Tenable advises organsations to patch Windows OS to protect from “zero-day” expolit

August 12, 2020

Microsoft, for the sixth month in a row, patched over 100 CVEs in the August 2020 Patch Tuesday release, including 17 CVEs rated critical. For the first time in three months, this update includes patches for two vulnerabilities that were observed being actively exploited in the wild. Please find below a comment from Satnam Narang, Staff Research Engineer at Tenable about this month’s patch update.

Microsoft has patched over 100 CVEs again, addressing 120 CVEs, including 17 critical vulnerabilities. For the first time in three months, a pair of vulnerabilities have been reported as being exploited in the wild. CVE-2020-1380 is a remote code execution vulnerability in Microsoft’s Scripting Engine due to how objects in memory are handled by Internet Explorer. In order to exploit this vulnerability, an attacker would need to convince their victim to either visit a website containing exploit code or open a malicious document that contains an embedded ActiveX control. Successful exploitation would grant the attacker the ability to execute arbitrary code as the current user.

If said user happens to have administrative privileges, the attacker would be able to perform a variety of actions including creating accounts with full privileges, accessing and deleting data and installing programs. This vulnerability has reportedly been exploited in the wild as a zero-day, likely as part of a targeted attack.CVE-2020-1464 is a spoofing vulnerability in Windows due to an issue with validating file signatures. Successful exploitation of this flaw would allow an attacker to bypass file signature verification to load improperly signed files.

Microsoft says this vulnerability has been exploited in the wild and is publicly known, though they do not provide any further details. Because it affects all currently supported versions of Windows, organizations should apply these patches as soon as possible. This month’s release also contains a fix for CVE-2020-1337, an elevation of privilege vulnerability in the Windows Print Spooler service. Exploitation of this vulnerability would give the attacker elevated privileges on the vulnerable system. This would allow an attacker to execute arbitrary code, create new accounts with full privileges, access and/or delete data and install programs.

The Windows Print Spooler service may sound familiar as it was weaponized by a separate vulnerability in the infamous Stuxnet worm a decade ago. CVE-2020-1337 is a patch bypass for CVE-2020-1048, another Windows Print Spooler vulnerability that was patched in May 2020. Researchers found that the patch for CVE-2020-1048 was incomplete and presented their findings for CVE-2020-1337 at the Black Hat conference earlier this month.” – Satnam Narang, Staff Research Engineer at Tenable.

Ninety-Seven Percent of Indian Organizations Have Experienced At Least One Business-Impacting Cyberattack in the Past 12 Months, According to New Industry Study

August 6, 2020

Yet only four out of 10 local security leaders can answer the question, “How secure, or at risk, are we?”
NEW DELHI, India – August 6, 2020 – Tenable®, Inc., the Cyber Exposure company, published a global industry study that revealed the vast majority of Indian organizations (97%) have experienced a business-impacting cyberattack in the past 12 months, according to both business and security executives. The data is drawn from ‘The Rise of the Business-Aligned Security Executive,’ a commissioned study of more than 800 global business and cybersecurity leaders, including 54 local respondents, conducted by Forrester Consulting on behalf of Tenable.
As cybercriminals continue their relentless attacks, 76% of respondents in India have witnessed a dramatic increase in the number of business-impacting cyberattacks over the past two years. Unfortunately, these attacks had damaging effects, with organizations reporting identity theft (44%), financial loss or theft (38%), and ransomware payout (33%). Seventy-seven percent of security leaders in Australia say these attacks also involved operational technology (OT).
Business leaders want a clear picture of how at risk they are and how that risk is changing as they plan and execute business strategies. But only four out of 10 of local security leaders say they can answer the fundamental question, “How secure, or at risk, are we?” with a high level of confidence, despite the prevalence of business-impacting cyberattacks.
Looking at global respondents, fewer than 50% of security leaders said they are framing cybersecurity threats within the context of a specific business risk. For example, though 96% of respondents had developed response strategies to the COVID-19 pandemic, 75% of business and security leaders admitted their response strategies were only “somewhat” aligned.
Organizations with security and business leaders who are aligned in measuring and managing cybersecurity as a strategic business risk deliver demonstrable results. Compared to their siloed peers, business-aligned security leaders are:
  • Eight times more likely to be highly confident in their ability to report on their organizations’ level of security or risk.
    • 90% are very or completely confident in their ability to demonstrate that cybersecurity investments are positively impacting business performance compared with 55% of their siloed counterparts.
    • 85% have metrics to track cybersecurity ROI and impact on business performance versus just 25% of their siloed peers.
  • Organizations with business-aligned cybersecurity leaders are also:
    • Three times more likely to ensure cybersecurity objectives are in lock step with business priorities.
    • Three times more likely to have a holistic understanding of their organization’s entire attack surface.
    • Three times more likely to use a combination of asset criticality and vulnerability data when prioritizing remediation efforts.
In the future, there will be two kinds of CISO — those who align themselves directly with the business and everyone else. The only way to thrive in this era of digital acceleration is to bring cyber into every business question, decision and investment,” said Renaud DeraisonChief Technology Officer and Co-Founder at Tenable. “We believe this study shows that forward-leaning organizations view cybersecurity strategy as essential to innovation and that when security and the business work hand-in-glove, the results can be transformational.”
Note to Editors:
  • Forrester Consulting conducted an online survey of 416 security and 425 business executives, as well as telephonic interviews with five business and security executives, to examine cybersecurity strategies and practices at midsize to large enterprises in Australia, Brazil, France, Germany, India, Japan, Mexico, Saudi Arabia, the UK and the US. The study was fielded in April 2020.
  • “Business-impacting” relates to a cyberattack or compromise that results in a loss of customer, employee, or other confidential data; interruption of day-to-day operations; ransomware payout; financial loss or theft; and/or theft of intellectual property.
To read the full study, visit https://www.tenable.com/analyst-research/forrester-cyber-risk-report-2020
# # #
About Tenable
Tenable®, Inc. is the Cyber Exposure company. Over 30,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 30 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.

Tenable Says Good Cyber Hygiene Practice Must To Prevent Clop-Type Ransamware Attacks

July 29, 2020

The Indian Computer Emergency Response Team (CERT-In) recently notified Windows users about CLOP, a new ransomware that can be distributed through fake software updates, trojans, spam emails, cracks and unofficial software downloads. Once a user’s systems is compromised, information is leaked if the ransomware negotiations fall through.

Comment from – Adam Palmer, Chief Cybersecurity Strategist at Tenable

CLOP appears to have been recognised by security researchers since 2019 as a variant of other common malware attacks. The reality is monetisation of ransomware is the result of poor cyber hygiene practices such as failing to patch exploitable vulnerabilities and avoiding the common methods by which this malware is distributed – phishing emails, preventing unofficial software updates or downloads, and so on. Security experts suspect that the bug (CVE-2019-19781) in the Citrix Netscaler ADC VPN gateway was used to carry out the attack so it’s important users patch this vulnerability immediately. 

Victims should avoid bending over backwards to meet ransomware demands and only make payment as a last resort. Remember, that you’re dealing with untrustworthy criminals and that means payment does not always guarantee access to data or that these criminals won’t try to pull the same trick again. Payment also perpetuates the crime as it continues to be a revenue stream for the attackers.” – Adam Palmer, Chief Cybersecurity Strategist at Tenable.

Tenable cautions against imminent cyber threats to legacy OT assets

July 24, 2020

USA’s National Security Agency (NSA) along with the Cybersecurity and Infrastructure Security Agency (CISA) put forward a joint advisory recommending that all US critical infrastructure facilities take immediate actions to secure their OT assets. While this is in relation to the US, it is a reminder that civilian infrastructure makes attractive targets for foreign powers attempting to do harm to any country.

Here’s a response from Marty Edwards, former Director of ICS-CERT and VP of OT Security at Tenable to this joint advisory from CISA and the NSA about OT attacks:

Today’s joint alert from the NSA and CISA about malicious activity targeting operational technology (OT) and critical infrastructure should be taken very seriously. Don’t be fooled – this isn’t a warning about the possibility of attacks. This is a warning that attacks have occurred and are ongoing as we speak.

OT is foundational to absolutely everything we do – from the energy we rely on, to the factories manufacturing medical devices, to the water we drink. The country runs on OT. And while our reliance on OT has only increased, so too has the convergence of IT and OT. Internet-accessible OT devices are significantly more exposed to outside threats than the near-extinct air-gapped systems of old.

Organisations that utilize OT must remain vigilant and ensure they have complete, real-time visibility across their environments, including IT and OT assets and their associated vulnerabilities. From there, security teams need to prioritize risk-based mitigations such as vulnerability severity, exploitability and asset criticality.” — Marty Edwards, Former Director of ICS-CERT and VP of OT Security at Tenable.

Arcserve Appoints Ivan Pittaluga as Chief Technology Officer

July 16, 2020

  • Award-winning technology expert brings more than 20 years of experience in software engineering and delivering products that transform the customer experience
  • Pittaluga will oversee the acceleration of Arcserve’s acclaimed data and ransomware protection solution portfolio

MINNEAPOLIS, MN/NEW DELHI, India – July 16, 2020

Arcserve, LLC, the world’s most experienced data and ransomware protection provider, today announced the appointment of Ivan Pittaluga as its new Chief Technology Officer (CTO). Pittaluga, an industry veteran, comes with a proven track record of leading advances in service delivery and transformational technology in the high-tech space. As CTO, he will oversee the strategy and development of Arcserve’s globally recognized portfolio of backup, disaster recovery, continuous availability, migration, and archiving solutions.

The world of data protection is rapidly evolving, fueled by unprecedented challenges from a larger data attack surface and increasingly prevalent cyber threats,” said Tom Signorello, CEO at Arcserve. “The addition of Ivan will accelerate our market-first solutions to these, and other business continuity challenges, with his recognized history of driving organizational change and delivering technology that changes the way companies do business.

Prior to joining Arcserve, Pittaluga served as vice president of data protection and governance for Veritas Technologies, where he guided the company’s multinational software engineering and product development efforts for its NetBackup product. Pittaluga also previously held senior engineering positions at Symantec, Commvault, Legato Systems (Dell EMC), and Mastercard.

We’re living in a digitized economy, and enterprises today can no longer risk exposing their data to cyber threats or loss,” said Pittaluga. “Equally important are the new forms of data and environments that will emerge from rapid innovation in the cloud – all of which will need comprehensive protection. Arcserve’s 30-year experience and foresight to anticipate market shifts uniquely positions it for an exciting chapter of innovation, which I’m pleased to be a part of.”

For more information on Arcserve’s data protection solutions and to request a free trial, visit www.arcserve.com.

Follow Arcserve

# # #

About Arcserve

Arcserve provides exceptional solutions to protect the priceless digital assets of organizations in need of full scale, comprehensive data protection. Established in 1983, Arcserve is the world’s most experienced provider of business continuity solutions that safeguard multi-generational IT infrastructures with applications and systems in any location, on premises and in the cloud. Organizations in over 150 countries around the world rely on Arcserve’s highly efficient, integrated technologies and expertise to eliminate the risk of data loss and extended downtime while reducing the cost and complexity of backing up and restoring data by up to 50 percent. Arcserve is headquartered in Minneapolis, Minnesota with locations around the world. Explore more at www.arcserve.com and follow @Arcserve on Twitter.

%d bloggers like this: