SEC Investigating Solar Winds Compromise Impact; Many Critical Patches from Apple, Google, Microsoft; Microsoft Makes It Easier for Windows Users to Move to Strong Authentication

This is a needed investigation, very little risk to companies that provide information given existing requirements to publicly disclose incidents with material impact.

John Pescatore

What we have been missing in cybersecurity is a body similar to the US National Transportation Safety Board (NTSB), which investigates root causes in aviation accidents, to investigate and share the root causes and potential remedial actions in relation to cybersecurity incidents. However, a body that has the potential to sanction a firm over other regulatory issues is not the body to do this.

Brian Honan

It isn’t easy to find good data around the impact of software updates these days but browsers on PCs, mobile apps, and cloud apps are all updated constantly without causing disruption. The risks of updating everything, everyday are way lower than old perceptions. If nothing else, the use of IaaS to rapidly QA updates has proven to be a huge win for security. The major barrier to overcome is IT operations staying locked into a “change is bad” mentality.

John Pescatore

The sheer volume recently of critical patches that need to be applied has highlighted our need to focus efforts on securing the data and the applications that we rely on and not the underlying devices. Containerization and isolation technologies that can secure data and apps from other apps and the operating system are something to seriously consider for your endpoint security.

Brian Honan

It will be a long weekend for operations teams waiting for change windows to apply patches for vulnerabilities that are being actively exploited.

Jorge Orchilles

This patch Tuesday is interesting for the number of high-profile, already exploited, vulnerabilities is addresses. First of all, it includes a patch for the MSHTML vulnerability which is currently used by ransomware gangs. (It is used by others as well, but if you say “ransomware,” management listens and will let you patch it.) PrintNightmare gets another patch, and this patch will actually finally break some network printing. The hidden gem here is the patch for CVE-2021-38647, the Open Management Infrastructure. Never heard of it? You are not alone. But if you are running Linux in Azure, Microsoft likely installed it for you on your virtual machine and left it wide open to attack. Note that even after the patch was released, new Linux VMs in Azure still received the old vulnerable version. (May have been fixed by now).

Johannes Ullrich

This patch was released as part of patch Tuesday. Note that at least for a day after patch Tuesday, newly created Linux VMs in Azure still received the vulnerable version. Linux VMs in Azure may have had this installed and enabled if you enabled certain management features for your virtual machines. Assume that the tool is installed if you are running Linux in Azure, and patching it is urgent as exploitation of the flaw is trivial if respective ports are reachable.

Johannes Ullrich

Anything that reduces the percentage of logins using reusable passwords is a good thing. But, we still have different “islands” of authentication approaches across the leading platforms (Apple, Facebook, Google, Microsoft, etc. Adoption of OAuth, OpenID Connect and SAML provide standard protocols but it is kind of like back in the days when railroads all use the same materials for the tracks but picked different spacing between the rails. “Interoperability” didn’t happen until all agreed on (or regulations demanded) track gauge standards.

John Pescatore

People do not like two factor authentication. If you have to pick one factor, the password is usually the weaker part, and the part that causes more pain to users. For some applications, passwordless app based authentication makes a lot of sense.

Johannes Ullrich

Passwords remain one of the weakest links in our lives. Moving to passwordless is the future but I fear the shift will take a significant amount of time.

Jorge Orchilles

The biggest problem with strong authentication is making it simple. What MS is doing helps and I really applaud this initiative BUT we could just end up making authentication complex again. I don’t know about you but 1. I already have three different authenticator apps and its most likely going to get worse. 2. Work and Personal authenticator apps are blending. I have one Authenticator app that is used for both work and personal accounts. In another odd case, I’m using MS Authenticator for my work Microsoft account and using Google Authenticator for my personal Microsoft accounts. Authentication has the potential to once again get really confusing really fast as different organizations take different approaches using different technologies.

Lance Spitzner

This is a slap on the wrist at best based on the annual salary they were making for multiple years according to Nicole Perlroth, NYT journalist and author of “This Is How They Tell Me The World Ends" https://twitter.com/nicoleperlroth/status/1438175837149270018?s=20

Jorge Orchilles

This decryptor is for victims ransomed prior to July 13, 2021. Since those attacks, REvil has taken a two month sabbatical and is now back in operation with more resources than ever before. Stay "left of boom" (boom being encryption) by testing your detection and response.

Jorge Orchilles

Well done to Bitdefender and all the law enforcement agencies involved in this. Remember that if you are a victim of ransomware and cannot recover a critical device, the key to decrypt it may become available in the future. So store the device securely for recovery at a later date.

Brian Honan