8 March 2019

This week, Redscan issued advice about a high-severity vulnerability to ThreatDetect customers so they could take swift remedial action.

 

First off, let’s check you’re protected against the same vulnerability. If any of your machines have Google Chrome installed, our advice is to type chrome://settings/help into the address bar, and if the version is anything before 72.0.3626.121 (released in March 2019), update your browser straight away.

Now, why did we tell you and our clients to do this? Well, it’s because of a zero-day vulnerability called CVE-2019-5786. This isn’t the catchiest title, but crucially, it was identified by cybercriminals before it could be identified by Google, meaning that some attackers have already exploited this vulnerability.

Here’s what you need to know about how CVE-2019-5786 came about and what to do to keep on top of vulnerabilities.

 

What are zero-day vulnerabilities and exploits?

 

Zero-day vulnerabilities are flaws in software that are unknown to the party responsible for mitigating them and are therefore unpatched. They often take the form of small coding flaws that, whilst not big enough to cause a crash or impair functionality, provide a window for hackers to wriggle through.

Zero days can’t all be detected before release as they may only be revealed when some other change occurs that the programmers couldn’t anticipate. They are a large part of the reason why software gets ‘patched’ on a regular basis. Normally, a software firm will continue to test its software post release and discover security holes but sometimes, even when a colossal level of resources is available (as in the case of Google), hackers get there first.

 

How can we be safe from zero-day exploits?

 

Hackers commonly use publicly available vulnerability scanning tools to assess their targets and identify unpatched vulnerabilities in preference to researching new ones and developing their own exploits. One report estimates 90% of hacked businesses are hacked in this way.

The best way to stay safe from zero-day exploits is to use software that’s still supported by the vendor and patch your systems on a regular basis. However, organisations large and small often struggle to keep on top of patch management and for financial and operational reasons still run older version software. This is why Windows XP can still be found running on ATMs and container ships despite its vulnerabilities.

Many organisations face a security headache next year when Windows 7 will be delisted by Microsoft and cease to be patched in response to newly identified vulnerabilities and exploits.

Our recommendation is that if unsupported software, especially operating systems and browser applications, must be used, it is not used on endpoints that have an internet connection. We also advise that networks and devices connected to legacy systems are closely monitored.

 

How Redscan can help

 

ThreatDetect™, Redscan’s award-winning Managed Detection and Response service, includes proactive network and endpoint monitoring plus integrated vulnerability scanning to help our clients stay abreast of and quickly address the latest cyber security risks. Experienced CSOC experts monitor the threat landscape 24/7 to deliver up-to-the minute security intelligence, threat notification and remediation advice.

Learn more about ThreatDetect

 

Read more:

Security insights from a cyber-aware software development team

Meet Redscan at CRESTCon on 14th March 2019

Cyber incident response – what to do after a data breach

 

back to all posts