Attackers Exploiting Known Vulnerabilities in Soho Password Management Service and Sitecore; UL SafeCyber Platform

This flaw has been exploited since shortly after it was made public (and after a patch was released). Any vulnerable exposed system has likely been compromised. Palo Alto’s blog lists some IOCs to watch out for, but there are likely other groups using this relatively easy to exploit vulnerability.

Johannes Ullrich

Reusable passwords are not only inherent unsecure, but they also require robust password reset processes since attackers have always targeted them. Self-service password reset software needs to be high security and ManageEngine did not live up to that. If you are using competing products for automated password reset, make sure you have applied all patches and chose a quality vendor.

John Pescatore

With last week’s announcement of the Minimum Viable Security Product baseline by Google, Salesforce, Okta, Slack and others, and this announcement by UL, there are fewer and fewer reasons for poor security in devices/"things.” The first step for security managers is to gain support for all procurement to include security processes and testing as part of the evaluation process.

John Pescatore

This is very welcome news and great to see, yet again, how international cooperation by various law enforcement agencies can have a real impact on those who target the vulnerable on the Internet. While a welcome victory, this is not the end of ransomware gangs but it does send a very strong message to them that the game, and cost of playing in the game, has changed significantly.

Brian Honan

This is great news but don't let your guard down. These groups re-organize and there are more than enough criminals to go around. Continue to train and prepare for the next attack, whether ransomware or not, assume breach, and focus on detection and response.

Jorge Orchilles

A reminder as to why it is so important for victims of cybercrime to report these crimes to law enforcement. The more information we share with the authorities, the more data and intelligence they have. This allows agencies such as Europol to analyse that data, leading to more effective operations and arrests.

Brian Honan

Another bit of good news on the ransomware front. Keep your guards up and keep training your teams to detect and respond to the inevitable next attack.

Jorge Orchilles

Ransomware attacks are popular among criminals because they believe that the risk of punishment is low. That risk is clearly going up. Law enforcement begins with and relies upon victims providing essential intelligence.

William Hugh Murray

In 2021 there is no excuse why a vendor is rolling out products with SQL Injection flaws in them. SQL Injection is consistently in the CWE/SANS Top 25 Most Dangerous Software Errors.

Brian Honan

Of course, parsing inputs is not an issue limited to health records. Parsing inputs gets harder and harder when one does not know the environment in which one's product will run. However, it seems very unlikely that one does not know that one's product will use a database and that it must resist the insertion of SQL commands. Note that the database manager cannot protect itself; it cannot know enough about the intent of the application to recognize malicious inputs.

William Hugh Murray

While it is likely that some, not to say many, healthcare organizations do not have mature incident response plans, most should prefer and concentrate on security measures that operate early.

William Hugh Murray

The solution to the supply chain risk must start with supplier accountability. We should be demanding a machine-readable software bill of materials in all products along with a statement of intended use and expected environment.

William Hugh Murray