Week in review: SWAPGS attack, DNS security, vulnerable Siemens PLCs, Black Hat USA 2019

Here’s an overview of some of last week’s most interesting news, interviews and articles:

Embracing the cloud and meeting its security demands
You might expect that the largest companies are the most organized and mature when it comes to security but, he says, that’s not always the case – there is a wide range of security approaches and differences arise due to variations in internal organization, to mergers and acquisitions creating islands of technology, and to a lack of internal champions for security budgeting and planning.

Researchers uncover over 35 vulnerabilities in six leading enterprise printers
NCC Group researchers have uncovered significant vulnerabilities in six commonly used enterprise printers, highlighting the vast attack surface that can be presented by internet-connected printers.

DNS security is no longer optional
Several high-profile DNS security incidents have made headlines recently, a reminder that this integral part of the internet must not be taken for granted. Unlike enterprise assets – endpoints, networks, data centers – DNS is public infrastructure, so many businesses rely on registrars and ISPs to protect it. In light of recent events, it’s a good time to rethink your strategy for DNS security.

Vulnerabilities in Siemens’ most secure industrial PLCs can lead to industrial havoc
Critical vulnerabilities in the Siemens S7 Simatic programmable logic controller (PLC) have been discovered by cybersecurity researchers at Tel Aviv University and the Technion Institute of Technology.

August 2019 Patch Tuesday forecast: Expect updates from Adobe, stay current on other updates
Since July’s Patch Tuesday, a number of security updates have been released by a variety of vendors. Depending on what updates you may have already addressed, you may have paid down some of this accumulation. However, there has been a steady stream so it is likely there are some non-Microsoft updates that you will need to address in your next maintenance window.

As attackers get more creative, mobile threats and attacks increase in both quantity and impact
It is no longer a matter of if or when an enterprise’s mobile endpoints will be compromised. They already are and most organizations have little to no knowledge or visibility of the compromise, according to a new Zimperium report.

SWAPGS Attack: A new Spectre haunts machines with Intel CPUs
The SWAPGS Attack, as they call it, circumvents the protective measures that have been put in-place in response to earlier attacks such as Spectre and Meltdown. Still, there is plenty of good news: Microsoft has already released Windows patches for the flaw that makes the attack possible and, even though feasible, the researchers don’t expect the attack to be exploited for widespread, non-targeted attacks.

Apple expands bug bounty program, opens it to all researchers, raises rewards
The bug bounty program has been widened to include the following “targets”: macOS, iCloud, tvOS, watchOS and iPadOS (an upcoming mobile OS for iPads).

The persistent struggle to improve SOC productivity reveals the need for newer SIEM technologies
On average, security personnel in U.S. enterprises waste approximately 25 percent of their time chasing false positives because security alerts or indicators of compromise (IOCs) are erroneous, a Ponemon Institute and Exabeam joint research reveals.

Security orchestration and automation checklist: How to choose the right vendor
Faced up against the well-chronicled global skills shortage, the ceaseless bombardment of security alerts and the hodgepodge of security tools unable to communicate with each other, security operations professionals likely feel as if the deck is stacked against them.

Prevent lateral attacks inside the data center with a defense-in-depth hardware layer
IT departments tend to be concerned primarily with cybersecurity attacks that originate from outside the enterprise, known as a “north-south” attacks. This often leaves them more vulnerable to even more dangerous attackers who use phishing, malware or click-bait to access desktops, laptops and other endpoints.

Symantec sells its name and enterprise security business to Broadcom
Symantec announced it has entered into a definitive agreement to sell its Enterprise Security assets, which include the Symantec name, to semiconductor giant Broadcom, for $10.7 billion in cash.

There is widespread business confusion and ignorance about the upcoming CCPA regulation
ESET polled 625 business owners and company executives to gauge business readiness for the upcoming California Consumer Privacy Act (CCPA), which goes into effect on January 1, 2020. The survey results underscore how unprepared businesses are for the upcoming regulation.

Critical holes plugged in Cisco 220 Series smart switches
Cisco has fixed three vulnerabilities in its Cisco 220 Series smart switches and is urging owners to upgrade their firmware as soon as possible. Among these are two critical flaws that could allow unauthenticated, remote attackers to compromise vulnerable devices.

Security flaw could turn load balancers into beachheads for cyber attacks
Cyber security provider F-Secure is advising organizations using F5 Networks’ BIG-IP load balancer, which is popular amongst governments, banks, and other large corporations, to address security issues in some common configurations of the product.

Online skimming: An emerging threat that requires urgent awareness and attention
A growing threat that all merchants and service providers should be aware of is web-based or online skimming. These attacks infect e-commerce websites with malicious code, known as sniffers or JavaScript (JS) sniffers and are very difficult to detect, according to PCI Security Standards Council and the Retail & Hospitality ISAC.

AttackSurfaceMapper automates the reconnaissance process
AttackSurfaceMapper, a new open source OSINT tool created by Andreas Georgiou and Jacob Wilkin, security consultants at Trustwave SpiderLabs, automates the process of collecting data that can help pentesters find a way into targets’ systems and networks.

Six critical areas to focus on when integrating DevSecOps into an organization
The omnipresence of consumer electronics and computer power, alongside modern trends (i.e., DevOps, microservices, and open source) that accelerate deployment cycles continue to strain enterprises’ ability to detect and identify exploitable flaws in a timely manner.

Microsoft sets up isolated environment for bug hunters to test attacks against Azure
Microsoft has some very good news for bug hunters: not only has the company doubled the top bounty reward for vulnerabilities discovered in its Azure cloud computing service, but has also created an isolated testing environment that will allow researchers to try to exploit them.

Whitepaper – Threat Intelligence Platforms: Open Source vs. Commercial
In this whitepaper, ThreatConnect discuss the key technical and economic considerations every security team needs to make when evaluating threat intelligence platform solutions, including service level agreements and integration with existing arrangements and legacy systems. And, importantly, which solution is right for your team.

Warshipping: Attackers can access corporate networks through the mailroom
Most infosecurity professionals have heard of wardialing and wardriving, but what about warshipping? The expression has been coined by IBM X-Force Red researchers to describe a new attack vector, which consists of covertly delivering to the target’s premises small devices that can be used to gain access to the home or office wireless network and assets connected to it.

What’s cybercriminals’ most effective weapon in a ransomware attack?
Cybercriminals’ most effective weapon in a ransomware attack is the network itself, which enables the malicious encryption of shared files on network servers, especially files stored in infrastructure-as-a-service (IaaS) cloud providers, says Vectra.

Automation, visibility remain biggest issues for cybersecurity teams
Organizations still do not have necessary levels of automation or visibility within their cyber terrain, especially as security stacks grow and are underutilized, Fidelis Cybersecurity’s annual State of Threat Detection Report has shown.

Which are the most capable breach prevention systems?
NSS Labs released its Analysis of Breach Prevention Systems (BPS) – solution suites, involving endpoint, network, sandbox, cloud, and other integrated protections.

Attackers’ growing use of anti-analysis, evasion tactics pose a challenge to enterprises
Cybercriminals continue to look for new attack opportunities throughout the digital attack surface and are leveraging evasion as well as anti-analysis techniques as they become more sophisticated in their attempts, according to Fortinet.

Black Hat USA 2019
Want to review the news from Black Hat USA 2019? Get is all from our dedicated coverage page.

More about

Don't miss