Cybersecurity Threat Report for May 22nd, 2020

Cyber Threat Report for May 22nd, 2020

U.S. Center for Internet Security Alert Level

GUARDED: indicates a general risk of increased hacking, virus, or other malicious activity.

Center for Internet Security (CIS) Alert Level Guarded
Current US Center for Internet Security Alert Level

From the Center for Internet Security, “The potential exists for malicious cyber activities, but no known exploits have been identified, or known exploits have been identified but no significant impact has occurred.

CVE-2020-3280 Cisco RCE Flaw in Call Center Solution

Briefing

Zeljka Zorz of Help Net Security is reporting that, “Cisco has patched a critical RCE vulnerability in Cisco’s Unified Contact Center Express.”  RCE is an acronym for Remote Code Execution.  She goes on to state that, “Threat Hunter, Brenden Meeder of Booz Allen Hamilton, discovered the vulnerability in the Java user interface (UI) of the Cisco UCCX solution.”

The vulnerability takes place when deserialization of user supplied data occurs.  What is deserialization?  Often, data is serialized as it’s passed between functions, objects, or exposed to other programming interfaces.  Part of that process is to package that data into a single variable by concatenating the data together as a single string.  It’s then passed to the receiving function, object, or programming interface.  Once received it is deserialized.  The contents of the string is parsed and then used at the receiving end.  It’s sounds as if data sanitation was not taking place when the data was received and deserialized. Data sanitation is the process of inspecting and reformatting data such that it contains no inject-able code.  Hence, the ability to perform Remote Code Execution (RCE).  The Code Execution takes place as root so the code runs without restriction and on the targeted system.

Cisco is recommending an upgrade to 12.01ES03 or a variant of the 12.5 code base.

The flaw was privately disclosed and subsequently fixed prior to the vulnerability’s announcement.  Cisco has released SNORT rules that identify and protect against the vulnerability.

In Related News

Cisco has also patched other high risk and critical vulnerabilities.  One impacts Cisco’s MDS 9000 Series Multilayer Switch and another the Cisco Prime appliance.

Sources

Further Reading

Signal Geo-location Vulnerability

Briefing

Zeljka Zorz of Help Net Security is also reporting that, “Signal has fixed a vulnerability affecting its secure and encrypted communications application.  Actors were able to discover and track a user’s location.”

In the opinion of Cyber Defense Contractors, “This is big news as the app is designed for private communications without the expectation that a user’s location would be revealed.”

The vulnerability was discovered by David Wells of TenableTenable, a leader in vulnerability risk management, is renowned for it’s vulnerability scanner known as Nessus.

It appears that Signal uses a fork of the WebRTC protocol for their voice and video communications. While the call is being set up a DNS server is being queried. Depending on the DNS server used this can reveal a user’s location down to the city the user is in. This exposure takes place whether a party chooses to take the call or not. Again, it’s happening during the initial call set up.

Signal has already pushed out a patch.  For Android upgrade to v4.59.11 and for iOS v3.8.4.

Sources

Further Reading

Hits: 30

Related Articles

Secure Data Wiping & Destruction

Data wiping is an important part of business operations and any information security program. For those that have a Written Information Security Program (WISP) it likely includes the procedures and processes for data wiping and scrubbing of files, directories, and physical storage devices.

Cybersecurity Threat Report for May 14th, 2020

GUARDED: indicates a general risk of increased hacking, virus, or other malicious activity. There are 4 other levels. There’s Low, Elevated, High, and Severe.  From the Center for Internet Security, “The potential exists for malicious cyber activities, but no known exploits have been identified, or known exploits have been identified but no significant impact has occurred.”

Responses

Your email address will not be published. Required fields are marked *

  • Sign Up
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.