The STL Cyber Security Meetup (STLCYBER) is the premier gathering of top cyber talent from the St. Louis region and beyond to cover the issues and new developments in information security. Jason Hill will be their featured presenter on August 4, 2020.
Jason Hill, Cybriant’s Director of Strategic Services, has been selected to speak at the upcoming St. Louis Cyber Meetup. This is a virtual event, so all are welcome to attend.
Jason will be speaking on Mortal Kombat: What do you need to know to fight today’s cyber battles. He’ll describe the current cyber threat landscape including current threats, common breach vectors, and advanced persistent threats. His presentation will also describe best practices to use to help reduce your current threat landscape.
6:15 pm – 6:30 pm — Host Setup/Guest Arrival – Please RSVP in order to obtain the Zoom meeting link
6:30 pm – 7:30 pm — Featured Presentation — Jason Hill, Director, Strategic Operations at Cybriant, will present Mortal Kombat: What do you need to know to fight today’s cyber battles.
7:30 pm- 8 pm — Q & A, networking
Did you know you can also use our meetup towards CPE credits? To qualify, attend our event in its entirety and email us at Meetup@TechGuardSecurity.com requesting the confirmation!
About STL Cyber Security Meetup
The STL Cyber Security Meetup (STLCYBER) is the premier gathering of top cyber talent, and those wanting to learn about cyber, from the St. Louis region and beyond to cover the issues and new developments in information security. Topics include enterprise security, mobile cyber, endpoint security, security policy, governance, compliance, forensics, offensive and defensive security strategy, Fintech security, the dark web, secure IoT.
Meetings will feature an industry/enterprise expert speaker, demonstrations of innovative technologies from security vendors, panel discussions, workshops, and a top cyber networking opportunity. Cyber Security continues to dominate the front page—and the St. Louis region is building unique capacity and innovation in cyberspace.
Whether an expert or one entering the field, we welcome you to network, learn about new technologies and share with one another.
Hopefully, you will never be involved in a data breach, but in a world of constant cybercrime and increasing levels of intrusion, being involved in such an incident seems all but inevitable.
With Equifax as a perfect example of how a trusted provider can be breached, it’s important that you If you want to protect yourself, especially if you potentially share personal data on corporate devices. Signing up for a credit monitoring service is a smart thing to do, but that is only the beginning. Once you are signed up for the service, you will need to watch your email for updates, so you can get a jump start on the bad guys and stay one step ahead of the identity thieves.
In a perfect world, that email notification will never come, but if it does, you need to be ready.
Steps to Take After a Data Breach
Here are some critical steps you should take if you are notified of a data breach involving your own data.
Find Out What Information Has Been Leaked
Some data is more dangerous than others, so it is important to find out exactly what has been leaked. When you are notified of the data breach, you should see information on exactly which pieces of data may have been compromised, and what you do next will depend in part on which information is now available to hackers and cybercriminals.
If you are lucky, the information leaked will be relatively innocuous. Having your email address revealed may be annoying, but it is unlikely to lead to serious consequences unless the password has been revealed as well. Even so, you might want to reset the credentials on your email address or consider changing accounts to stop a flood of spam.
In other cases, the information revealed will be much more extensive, and that could put you at greater risk. If your Social Security number has been revealed, for instance, you are at high risk for identity theft and having hackers open fake accounts in your name. Knowing what has been revealed is a key first step and something you should do right away.
Change Impacted Passwords Immediately
Passwords are prime targets for identity thieves and online criminals, and many data breaches involve the selling of compromised credentials. If your passwords have been revealed in a data breach, you need to change them immediately.
Depending on how you run your cyber life, it may not be enough to change the password at the impacted site. If you have used the same password at multiple websites, you will want to change all of those credentials right away. And when you do, make sure you use unique credentials for every site to avoid a repeat.
Turn on Two-Factor Authentication
Two-factor authentication provides an extra layer of security by requiring an extra step during the login process. In addition to the standard username and password, you will need to enter a code sent to your smartphone, providing additional protection for all your accounts.
Many websites now offer two-factor authentication, and turning it on is a smart thing to do in the wake of a data breach. That way even if a cybercriminal buys your compromised credentials online, they will be unable to access your accounts without the additional security code.
Consider Using a Password Manager
Using the same password at multiple sites can be dangerous, and security experts recommend setting up a separate set of credentials for every site you visit. Unfortunately, keeping track of all those user IDs and passwords can be a full-time job, and it is tempting to fall back into the same old habits after the current crisis has passed.
If you want to stay safer online and protect all of your accounts, consider using a password manager. Password managers create a unique set of credentials on demand, keeping track of the information in an encrypted database. All you need to access it all is a single master password, so you only have one set of credentials to remember.
Sign Up for Transaction Alerts
Transaction alerts provide you with instant notifications of purchases, withdrawals, and other activity on your accounts. Signing up for those alerts is a smart thing to do, especially if your accounts may have been compromised.
Once you sign up for transaction alerts, you will get a notification on your smartphone whenever something happens in your account. If you see a charge you do not recognize or a withdrawal you did not authorize, you can contact the bank right away to shut it down.
Think About Freezing Your Credit Report
If you have been involved in a data breach, you may want to freeze your credit report, especially if you do not plan to apply for a loan or credit card in the near future. Freezing your credit report is a major step, but it may be a necessary one to protect your identity and your finances.
Once you freeze your credit report, no one, including you, will be able to access your file or open additional accounts. That can make life difficult when it is time to apply for a car loan or mortgage, but if you do not need any additional credit, putting a temporary freeze in place could make sense.
Being involved in a data breach can be frightening, but prompt action could mitigate the damage and prevent the problem from getting worse. What you do in the wake of a data breach matters more than you might think, and the actions you take could protect you from hackers, identity thieves, and other nefarious actors.
Download Cybriant’s Remote Workers Guide to avoid being another headline! Help your remote workers protect the companies data and their personal information with these important tips. Download today.
Are You Overlooking This Vital Patch Management Process?
Patch Management is a seemingly simple task that is often overlooked. And has been one of the causes of the biggest breaches in cybersecurity history. IT operations workers that apply the patches are often pulled many different directions, so patch management isn’t always a priority.
While the patch management process seems simple, the actual implementation is overwhelming. There are often many open vulnerabilities and patching them all just seems too complicated.
So, many companies just skip the patch management process and only focus on critical needs.
Sometimes even understand what is the most critical to patch seems difficult.
Enterprises typically have thousands of different pieces of software, ranging from mobile apps on phones to legacy systems of record running in on-premises data centers – and everything in between.
Furthermore, such software is typically a mix of commercial off-the-shelf (COTS) packages, open source software, and custom-built applications. Vulnerabilities crop up in all of these on a regular basis.
Given this never-ending stream of available patches combined with perennially limited security staff, prioritization is essential. A recent Ponemon study underscored this point. “65% of respondents say they find it difficult to prioritize what needs to be patched first,” explains the ServiceNow-commissioned study Today’s State of Vulnerability Response: Patch Work Demands Attention. “To accurately prioritize vulnerabilities, you need to know both the severity—as measured by Common Vulnerability Scoring System (CVVS) scores, for example—and the types of business systems affected.”
“To prevent data breaches, security teams need to patch more quickly,” the study says. “However, the survey shows that they are being held back by manual processes and disconnected systems that compromise their ability to patch in a timely manner.”
If patch management is not a priority at your organization, consider Responsive Patch Management from Cybriant. As part of our PREtect ADVANCED service, it takes the stress and guesswork out of your hands and put it into our capable expertise.
An often-missed piece of the patch management process is understanding your inventory. Our Responsive Patch Management solution will scan your systems, check for missing and available patches against our comprehensive vulnerability database, download and deploy missing patches and service packs, and generate reports to effectively manage the patch management process of the enterprise.
Our Responsive Patch Management Process
By utilizing an industry-leading patch management software and our dedicated experts, your patch management process will always be a priority.
Our patch management process includes:
Step 1: Automatic System Discovery
You can choose the systems that are required to be managed and we take it from there. The agent will perform a vulnerability assessment scan and patch deployment.
Step 2: Online Vulnerability Database
A vital feature of our patch management process is our vulnerability database. This hosts the latest vulnerabilities that have been published after a thorough analysis. When we find a patch that matches a vulnerability on your system, we download the patch from this database. This provides the information required for patch scanning and installation.
Step 3: Vulnerability Assessment Scan
We scan all the systems for missing Windows patches in the operating systems as well as applications. It reports the level of vulnerability after the scan. Missing Windows patches are identified from the local vulnerability database.
Step 4: Approval of Patches
Most often, patches are deployed in a sandbox environment before they are introduced to your entire network. This extra set makes the patch management process error-free and stable. Our team can ensure that the patches tested are directly approved for deployment.
Step 5: Patch Deployment
When approval has been finalized, we will deploy the necessary patches. The status of the patch deployment is updated back to you. The installation process can also be scheduled for a specific time.
Step 6: Patch Reports
Reports are available for system vulnerability level, missing Windows patches, application Windows patches, and task status. These reports can be exported to PDF or CSV formats.
Step 7: Severity-Based Patch Management
Our team will work with you to determine and configure severity levels for missing patches, eliminating the need to evaluate system health and vulnerability status based on a common list of missing patches. This helps deploy patches based on severity and ensures accuracy on identifying missing patches.
Step 8: Automated Patch Management
An important piece of the patch management process is automating patches for computers on your network. We can automatically install software, patches, and services packs in regular desktop activities. This includes:
Scanning computers periodically to identify missing patches
Identifying and downloading the missing patches from the vendors’ websites
Downloading required patches and creating tasks related to patch deployment
Downloading required patches automatically and installing them on to specific computers
This process can be specified for a targeted set of client systems. You can choose to have different levels of automation for different sets of client systems. The process of deploying patches automatically depends on the level of automation you choose. This helps ensure that all computers remain up to date with the latest patch releases from OS and application software vendors.
If the patch management process is important to you, but you don’t have the necessary resources on staff to manage it, consider our Responsive Patch Management Service.
According to meltdownattack.com, these hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
It turns out the patch that Microsoft created for Meltdown could be worse than the original Meltdown vulnerability. Ulf Frisk, a Swedish penetration tester, warns in his blog:
“Did you think Meltdown was bad? Unprivileged applications being able to read kernel memory at speeds possibly as high as megabytes per second was not a good thing.
Meet the Windows 7 Meltdown patch from January. It stopped Meltdown but opened up a vulnerability way worse … It allowed any process to read the complete memory contents at gigabytes per second, oh – it was possible to write to arbitrary memory as well.
How is this possible?
In short – the User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself.”
Last week, Microsoft released an out-of-cycle security patch to address the problems created for the original patch.
Meltdown Patch: CVE-2018-1038 | Windows Kernel Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.
The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
45% of companies are not using a dedicated patch management solution to distribute and manage software updates.
72% of decision-makers do not deploy a patch within 24 hours after it is released to the public.
Failure to patch caused the infamous Equifax breach, releasing the data of 143 million people.
In a recent interview, Chris Goetti, director of product management at Ivanti, says the vulnerability created by the Microsoft patch is pretty significant and something that needs to be addressed with haste, if possible.
“When Microsoft issued a fix for Windows 7 and Windows Server 2008, they made a mistake and ended up opening up read and write access in RAM so anybody could access anything in memory and write to it,” he says. “It is a significant vulnerability and leaves those systems pretty much exposed” without the update.
If you don’t have time to test the new patch, a best practice may be to roll back to the March update and wait for Microsoft’s next update on April 11.
“We are close to the April update,” Goetti says. “Our guidance is to either apply the new update or roll back the March update,” for Windows 7 x64-bit systems and Windows Server 2008 x64-bit systems, he says.
While patching may be the most boring, thankless job in the IT department, it could be the one that prevents the most cyber attacks. Hackers use known vulnerabilities to launch attacks on businesses. Having your systems updated and patched may be the best first line of defense.
On January 3rd, 2018, Meltdown and Spectre were revealed. These security flaws exist in nearly every Intel CPU built since 1995. Both vulnerabilities involve speculative-execution side-channels that can be exploited to steal sensitive data from the devices in your network.
The Meltdown vulnerability, CVE-2017-5754, can potentially allow hackers to bypass the hardware barrier between applications and kernel or host memory.
The Spectre vulnerability has two variants: CVE-2017-5753 and CVE-2017-5715. These vulnerabilities break isolation between separate applications.
Both flaws provide hackers with a way of stealing data, including passwords and other sensitive information. If hackers manage to get the software running on one of these chips, they can grab data from other software running on the same machine.
While these flaws are unique since the vulnerabilities were found in the way the chips were manufactured, there is a way to help prevent any damage. You guessed it, patching! But, it’s not that simple…
Updating your patches will not simply fix the Meltdown and Spectre vulnerabilities. Your team should take the time to test patches to minimize the impact on your hardware and applications. Be sure to use industry best practices and thoroughly test each patch before implementing them company-wide.
Let’s make patching the best, most rewarding job in the IT department. Remember WannaCry? And how many companies would have been protected if they had used the patch made available by Microsoft? Don’t wait for the next attack!
Plan to Fail = Plan to Win
When any new cyber attack or vulnerability is announced, many companies will panic and create more disorder that is necessary. The best thing your organization can do is to plan to be attacked and monitor your network like you are currently being compromised. Have a strategy ahead of time. Discuss worse-case scenarios with management and have acommunications plan in case something goes wrong.