How Can I Help Remote Workers Secure Their Home Routers?

 Por John Bock em 11/02/20 no site The Edge (Darkreaging).

(Image: Oleksandr Delyk via Adobe Stock)

 

 Question: How can I help my remote workers secure their home routers?

John Bock, senior research scientist at Optiv Security: With so many organizations' employees working remotely due to the pandemic, what security teams can do to help secure their home routers/firewalls is getting renewed attention. Why should we view an employee's home router as any different than one at a coffee shop or hotel network? Well, for one, it's a more static and predictable location for an attacker, especially if we are including Wi-Fi access points, common to all-in-one gateway devices. These days, the home router also likely includes a home network with a variety of entertainment and home automation devices, all of which could have their own vulnerabilities.

Related Content: Firmware Flaw Allows Attackers to Evade Security on Some Home Routers Teach Your Employees Well: How to Spot Smishing & Vishing Scams How Can I Help My Users Spot Disinformation?

Most organizations will manage this situation with a focus on hardening the endpoint to operate in an assumed hostile environment, which aligns with modern best practices for host defense.

Without good public examples of extending enterprise vulnerability management down to the personal home network, the most direct route is with employee security education that focuses on basic home gateway maintenance and avoids advanced configuration topics. Our technical users are likely ahead of the curve when it comes to home security issues anyway, and it's the users who have never logged into their home routers who cause the most concern.

Here's a basic set of guidance to tell your users:

• Log in to your router, check for firmware updates, and upgrade if one is available. Set up a monthly task, maybe alongside bill paying, as a reminder to log in to see whether any new versions are available.
• Verify that "Remote Administration" or "Administration from WAN/Internet" are disabled. If enabled, they allow access to the management UI from the Internet.
• Review firewall settings for any open or proxied ports. If you're unsure of the origin of a particular entry, disable it.
• Check Wi-Fi network settings, if applicable, and verify you're using WPA3 Wi-Fi security standard – if your devices support it – or, at least, WPA2.
• Make sure your network password is complex and not related to the network name.
• Review your attached devices list for anything suspicious, and verify the identity of unknown hosts.

 

John Bock is senior research scientist at Optiv. Prior to this role, John was vice president of threat research, and before that he was the leader of Optiv's application security practice, which provided application pen testing and other software security services. With more ... View Full Bio

 

55 Apple vulnerabilities risked iCloud account takeover, data theft

 Por SudaisAsif em 09/10/2020 no site HackHead

Bug bounty programs happen to be effective as they offer independent ethical hackers the motivation to help companies find vulnerabilities.

A recent case is a testimony to this where a team of cyber security researchers has succeeded in finding a total of 55 vulnerabilities in Apple’s networks over a course of 3 months. The names and Twitter handle of researchers participated in Apple’s bug bounty program are:

• Sam Curry (@samwcyo)
• Brett Buerhaus (@bbuerhaus)
• Ben Sadeghipour (@nahamsec)
• Samuel Erb (@erbbysam)
• Tanner Barnes (@StaticFlow)

Meanwhile, the 55 vulnerabilities were classified as the following:

• 11 as critical due to the extreme threat they posed of user data theft and access to Apple’s main network
• 29 as high severity
• 13 as medium severity
• 2 as low severity 

All of these distributively include remote code execution, memory leaks, SQL injections & cross-site scripting (XSS) attacks, the details of which are available on the researchers’ official blog post.

Elaborating a bit on the consequences of the vulnerabilities, there were many. First, the iCloud accounts of users could be accessed using a worm leading to a serious privacy breach and potential phishing attacks.

Secondly, not only could Apple’s proprietary source code of its projects be exposed but the user sessions of Apple employees could also be taken over resulting in the attacker’s control “management tools and sensitive resources”.

Thirdly, Apple uses industrial control warehouse software which would also have been compromised. The following list comprises of first 10 vulnerabilities reported by the researchers:

• Remote Code Execution via Authorization and Authentication Bypass
• Authentication Bypass via Misconfigured Permissions allows Global Administrator Access
• Command Injection via Unsanitized Filename Argument
• Remote Code Execution via Leaked Secret and Exposed Administrator Tool
• Memory Leak leads to Employee and User Account Compromise allowing access to various internal applications
• Vertica SQL Injection via Unsanitized Input Parameter
• Wormable Stored XSS allows Attacker to Fully Compromise Victim iCloud Account
• Wormable Stored XSS allows Attacker to Fully Compromise Victim iCloud Account
• Full Response SSRF allows Attacker to Read Internal Source Code and Access Protected Resources
• Blind XSS allows the Attacker to Access Internal Support Portal for Customer and Employee Issue Tracking.

The full list of vulnerabilities and technical details are available on the researchers’ blog post.

Currently, the security researchers have been paid a total of $288,500 but more payments are expected to come in which may go up to $500,000.

On the other hand, all the disclosed vulnerabilities have been fully fixed by 6th October which can put users at ease as their data is no more at risk. Nevertheless, credit also goes to Apple since they responded to every vulnerability report in a time span of 4-48 hours which shows a sense of responsibility by the tech giant.

For the future, other companies should learn from this incident and implement vulnerability disclosure and bug bounty programs along with dedicated cybersecurity professionals to handling such reports. This can go a long way in mitigating the effects of such an incident.