Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online
A security vulnerability in Cisco Adaptive Security Appliance that was addressed by the company last October and again earlier this April, has been subjected to active in-the-wild attacks following the release of proof-of-concept exploit code.
The PoC was published by researchers from cybersecurity firm Positive Technologies on June 24, following which reports emerged that attackers are chasing after an exploit for the bug.
Tracked as CVE-2020–3580 , the issue concerns multiple vulnerabilities in the web services interface of Cisco ASA software and Cisco Firepower Threat Defense software that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks on an affected device.
As of July 2020, there were a little over 85,000 ASA/FTD devices, 398 of which are spread across 17% of the Fortune 500 companies, according to cybersecurity company Rapid7.
Although Cisco remediated the flaw in October 2020, the network equipment company subsequently determined the fix be «incomplete,» thereby requiring a second round of patches that were released on April 28, 2021.
Source — https://thehackernews.com/2021/06/cisco-asa-flaw-under-active-attack.html
DMARC: The First Line of Defense Against Ransomware
There has been a lot of buzz in the industry about ransomware lately. Almost every other day, it’s making headlines.
Multiple benefits arise from your DMARC implementation over time, including an increase in the deliverability of your email as well as a higher domain reputation.
What are the Risks Associated with Ransomware?
Ransomware is malicious software that installs itself on your computer without your permission. It then encrypts your data, and you can only get it back by paying a fee.
Lack of DMARC protection in organizations can lead to the following
When email authentication protocols are not in place, cybercriminals can easily pretend to be you and send fake emails to your clients, partners, and even internal employees.
Fraudulent email messages may contain attachments or files containing ransomware.
If any of your employees open the message, your entire organization is put at risk of having sensitive information present on your organizational systems denied access, with your data being held hostage for huge amounts of money.
The Cybersecurity and Infrastructure Security Agency recommends DMARC for Ransomware Protection
As a result of the increase in Ransomware attacks on global businesses, the CISA has deemed email phishing to be one of the most potent vectors of the threat.
While DMARC can help you mitigate Ransomware attacks by preventing your domain name from being spoofed, it is important to realize that attackers are constantly adapting their tactics and upgrading their software.
View granular details on email sending sources such as their underlying IP addresses, organizational domains, history of domain abuse, and geolocations of your senders.
Source — https://thehackernews.com/2021/06/dmarc-first-line-of-defense-against.html
Google Extends Support for Tracking Party Cookies Until 2023
Google’s sweeping proposals to deprecate third-party cookies in Chrome browser is going back to the drawing board after the company announced plans to delay the rollout from early 2022 to late 2023, pushing back the project by nearly two years.
«While there’s considerable progress with this initiative, it’s become clear that more time is needed across the ecosystem to get this right,» Chrome’s Privacy Engineering Director, Vinay Goel, said Thursday.
Third-party tracking cookies have emerged as a point of privacy concern as the technology enables marketers and ad platforms to monitor user activity online as they hop from one website to the other for purposes of behavioral targeting. Apple’s Safari and Mozilla’s Firefox already block them by default.
Announced in January 2020, Google’s Privacy Sandbox aims to retire support for third-party cookies in Chrome with an alternative tool called Federated Learning of Cohorts that combines aggregation, anonymization, on-device processing, and other privacy-preserving technologies to classify users into cohorts based on their interests, which can then be used by the ad tech industry to tailor ads.
What’s more, an analysis from Digiday this month found that Amazon is actively blocking the cookieless tracking system from «gathering valuable data reflecting the products people research» across its namesake website, WholeFoods, Zappos, ShopBop, and Goodreads.
If anything, Google is in an unenviable position of having to balance demands for stronger user-privacy protections vis-à-vis its dominant role in multiple businesses — search, ad tech, and web browser — in the process, pitting these conflicting incentives against one other, and drawing the ire of privacy advocates, regulators, publishers, and advertisers alike.
Source — https://thehackernews.com/2021/06/google-extends-support-for-tracking.html
Watch Out! Zyxel Firewalls and VPNs Under Active Cyberattack
Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a «small subset» of its security products such as firewall and VPN servers.
Attributing the attacks to a «sophisticated threat actor,» the firm noted that the attacks single out appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware, implying that the targeted devices are publicly accessible over the internet.
As of writing, it’s not immediately known if the attacks are exploiting previously known vulnerabilities in Zyxel devices or if they leverage a zero-day flaw to breach the systems. Also unclear is the scale of the attack and the number of users affected.
Earlier this year, Zyxel patched a critical vulnerability in its firmware to remove a hard-coded user account «zyfwp» that could be abused by an attacker to login with administrative privileges and compromise the confidentiality, integrity, and availability of the device.
Source — https://thehackernews.com/2021/06/watch-out-zyxel-firewalls-and-vpns.html
Stay Focused. Stay Vigilant.
Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT