720-891-1663

Return to the list of client alerts

Multiple Alerts: OpenSSL,Web Shell Malware, Cisco IP Phones, Fingerprint security, Another IT Provider Hacked

This week is a collection of alerts. While I have never done this before, I think it is appropriate this week.

OpenSSL – For those of you running OpenSSL on your Linux web servers, version 1.1.1g has been released. Versions 1.1.1d, e, and f are vulnerable to a bug that allows an attacker to at least crash the server. Here is the CISA alert.

The NSA and their Australian equivalent released an alert on detecting and avoiding web shell malware, an attack that allows hackers to gain a persistent beach head inside a web server and execute whatever commands they choose to. The NSA alert can be found here. This is Anne Neuberger (head of NSA’s Cybersecurity Directorate) trying to salvage NSA’s reputation as being on our side. Glad she is doing that.

Cisco has released a group of fixes for their IP phones and UCS server. The bugs were discovered in 2016 (yes!). Fixes are available and one of the bugs is classified as critical. Cisco users can read the details at HelpNet Security.

Office printers are a ticking timebomb, HelpNet says and I agree. Firmware is rarely patched and default passwords rarely changed. Since you don’t run antivirus on your printer, if an attacker compromises one, it is a great place to hide, launch an attack and use as a command and control server. ESPECIALLY HOME PRINTERS. Again, details are available at HelpNet Security.

Cisco researchers were successful at bypassing fingerprint security on computers and mobile devices. They were successful at fooling Macbooks 95% of the time but they were never able to bypass Windows Hello fingerprint security. They also tested other devices as well. Bottom line is that fingerprint security is pretty low security, except, apparently, for Windows. Details are available at Security Week

IT service provider Cognizant confirmed that they were hacked by the Maze ransomware 2.0 malware and it was impacting some of their customers. Cognizant employs almost 300,000 people, so you would think that they should have good security and good detection. The Maze group has not yet published any of Cognizant’s customer data. Just another reminder to do your due diligence on your service providers. Also, you should check your contract to make sure that the service providers are required to reimburse you for any costs you incur as a result of their being attacked. Find more details at CNN.