This week offered a representative sampling of different corners of the cyber security world: The monthly Patch Tuesday, a brazen attack against the Olympics, new Meltdown and Spectre concerns, and a boost for Intel’s bug bounty program.

Oh, and the gargantuan Equifax data breach may have been even bigger than previously thought.

Winter Olympics hack confirmed

The 2018 Winter Olympics in Pyeongchang, South Korea are in full swing, featuring the world’s best ice skaters, skiers, hockey players and snowboarders, and also attracting, unfortunately, malicious hackers.

Attackers’ goals seem to be to disrupt the games in a variety of ways by interfering with and disabling IT systems.

Continue reading …

Days ago, a mysterious online group called Shadow Brokers claims to have stolen US “cyber weapons” from a hacking team called Equation Group.  These “cyber weapons” contain about a dozen vulnerabilities which are believed to be exploits used by the National Security Agency (NSA). In this blog, I will analyze the shellcode from the Cisco exploit and show its behind-the-scenes behavior.

Continue reading …

Today Adobe published an out-of-band patch for a critical vulnerability in the Adobe Flash Player. Adobe is aware of attack in the wild that target the Windows platform and recommends installing update APSB14-13 as quickly as possible. The most likely attack vector is a webpage that contains a malicious SWF file and a  successful attacker can gain control of the targeted machine.

Continue reading …

If you are one of the many customers requesting support for Cisco IOS scanning within QualysGuard, your request has been answered.  With the release of QualysGuard 6.17, which marks the beginning of QualysGuard Policy Compliance 3.0, users can now scan for configuration settings on Cisco IOS 12.x and 15.x devices within Policy Compliance.

Why Cisco IOS?

With the expansion of Policy Compliance technology coverage for Operating Systems and Databases over the past few years, the next logical technology coverage was network devices.  As the leader in networking devices, Cisco, and its operating system Cisco IOS, was the primary focus from our existing customers.  In addition, Cisco IOS has well established benchmarks, including the Center for Internet Security (CIS).

Scanning Cisco IOS

Traditional agent-based solutions have always struggled with collecting Cisco IOS configuration data as organizations would not allow a permanent agent to reside on the device.  Other tools, such as the Center for Internet Security (CIS) Router Audit Tool (RAT), pulled the configurations remotely, but could not scale to hundreds or thousands of devices easily.  Now with agentless, authenticated scanning, organizations can easily collect Cisco IOS configurations on a mass scale.

QualysGuard Policy Compliance 3.0 uses a new Cisco IOS record, which is a modified SSH/Telnet record used for Unix, to provide credentials for agentless, authenticated scanning of Cisco IOS devices.  The new record supports an optional, second password for the enable prompt to execute the following commands: show version, show logging, and show running-config.  The output of these commands are normalized into an XML file in memory on the scanner appliance where signatures are executed to verify configuration settings.  By storing the output on the scanner appliance, QualysGuard minimizes any impact to the actual device during the scan.  Once the signatures are completed, the XML file is deleted from memory.

Demo

To see a demo of this new feature, please view the Cisco IOS Scanning Demo.