Malware Devil

Tuesday, April 13, 2021

Vulnerability Spotlight: Multiple vulnerabilities in OpenClinic’s GA web portal

Yuri Kramarz of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

Cisco Talos recently discovered multiple vulnerabilities in OpenClinic’s GA web portal. OpenClinic GA
is an open-source, fully integrated hospital management solution. The web portal allows users to manage administrative, financial, clinical, lab, x-ray and pharmacy data for health care facilities. The software contains extensive statistical and reporting capabilities. OpenClinic GA contains several vulnerabilities that could allow an adversary to carrot out a wide range of malicious actions, including injecting SQL code into the targeted server or elevating their privileges.

In accordance with our coordinated disclosure policy, Cisco Talos worked with OpenClinic to disclose these vulnerabilities and ensure that updates are available.

Vulnerability details

OpenClinic GA web portal SQL injection vulnerability in ‘statistics/quickFile.jsp’ page (TALOS-2020-1202/CVE-2020-27226)

An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

OpenClinic GA unauthenticated command injection vulnerability (TALOS-2020-1203/CVE-2020-27227)

An exploitable unauthenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameters to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and compromise of the underlying operating system.

Read the complete vulnerability advisory here for additional information.

OpenClinic GA installation privilege escalation vulnerability (TALOS-2020-1204/CVE-2020-27228)

An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability.

Read the complete vulnerability advisory here for additional information.

OpenClinic GA web portal multiple SQL injection vulnerabilities in ‘patientslist.do’ page (TALOS-2020-1205/CVE-2020-27229 – CVE-2020-27231)

Multiple exploitable SQL injection vulnerabilities exist in the ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

OpenClinic GA Web portal SQL injection vulnerability in ‘manageServiceStocks.jsp’ page (TALOS-2020-1206/CVE-2020-27232)

An exploitable SQL injection vulnerability exists in the ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

OpenClinic GA web portal multiple SQL injection vulnerabilities in ‘getAssets.jsp’ page (TALOS-2020-1207/CVE-2020-27233 – CVE-2020-27241)

Multiple exploitable SQL injection vulnerabilities exist in the ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

OpenClinic GA web portal multiple SQL injection vulnerabilities in ‘listImmoLabels.jsp’ page (TALOS-2020-1208/CVE-2020-27242 – CVE-2020-27246)

Multiple exploitable SQL injection vulnerabilities exist in the ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that these vulnerabilities affect OpenClinic GA, version 5.173.3.

Coverage

The following SNORT(R) rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 56475 – 56483, 56486 – 56489

The post Vulnerability Spotlight: Multiple vulnerabilities in OpenClinic’s GA web portal appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/vulnerability-spotlight-multiple-vulnerabilities-in-openclinics-ga-web-portal-3/?utm_source=rss&utm_medium=rss&utm_campaign=vulnerability-spotlight-multiple-vulnerabilities-in-openclinics-ga-web-portal-3

Windows: SCM Remote Access Check Limit Bypass EoP

The post Windows: SCM Remote Access Check Limit Bypass EoP appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/windows-scm-remote-access-check-limit-bypass-eop/?utm_source=rss&utm_medium=rss&utm_campaign=windows-scm-remote-access-check-limit-bypass-eop

The Biggest Breaches and Data Leaks of 2020

Year after year, cyberattackers cause unnecessary stress for organizations, disrupting innovation and impacting profit. 2020 was no different ??? last year brought a bevy of damaging breaches that cost organizations precious money and time they couldn???t get back. ﾂ?

Ranging from thousands to billions of records exposed, breaches big and small gave threat actors access to sensitive information like email addresses, locations, passwords, dates of birth, and more. Impacts were felt across the board with organizations from Nintendo to Broadvoice and even the U.S. Small Business Administration making waves in the news.

The biggest breach, however, went to Keepnet Labs with what was most likely a directory traversal exploit from an unsecured server. This typically allows threat actors to gain unauthorized access to files and, ultimately compromise an entire web server. Unfortunately for Keepnet Labs, attempting to move an unsecured server with their firewall disabled for about ten minutes landed them in the headlines with over 5 billion records leaked from previous cybersecurity incidents, including hash types, passwords, email addresses, email domains, and more.

So why are security breaches still so common? We know from State of Software Security v11 that 76 percent of applications have at least one flaw on initial scan today (24 percent with high-severity flaws), and that organizations with a higher flaw density remediate risky flaws a whopping 63 days slower than others. The good news: some of the biggest breaches from 2020 stemmed from common problems with code quality, CRLF injection, and cryptographic issues, which are preventable with secure coding best practices.

???

Check out our full infographic here to see the biggest breaches of 2020 and learn how to prevent similar threats. Looking ahead to 2021 and beyond it???s critical that organizations continue to pivot and improve their security; with the right combination of secure coding best practices, educational training, and integrated testing types, developers can stay one step ahead of these and other modern threats. ﾂ?ﾂ?ﾂ?

The post The Biggest Breaches and Data Leaks of 2020 appeared first on Security Boulevard.

The post The Biggest Breaches and Data Leaks of 2020 appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/the-biggest-breaches-and-data-leaks-of-2020/?utm_source=rss&utm_medium=rss&utm_campaign=the-biggest-breaches-and-data-leaks-of-2020

Tax Phish Swims Past Google Workspace Email Security

Crooks are looking to harvest email credentials with a savvy campaign that uses the Typeform service to host the phishing page.
Read More

The post Tax Phish Swims Past Google Workspace Email Security appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/tax-phish-swims-past-google-workspace-email-security/?utm_source=rss&utm_medium=rss&utm_campaign=tax-phish-swims-past-google-workspace-email-security

ESB-2021.1213 – [Ubuntu] SpamAssassin: Execute arbitrary code/commands – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1213
                  USN-4899-2: SpamAssassin vulnerability
                               13 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           SpamAssassin
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-1946  

Reference:         ESB-2021.1136
                   ESB-2021.1124

Original Bulletin: 
   https://ubuntu.com/security/notices/USN-4899-2

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4899-2: SpamAssassin vulnerability
12 April 2021

SpamAssassin could be made to run programs if it opened a specially crafted
file.
Releases

  o Ubuntu 14.04 ESM

Packages

  o spamassassin - Perl-based spam filter using text analysis

Details

USN-4899-1 fixed a vulnerability in SpamAssassin. This update provides
the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF
files. If a user or automated system were tricked into using a specially-
crafted CF file, a remote attacker could possibly run arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 14.04

  o spamassassin - 3.4.2-0ubuntu0.14.04.1+esm3

In general, a standard system update will make all the necessary changes.

References

  o CVE-2020-1946

Related notices

  o USN-4899-1 : spamassassin

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHTp4eNLKJtyKPYoAQjHOw//fHabJnUzHXOO7TIy0MecpUYNZSYNi4Pm
248h2J2+pPwu3AEI4LrItP/kpXGtnrZy9RRhISgswh7A3atwXGMbiqv/ESqBOAew
lc9KQ0DKaGyIhRupNs6KvnJBKfBqBzRPDCeRV+bDvzgcuZHbI4ihFK3bt5779pJf
6dr8HMtb9ftfODya/vFO59dkElsqFecDj6P2CIushkNYP5n3dOilTUAW54WFsDcs
bUeOx8fEdQKeGIchjJ4zZU4kGaC2bTZ/c8MERmnagpFumBu1V6M1HHq7lBzQt0L4
ZKT+yTv1NCOBtZq+gX25yjRtI9EedH+qjHubCH0/UAw7Xol11LML3n8sjXs3ICMs
OMZHtIs6BgQNCfBjBNB/vvBkwGnWFqOCkl0GOsjw/ilFUunl7HdTSdUV6XfbZbsA
I+DNYCyz6QbsJJi1g5aE4/nnzi9MwdxuLo7Ps/JT8kdzQzSVA80Eu3O5mQ6gMACM
8IpGF1LagpIC/1KwWd4QvDTUjlObOPXt40l2lanOkNYCM2s9LE+dn0y9N4U4A6ca
sTtlEX9AuKOfOF6okmco7AXcc7BSdlMf7R4hWSJVidJwJNuRYubv4iHknd0sEV3N
rIltNdOCZV7+L7MR1IbJ47BM4TaulGpQ4b2XyZuq7nFriU2c2UpU6MYX+4w5YfEM
OgmRET7nin4=
=lGea
-----END PGP SIGNATURE-----

The post ESB-2021.1213 – [Ubuntu] SpamAssassin: Execute arbitrary code/commands – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/esb-2021-1213-ubuntu-spamassassin-execute-arbitrary-code-commands-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1213-ubuntu-spamassassin-execute-arbitrary-code-commands-remote-unauthenticated

ESB-2021.1211 – [Appliance] F5 Products: Denial of service – Existing account

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1211
                    D-Bus vulnerability CVE-2020-12049
                               13 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           BIG-IP (all modules)
                   BIG-IQ Centralized Management
Publisher:         F5 Networks
Operating System:  Network Appliance
Impact/Access:     Denial of Service -- Existing Account
Resolution:        None
CVE Names:         CVE-2020-12049  

Reference:         ESB-2020.3700
                   ESB-2020.2663

Original Bulletin: 
   https://support.f5.com/csp/article/K16729408

- --------------------------BEGIN INCLUDED TEXT--------------------

K16729408: D-Bus vulnerability CVE-2020-12049

Original Publication Date: 13 Apr, 2021

Security Advisory Description

An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in
libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds
the per-message file descriptor limit. A local attacker with access to the
D-Bus system bus or another system service's private AF_UNIX socket could use
this to make the system service reach its file descriptor limit, denying
service to subsequent D-Bus clients. (CVE-2020-12049)

Impact

A local attacker may cause a denial-of-service (DoS) attack or threaten the
availability of the system.

Security Advisory Status

F5 Product Development has assigned ID 1001369 (BIG-IP and BIG-IQ) to this
vulnerability.

To determine if your product and version have been evaluated for this
vulnerability, refer to the Applies to (see versions) box. To determine if your
release is known to be vulnerable, the components or features that are affected
by the vulnerability, and for information about releases, point releases, or
hotfixes that address the vulnerability, refer to the following table. For more
information about security advisory versioning, refer to K51812227:
Understanding security advisory versioning.

Note: After a fix is introduced for a given minor branch, that fix applies to
all subsequent maintenance and point releases for that branch, and no
additional fixes for that branch will be listed in the table. For example, when
a fix is introduced in 14.1.2.3, the fix also applies to 14.1.2.4, and all
later 14.1.x releases (14.1.3.x., 14.1.4.x). For more information, refer to
K51812227: Understanding security advisory versioning. Additionally, software
versions preceding those listed in the following table have reached the End of
Technical Support (EoTS) phase of their lifecycle and are no longer evaluated
for security issues. For more information, refer to the Security hotfixes
section of K4602: Overview of the F5 security vulnerability response policy.

+------------+------+--------------+----------+----------+------+-------------+
|            |      |Versions known|Fixes     |          |CVSSv3|Vulnerable   |
|Product     |Branch|to be         |introduced|Severity  |score^|component or |
|            |      |vulnerable^1  |in        |          |2     |feature      |
+------------+------+--------------+----------+----------+------+-------------+
|            |16.x  |16.0.0 -      |None      |          |      |             |
|            |      |16.0.1        |          |          |      |             |
|            +------+--------------+----------+          |      |             |
|            |15.x  |15.1.0 -      |None      |          |      |             |
|            |      |15.1.2        |          |          |      |             |
|            +------+--------------+----------+          |      |             |
|            |14.x  |14.1.0 -      |None      |          |      |             |
|BIG-IP (all |      |14.1.4        |          |          |      |             |
|modules)    +------+--------------+----------+Medium    |6.5   |D-Bus        |
|            |13.x  |None          |Not       |          |      |             |
|            |      |              |applicable|          |      |             |
|            +------+--------------+----------+          |      |             |
|            |12.x  |None          |Not       |          |      |             |
|            |      |              |applicable|          |      |             |
|            +------+--------------+----------+          |      |             |
|            |11.x  |None          |Not       |          |      |             |
|            |      |              |applicable|          |      |             |
+------------+------+--------------+----------+----------+------+-------------+
|            |8.x   |8.0.0         |None      |          |      |             |
|BIG-IQ      +------+--------------+----------+          |      |             |
|Centralized |7.x   |7.1.0         |None      |Medium    |6.5   |D-Bus        |
|Management  +------+--------------+----------+          |      |             |
|            |6.x   |None          |Not       |          |      |             |
|            |      |              |applicable|          |      |             |
+------------+------+--------------+----------+----------+------+-------------+
|F5OS        |1.x   |None          |Not       |Not       |None  |None         |
|            |      |              |applicable|vulnerable|      |             |
+------------+------+--------------+----------+----------+------+-------------+
|Traffix SDC |5.x   |None          |Not       |Not       |None  |None         |
|            |      |              |applicable|vulnerable|      |             |
+------------+------+--------------+----------+----------+------+-------------+

^1F5 only evaluates software versions that have not yet reached the End of
Technical Support (EoTS) phase of their lifecycle.

^2The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.

Recommended Actions

If you are running a version listed in the Versions known to be vulnerable
column, you can eliminate this vulnerability by installing a version listed in
the Fixes introduced in column. If the Fixes introduced in column does not list
a version for your branch, then no update candidate currently exists for that
branch and F5 recommends upgrading to a version with the fix (refer to the
table).

If the Fixes introduced in column lists a version prior to the one you are
running, in the same branch, then your version should have the fix.

Mitigation

None

Supplemental Information

o K41942608: Overview of security advisory articles
  o K4602: Overview of the F5 security vulnerability response policy
  o K4918: Overview of the F5 critical issue hotfix policy
  o K8986: F5 software lifecycle policy
  o K9502: BIG-IP hotfix and point release matrix
  o K13123: Managing BIG-IP product hotfixes (11.x - 16.x)
  o K15106: Managing BIG-IQ product hotfixes
  o K15113: BIG-IQ hotfix and point release matrix
  o K48955220: Installing an OPSWAT Endpoint Security update on BIG-IP APM
    systems (11.4.x and later)
  o K167: Downloading software and firmware from F5
  o K9970: Subscribing to email notifications regarding F5 products
  o K9957: Creating a custom RSS feed to view new and updated documents

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHTpxeNLKJtyKPYoAQj2Nw/+KyA3j8YfSWA1m4chXSkPVNczT5xEZn6i
69vPGhA7rfqR6gZ6OOOw1bOnrBQucBAqyeah/k/AhtYavd9dYfBqkSeMDf6K2IMg
P+jP1G8465GNmQQ91TzgNI4iHhGdgF4LswDXGjbDyd/qkqO+Qz+g2Rvat56BFPQh
INREVgm1+23Uutg9EPSwKdEUptQ1pFho7PZ8M1jxVoOdeUW22B39YFnKuU6D/5rK
FDB79fIxqBV0tzvltpGMrjMkGFfNgzf+a1roTQjEnDML9EZ31exSJYcC4PO0QRbE
bgf+cq3fMBIJkZ+Ph1eQzDnHt+ouAOZKByVWE7CjBCyEzsVSffonp54+gAE8xxc2
lxl3gEG5lyqmvMZCD1dtv3hZTCBW7Tgcpx3lQ94d5zMV4Nhlourg1d1SW8Zmfy5/
tC3s8EYK20h9rW+ugNrwG5Y4OTn+JnolruYURH58d6dxDUMdAQbL8DLzS1tveNv4
jKEdow5DRitjfic05+cldDjXXgAdSsXuGCtQCwaYgqUdIibJ83bEarASv6JOctqX
ENrKITwOEi2O7IPuiYrmMlsgh03bT7rxXuAinlnLLz1EDqT4RCAKyn9WwVu8ryvq
VcHPaTBmFfjuXx4Lm8G62fAlV9a42+s3NRFPc95YPySbug3Z3gWNi8Yel7Lo82Kn
DFUqWTpRrdc=
=/cM5
-----END PGP SIGNATURE-----

The post ESB-2021.1211 – [Appliance] F5 Products: Denial of service – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/esb-2021-1211-appliance-f5-products-denial-of-service-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1211-appliance-f5-products-denial-of-service-existing-account

ESB-2021.1212 – [SUSE] Linux Kernel: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1212
    Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2)
                               13 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Linux Kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account      
                   Increased Privileges            -- Existing Account      
                   Denial of Service               -- Existing Account      
                   Access Confidential Data        -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-27365 CVE-2021-27364 CVE-2021-27363
                   CVE-2020-25645 CVE-2020-1749 CVE-2020-0429

Reference:         ESB-2021.1159
                   ESB-2021.1152
                   ESB-2021.0955

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20211145-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20211148-1

Comment: This bulletin contains two (2) SUSE security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel (Live Patch 36 for
SLE 12 SP2)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:1145-1
Rating:            important
References:        #1182717 #1183120 #1183491
Cross-References:  CVE-2021-27363 CVE-2021-27364 CVE-2021-27365
Affected Products:
                   SUSE Linux Enterprise Server 12-SP2-LTSS-SAP
                   SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for the Linux Kernel 4.4.121-92_138 fixes several issues.
The following security issues were fixed:

  o CVE-2021-27365: Fixed an issue where data structures did not have
    appropriate length constraints or checks, and could exceed the PAGE_SIZE
    value (bsc#1183491).
  o CVE-2021-27363: Fixed a kernel pointer leak which could have been used to
    determine the address of the iscsi_transport structure (bsc#1183120).
  o CVE-2021-27364: Fixed an issue where an unprivileged user could craft
    Netlink messages (bsc#1182717).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Server 12-SP2-LTSS-SAP:
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1142=1
    SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1143=1
    SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1144=1
    SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1145=1
    SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1146=1
    SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1147=1
  o SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON:
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1142=1
    SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1143=1
    SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1144=1
    SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1145=1
    SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1146=1
    SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1147=1

Package List:

  o SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64):
       kgraft-patch-4_4_121-92_129-default-10-2.2
       kgraft-patch-4_4_121-92_135-default-8-2.2
       kgraft-patch-4_4_121-92_138-default-8-2.2
       kgraft-patch-4_4_121-92_141-default-7-2.2
       kgraft-patch-4_4_121-92_146-default-5-2.2
       kgraft-patch-4_4_121-92_149-default-3-2.2
  o SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64):
       kgraft-patch-4_4_121-92_129-default-10-2.2
       kgraft-patch-4_4_121-92_135-default-8-2.2
       kgraft-patch-4_4_121-92_138-default-8-2.2
       kgraft-patch-4_4_121-92_141-default-7-2.2
       kgraft-patch-4_4_121-92_146-default-5-2.2
       kgraft-patch-4_4_121-92_149-default-3-2.2


References:

  o https://www.suse.com/security/cve/CVE-2021-27363.html
  o https://www.suse.com/security/cve/CVE-2021-27364.html
  o https://www.suse.com/security/cve/CVE-2021-27365.html
  o https://bugzilla.suse.com/1182717
  o https://bugzilla.suse.com/1183120
  o https://bugzilla.suse.com/1183491


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel (Live Patch 40 for
SLE 12 SP2)

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:1148-1
Rating:            important
References:        #1165631 #1176931 #1177513 #1182717 #1183120 #1183491
Cross-References:  CVE-2020-0429 CVE-2020-1749 CVE-2020-25645 CVE-2021-27363
                   CVE-2021-27364 CVE-2021-27365
Affected Products:
                   SUSE Linux Enterprise Server 12-SP2-LTSS-SAP
                   SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON
______________________________________________________________________________

An update that fixes 6 vulnerabilities is now available.

Description:

This update for the Linux Kernel 4.4.121-92_152 fixes several issues.
The following security issues were fixed:

  o CVE-2021-27365: Fixed an issue where data structures did not have
    appropriate length constraints or checks, and could exceed the PAGE_SIZE
    value (bsc#1183491).
  o CVE-2021-27363: Fixed a kernel pointer leak which could have been used to
    determine the address of the iscsi_transport structure (bsc#1183120).
  o CVE-2021-27364: Fixed an issue where an unprivileged user could craft
    Netlink messages (bsc#1182717).
  o CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two
    Geneve endpoints to be unencrypted (bsc#1177513).
  o CVE-2020-0429: Fixed a memory corruption due to a use after free which
    could have led to local escalation of privilege with System execution
    privileges needed (bsc#1176931).
  o CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#
    1165631).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Server 12-SP2-LTSS-SAP:
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-SAP-2021-1148=1
  o SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON:
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-LTSS-ERICSSON-2021-1148=1

Package List:

  o SUSE Linux Enterprise Server 12-SP2-LTSS-SAP (x86_64):
       kgraft-patch-4_4_121-92_152-default-2-2.2
  o SUSE Linux Enterprise Server 12-SP2-LTSS-ERICSSON (x86_64):
       kgraft-patch-4_4_121-92_152-default-2-2.2


References:

  o https://www.suse.com/security/cve/CVE-2020-0429.html
  o https://www.suse.com/security/cve/CVE-2020-1749.html
  o https://www.suse.com/security/cve/CVE-2020-25645.html
  o https://www.suse.com/security/cve/CVE-2021-27363.html
  o https://www.suse.com/security/cve/CVE-2021-27364.html
  o https://www.suse.com/security/cve/CVE-2021-27365.html
  o https://bugzilla.suse.com/1165631
  o https://bugzilla.suse.com/1176931
  o https://bugzilla.suse.com/1177513
  o https://bugzilla.suse.com/1182717
  o https://bugzilla.suse.com/1183120
  o https://bugzilla.suse.com/1183491

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHTp1uNLKJtyKPYoAQgk5RAAraZkdCwE7R9kBtOrQcqRjdJNcaB5wXSG
LOiCrlhqI8xdjOjTozUXopTobhL1upn4jAiX74JpYw84J1gxu/MxYJlIrw+zbrp/
S4ID3ntkE3/6bgDJ4rKUYD47Fbdj6qzsXwUhLcWbz+/299wAFoR/7qBJjOgVjpYu
HW9t1g3O7ryLk6b7dqOPYnXx5DXfTacHDTQ2o/ZyL7IKLvUwbNEszOON++xpFyFP
LdqR3Gs4CmFqJIghza7z3gf/zH/EXB5drRrPw2Fe5jDliOlQiiGZrw+yElCp045B
3jVsJsc8IyKeqk+tDn7MoOF/pAllfmzjO9daPU9yrgfmOg1deEUWxDDBNEHhzmxH
OO3aq0BuWVFRN7VgfKI4SBsm582MIJ5LPCOClyIzxNe60+hXiWoA75jv4vvXU4Vp
IhonwdO/6XgO0CeAmJEo9oPmOAolDUpL7hYWvI4Ooiw3Ybbc+BYF07blZYftPC33
K+4XMZbjtjmrmAozcXQjjay3USW7K3suHwYl0koePVzJuS4BiEuO2FNGfsFENzAh
+P4+m8cCZ+5lLa7ihtHSOK2CtNVYyTpPO4LyZixE9dlJTh7Bl0cKKQBgRJlaAO+Y
7JACIMfQuQdNodri2C17cMprI4A6ltrTyTTNGRVxUYTbhfx2+HUT4fG8IucdT0WW
urkO+Xw5wAU=
=iufn
-----END PGP SIGNATURE-----

The post ESB-2021.1212 – [SUSE] Linux Kernel: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/esb-2021-1212-suse-linux-kernel-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1212-suse-linux-kernel-multiple-vulnerabilities

ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, phone numbers, license plate numbers, hashed passwords and mailing addresses.

The post ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users appeared first on Security Boulevard.

The post ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users appeared first on Malware Devil.

https://malwaredevil.com/2021/04/12/parkmobile-breach-exposes-license-plate-data-mobile-numbers-of-21m-users-2/?utm_source=rss&utm_medium=rss&utm_campaign=parkmobile-breach-exposes-license-plate-data-mobile-numbers-of-21m-users-2

Ghidra 101: Creating Structures in Ghidra

In this blog series, I will be putting the spotlight on useful Ghidra features you may have missed. Each post will look at a different feature and show how it helps you save time and be more effective in your reverse engineering workflows. Ghidra is an incredibly powerful tool, but much of this power comes from knowing how […]… Read More

The post Ghidra 101: Creating Structures in Ghidra appeared first on The State of Security.

The post Ghidra 101: Creating Structures in Ghidra appeared first on Security Boulevard.

The post Ghidra 101: Creating Structures in Ghidra appeared first on Malware Devil.

https://malwaredevil.com/2021/04/13/ghidra-101-creating-structures-in-ghidra/?utm_source=rss&utm_medium=rss&utm_campaign=ghidra-101-creating-structures-in-ghidra

Monday, April 12, 2021

Network Security News Summary for Tuesday April 13rd, 2021

Cleartext Cobalt Strike; ASA5506 SSD Failure; PulseSecure VPN Cert Expiration; Rwn2Own; Tesla Google Chrome exploit

Example of Cleartext Cobalt Strike Traffic
https://isc.sans.edu/forums/diary/Example+of+Cleartext+Cobalt+Strike+Traffic+Thanks+Brad/27300/

ASA 5506 Series Security Appliances Field Notice
https://www.cisco.com/c/en/us/support/docs/field-notices/720/fn72019.html

Expired Certificate for PulseSecure VPN Devices
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44781/?kA13Z000000fzbR

Pwn2Own Summary
https://thehackernews.com/2021/04/windows-ubuntu-zoom-safari-ms-exchange.html

Tesla Exploited Via Google Chrome Vulnerability
https://leethax0.rs/2021/04/ElectricChrome/

keywords: tesla; google chrome; pwn2own; certificate; pulsesecure; vpn; asa 5506; ssd; cobalt strike

The post Network Security News Summary for Tuesday April 13rd, 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/04/12/network-security-news-summary-for-tuesday-april-13rd-2021/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-tuesday-april-13rd-2021

ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.

KrebsOnSecurity first heard about the breach from Gemini Advisory, a New York City based threat intelligence firm that keeps a close eye on the cybercrime forums. Gemini shared a new sales thread on a Russian-language crime forum that included my ParkMobile account information in the accompanying screenshot of the stolen data.

Included in the data were my email address and phone number, as well as license plate numbers for four different vehicles we have used over the past decade.

Asked about the sales thread, Atlanta-based ParkMobile said the company published a notification on Mar. 26 about “a cybersecurity incident linked to a vulnerability in a third-party software that we use.”

“In response, we immediately launched an investigation with the assistance of a leading cybersecurity firm to address the incident,” the notice reads. “Out of an abundance of caution, we have also notified the appropriate law enforcement authorities. The investigation is ongoing, and we are limited in the details we can provide at this time.”

The statement continues: “Our investigation indicates that no sensitive data or Payment Card Information, which we encrypt, was affected. Meanwhile, we have taken additional precautionary steps since learning of the incident, including eliminating the third-party vulnerability, maintaining our security, and continuing to monitor our systems.”

Asked for clarification on what the attackers did access, ParkMobile confirmed it included basic account information – license plate numbers, and if provided, email addresses and/or phone numbers, and vehicle nickname.

“In a small percentage of cases, there may be mailing addresses,” spokesman Jeff Perkins said.

ParkMobile doesn’t store user passwords, but rather it stores the output of a fairly robust one-way password hashing algorithm called bcrypt, which is far more resource-intensive and expensive to crack than common alternatives like MD5. The database stolen from ParkMobile and put up for sale includes each user’s bcrypt hash.

“You are correct that bcrypt hashed and salted passwords were obtained,” Perkins said when asked about the screenshot in the database sales thread.

“Note, we do not keep the salt values in our system,” he said. “Additionally, the compromised data does not include parking history, location history, or any other sensitive information. We do not collect social security numbers or driver’s license numbers from our users.”

ParkMobile says it is finalizing an update to its support site confirming the conclusion of its investigation. But I wonder how many of its users were even aware of this security incident. The Mar. 26 security notice does not appear to be linked to other portions of the ParkMobile site, and it is absent from the company’s list of recent press releases.

It’s also curious that ParkMobile hasn’t asked or forced its users to change their passwords as a precautionary measure. I used the ParkMobile app to reset my password, but there was no messaging in the app that suggested this was a timely thing to do.

So if you’re a ParkMobile user, changing your account password might be a pro move. If it’s any consolation, whoever is selling this data is doing so for an insanely high starting price ($125,000) that is unlikely to be paid by any cybercriminal to a new user with no reputation on the forum.

More importantly, if you used your ParkMobile password at any other site tied to the same email address, it’s time to change those credentials as well (and stop re-using passwords).

The breach comes at a tricky time for ParkMobile. On March 9, the European parking group EasyPark announced its plans to acquire the company, which operates in more than 450 cities in North America.

The post ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users appeared first on Malware Devil.

https://malwaredevil.com/2021/04/12/parkmobile-breach-exposes-license-plate-data-mobile-numbers-of-21m-users/?utm_source=rss&utm_medium=rss&utm_campaign=parkmobile-breach-exposes-license-plate-data-mobile-numbers-of-21m-users

LinkedIn is Deleting All My Comments and Posts About Virginia Police

One of my most popular posts on LinkedIn was about the logical fallacies, as well as some history, of Virginia Police. LinkedIn gave me an award for it… Then they deleted the post, as well as all my comments on other posts about the Virginia Police. I had at least a dozen comments on this … Continue reading LinkedIn is Deleting All My Comments and Posts About Virginia Police →

The post LinkedIn is Deleting All My Comments and Posts About Virginia Police appeared first on Security Boulevard.

The post LinkedIn is Deleting All My Comments and Posts About Virginia Police appeared first on Malware Devil.

https://malwaredevil.com/2021/04/12/linkedin-is-deleting-all-my-comments-and-posts-about-virginia-police/?utm_source=rss&utm_medium=rss&utm_campaign=linkedin-is-deleting-all-my-comments-and-posts-about-virginia-police

Smart and Secure CAV Networks Empowered by AI-Enabled Blockchain: Next Frontier for Intelligent Safe-Driving Assessment

The post Smart and Secure CAV Networks Empowered by AI-Enabled Blockchain: Next Frontier for Intelligent Safe-Driving Assessment appeared first on Malware Devil.

https://malwaredevil.com/2021/04/12/smart-and-secure-cav-networks-empowered-by-ai-enabled-blockchain-next-frontier-for-intelligent-safe-driving-assessment/?utm_source=rss&utm_medium=rss&utm_campaign=smart-and-secure-cav-networks-empowered-by-ai-enabled-blockchain-next-frontier-for-intelligent-safe-driving-assessment

Op2Vec: An Opcode Embedding Technique and Dataset Design for End-to-End Detection of Android Malware

The post Op2Vec: An Opcode Embedding Technique and Dataset Design for End-to-End Detection of Android Malware appeared first on Malware Devil.

https://malwaredevil.com/2021/04/12/op2vec-an-opcode-embedding-technique-and-dataset-design-for-end-to-end-detection-of-android-malware/?utm_source=rss&utm_medium=rss&utm_campaign=op2vec-an-opcode-embedding-technique-and-dataset-design-for-end-to-end-detection-of-android-malware

Supervised Feature Selection Techniques in Network Intrusion Detection: a Critical Review

The post Supervised Feature Selection Techniques in Network Intrusion Detection: a Critical Review appeared first on Malware Devil.

https://malwaredevil.com/2021/04/12/supervised-feature-selection-techniques-in-network-intrusion-detection-a-critical-review/?utm_source=rss&utm_medium=rss&utm_campaign=supervised-feature-selection-techniques-in-network-intrusion-detection-a-critical-review

EtherClue: Digital investigation of attacks on Ethereum smart contracts

The post EtherClue: Digital investigation of attacks on Ethereum smart contracts appeared first on Malware Devil.

https://malwaredevil.com/2021/04/12/etherclue-digital-investigation-of-attacks-on-ethereum-smart-contracts/?utm_source=rss&utm_medium=rss&utm_campaign=etherclue-digital-investigation-of-attacks-on-ethereum-smart-contracts

Measurements of the Most Significant Software Security Weaknesses

The post Measurements of the Most Significant Software Security Weaknesses appeared first on Malware Devil.

https://malwaredevil.com/2021/04/12/measurements-of-the-most-significant-software-security-weaknesses/?utm_source=rss&utm_medium=rss&utm_campaign=measurements-of-the-most-significant-software-security-weaknesses

Biden Nominates Former NSA Officials for Top Cybersecurity Roles

President Biden has nominated Jen Easterly as the new director of CISA and is expected to nominate Chris Inglis as the first national cyber director.

President Biden has formally nominated former NSA official Jen Easterly to become director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). In addition, he reportedly plans to name former NSA deputy director Chris Inglis as the United States’ first-ever national cyber director.

Easterly is a former US Army officer with more than 20 years of service in intelligence and cyber operations. She was responsible for standing up the Army’s first cyber battalion and was involved in the design and creation of US Cyber Command, according to a White House statement. Easterly has served at the White House as special assistant to the president and senior director of counterterrorism, as well as deputy director for counterterrorism for the NSA.

She also brings experience from the private sector. Since 2017, Easterly has been the head of firm resilience and the Fusion Resilience Center at Morgan Stanley, detecting and defending against threats to the organization. Most recently, she served as cyber policy lead for the Biden-Harris transition team.

Her nomination is subject to Senate confirmation. If confirmed, Easterly will step into a key position that has been vacant since former CISA director Chris Krebs was fired shortly after last year’s presidential election. Krebs, who led the agency from 2018 to 2020, had spearheaded efforts to protect US elections and gained bipartisan support to combat disinformation and ensure trust in the electoral process.

Reports indicate Biden also plans to nominate Inglis to fill the newly created role of national cyber director, a job introduced in the 2021 National Defense Authorization Act passed in December. The national cyber director will lead the coordination and implementation of national cyber policy and strategy, and facilitate national cyber incident response efforts. As of this writing, the White House has not officially announced Inglis’ nomination.

News of Inglis’ planned nomination, first reported by The Washington Post, would end months of speculation about who might fill the role. Inglis served at the NSA for 28 years, including nearly eight as deputy director. He is now managing director of Paladin Capital Group and a distinguished visiting professor of cyber studies at the US Naval Academy.

“If confirmed, Chris and Jen will add deep expertise, experience and leadership to our world-class cyber team,” said national security advisor Jake Sullivan in a statement to the Post.

The Biden administration has already added former NSA officials to top security roles. Anne Neuberger, former leader of the NSA’s Cybersecurity Directorate, was appointed earlier this year to the role of deputy national security advisor for cyber and emerging technology for the National Security Council.

Today’s White House announcement also included the nomination of Robert Silvers to be the DHS undersecretary for strategy, policy, and plans. Silvers, who advises companies and boards on cybersecurity and critical infrastructure protection, previously served as the Department of Homeland Security’s assistant secretary for cyber policy under the Obama administration. The role required him to work with the private sector on cyber defense and on government response to cyberattacks.

It’s Not All About Technical Skills
While cybersecurity is a technical issue, and these nominees certainly have the skills and experience to fill these roles, what they also bring is appreciation of the partnerships needed to handle security at the highest levels of government, says Kelvin Coleman, executive director of the National Cyber Security Alliance.

“Partnerships in the private sector, partnerships across government as well … you have to be able to partner and work on these things together if you’re going to successfully deal with cybersecurity,” Coleman says of the nominees’ positions. Bringing together disparate parts of the government to work together will pose a challenge within any of these roles.

“That role at CISA is all about partnerships, not only across the United States but across the globe,” he continues. “You cannot have a mission of protecting the US and not have these robust partnerships.”

Of course, each of these roles faces their own unique challenges. The security of government networks is in the spotlight following the supply chain attack that began with SolarWinds a few months back. For Inglis, if nominated and confirmed, a significant challenge lies in being the first to hold this position. There’s nothing to base his role off of, Coleman points out, and hundreds of people have different ideas of what should be expected of him.

The pressure is on to appoint the right people to key cyber roles, and soon, he emphasizes.

“We are constantly under attack by nation states, by nation-state-sponsored organizations, and by criminal groups,” Coleman says. “The urgency to make this happen is not today, it’s not tomorrow – it’s yesterday. And [the administration] has the urgency to do this soon, and it’s coming from the top.”

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial … View Full Bio

Recommended Reading:

More Insights

Webcasts

SASE: The Right Framework for Today’s Distributed Enterprises

Advancing the Hybrid Cloud & App Modernization Journey with IBM

White Papers

The Essential Guide to Securing Remote Access

2020 SANS Enterprise Cloud Incident Response Survey

More White Papers

Reports

Improving Security by Moving Beyond VPN

Accelerate Threat Resolutions with DNS

The post Biden Nominates Former NSA Officials for Top Cybersecurity Roles appeared first on Malware Devil.

https://malwaredevil.com/2021/04/12/biden-nominates-former-nsa-officials-for-top-cybersecurity-roles/?utm_source=rss&utm_medium=rss&utm_campaign=biden-nominates-former-nsa-officials-for-top-cybersecurity-roles

ManageEngine nuevamente se destaca en la gestión unificada de endpoints

No hay duda de que el informe del cuadrante mágico de Gartner para medianas empresas es el más importante hasta el momento. Dado que la COVID-19 ha obligado a gran parte de la mano de obra en todo el mundo …

The post ManageEngine nuevamente se destaca en la gestión unificada de endpoints appeared first on ManageEngine Blog.

The post ManageEngine nuevamente se destaca en la gestión unificada de endpoints appeared first on Security Boulevard.

The post ManageEngine nuevamente se destaca en la gestión unificada de endpoints appeared first on Malware Devil.

https://malwaredevil.com/2021/04/12/manageengine-nuevamente-se-destaca-en-la-gestion-unificada-de-endpoints/?utm_source=rss&utm_medium=rss&utm_campaign=manageengine-nuevamente-se-destaca-en-la-gestion-unificada-de-endpoints

DevSecOps and the Cloud: How Leaning on Your Cloud Provider Can Help You Shift Left

Over the past several years, an increasing amount of organizations have been moving their applications from on-premises to cloud-hosted platforms. And with the current pandemic forcing most businesses to adopt a fully remote work environment, the cloud is even more appealing. Gartner reported that cloud spend rose by double digits in 2020, and it???s expected to continue to grow by 18.4 percent in 2021. But as organizations move their applications to the cloud, are they managing security and compliance risk?

In a recent Veracode-sponsored survey, SANS Institute examined a subset of organizations to get a better understanding of DevSecOps in the cloud. The organizations ??? comprised of government, banking and finance, technology, and cybersecurity ??? were asked a series of questions including how successful they???ve been at shifting security into development.

The survey found that most organizations are implementing DevOps in the cloud, but not enough have made the transition to DevSecOps. In fact, only 40 percent of the assessed organizations reported that they have fully adopted a DevSecOps methodology.

But with the current speed of deployments, in order for organizations to keep up, they need to have efficient processes in place. The survey shows that around 74 percent of organizations are deploying software changes more than once per month. This represents an increase in velocity of nearly 14 percent over the past four years.

If security assessments aren???t conducted early in the software delivery lifecycle (SDLC), they have to be conducted right before production ??? if at all. When security assessments are conducted before production, if flaws are detected, it can be time-consuming and costly to make changes. When flaws are detected early in the development phase, it???s faster and more cost-efficient.

Why are organizations struggling to adopt DevSecOps?

Over 60 percent cited organizational problems as their barrier to shifting security left. The top challenges listed include lack of resources, lack of buy-in, bureaucracy, or poor communication between the security and development teams.

The beauty of moving to the cloud is that organizations can take advantage of the cloud provider???s scale, resources, and agility to compensate for internal weaknesses or gaps. This gives security and development resources time to focus on other priorities, like secure code training or getting executive buy-in for maturing their AppSec program.

By leaning on the cloud provider, organizations should have an easier time shifting left. But remember, shifting left shouldn???t be all on the developers. The whole organization needs to support the effort in order for it to be successful. As respondents cited, the more buy-in your organization has for DevSecOps, the better the chances of it being a long-term success.

For additional insights regarding DevSecOps in the cloud, check out the SANS survey report, Extending DevSecOps Security Controls into the Cloud.

The post DevSecOps and the Cloud: How Leaning on Your Cloud Provider Can Help You Shift Left appeared first on Security Boulevard.

The post DevSecOps and the Cloud: How Leaning on Your Cloud Provider Can Help You Shift Left appeared first on Malware Devil.

https://malwaredevil.com/2021/04/12/devsecops-and-the-cloud-how-leaning-on-your-cloud-provider-can-help-you-shift-left/?utm_source=rss&utm_medium=rss&utm_campaign=devsecops-and-the-cloud-how-leaning-on-your-cloud-provider-can-help-you-shift-left

Subscribe to: Posts (Atom)