nGuard

Call us p. 704.583.4088
Client PortalSpeak to An Expert

encryption

TWiC | Hackers Keep up the Pressure Over the Holidays

Over the past few weeks, we have seen some interesting stories develop in the world of cyber security. It seems that attackers are not slowing down for the holiday season, with LastPass revealing yet another security breach, Killnet boasting of a DDoS attack targeting Musk’s Starlink services and the U.S. banning Chinese telecom companies. nGuard examines these new developments in this week’s security advisory.

Killnet Gloats About DDoS Attacks Downing Starlink, White House
Starlink services were disrupted last week, and it may have been caused by a hacking organization called Killnet. The group is notorious for making all of its communications public on Telegram. After digging into the reports of a massive DDoS attack, Trustwave discovered that many Starlink customers complained about service disruptions on Reddit. Other groups like Anonymous and Halva have also claimed responsibility for participating in the DDoS attack, although Killnet appears to be the main culprit here.

LastPass Reveals Another Security Breach
According to the CEO of LastPass, the popular password manager has been breached again. This company investigated unusual activity involving a third-party cloud storage service that it uses with its parent company, GoTo. A hacker was able to access some of the password managers’ source code using information obtained from a previous security breach. It is highly likely that the attacker was limited to the development environment but they had access to “certain elements” of customer information. The company maintains that no password information was divulged because it remains encrypted.

U.S. Banned Chinese Telecom & Surveillance Cameras That Pose National Security Threat
The U.S. has placed multiple Chinese-based firms on a ban list after they were identified as national security threats. The U.S. has decided to ban the import and sale of equipment from Huawei, ZTE, Hytera Communications, Hikvision, Dahua, Pacific Network Corp, along with its subsidiary ComNet (USA) LLC, and China Unicom (Americas) Operations Limited. FCC Chairwoman Jessica Rosenworcel said, “The FCC is committed to protecting our national security by ensuring that untrustworthy communications equipment is not authorized for use within our borders, and we are continuing that work here.”

In order to access sensitive data and disrupt important services, attackers constantly work behind the scenes to discover and exploit flaws in software. A high priority should be given to protecting your organization from malicious actors at all times. Continual penetration testing and vulnerability management can help you close security holes in your environment. Your employees can stay on top of their game by receiving security awareness training and participating in social engineering simulations. With nGuard, you can enhance your organization’s security posture and prevent data breaches.

OpenSSL Downgrades Panic Bug After Days of Anxiety

Initial Report
On October 27th it was reported by Dark Reading that organizations have five days to get ready for what the OpenSSL Project defined as a “serious” vulnerability impacting versions 3.0 and up of the widely used cryptographic library for encrypting digital communications. They caution that enterprises would rush to remedy the problem as soon as possible if this vulnerability turns out to be another Heartbleed flaw, which was the most recent serious vulnerability to affect OpenSSL.

Favorable News
We now have some good news after five days since the initial revelations of an internet-reshaping major flaw in OpenSSL. Instead of the critical rating that initially alarmed the online community, CVE-2022-37786 and CVE-2022-3602 have been published as high-rated vulnerabilities. According to OpenSSL:

“A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution.”

As a result, the vulnerability is considerably harder to exploit than what was initially suggested.

Remediation
The two CVE reports published on November 1st indicate this issue as being present in OpenSSL versions 3.0.0 to 3.0.6. Despite the fact that these flaws are not as severe as anticipated, it is still advised that all businesses identify their OpenSSL implementations and update to version 3.0.7 right away. At this point, according to OpenSSL, there is no evidence that this vulnerability has been exploited in the wild and no operational exploit that could result in code execution. A list of notable operating systems and application runtimes which are packaged with a vulnerable version of OpenSSL has been established by the Computer Emergency Response Team (CERT) for the Netherlands.

What Now?
nGuard is ready to assist clients in detecting and mitigating OpenSSL vulnerabilities. nGuard can identify whether or not a vulnerable version of OpenSSL is present in your environment by performing vulnerability scans and penetration testing against both external and internal facing services. Organizations may feel at ease knowing that OpenSSL versions that are insecure are being fixed in their environments by carrying out these scans on a frequent basis.