situation is the hacker was also able to kill the engine of the vehicle of the account holder. L&M could have caused much more destruction and harm with this hack.

These situations should act as a light bulb for automakers to understand the vulnerabilities their vehicles face. Securing a modern car against a cybersecurity attack is about preventing them from the earliest stages of development. Original Equipment Manufacturers (OEMs) should consider incorporating defensive measures during the development phase.

As the in-vehicle technology continues to innovate, hackers are continuing to learn and find vulnerabilities to exploit the physical car as well as the personal, financial and driver data. Through a vehicle’s infotainment and telematics system, we see these vulnerabilities more clearly and can understand just how white hat hackers are gaining access. Through these discoveries, security companies are helping car manufacturers outfit their vehicles with embedded cybersecurity software that protects vehicles from all endpoints as to not allow access to the vehicle’s data or alter the settings from factory settings. As we approach the second half of 2019, we anticipate automotive and other connected device manufacturers to recognize their vulnerabilities and step up their defensive strategy. 

About the author: David Barzilai is co-founder and chairman at Karamba Security.

Copyright 2010 Respective Author at Infosec Island
Categories: InfoSec Island

Beyond the Endpoint: Fighting Advanced Threats with Network Traffic Analytics

InfoSec Island - Fri, 07/19/2019 - 9:36am

Safeguarding enterprise assets is no longer just about protecting endpoints from malware, spam and phishing. Enterprise infrastructures are much more complex today than even a few years ago. In a bid to optimize processes and maximize profits, businesses are deploying cloud services, IoT and mobile solutions at an unprecedented rate. Keeping pace with digital demands can result in an expanded attack surface. This means cybersecurity chiefs need an approach that ensures enterprises are protected from both external and internal threats.

The effectiveness of an organization’s incident response capabilities poses a major challenge in the face of a constantly expanding threat landscape riddled with sophisticated attackers. Business leaders are aware of the risks associated with an attack on their IT infrastructure, and they know a breach is imminent if their security posture is weak.Additionally, the rising costs of downtime, incident response and recovery have revealed a worrying fact: security operations centers (SOCs) can no longer rely only on traditional security tools and processes to protect their organizations’ data. Late warning signs, limited support for incident response, unpatched endpoints, spotty detection of insider threats, and a long stream of false positives give attackers the advantage.

If these concerns were not enough, studies also show that SOC teams are feeling overburdened, and CISOs are no longer coping with the responsibilities of their job. Information security chiefs today are looking for ways to modernize their security architecture, to improve their ability to quickly detect and effectively respond to advanced attacks, and to stop losing sleep over the fear of single-handedly sinking their business.

The race for superior threat detection

Traditional solutions are no longer useful in the face of advanced threats, and new approach is needed--one designed to catch malicious activity in transit, before it can reach any endpoint on a targeted infrastructure. Thus, Network Traffic Analytics (NTA) was born.

Endpoint protection solutions are great at preventing the execution of threats at the endpoint level. They can even detect advanced attacks that pass through some of the prevention layers. NTA augments EPP by adding specialized detection for the most advanced threats, at the network level. This means SOCs get a bird’s eye view of all network activity to detect breaches and malicious or irresponsible user behavior, and also have access to additional historic information for regulatory compliance (PCI, GLBA, NIST and GDPR) and other retroactive investigations.

Industry watchers agree. According to Eric Ogren, an analyst with 451 Research, “What network traffic analytics sees is what is actually happening in the business in real time, with the possibility to thwart attacks before catastrophic damage occurs.”

“Network traffic analytics (NTA) is fast becoming the easiest-to manage choice to detect infected devices, track account activity and catch data being staged for later exfiltration. NTA goes beyond catching unauthorized east-to-west traffic and improper use of protocols, to include alerts when clients start acting as servers, signs of ransomware via suspicious file share activity, connections to external domains within a few milliseconds of opening an email attachment, and more.” Ogren said.

High fidelity threat reports – the key to a SOC team’s success

Probably the biggest benefit of NTA technology is that SOC teams get intelligent, automated alert triage.Automated triage significantly improves incident response. It makes incident security investigation approachable and affordable for organizations stretched between limited resources and significant cyber risks. Additionally, it provides “security visibility” into network traffic using reasoning (AI/machine learning and behavior analysis) with insights from cloud threat intelligence. An efficient NTA implementation automatically detects threats for all entities, managed or unmanaged, for encrypted or un-encrypted network traffic.

The ideal NTA deployment must be capable of automating security incident alert processing and provide context, enabling security operations to stay focused on incidents that really matter, reducing the risk of overlooking important security incident alerts.

With cyber incidents continually on the rise, high fidelity threat reports are key to empowering SOC teams to detect attacker tactics and techniques, to sniff out risky user activity, to improve analysts’ threat-hunting efficiency, as well as to achieve regulatory compliance.

About the author: Filip Truta is an information security analyst with more than twelve years of experience in the technology industry.

Copyright 2010 Respective Author at Infosec Island
Categories: InfoSec Island