Cyber Threat Advisory Summary - ThreatInformer

Cyber Threat Advisory Summary - ThreatInformer's Tags

Tags related to this article

Cyber Threat Advisory Summary - ThreatInformer

Published 9 October 2017

Current technical risks provided by ThreatInformer, include Drupal - Access Bypass and Adobe Acrobat and Reader - Remote Code Execution.

Issue

Drupal - Access Bypass

Affects Drupal (Website Content Management System) core 8.x versions priort to 8.3.7
Description Vulternability allows a user to escalate privileges. https://www.drupal.org/SA-CORE-2017-004
Technical action

Upgrade to newest version – listed at the above URL

Management action Confirm that web applications are included in your vulnerability management processes - many organisations tailor content management system code and then find it extremely difficult to apply security upgrades.

 

Issue

Adobe Acrobat and Reader – Remote Code Execution

 

Affects

Adobe Acrobat Reader 2017, 2017.008.30051 and earlier versions, and many other Acrobat products

 

Description Many separate issues, several allow remote code execution. https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
Technical action

Upgrade to newest version – listed at the above URL

Management action

Review security controls that filter PDFs before they get to end users. This is primarily through the web and email.


How would you manage a public security issue at your company?

Recently, we’ve seen the public disclosure of security issues in two very different companies: Kids Pass, a family focused voucher programme; and Carbon Black, a security software vendor. It shows that no matter what your industry, size or location, your company could be in this position. Both companies had to respond to a public accusation of a security vulnerability in their software or website.

With Carbon Black, a security research team accused them on a blog of leaking customer data through a technical process. With Kids Pass, a customer noticed that they could see another user’s data, reported it to the company, were ignored, and decided the only way to protect other users was to publicly disclose the issue.

These similar challenges facing vastly different organisations show that it’s prudent for every organisation to take security notifications seriously, and have a plan to manage both the technical and public relations impact.

Cloud: Uncontrolled use by employees leads to accidental breaches

Cloud storage providers are easy to use and solve everyday problems for staff members. Employees are relying more and more on third party providers to allow sensitive files to be shared both within a company and externally. Unfortunately, when this sharing is not well managed, it can lead to security breaches.

In recent months, personal details for Time Warner Cable’s clients, card details of Groupize customers and the entire voter roll for Chicago have been identified on Amazon S3. None of these databases were password protected, they were available to anyone with the right link. These databases were not put on Amazon by malicious attackers, but by employees trying to do their jobs as efficiently as possible.

Check whether your IT department offers your staff fit-for-purpose and easy to use file transfer services. If you don’t provide these services, your employees will look to third parties outside of your control.

Get a free, instant ThreatInformer cyber risk review, here.

Authors

Hans Allnutt

Hans Allnutt

London - Walbrook

+44 (0) 20 7894 6925

Rhiannon Webster

Rhiannon Webster

London - Walbrook

+44 (0)20 7894 6577

Patrick Hill

Patrick Hill

London - Walbrook

+44 (0)20 7894 6930

< Back to articles