Unpatched On-Premise Atlassian Servers Have Likely Already Been Compromised; Critical Patches Released for 20 Netgear Vulnerabilities

Some clients are still very hesitant to do internal or assumed breach penetration tests. With all the ways into an environment (exposed services like this, identity abuse, phishing, insiders...), it's hard to justify ignoring. See also: The Emperor's New Clothes.

Christopher Elgee

By the time you are reading this, consider all vulnerable Atlassian instances compromised. Only on-premise installs are affected. Atlassian already patched cloud instances.

Johannes Ullrich

This applies only to your self-hosted Confluence servers. The notice has been changed to reflect that exploitation does _NOT_ require an account on the system. Apply the patch to your Confluence servers now, and make sure that only those that need to be are exposed to the Internet. Double check for additional services which may themselves be Internet accessible and provide unintended exploitation paths.

Lee Neely

Use the web interface of your Netgear switch or router, or the mobile management app if it has one, to check for and install any updates. For models that support it, enable automatic updates during times where it doesn’t matter if your device reboots. You can also cross-check the Netgear support site to verify you have the current firmware version.

Lee Neely

Most schools are returning to in-school classes but will need to maintain remote learning capabilities and connectivity. As that stabilizes, use this news item to justify checking if 11-year-old sensitive data really needs to be stored online and evaluate other essential data security precautions. School systems have many obstacles to securing systems and networks – minimizing what is available to attack can be a very useful first step.

John Pescatore

The trick is making sure that students are not sharing extra data with the school provided IT systems, that they don’t install extra applications, only using school systems for schoolwork to minimize the data that is at risk in the event of a compromise of the school’s IT systems. Parents should ask what protections are in place with systems protecting their data. As challenging as remote learning and providing IT systems to students is, even prior to the pandemic, ask (and offer) if they need help or expertise, respecting the guidance and staff they have in place.

Lee Neely

You know those services you deprecated and didn’t retire because you needed them “just-in-case?” Me too. Time to go back and either retire them, or restore them to a managed/patched state, as well as double check them for compromise. Also update your lifecycle processes to include setting a retirement date for the old service or equipment. Retirement needs to include data disposition or archive.

Lee Neely

See the first story above. Let’s hope the Jenkins' statement is correct and none of their software was compromised.

Johannes Ullrich

Collateral damage from DDoS attacks is quite common. ISPs often have to block some legitimate traffic initially to regain the ability to manage their networks. In some cases, filters can also cause additional load issues on routers.

Johannes Ullrich

DDoS attacks are becoming more common, with increased bandwidth and decreased duration. Some last only a few seconds, meaning automation is needed to effectively shut down these attacks. Work with your ISP and service providers to determine what their response capabilities are. They should be able to provide recent results of success or failure. DDoS prevention may be a separate service from your existing providers or something you must purchase and reconfigure your network routing to leverage. Make sure you have all the details before starting the engagement.

Lee Neely

BrakTooth is attacking Bluetooth Classic and exploitation requires an attacker to be in radio range. This applies to not just your Smartphone or tablet, but also your laptop or any other devices with Bluetooth System on a Chip (SOC) components. The SANS ISC writeup lists tested vendors and patch status and notes that the vulnerability likely applies to Bluetooth Classic implementations not listed. Mitigations include: applying available updates, disabling Bluetooth where you’re not using it, and evaluating SOC implementations in your environment to consider the risks of exploit versus turning off that Bluetooth until it can be patched.

Lee Neely

The bad news is that Bluetooth is widely supported and used for many sensitive applications. The good news is that Bluetooth range is measured in meters and attacks against it do not scale well.

William Hugh Murray

This is kind of a click-bait headline – for the last 5 years or so, various reports have showed the number of attacks against IoT devices growing 100-300% per year. Of course, the number of IoT devices is growing that fast, too. But the important part is do vulnerable IoT devices provide attack paths to your critical systems or information, not how many attacks are out there. Knowing if and where your roof leaks is important; how many raindrops fell in a storm, not so much.

John Pescatore

Pretty meaningless statistic as IoT devices are already saturated with attacks. For years now, IoT botnets have achieved an overkill causing new devices to be compromised within minutes. Let’s see if recent arrests in China affecting the "Mozi" gang will have some affect (but many of these botnets are on autopilot and remain in a zombie state long after the groups behind it have ceased operations).

Johannes Ullrich

Over the last decade or so, there has been an explosion of IoT devices, both at home and work, which provide automation or assistance. The desire to monitor and/or interact with them has resulted in many being configured with increased accessibility. Make sure that your devices can talk only to services they need, and that they can’t cause peripheral harm if compromised. Where possible put them on an isolated network. Even home routers now include VLANs and Guest Network segments, which can be leveraged for this purpose.

Lee Neely

Single application devices should be relatively easy to secure. However, the tendency of developers to include general purpose operating systems and the sheer number of the devices creates a large and porous attack surface and increases global risk for little return.

William Hugh Murray

Your IT staff should be evaluating the hardware minimums for Windows 11 and updating your standard configurations so newly purchased systems can run a supported version of Windows 11, even if you’re not planning to migrate right away. Note that home versions require an Internet connection and a Microsoft.com account to complete installation and activation. Microsoft has released a compatibility check tool: https://www.microsoft.com/en-us/windows/windows-11#pchealthcheck

Lee Neely