If you received an email from your company CEO asking you to perform a task or pay a vendor, would you proceed without question or would you verify?  “It’s an email from the CEO, I have to do this” you might think.  You might be better off verifying that request if it involves money or confidential information.

The cyber kill chain concept is based on the military kill chain, which uses a three-stage process that covers target identification, defending against the attack and wiping out the target. Lockheed Martin started using the "kill chain" to refer to information security. It applies these same steps to cyber attackers who attempt to break into its computer network and corrupt or steal data. While the analogy may not always be a perfect one when you compare the cyber kill chain to the original military one, this concept gives you the opportunity to break a cyber attack into easily comprehensible stages.

Cisco ASA Remote Code Execution & DOS Vulnerability

Release Date (01-29-2018) - Updated (02-05-2018) CVE#-2018-0101

Affected Products - Must have WebVPN enabled to be vulnerable

• 3000 Series Industrial Security Appliance (ISA)
• ASA 5500 Series Adaptive Security Appliances
• ASA 5500-X Series Next-Generation Firewalls
• ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
• ASA 1000V Cloud Firewall
• Adaptive Security Virtual Appliance (ASAv)
• Firepower 2100 Series Security Appliance
• Firepower 4110 Security Appliance
• Firepower 4120 Security Appliance
• Firepower 4140 Security Appliance
• Firepower 4150 Security Appliance
• Firepower 9300 ASA Security Module
• Firepower Threat Defense Software (FTD)
• FTD Virtual

Vulnerability Details

After further investigation, Cisco has identified additional attack vectors and features that are affected by this vulnerability. In addition, it was also found that the original fix was incomplete so new fixed code versions are now available.

Security technologies such as firewalls are meant, at best, to prevent data security breaches, or at worst, detect them before they get out of hand; but in some cases, organizations have been complacent. In the infamous Target data breach of 2013, hackers were roaming their system and stealing data for two weeks before the breach was even detected. In the equally egregious breach of Heartland Payment Systems five years earlier, hackers were stealing data for several weeks before the invasion was discovered. Ironically, both Heartland and Target were PCI-compliant, but the time lag between system compromise and detection was unnecessarily long. And, they’re not alone in this regard. 

Cisco ASA Remote Code Execution & DOS Vulnerability

Release Date (01-29-2018) CVE#-2018-0101

Affected Products - Must have WebVPN enabled to be vulnerable

• 3000 Series Industrial Security Appliance (ISA)
• ASA 5500 Series Adaptive Security Appliances
• ASA 5500-X Series Next-Generation Firewalls
• ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
• ASA 1000V Cloud Firewall
• Adaptive Security Virtual Appliance (ASAv)
• Firepower 2100 Series Security Appliance
• Firepower 4110 Security Appliance
• Firepower 9300 ASA Security Module
• Firepower Threat Defense Software (FTD)

Vulnerability Details

This vulnerability affects an unknown function of the SSL VPN component within the ASA. The vulnerability is triggered when an attacker attempts to double free a section of memory when the VPN component is active on the ASA. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system.

What the security community says about a specific industry vertical usually holds true for a good percentage of what is seen in the wild. You can ask any hacker, defender, CISO, etc what industries struggle the most and there are common themes in their answers. Top of the list includes healthcare, manufacturing, government, and financial. Some of the most heavily compliance controlled and regulated are also some of the least secure. Why is this? Is it due to administrators and senior management taking compliance standards as gospel? Maybe it’s a lack of knowledgeable staff like the blind leading the blind.

Know How to Respond to a Cyber Security Incident

Organizations that fall under the purview of HIPAA have to respond quickly to a cyber attack. The Office for Civil Rights (OCR) under the U.S. Department of Health and Human Services (HHS) issued a step-by-step guide to aid organizations. As a covered entity, your organization must have a contingency plan and incident procedures in the event of a security breach.

NetWorks Group is listed as a key innovator in the MarketsandMarkets’ Managed Detection and Response Market – Global Forecast to 2022 Report (Section 11.13.3 under Company Profiles (Page No. - 76)). This research report categorizes Managed Detection and Response Market by Security Type (Endpoint, Network, Application, Cloud), Deployment (On-Premises, Hosted), Organization Size (SMEs, and Large Enterprises), Industry Vertical, and Region. According to MarketsandMarkets, the Managed Detection and Response (MDR) market size is expected to grow from USD 335.5 Million in 2016 to USD 1,658.0 Million by 2022, at a Compound Annual Growth Rate (CAGR) of 31.6% during the forecast period. The base year considered for the study is 2016 and the forecast period is from 2017 to 2022.

Spectre 

Release Date (01-03-18) CVE-2017-5753 & CVE-2017-5715

Understanding OCR Guidance on Ransomware

With the prevalence of data breaches, ransomware has also come to the forefront of security threats. This malicious software is created by hackers who encrypt data and hold it hostage. Users are denied access to this data until they pay a ransom to the hacker.