Microsoft’s September 2019 Patch Tuesday: Tenable Roundup

September 11, 2019

Microsoft’s September 2019 Patch Tuesday release contains updates for 79 CVEs, 17 of which are rated critical. In the wake of BlueKeep in May, and the four additional CVEs for Remote Desktop Services in August (DejaBlue), Microsoft has addressed four new CVEs for Remote Desktop Client. Additionally, Microsoft patched two elevation of privilege bugs which have been exploited in the wild this month. Click here to read the complete breakdown of the most important CVEs from this month’s release.

Satnam NarangSenior Research Engineer at Tenable said, “This month’s Patch Tuesday release contains updates for nearly 80 CVEs, including four critical vulnerabilities in the Remote Desktop Client, and two Elevation of Privilege vulnerabilities exploited in the wild as zero-days.

Since Microsoft warned about BlueKeep (CVE-2019-0708) in May, Microsoft’s Platform Security Assurance & Vulnerability Research team identified additional vulnerabilities in Remote Desktop, patching four critical flaws in August in Remote Desktop Services, dubbed “DejaBlue.” This month, Microsoft’s internal research teams identified four new critical vulnerabilities in Remote Desktop Client (CVE-2019-1290, CVE-2019-1291, CVE-2019-0787, CVE-2019-0788). Unlike BlueKeep and DejaBlue, where attackers target vulnerable Remote Desktop servers, these vulnerabilities require an attacker to convince a user to connect to a malicious Remote Desktop server. Attackers could also compromise vulnerable servers and host malicious code on them and wait for users to connect to them

Microsoft also patched two vulnerabilities that were exploited in the wild as zero-days. CVE-2019-1214 is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS) Driver, while CVE-2019-1215 is an elevation of privilege vulnerability in the Winsock IFS Driver (ws2ifsl.sys). Both flaws exist due to improper handling of objects in memory by the respective drivers. Elevation of Privilege vulnerabilities are utilized by attackers post-compromise, once they’ve managed to gain access to a system in order to execute code on their target systems with elevated privileges.

 

Advertisements

CVE-2019-12643: Critical Authentication Bypass Vulnerability in REST API Container for Cisco IOS XE

August 30, 2019

News broke of a critical bug affecting Cisco’s popular IOS XE operating system that powers millions of enterprise network devices around the world. The flaw, tracked as CVE-2019-12643, affects Cisco’s REST application programming interface (API) virtual container for ISO XE and exists because the software doesn’t properly check the code that manages the API’s authentication service.

Background

On August 28, Cisco released 10 advisories to address vulnerabilities across multiple products, including Cisco NX-OS and FXOS, Nexus 9000 Series Fabric Switches and Unified Computing System (UCS) Fabric. The most severe vulnerability, which Cisco rates as critical, exists in the REST API Container for Cisco IOS XE.

Scott Caveza, the research engineering manager at Tenable said, “The critical authentication bypass flaw in Cisco IOS XE could be exploited by an unauthenticated, remote attacker sending specially crafted HTTP requests to a vulnerable device, resulting in the exposure of an authenticated users’ token-id. While the flaw is critical, it’s important to note there are a number of requirements for successful exploitation, including the device has both installed and enabled an affected version of the Cisco REST API virtual service container. In addition, a user must be logged into the device in order to obtain the token-id. Cisco has released iosxe-remote-mgmt.16.03.03.ova, a fixed version of the virtual service container, as well as implemented additional safeguards in updated IOS XE versions.”

Satnam Narang, Sr. Security Response Manager at Tenable has explained the vulnerability in detail. To read more, please click here.

If you need more information, please feel free to get in touch with me.

Sharath G

Team Lead

Enterprise Technology Practice

Change Agents PR

On behalf of Tenable

+91.80.41603144, 91.8088030853

sharath.g@changeagents.in


Scammers Using Fake TikTok Profiles to Trick Unsuspecting TikTok Users to Sign Up For Adult Dating Websites

August 16, 2019

By

Satnam Narang

Senior Research Engineer,

Security Response at Tenable

TikTok, social media video app popular among teens, has quickly gained 88.6 million new Indian users in the first quarter of 2019 alone. As with any new and popular platform that launches in the market, scammers would always try their luck to manipulate it for personal gains and TikTok is no exception.

Since March 2019, Mr. Narang has been tracking the activity of a number of scam accounts on the popular short-form video platform TikTok. The social media site’s user base took off after it merged with musical.ly in August 2018, topping 1 billion monthly active users (MAUs) earlier this year.

Given TikTok’s meteoric rise in popularity, it comes as no surprise that scammers would take notice. So far, these scams appear to be in their infancy. There is no WikiHow entry for how to create TikTok scams yet. However, it’s clear the scammers are already reaping the benefits of using the platform to accomplish one or more of the following:

  1. Boosting likes and followers in order to raise the popularity of a profile.
  2. Game the cost-per-action networks of adult dating websites that pay for qualified leads.
  3. Take advantage of cost-per-install networks, which offer monetary rewards to users who drive other users to install apps.

In this two-part series, Satnam Narang, Senior Research Engineer at Tenable explores three of the most common types of scam accounts he’s been tracking, which involve one or more of the following categories:

  1. Adult-dating
  2. Impersonation
  3. Increasing followers/likes

In part one, Narang discusses on how scammers are using fake profiles to trick unsuspecting TikTok users to sign up for adult dating websites or pay for fraudulent “premium” Snapchat accounts. And in part two, he explores the tactics involved in creating imposter accounts and how these are used to increase followers and clicks , while also discussing the oldest trick in the scammer’s playbook – offering free likes and followers. We expect these activities to only increase as TikTok continues to dominate the Apple App Store marketplace, remaining at the top of the App Store Downloads page for multiple quarters,
while also trailing only behind Facebook properties WhatsApp and Messenger in Overall Downloads on mobile platforms.

Click here to view complete research report on TikTok Scams: How Popular Apps and Services Become New Havens for Scammers

Click here to view complete research report How Social Currency Fuels the Economy for Impersonation Accounts and Free Followers and Likes Services 

Satnam Narang, Senior Research Engineer at Tenable is available for a phone briefing to take you through his research.

 

If you need more information, please feel free to get in touch with me.

 

Sharath G

Team Lead

Enterprise Technology Practice

Change Agents PR

On behalf of Tenable

+91.80.41603144, 91.8088030853

sharath.g@changeagents.in


Tenable Expands Partner Ecosystem to Span the Cyber Exposure Lifecycle

August 7, 2019

COLUMBIA, Md / MUMBAI, India – August 7, 2019 – Tenable®, Inc., the Cyber Exposure company, today announced the expansion of its Cyber Exposure ecosystem with new and enhanced technology integrations from leading vendors in public cloud infrastructure, SIEM and IT Service Management solutions. This news follows Tenable’s announcement of new innovations to automatically discover and assess rogue assets across on-premises and cloud environments. Together, they enable customers to manage, measure and reduce cyber risk holistically through greater visibility across the modern attack surface plus integrated security and IT workflows for faster detection and remediation.

“We’re methodically expanding our Cyber Exposure Ecosystem with best-of-breed partners to help customers see and understand the totality of their cyber risk wherever it may lurk in their systems, on the Cloud, on-premises, IT, OT or anywhere else,” said Ray Komar, Vice President of Technical Alliances, Tenable. “We’re working hand-in-glove with leading vendors so that customers can analyze their cyber risk, prioritize what to fix first and ultimately build resilient cyber programs that reduce risk to the business.”

New and enhanced integrations to help customers address the Cyber Exposure lifecycle include:

IT Service Management: ServiceNow

Tenable recently enhanced its integration with ServiceNow, adding its Vulnerability Priority Rating (VPR) to ServiceNow Security Operations and ITSM integrations to help joint customers prioritize, filter and view vulnerabilities for remediation based on the actual risk they pose to the business. Customers can also sync their vulnerability data up to 400 percent faster by ingesting multiple Tenable vulnerability data streams simultaneously into ServiceNow Vulnerability Response and the ServiceNow CMDB. The enhanced integration now includes support for ServiceNow Madrid.

Public Cloud Infrastructure: AWS Security Hub

Amazon Web Services recently announced the general availability of AWS Security Hub, a service that gives customers a central place to manage security and compliance across an AWS environment. The AWS Connector for Tenable.io® is designed to automatically and continuously discover and track asset changes in AWS cloud environments to ensure all instances are known and assessed for exposure with every change. With the life of cloud workloads commonly measured in hours, the AWS Connector solves a key challenge of achieving accurate visibility into cyber risk by creating a consolidated view of all cloud-based assets within Tenable.io. This empowers security teams to manage Cyber Exposure across the entire modern attack surface with a complete picture.

SIEM: IBM QRadar

IBM has released a new integration with Tenable.io and IBM QRadar to help customers gain comprehensive visibility into enterprise data across on-premises and cloud-based environments. Customers can create reports, schedule scans and identify vulnerabilities and apply analytics to accelerate investigations and reduce the impact of incidents. The Tenable.io integration complements the existing integration with Tenable.sc™ (formerly SecurityCenter).

For more information about the latest capabilities, visit https://www.tenable.com/partners/technology.

# # #

About Tenable

Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.


New Innovations from Tenable Automatically Discover and Assess Rogue Assets Across On-Prem and Cloud Environments Within a Single Platform

August 7, 2019

LAS VEGAS / MUMBAI, India – August 7, 2019 – Tenable®, Inc., the Cyber Exposure company, today announced new product innovations in Tenable.sc ™ (formerly SecurityCenter) and Tenable.io® to continuously discover and assess known and unknown assets across on-premises and cloud environments from a single platform at no extra charge.

These innovations are based on Tenable’s industry-leading Nessus® Network Monitor (NNM) for passive network monitoring, which has been a pioneer in continuous monitoring for over 10 years with one of the industry’s broadest asset coverage. With today’s announcement, Tenable enables customers to not only automatically detect every asset across their computing environments, but also assess them for vulnerabilities and misconfigurations. This new functionality is available in the base Tenable.sc and Tenable.io products, eliminating the need for multiple applications and data silos.

Security teams often struggle to identify all assets in their purview given the dynamic and transient nature of technologies such as mobile devices, containers and cloud instances. This lack of visibility widens the Cyber Exposure gap, increasing the chances of a business-disrupting cyber event. Tenable has unveiled the following native capabilities to address the rogue asset challenge:

NNM Discovery Mode: Customers can use NNM within Tenable.io and Tenable.sc to continuously monitor their networks to discover rogue assets without the need to consume a product license. This capability will help security teams eliminate blindspots due to previously unknown assets or new assets added to the network between scans. This capability will be available in Tenable.sc and Tenable.io in 2019.

Rogue Asset Automatic Assessment: Customers can automatically assess rogue assets without manual intervention by enabling security teams to define their own policies for scanning newly-discovered assets. This will help organizations improve their overall security posture while decreasing operational costs of manual processes. Rogue Asset Automatic Assessment is generally available in Tenable.sc and will be available in Tenable.io in Q3 2019.

Tenable Cloud Connector Auto-Discovery: Tenable Cloud Connectors provide live visibility into AWS, Azure and GCP cloud workloads as they are continuously deployed and turned off. With Auto-Discovery, customers can automatically collect and track assets from all member accounts associated with the master account without any manual intervention to ensure full visibility across cloud environments. Auto-Discovery is now generally available in Tenable.io.

A strategic Cyber Exposure program provides unified visibility into where all assets are located and to what extent they’re exposed, which is increasingly difficult to do with transient devices like cloud, mobile and IoT,” said Renaud Deraison, CTO, Tenable. “We are committed to helping customers on their Cyber Exposure journey to provide complete visibility across their attack surface, including both known and unknown assets, ultimately eliminating dangerous blind spots before they can be compromised.”

For more information about the latest capabilities, read our latest blog post.

# # #

About Tenable Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at tenable.com.


%d bloggers like this: