Vulnerable Protocols Leave Firms Open to Further Compromises
Companies may no longer have Internet-facing file servers or weakly secured Web servers, but attackers that get by the perimeter have a wide-open landscape of vulnerability.
Nearly nine out of every 10 companies have devices that use outdated protocols, such as Microsoft s Server Message Block version 1 for sharing files, giving attackers that breach the network perimeter an easy avenue to extend a compromise, according to a new report by network security firm ExtraHop.
Microsoft s SMBv1 protocol, developed in the 1980s and deprecated in 2013, continues to be detected in 88% of environments, with almost a third of organizations showing signs of at least 100 devices still using the protocol, the report states. Another protocol, the NT LAN Manager version 1, which is used to pass credentials without exposing passwords, is present in more than half of all environments, including 19% that appear to have at least 100 device
Cloud-Native Businesses Struggle With Security
More companies moved to cloud-native infrastructure in the past year, and security incidents and malware moved right along with them.
Companies increasingly moved their applications and infrastructure to the cloud in the past year, but not without major concerns about security.
Almost 60% of companies said they are more worried about security since moving to cloud-native technologies four times greater than those that said they worry less, according to a survey published last week by security firm Snyk. The companies concerns are likely due to experience, with more than 56% of firms that indicated they dealt with a security incident caused by misconfiguration or an unpatched vulnerability, Snyk states in its State of Cloud Native Application Security report.
You then get connected to an Indian call center, where a person directs you to a Web site to download an infected Word document with a macro and talks you through enabling the macros, he says. And because of that human element, I m suspecting that they are getting a higher success rate.
Microsoft Office documents with malicious macros often called maldocs have resurged as a vector to infect systems, growing in the last half of 2020 to account for more than a third of malicious attachments and, at one point in September 2020, accounting for almost 80% of malicious attachments, according to data from Sophos.
Researchers Find Bugs Using Single-Codebase Inconsistencies
A Northeastern University research team finds code defects and some vulnerabilities by detecting when programmers used different code snippets to perform the same functions.
Repeatable, consistent programming is considered a best practice in software development, and it becomes increasingly important as the size of a development team grows. Now, research from Northeastern University shows that detecting inconsistent programming code snippets that implement the same functions in different ways can also be used to find bugs and, potentially, vulnerabilities.
In a paper to be presented at the USENIX Security Conference in August, a team of researchers from the university used machine learning to find bugs by first identifying code snippets that implemented the same functionality and then comparing the code to determine inconsistencies. The project, dubbed Functionally-similar yet Inconsistent Code Snippets (FICS)
MITRE Adds MacOS, More Data Types to ATT&CK Framework
Version 9 of the popular threat matrix will improve support for a variety of platforms, including cloud infrastructure.
Nonprofit research organization MITRE has released the latest version of its ATT&CK framework, adding support for threat information affecting Apple s MacOS and containers, while also allowing more data sources and relationships.
The release is one of two updates to the popular framework due out this year, with another planned for October. The two most major changes are better support for both the MacOS and containers and the adoption of more flexible ways of specifying the necessary data to describe each threat technique. The release includes 16 new groups, 67 new pieces of software, and updates to 36 other groups and 51 software entries, according to MITRE.