Week in review: MongoDB attacks, hackers hitting F5 BIG-IP, Citrix devices, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles and reviews:

Attackers are probing Citrix controllers and gateways through recently patched flaws
SANS ISC’s Dr. Johannes Ullrich spotted attackers attempting to exploit two of the Citrix vulnerabilities on his F5 BigIP honeypot (set up to flag CVE-2020-5902 exploitation attempts).

Attackers are bypassing F5 BIG-IP RCE mitigation – you might want to patch after all
Attackers are bypassing a mitigation for the BIG-IP TMUI RCE vulnerability (CVE-2020-5902) originally provided by F5 Networks.

July 2020 Patch Tuesday forecast: Will the CVE trend continue?
Microsoft has averaged roughly 90 common vulnerabilities and exposures (CVE) fixes per month over the past five months. With everyone working from home and apparently focused on bug fixes, I expect this large CVE fixing trend to continue. Despite these record CVE numbers, the actual number of updates have been down; we haven’t seen Exchange or SQL Server updates in a while.

How do I select an application security testing solution for my business?
To select the perfect application security testing solution for your business, you need to think about an array of details. We’ve talked to several industry professionals to get insight to help you get started.

Researchers discover how to pinpoint the location of a malicious drone operator
Researchers at Ben-Gurion University of the Negev (BGU) have determined how to pinpoint the location of a drone operator who may be operating maliciously or harmfully near airports or protected airspace by analyzing the flight path of the drone.

Exposing the privacy risks of home security cameras
An international study has used data from a major provider of home IP security cameras to evaluate potential privacy risks for users.

Zoom zero-day flaw allows code execution on victim’s Windows machine
A zero-day vulnerability in Zoom for Windows may be exploited by an attacker to execute arbitrary code on a victim’s computer. The attack doesn’t trigger a security warning and can be pulled off by getting the victim to perform a typical action such as opening a received document file.

MongoDB is subject to continual attacks when exposed to the internet
On average, an exposed Mongo database is breached within 13 hours of being connected to the internet.

Cybersecurity software sales and training in a no-touch world
The pandemic has led to an outbreak of cybercriminal activity focused on remote workers and enterprises that needed to quickly migrate to the cloud to maintain business continuity. More than 3,100 phishing and counterfeit websites were created each day in January. By March, that figure exceeded 8,300. Communication and collaboration phishing sites also grew by 50% from January to March.

Tech businesses must rethink their IT infrastructure
Working life has changed drastically in recent months. Speedy digital transformation has been critical for business continuity and has been driving growth even during these challenging times.

Review: Cybersecurity Threats, Malware Trends, and Strategies
If you’re looking for a book that’s easy to read but has a lot of useful information and may give you some new perspectives on cybersecurity, this is the right one for you.

Better cybersecurity hinges on understanding actual risks and addressing the right problems
SANS Technology Institute’s Internet Storm Center (ISC) has been a valuable warning service and source of critical cyber threat information to internet users, organizations and security practitioners for nearly two decades. Dr. Johannes Ullrich, the man whose site (DShield.org) became the basis of a SANS project (Incident.org) that later became the Internet Storm Center, has been leading the effort from the start.

Data exfiltration: The art of distancing
Since late 2019, an evolving tactic to publicly demonstrate that not only were criminals inside a company’s network, but their unfettered access allowed them the opportunity to leave with data (which is regulated) began to emerge: the threat to leak sensitive content if ransom wasn’t paid. Indeed, such was the ferocity of the claims by victims, that the tactic was perceived as a way to extort more money.

Magecart Group 8 skimmed card info from 570+ online shops
Your payment card information got stolen but you don’t know how, when and where? Maybe you shopped on one of the 570 webshops compromised by the Keeper Magecart group (aka Magecart Group 8) since April 1, 2017.

Three major gaps in the Cyberspace Solarium Commission’s report that need to be addressed
Released in March 2020, the Cyberspace Solarium Commission’s report urges for the U.S. government and private sector to adopt a “new, strategic approach to cybersecurity,” namely layered cyber deterrence.

Business efficiency metrics are more important than detection metrics
With cyberattacks on the rise, today’s security professionals are relying primarily on detection metrics – both key performance indicators (KPIs) and key risk indicators (KRIs) – as the primary means to measure the success of their security programs. However, focusing on detection metrics alone is not enough to fully optimize organizational productivity and security over time.

USB storage devices: Convenient security nightmares
There’s no denying the convenience of USB media. From hard drives and flash drives to a wide range of other devices, they offer a fast, simple way to transport, share and store data. However, from a business security perspective, their highly accessible and portable nature makes them a complete nightmare, with data leakage, theft, and loss all common occurrences.

Elasticsearch security: Understand your options and apply best practices
The ever-escalating popularity of Elasticsearch – the distributed open source search and log analytics engine that has become a staple in enterprise application developers’ tool belts – is well-warranted. Elasticsearch security lapses, however, have been a headline-grabbing thorn in the side of the technology.

An effective cloud security posture begins with these three steps
Public cloud adoption continues to surge, with roughly 83% of all enterprise workloads expected to be in the cloud by the end of the year. The added flexibility and lower costs of cloud computing make it a no-brainer for most organizations.

More about

Don't miss