The Dispatch highlights cybersecurity news you can use. I share what I think is informative, relevant, interesting, and actionable. Look for //My take: for context and actionable information.
A new vulnerability, branded Thunderspy, was released this week that allows an attacker to bypass login credentials and disk encryption if your computer has a Thunderbolt and they have physical access. Even worse, its hardware and can’t be patched.
Full Story from Wired: Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking.
// My take: No reason to panic at the moment, but this could be a viable attack vector on a VIP laptop in a few months. Since it requires a hardware re-design it’s likely going to be a factor for a number of years.
// Recommendation: Keep your laptop with you or securely locked at all times, additionally make sure to completely power off our your laptop when left unattended. This attack can only work with the Thunderbolt port has power. Be aware that your Windows 10 computer is probably hibernating when you shut it down. It’s called “Fast Startup”, you can learn how to disable it here. SANS also made the unique suggestion that you can put glitter nail polish on your laptop screws to see if it has been tampered with.
PS: There is a chance that HP laptops have some protection against this attack. Consider it optimistic hearsay until we see more.
Wired has a brilliant piece that tells the full story of Marcus Hutchins. Marcus, aka @malwaretechblog, is the hacker that found the kill switch for WannaCry. He is, by all accounts, a savant at reverse engineering botnets and malicious software. He made some poor choices when he was younger and the FBI scooped him up after Defcon in 2017. This is the first time the full story has been told. It’s a captivating read and I came away with even more appreciation of him. I applaud his candor and I’m thankful we have people like him working to defend our systems.
Top 10 Vulnerabilities
US-CERT released the Top 10 Routinely Exploited Vulnerabilities
// My take: The fix for these is straightforward, Patch, Patch, Patch. Search these CVEs in your vulnerability scanner or vulnerability management program. If it shows them unpatched, then patch them. You should prioritize public facing systems and systems that interact with sensitive data.
CVE-2017-11882, CVE-2017-0199, CVE-2017-5638, CVE-2012-0158, CVE-2019-0604, CVE-2017-0143, CVE-2018-4878, CVE-2017-8759, CVE-2015-1641, and CVE-2018-7600
Don’t miss their notes on 2020.
- Hasty cloud deployments leading to security configuration mistakes. 365 is under attack. 365 is a phenomenal platform but you must choose the right license, the correct controls, enable monitoring, and deploy MFA!
- Poor Employee Education – Phishing attacks are on the rise and many organizations don’t have the capability to monitor and patch systems at home. That equals increased risk. Increase your training regimen.
Our Edafio Cybersecurity team has published resources to help with some of these issues.