It has been a very busy week in the world of information security, or ‘cyber security’, which we are assured by colleagues sounds ‘more sexy’, in fact they say that anything sounds more sexy when preceded by the word cyber.
Some of you may have received a very nicely worded email from Twitter informing you that due to a bug in its code, in some cases, passwords have been stored in plaintext in log files, despite being fully encrypted within the system itself.
It seems that the bug was introduced into the code responsible for changing passwords. Twitter’s advice is to change your password and, perish the thought, your password on any other site should you be silly enough to re-use passwords.
Our advice is to use different passwords on all external sites, utilise multi-factor authentication and use a password manager to stop you keeping an Excel file or Post-it Note with your passwords on.
Of course selecting a password manager is in itself a tricky decision. You will remember the face/palm moment back in 2015 when cloud based password manager LastPass was hacked followed by the car crash at OneLogin in 2017.
Moving up into the business world, there have been some serious and disturbing announcements from Oracle and Cisco.
In April, Oracle announced fixes for 254 security bugs. It has been reported that there has been a massive surge in exploit attempts using these bugs, recorded by honeytraps, and presumably real Oracle systems. There is even some suggestion that the patches do not fully protect against the exploit.
If possible, current advice is to block access to WebLogic servers on port 7001 and of course get on with the patching.
Moving swiftly on to Cisco Systems, sometimes referred to as The Borg, but not by us, we have a soft spot for them.
This week, Cisco announced a swathe of nasties in a wide range of products including WebEx here and here, together with Prime, Access control and wireless products.
If you administer your firm’s WebEx, or indeed any of the products above, you really need to read the advisories if you haven’t already and get on with the patching before you are, err, assimilated.
In other news, we were quite disturbed to read about a new Ransomware doing the rounds. Dubbed SamSam this does not appear to be the usual scattergun approach, rather targets are carefully selected, mass disruption is caused and a massive $45K ransom is demanded.
The gurus that are Sophos Labs produced a paper and a blog article about SamSam.
Probably best have a read, and in the meantime, please make sure that your backups are in full working order so that you can avoid paying up.
Last but not least, we did warn you it had been a busy week!
Yet another set of side channel exploits in the genus ‘Spectre’. As more and more of these attacks are developed, the chances of exploits in the wild become more likely. Vendors haven’t helped themselves by releasing buggy patches and care must be taken about patch testing and implementation. Our advice of January stands.
And….breathe out. That’s it for this week.
If you would like to discuss something in this week’s blog, or everything in this week’s blog (the full argument), do contact us at: [email protected] or call 020 7517 3900.
Have a wonderful bank holiday. Let’s hope the sky doesn’t fall on our heads.