As we head into the fall, both nation state actors and criminals alike continue to exploit vulnerable, exposed firmware on network and VPN devices. A US Federal Agency was just compromised per this CISA report, likely via a year-old Pulse Secure VPN firmware vulnerability. Meanwhile Chinese and Iranian attackers are leveraging similar internet-facing firmware vulnerabilities to gain initial footholds into Cisco and other network devices. CISA also published a much-lauded in-depth alert covering ways to find and remediate malicious activity, which we examine below at the firmware layer.
The BootHole vulnerability remediation effort resulting from significant coordinated disclosure efforts involving 18 organizations and over 100 people, is beginning to bear fruit: Concerted efforts by Oracle, Canonical, Microsoft, Red Hat, SUSE, Debian, VMware, CERT, and the NSA, highlight ways in which both OEM’s and government have addressed the challenge, with recommendations on how best to mitigate and remediate the significant risks associated with this now 2-month old vulnerability affecting the vast majority of all computing platforms and devices. The Eclypsium platform allows IT and Security teams to easily identify vulnerabilities and threats related to BootHole across an organization’s fleet of Windows and Linux devices. Contact us if you’d like more information.
Meanwhile, game hacking continues to both mimic and influence enterprise hacking by leveraging firmware and driver level attacks to subvert OS and application layer controls.
Finally, we look at the impact of what happens when a vendor mis-scores their own CVE, and the effect that has on vulnerability management. Hint: it isn’t good.
Applying Lessons From CISA to Your Firmware
The Cybersecurity and Infrastructure Security Agency (CISA) recently published alert AA20-245A, Technical Approaches to Uncovering and Remediating Malicious Activity. The alert serves as a playbook for security incident investigations based on the collective real-world findings of several contributing nations including the United States. We examine the implications for firmware and hardware security. Read blog post >
Ready Player One: What Firmware Gaming Cheats Mean For Enterprise Security
Some recent gaming cheats show that gamers have arrived at the same conclusion as malware and cybersecurity adversaries — one of the best ways to attack the application layer without getting caught is through the firmware. Read blog post >
The Subjective Nature of a CVSS Score – A CISO Perspective
During a recent internal threat modeling exercise, Eclypsium discovered that a vendor had mis-scored a few related firmware vulnerabilities across a consumer/enterprise grade product line, presenting them as a CVSS severity of Medium when our understanding of the issue resulted in a High. Eclypsium’s CISO, Steve Mancini, discusses the impact this can have on risk and vulnerability management systems that depend on accurate CVSS scoring. Read article >
THREATS IN THE WILD
- Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity
- Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa
- Citrix Application Delivery Controller / Gateway Remote Code Execution
- What do F5, Citrix, Pulse Secure all have in common? China exploiting their flaws to hack govt, biz – Feds
- Video encoders using Huawei chips have backdoors and bad bugs – and Chinese giant says it’s not to blame
- Backdoors and other vulnerabilities in HiSilicon based hardware video encoders
- Hackers are backdooring QNAP NAS devices with 3-year old RCE bug
- OpBlueRaven: Unveiling Fin7/Carbanak – Part II : BadUSB Attacks
- Who is Pioneer Kitten (Exploiting Firmware Vulnerabilities on Network Devices)
- QNAP tells NAS users to update firmware to avoid new type of ransomware
INDUSTRY NEWS
- NSA Releases Cybersecurity Technical Report on UEFI Secure Boot Customization
- We found out who makes Walmart’s new Gateway laptops, and it’s bad news
- NSA Mass Surveillance Program Illegal, U.S. Court Rules
- U.S. Agencies Must Adopt Vulnerability-Disclosure Policies by March 2021
- Intel® Trust Domain Extensions – Introducing New Architectural Elements To Deploy Hardware Isolated Virtual Machines
SECURITY ADVISORIES
- United States Cyber Command Technical Challenge Problem Set 2020
- Buffer overflow in PAN-OS when Captive Portal or Multi-Factor Authentication (MFA) is enabled
- Cisco Patches ‘High-Severity’ Bugs Impacting Switches, Fibre Storage
- QNAP AgeLocker Ransomware Advisory
SECURITY RESEARCH
- Oracle – An inside look at CVE-2020-10713, a.k.a. the GRUB2 “BootHole”
- BlindSide: allows attackers to “hack blind” in the Spectre era
- How a badly configured DB allowed us to own an entire cloud of over 25K hosts
- Researchers Hijacked Unsecured Printers To Demonstrate How To Secure Them
- Expert found multiple critical issues in MoFi routers
- Page Cache Attacks: Microarchitectural Attacks on Flawless Hardware
- Microarchitectural Side-Channel Attacks for Privileged Software Adversaries
- Exploiting Intel’s Management Engine – Part 3: USB hijacking
- Attacking the Qualcomm Adreno GPU
- All you ever wanted to know about the AMD Platform Security Processor and were afraid to emulate
TOOLS
- A Test and Debug Tool for ASPEED BMC AHB Interfaces
- The Election Security Risk Profile Tool (for US Voting Machines)
WEBINAR
Webinar: Down The Rabbit Hole – Attackers Moving Down As We Move Up
Eclypsium’s Scott Scheferman discusses the reasons why attackers are going further down the rabbit hole in order to gain footholds and persist below the surface of the security stack. He shares recent examples of incidents involving such tactics and explores the challenges of addressing this trending attack vector.
