Netizen Cybersecurity Bulletin: 17 October 2018 Edition

In this issue:

In this week’s issue, you’ll find information regarding the most current critical threats and preventative measures to lessen the chances of a breach.

  • Goodbye TLS 1.0/1.1
  • Cyber Threats: How Prepared Is Your Organization?
  • Flaw Allows Hackers to Connect to Server Without Password
  • Phish Tale of the Week!
  • How can Netizen Help?

Goodbye TLS 1.0/1.1

TLS, or Transport Layer Security, is the most popular security protocol deployed for protecting online privacy and data integrity. TLS is used by web browsers and applications that need to exchange data over a network; including VPN connections, file transfers, and voice over IP. As a more potent example, HTTPS is HTTP using the TLS protocol to encrypt communications, like that of a banking website.

While there are currently four available versions of TLS (1.0, 1.1, 1.2 and 1.3), versions 1.0 and 1.1 are known to have some serious critical flaws leaving them open to attacks.  It is for this reason that the support for the aforementioned versions are set to be removed from all major browsers in 2020.

Recommendations

While these outdated versions are not used as much anymore, the possibility of them still does exist. It would be wise to check and see if they are disabled; many vulnerabilities arise from misconfigurations in that the vulnerable control may not even be used yet is still turned on, thus creating an opening for attackers.

We recommend ensuring that you use TLS 1.2 (the most current version) as TLS 1.3 is still in the development stage. Many times, these controls can be found in the settings of your browser.

Cyber Threats: How Prepared Is Your Organization

The numbers of cybersecurity threats continue to rise across the globe. Whether those menaces reported are reported in local media, in trade journals or in the Netizen Cybersecurity Bulletin, organizations need to be on guard to protect their businesses.

This past summer, ISACA conducted a poll of 4,800 business and technology professionals. The ISACA/CMMI Institute Cybersecurity Culture Report produced astonishing results.

Ideally, cybersecurity awareness is integrated into the workplace culture so that perception and behavior are a part of every employee’s daily operation, from the executive level on down.  An effective cybersecurity culture can help employees understand their roles and responsibilities in keeping their organizations safe and customer data secure. However, the ISACA study found just 34% of respondents say they understand their role in their organizations’ cyberculture.

Worse still, the study found just 5% of employees think their organization’s cybersecurity culture is as advanced as it needs to be to protect their business from internal and external threats.

The report uncovered other findings that concern the researchers:

A remarkable 42% of organizations do not have an outlined cybersecurity culture management plan or policy.  A cybersecurity policy, signed-off by the senior management, sets the tone for the rest of the company to follow, and represents the first step toward a cybersecurity culture:

Naturally,  aligning the entire workforce with the organization’s cybersecurity policies often requires capital investment. However, 57% of the organizations surveyed reported a significant gap between their current and desired cybersecurity culture, yet those same organizations are spending only 19 percent of their annual cybersecurity budget on training and tools.

The full report may be downloaded here: http://www.isaca.org/cybersecurity-culture-study

Flaw Allows Hackers to Connect to Server without Password

A four-year-old vulnerability has been discovered in a Secure Shell (SSH) implementation library known as LibSSH that is widely used in Linux servers. This vulnerability allows anyone to fully bypass any authentication and gain administrative access to a vulnerable server without needing a password.

The security vulnerability, ID’d as CVE-2018-10933 is a bypass vulnerability introduced in LibSSH version 0.6 that was released earlier in 2014. This means that that vulnerability has been open to hackers for around four years now.

The latest research shows that approximately 6,500 servers are affected; however, OpenSSH has stated their package is not vulnerable due to the way that they implement the library.

The issue has been addressed with the release of updated versions 0.8.4 and 0.7.6, and the details of the vulnerability were released at the same time.

It’s highly recommended that if you are implementing LibSSH either on a website, or servers, you should update LibSSH as soon as possible.

Phish Tale of the Week

This week’s phishing email claims it originates from CHASE bank online asking the user to review a “secure message”. The email is poorly formatted, and it can be seen that the document links to some unknown site.

Recommendations:

A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers. A legitimate company already has this sensitive information and would not ask for it again, especially via email.

  • Scrutinize your emails before clicking anything. Did you order or ask for anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message.
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
  • Do not give out personal or company information.
  • Review both signature and salutation.
  • Do not click on attachments.
  • Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
  • Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2018” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.


Netizen is an ISO 27001:2013 (Information Security Management) certified company.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s