Back to qualys.com
13 posts

All Hands Memo to Owners of Home / Small Office Routers: Reboot Them!

This last week or so of May has been busy with security news and incidents, as the FBI put out an unprecedented call to do a massive wave of reboots of home and small office routers, while Intel confirmed the existence of yet another Spectre / Meltdown variant. And, yes, we had yet another high-profile instance of an unprotected AWS storage bucket exposing data, as well as more IoT security bad news.

Unplug and reset that router pronto!

As you may have heard by now, THE FBI WANTS YOU TO REBOOT YOUR ROUTERS!

Sorry, we didn’t mean to use our outside voice and startle you, but the urgent and extraordinary plea from the feds has been ubiquitous in recent days and we wouldn’t want you to be out of the loop.

The reason: It takes a village to dismantle a botnet that has infected 500,000 home and small office routers, as well as other networked devices, with the VPNFilter malware.

The FBI discovered the botnet, which it says was assembled by Russian hacker group Sofacy. Also known as Fancy Bear, the group has targeted government, military, security and intelligence organizations since 2007. It’s credited with the hack of the Democratic National Committee in 2016.

By rebooting their home and small business routers, people won’t get rid of the malware, but the move will prevent it from escalating to more destructive stages, and allow the FBI to deepen its intervention.

As Cnet explained: “Rebooting your router will destroy the part of the malware that can do nasty things like spy on your activities, while leaving the install package intact. And when that install package phones home to download the nasty part, the FBI will be able to trace that.”

Continue reading …

A “Patch for the Meltdown Patch” released out of band Thursday night

Meltdown and Spectre Aren’t Business as UsualThe Meltdown/Spectre saga continues…  

Late Thursday, Microsoft released a patch for Windows 7 and Server 2008 R2 operating systems to resolve CVE-2018-1038Apparently, this vulnerability was actually introduced by the patches released in January to mitigate the effects of Meltdown. Microsoft did include a partial fix in the March updates on Patch Tuesday, but did not completely resolve the issue.

Continue reading …

Apple in the InfoSec Spotlight, as GitHub Falls Prey to Amplified DDoS Attack

Apple has been all over InfoSec news in the past week or so, along with Spectre / Meltdown developments, a tax season scam alert from the feds, and an apparent solution to the Winter Olympics’ hack whodunit. In addition, researchers warned about a new trend of using Memcached servers to significantly boost DDoS attacks, as GitHub became a victim of this new tactic.

Apple under siege

A digital forensics vendor claims it can crack iOS devices, including the iPhone X, pictured here. (Photo credit: Apple)

The second half of February was intense for Apple on the security front. A digital forensics vendor claimed having the ability to unlock all iPhone models, including the X, while a researcher warned about a Trojan targeting MacOs computers that’s not detected by anti-virus products. Oh, and Apple had to squash another one of those pesky bugs that let people crash iPhones via texting.

Unlocking iPhones

Forbes dropped a news bomb on Monday when it reported that Cellebrite recently started telling its customers — which are primarily government, military and corporate investigative teams — that it’s able to unlock and extract data from devices running iOS 11, such the iPhone X, as well as other iPhones, iPads and iPods.

While Cellebrite isn’t publicly trumpeting this capability, anonymous sources told Forbes that in recent months the company “has developed undisclosed techniques to get into iOS 11 and is advertising them to law enforcement and private forensics folk across the globe.”

As Forbes noted, Cellebrite has posted a brochure on its website where it details its ability to unlock these Apple products as well as several Android devices, and extract data from them. The way it works is that customers ship the devices to Cellebrite, where its engineers work their magic. Cellebrite can’t (or won’t) crack devices remotely.

Continue reading …

Hackers Hit the Olympics, While Patch Tuesday and Meltdown / Spectre Keep IT Departments On Edge

This week offered a representative sampling of different corners of the cyber security world: The monthly Patch Tuesday, a brazen attack against the Olympics, new Meltdown and Spectre concerns, and a boost for Intel’s bug bounty program.

Oh, and the gargantuan Equifax data breach may have been even bigger than previously thought.

Winter Olympics hack confirmed

The 2018 Winter Olympics in Pyeongchang, South Korea are in full swing, featuring the world’s best ice skaters, skiers, hockey players and snowboarders, and also attracting, unfortunately, malicious hackers.

Attackers’ goals seem to be to disrupt the games in a variety of ways by interfering with and disabling IT systems.

Continue reading …

Intel Makes Spectre Patch Progress, while Adobe Grapples with Latest Flash Bug

It’s been a busy week in InfoSec land, as Intel released a new Spectre patch, iOS source code was leaked online, and a zero-day Flash bug got exploited in the wild.

Also making noise these past few days: A major security hole in the Grammarly web app, WordPress updates tripping over each other, and a data breach at a Swiss telecom company.

As has been the case these past few weeks, we’ll lead off with the latest on Meltdown and Spectre, the hardware vulnerabilities whose disclosure on Jan. 3 sent shockwaves through the IT industry due to their scope and severity, and which are expected to remain an issue for years.

Continue reading …

Meltdown / Spectre: New Concerns Over Intel Patches, as Hackers Test Exploits

This week brought new developments in the Meltdown / Spectre saga, including more concerns about Intel’s buggy patches, and mounting evidence that hackers are trying to create exploits for the vulnerabilities.

It seemed that after weeks of complaints and confusion, Intel’s issue had hit bottom and was headed for a resolution on Monday of last week. That’s when the company said its firmware updates for Broadwell and Haswell CPUs shouldn’t be installed anymore, because, as many customers had reported, they made systems behave erratically, including unexpectedly rebooting.

At the time, Intel said it had discovered the “root cause” for the firmware’s problems, and was already actively developing new updates. However, another shoe was about to drop. Three days later Intel acknowledged in its quarterly earnings report that the glitchy firmware can also cause “data loss or corruption.”

This disclosure prompted Microsoft to take the unusual step of releasing an emergency Windows update designed to disable Intel’s fix for one of the two Spectre variants. Microsoft’s “out-of-band” update — KB4078130 — targets Intel’s patch for CVE-2017-5715, Spectre’s branch target injection vulnerability.

Continue reading …

Meltdown/Spectre: Intel Nixes Patches, Tech CEOs Questioned on Information Blackout

IT departments and tech vendors continued grappling with Spectre and Meltdown this week, as Intel pulled its glitchy patches and the U.S. Congress questioned the vulnerability disclosures’ timing and scope.

Spectre and Meltdown aren’t typical vulnerabilities for a number of reasons, and as a result, they’ve proven problematic to deal with. Intel, whose products are the most impacted, has had a particularly rocky time crafting its firmware updates for mitigating the bugs.

Continue reading …

Meltdown and Spectre Aren’t Business as Usual

The new year brought a new vulnerability type — the CPU-based Meltdown and Spectre bugs — that’s forcing vendors and IT departments to modify long-standing ways of identifying threats, prioritizing remediation, managing patches and evaluating risk.

“Meltdown and Spectre are different vulnerabilities from what you’re used to seeing,” Jimmy Graham, a Product Management Director at Qualys, said during a webcast on Wednesday.

As a result, it’s essential for organizations to fully understand the nature of these vulnerabilities, stay on top of the latest information, and analyze the vulnerabilities’ impact in their IT environments, in order to stay as safe as possible.

“It’s not a simple [process] of just install a patch and you’re done,” he said.

Continue reading …

Meltdown / Spectre Mitigation Is a Work in Progress

Since researchers disclosed the Meltdown and Spectre vulnerabilities on Jan. 3, vendors and IT departments have been consumed trying to figure out how to properly address the potentially devastating effects of these kernel-level bugs.Meltdown Spectre Mitigation is a Work in Progress

By now, one thing we know for sure is that dealing with the vulnerabilities is a moving target. This situation is compounded by the fact that they have broad implications and that every day seems to bring new, relevant information that must be factored into ongoing mitigation efforts.

Thus, it’s important to stay on top of the latest developments, so we’re providing a snapshot of what we know to date, how Qualys can help and and what InfoSec teams can do. We’re also tracking a list of Qualys resources.

Continue reading …

January Patch Tuesday – Meltdown/Spectre, 16 Critical Microsoft Patches, 1 Adobe Patch

Due to the disclosure of Meltdown and Spectre, Microsoft released several patches last week with the ranking “Important.” While there are no active attacks against these vulnerabilities, a special focus should be placed on any of the browser patches, due to potential attacks using JavaScript.

Continue reading …