Back to qualys.com
4 posts

Apple in the InfoSec Spotlight, as GitHub Falls Prey to Amplified DDoS Attack

Apple has been all over InfoSec news in the past week or so, along with Spectre / Meltdown developments, a tax season scam alert from the feds, and an apparent solution to the Winter Olympics’ hack whodunit. In addition, researchers warned about a new trend of using Memcached servers to significantly boost DDoS attacks, as GitHub became a victim of this new tactic.

Apple under siege

A digital forensics vendor claims it can crack iOS devices, including the iPhone X, pictured here. (Photo credit: Apple)

The second half of February was intense for Apple on the security front. A digital forensics vendor claimed having the ability to unlock all iPhone models, including the X, while a researcher warned about a Trojan targeting MacOs computers that’s not detected by anti-virus products. Oh, and Apple had to squash another one of those pesky bugs that let people crash iPhones via texting.

Unlocking iPhones

Forbes dropped a news bomb on Monday when it reported that Cellebrite recently started telling its customers — which are primarily government, military and corporate investigative teams — that it’s able to unlock and extract data from devices running iOS 11, such the iPhone X, as well as other iPhones, iPads and iPods.

While Cellebrite isn’t publicly trumpeting this capability, anonymous sources told Forbes that in recent months the company “has developed undisclosed techniques to get into iOS 11 and is advertising them to law enforcement and private forensics folk across the globe.”

As Forbes noted, Cellebrite has posted a brochure on its website where it details its ability to unlock these Apple products as well as several Android devices, and extract data from them. The way it works is that customers ship the devices to Cellebrite, where its engineers work their magic. Cellebrite can’t (or won’t) crack devices remotely.

Continue reading …

Hackers Hit the Olympics, While Patch Tuesday and Meltdown / Spectre Keep IT Departments On Edge

This week offered a representative sampling of different corners of the cyber security world: The monthly Patch Tuesday, a brazen attack against the Olympics, new Meltdown and Spectre concerns, and a boost for Intel’s bug bounty program.

Oh, and the gargantuan Equifax data breach may have been even bigger than previously thought.

Winter Olympics hack confirmed

The 2018 Winter Olympics in Pyeongchang, South Korea are in full swing, featuring the world’s best ice skaters, skiers, hockey players and snowboarders, and also attracting, unfortunately, malicious hackers.

Attackers’ goals seem to be to disrupt the games in a variety of ways by interfering with and disabling IT systems.

Continue reading …

Processor Vulnerabilities – Meltdown and Spectre

UPDATE 1/4/2018: Qualys has released several QIDs for detecting missing patches for these vulnerabilities.
UPDATE 1/5/2018: Pre-built AssetView dashboards to visualize impact and remediation progress.

Vulnerabilities potentially impacting all major processor vendors were disclosed today by Google Project Zero. These vulnerabilities have been named Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 & CVE-2017-5715). Organizations should inventory their systems by processor type, apply vendor patches as they become available, and track their progress. This article describes how Qualys can help in all three areas.

Continue reading …

Intel AMT Vulnerability

Last week, Intel published a security advisory (INTEL-SA-00075) regarding a new vulnerability in Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT). The firmware versions impacted are 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6. In addition to the vulnerability disclosure, details of how to exploit it remotely has been released publicly.

Exploitation of this vulnerability could allow an attacker to gain complete control of an affected system. Updated firmwares will be released by the system OEM, but Intel has provided mitigation steps to prevent remote exploitation of the vulnerability. The Qualys Cloud Platform can help you detect any vulnerable systems, allowing you to quickly target them for mitigation.

Continue reading …