Skip to the content
Menu

Jack Smallpage, Information Security Officer at Chess, reviews the latest cyber security news and advises how to protect your data. He covers:


The security world is constantly moving and evolving, with vulnerabilities, breaches and new guidance released daily. The volume and complexity of some of these can sometimes be overwhelming and difficult to keep track of, so let's use this article to help summarise some of this month's highlights so that together, we can be more cyber aware.

 

Joint Cyber Security Advisory on Russia Cyber Threat

The cyber security authorities of the United States, Australia, Canada, New Zealand, and the UK have released a joint advisory to help provide technical details and information on the Russian-aligned groups involved along with the mitigations and protections you can put in place to help secure your business against possible future attack: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure | CISA.

 

What Should I Do

  • Update your systems and software

Vulnerabilities are discovered and exploited daily. As such, you must identify these vulnerabilities quickly and patch them as soon as possible, prioritising critical and high vulnerabilities on internet-facing equipment. Centralised Patch Management systems and Vulnerability Management Systems can help identify and remediate through automation, reducing the strain on your teams.

  • Multi-Factor Authentication (MFA) & Passwords

Ensure you enforce strong passwords across your user base, preventing password re-use and sharing to help limit the likelihood of credential compromise. Implementing a password management solution can help your users create and track their passwords in a secure vault. Additionally, you should enforce MFA (or 2FA) for all accounts to help mitigate credential compromise further – especially for your password management solution!

  • Monitor and Secure your RDP

RDP (Remote Desktop Protocol) is a protocol which allows a user to connect and remotely use one computer to another over the network. With business becoming more remote, you may likely use this in some areas of your business. However, given that RDP exploitation is one of the top initial ransomware infection vectors, it is crucial to restrict its use wherever possible and require additional measures such as MFA and VPN.

  • User Awareness & Training

Phishing is STILL one of the most common threat vectors for breaches and is used to gain credentials or spread malware for various attacks. Make sure your people know how to identify suspicious phish and feel empowered to report messages even when they may have fallen for it themselves.

 

Hybrid Warfare and Cyber Attacks

Read Now

 

F5 BIG-IP iControl REST Vulnerability


F5's BIG-IP is a family of software and hardware products covering application availability, access control, and security solutions. On the 4th of May, F5 disclosed a vulnerability in their iControl REST interface that could allow an unauthenticated attacker with network access to the BIG-IP system to execute arbitrary system commands, create or delete files, or disable services. More details can be found from F5's advisory here: BIG-IP iControl REST vulnerability CVE-2022-1388 (f5.com) with further guidance from the CISA alert here: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 | CISA

 

What Should I Do

Look through the advisory and identify whether you run any of the identified vulnerable versions. If you do, update your version to be equal to (or more recent than) the fixed version indicated. Where you are unable to immediately apply the update, you should instead implement F5's temporary workaround by:

- Blocking iControl REST access through the self IP address.

- Blocking iControl REST access through the management interface.

- Modifying the BIG-IP httpd configuration.

More details on how to implement the above workarounds can be found in the F5 advisory.

 

NCSC's New Email Security Check Service

The UK's National Cyber Security Centre (NCSC) have released a free to use tool this month which allows users to check any email domain against Email anti-spoofing and Email Privacy capability. The service checks you are using standards such as DMARC (anti-spoofing) and TLS (encrypted transit) properly using publicly available information only. You can access the service here: Check A Domain | Email Security Check (ncsc.gov.uk)


What Should I Do?

Access the tool and enter your organisation's email domain (e.g. Chessict.co.uk) to check that you are securely configured. If the report includes gaps, follow the guidance to secure your email.

 

Email: The Danger Within

Watch Webinar

 

HP BIOS Vulnerabilities Patched

HP have released BIOS updates this month to fix two high severity vulnerabilities affecting a range of their PC products with potential arbitrary code execution. More details, including the devices affected and relevant updates, can be found on the HP update here: HP PC BIOS - May 2022 Security Updates | HP® Customer Support.

 

What Should I Do

Whilst we always think about patching our software (whether manually or via a patch management tool), it is easy to forget about firmware/BIOS updates. Because there are additional risks involved around BIOS updates (especially in a remote setting), they can frequently be overlooked and ignored. However, firmware updates are still important and their vulnerabilities can still be exploited, so devising a patch management solution for your firmware/BIOS is essential.

 

VMware Vulnerabilities – Patch Now!

The NCSC (UK) and CISA (USA) government agencies have both issued a warning over this month's critical VMware vulnerabilities, which are being exploited in the wild by cyber actors, some of which are believed to fall under the APT (advanced persistent threat) category.

An advanced persistent threat is a stealthy threat actor which gains access to a network whilst remaining undetected for an extended time. These actors are usually state-sponsored and intentional which make them a dangerous threat.

The vulnerabilities affect certain versions of VMware Workspace ONE Access, VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager. Whilst the vulnerabilities require an attacker to gain access to your network first, once exploited, the attacker is able to bypass authentication methods and elevate their privileges to root (admin), whereby they would be able to cause further disruption.

 

What Should I Do

CISA have recommended that the impacted products are either updated or removed, with no other mitigation seemingly acceptable. With this in mind, we echo this sentiment by recommending the following:

- Identify: Which systems and products are affected and the services that each provide.

- Mitigate: Install the latest update as soon as possible using the VMware advisory here: VMSA-2022-0014 (vmware.com)

- Isolate: Where impacted systems temporarily cannot be updated (or removed) for whatever reason, it is important to isolate them from the network as soon as possible to help reduce the likelihood of compromise.

If during your identification stage you notice any Indicators of Compromise (IoC), you should isolate the systems involved as soon as possible following the guidance found on the CISA advisory here: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control | CISA.

 

Critical Bugs in Zyxel Firwalls and VPN's Exploited

To add to the list of exploited vulnerabilities detected this month, a critical vulnerability in Zyxel firewalls supporting ZTP (Zero-touch Provisioning) has been identified and is reportedly being exploited already. The vulnerability allows an unauthenticated and remote attacker to achieve arbitrary code execution as the "nobody" user on the vulnerable device. More detail on this can be found in Rapid7's alert here: CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection | Rapid7 Blog.


What Should I Do

The vulnerability affects the following models and firmware versions.

Affected Model

Affected Firmware Version

Patch Availability

USG FLEX 100(W), 200, 500, 700

ZLD V5.00 – ZLD V5.21 Patch 1

ZLD V5.30

USG FLEX 50(W) / USG20(W)-VPN

ZLD V5.10 – ZLD V5.21 Patch 1

ZLD V5.30

ATP Series

ZLD V5.10 – ZLD V5.21 Patch 1

ZLD V5.30

VPN Series

ZLD V4.60 – ZLD V5.21 Patch 1

ZLD V5.30

If you utilise any of the affected models, you should apply the patch (ZLD V5.30 as a minimum) right away. More information can be found on Zyxel's advisory here: Zyxel security advisory for OS command injection vulnerability of firewalls | Zyxel

 


 

Outsourcing gives you access to highly qualified professionals. If you need specialised help or support, especially around cyber security, or the dull yet necessary hardware and software upkeep, it often makes sense to expand your search.

 - Emma Stott, Customer Service Director at Chess, for Is IT Outsourcing The Answer?
 

 


 

Conclusion

It has been a busy month for security, though certainly not uncommon. It is also important to reiterate that this article has not included ALL security news or vulnerabilities disclosed this month, and others such as Microsoft's Patch Tuesday fixes, Apple's 0-day, QNAP's critical QVR vulnerability, and Cisco's IOS XR 0-day and NFVIS vulnerability are just honourable mentions as examples of other updates you should be aware of and research.

If you have been caught off-guard by some of this month's developments, look at your security processes and see what changes you can make to ensure you don't get caught out in the future. Just 20 minutes of research each day can help you keep on top of the major security trends and alerts, which help protect your business and keep you cyber aware!

If you have any more questions or worries, please do not hesitate to get in touch and see what Chess can do to help you and your security posture.

 

To learn more about how you can protect your organisation, book your free 30-minute security consultation with one of our penetration testers. Get agnostic advice from industry experts on how secure your business. Request here.

 

Recommended Content

2021 Top Security Vulnerabilities

2021 Top Security Vulnerabilities

Luiz Simpson, Director of Security Testing, summarised the top four vulnerabilities from last year.

Hybrid Warfare and Cyber Attacks

Hybrid Warfare and Cyber Attacks

Luiz Simpson, Director of Security Testing, reviews the most recent news on cyber attacks, hybrid warfare and the conflict in Ukraine.

Jack Smallpage

Jack Smallpage

Jack Smallpage is the Information Security Officer at Chess. He creates and maintains our security policy, takes lead in a variety of compliance certifications and security projects and acts as the company security liaison for security incidents, BCDR planning, GDPR compliance and risk management.


Speak to a Product Specialist

You can fill out the form and one of our product specialists will contact you shortly with more information.
Sales
To contact our Sales team directly, please call 0344 770 6000 and choose option 4.
Customer Service
For general queries or to report a non-urgent fault, please log a ticket on our customer portal using the email address associated with your account. Logging a ticket is quick and easy to do. Once you have logged your ticket, we will respond within 24 hours or your Service Level Agreement, whichever is quicker.
I agree for my information to be used for marketing communications.
Chess Privacy Notice

By submitting your personal information through this form, you consent to your information being processed in accordance with the Chess group privacy notice.