Security Vulnerabilities – There is no letting up

If you think doing a one time or even once a year vulnerability assessment of your digital assets (networks, end points, software, SaaS / Cloud platforms etc..). Think twice. Even during the pandemic period  where  companies  were busy dealing with securing the remote work environment for their employees, and dealing with patching existing vulnerabilities at a fast pace, there was no letting up of new vulnerabilities found in 2020 and 2021. Not only the raw overall vulnerabilities count were more than the pre-pandemic years, medium/high/critical vulnerabilities were almost the same as previous years. If 2022 numbers so far are any indication, we are well on our way to have a record year of reported net new vulnerabilities. It is important for organizations to have a robust, ongoing vulnerability management plan in place and work their MSSPs closely to setup periodic (preferably monthly) vulnerability assessments and ongoing management.

Vulnerability Distribution By CVSS Score (Courtesy cvedetails.com)

Continue Reading
cybersecurity

TCP Middlebox Reflection: Coming to a DDoS Near You

Network Firewalls have forever been considered first line of security at the network edge. Most firewalls protect the network using IP based ACL filtering to more complex content based filtering.  Firewalls also can detect various types of of attacks like UDP flood attack, SYNC flood attack, IPSEC flood attack etc and Distributed Denial of Services (DDOS) attacks.  However, most recently hackers have been exploiting network firewall TCP implementation weakness, and using it as a source of  Distributed Reflective Denial of Services (DRDOS) attack. What is most disturbing is less than 6 months from a published research paper that details the possibility of such attacks, this has been exploited in real networks.  It becomes even more important to closely monitor network firewall telemetry as part of any security monitoring solution (e.g: SOC).

 

Continue Reading