Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Keeping Up With the Patches: A Tour Through Spring 2019 Threat Alerts

This spring brought a number of security updates from major tech players such as Oracle, Microsoft and Cisco. Which ones affect your enterprise? The Tenable Research team breaks it all down.

Spring 2019 brought with it a string of security updates plus a new directive from the U.S. Department of Homeland Security requiring federal agencies to speed up the time it takes to patch critical vulnerabilities from 30 days to 15 days.

As with all vulnerabilities, knowing which ones could actually affect your infrastructure can help save time and resources when it comes to patching. The question is: With all the vulnerabilities coming out each week, which ones are most likely to be exploited? 

These were among the topics discussed during a recent Tenable Research webinar hosted by Product Marketing Manager Claire Tills, and featuring Pablo Ramos, Research Engineering Manager, and Satnam Narang, Senior Security Response Manager.

Alerts, Alerts and More Alerts

Microsoft’s April Patch Tuesday alert addressed 74 vulnerabilities. The same month, Oracle’s quarterly Critical Patch Update contained nearly 300 different alerts and notifications affecting a wide range of the company’s products. And, for good measure, Cisco released a string of security alerts this spring as well.

With each alert and update, the Tenable Research team digs deep into the details to analyze how potential vulnerabilities might affect your business. For example, the team explored an Oracle update addressing a possible zero-day vulnerability, which could have affected unpatched versions of the company’s WebLogic servers — a type of middleware that sits between the front end and back end of large-scale web applications.

During the webinar, the team discussed the news of a zero-day vulnerability in Oracle WebLogic that was first reported through China’s National Vulnerability Database (CNVD) on April 17. Shortly after it was reported, researchers began to experiment with developing proof-of-concept (PoC) code based on the information in the CNVD report, most of which were not fully functional. 

“It wasn’t until Oracle almost released the patch that we started to see actual functioning proof-of-concept code,” said Narang. “That’s when we started working with the [Tenable] Vulnerability Detection Team to make sure we had something in place, and we did our own tests and we actually even tweaked one of the proof-of-concepts that we had seen out there to make sure it worked.” Around this time, Tenable’s Security Response Team observed chatter that attackers were utilizing working PoC code in attacks in the wild.

Malicious Sea Turtle

Another issue capturing the team’s attention originated with a report from Cisco Talos. It’s a DNS hijacking attack targeting organizations in the Middle East and North Africa, which originated with a previously unknown advanced persistent threat (APT) group called Sea Turtle.

During the webinar, the research team discussed how these types of attacks are designed to spoof websites to steal credentials and passwords. The goal? According to the Cisco Talos analysis, it’s about gaining access to the networks of organizations targeted by Sea Turtle as part of a fairly widespread espionage campaign.

In these types of DNS attacks, threat actors — especially those with connections to nation-states — take advantage of one of the older internet protocols. Many of these protocols were designed and built before modern cybersecurity concerns were a factor. 

The Tenable Research team discussed their interest in the background of this attack. Sea Turtle took advantage of a series of older vulnerabilities — some dating back to 2009 — including the Shellshock vulnerabilities found in the Unix Bash shell and bugs still found in Apache Tomcat.

The lesson here is obvious but worth repeating: patching, especially older flaws and bugs that linger, still matters.

DHS Directive: “Patch Faster”

Finally, the Research Team took note of a new directive issued from the U.S. Department of Homeland Security requiring federal agencies to speed up the time it takes to patch vulnerabilities in the software they use.

Under the new rules, security teams must patch software vulnerabilities deemed critical within 15 calendar days and fix high severity vulnerabilities within 30 days. Under previous rules, established in 2015, critical vulnerabilities needed remediation within 30 days and there were no specific guidelines for vulnerabilities deemed high.

Knowing which vulnerabilities are the most critical to patch is an ongoing challenge for cybersecurity professionals everywhere. Earlier this year, Tenable unveiled Predictive Prioritization to help teams improve their ability to prioritize vulnerabilities based on risk to the business. Predictive Prioritization combines Tenable-collected vulnerability data with third-party vulnerability and threat data and analyzes them together using an advanced data science algorithm developed by Tenable Research. The data analysis is used to develop a Vulnerability Priority Rating (VPR) for each vulnerability. VPR scores are now available in Tenable.sc and Tenable.io to help security teams improve their vulnerability management process.

The ability to zero in on those vulnerabilities that are actually being exploited enables security teams to focus their resources on patching the vulnerabilities posing the greatest threat to the network.

Learn more:

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.