Security Wrap-Up (January 26th, 2021)

Bug in Cisco DNA Center leaves companies vulnerable to remote attack
A fatal bug in the Cisco Digital Network Architecture (DNA) Center could open enterprise users to remote attack and takeover. The vulnerability is being tracked as CVE-2021-1257 and carries a CVSS vulnerability-severity score of 7.1. The DNA Center allows admins to provision and configure network devices and it uses artificial intelligence and machine learning to proactively monitor, troubleshoot, and optimize networks. Unfortunately, the web-based management interface used for accessing and using the Cisco DNA Center has insufficient CSRF protections in software versions prior to 2.1.1.0 and could force an end user to execute unwanted actions on a web application in which the person is currently authenticated. Thankfully, the vulnerability is fixed in Cisco DNA Center software releases 2.1.1.0, 2.1.2.0, 2.1.2.3, 2.1.2.4, and later.

North Korean hackers have targeted security researchers via social media
The Google Threat Analysis Group (TAG), a Google security team specialized in hunting advanced persistent threat (APT) groups, have warned that a North Korean government hacking group has targeted members of the cybersecurity community engaging in vulnerability research. In a report released by Google, North Korean hackers used profiles on various social networks, ranging from LinkedIn to Discord. “After establishing initial communications, the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together, and then provide the researcher with a Visual Studio Project,” said Adam Weidemann, a security researcher with Google TAG. The project in question contained malicious code that installed malware on the targeted researcher’s operating system, acting as a backdoor, contacting a remote command and control server and waiting for commands.

SonicWall investigating zero-day vulnerabilities due to recent breaches
SonicWall is currently investigating its Secure Mobile Access (SMA) 100 series hardware for potential vulnerabilities linked to a reported cyberattack. SMA 100 is a gateway for small- and medium-sized businesses that lets authorized users access resources remotely while also giving administrators visibility into remote devices that are connecting to the corporate network. There are a number of devices that are not affected by these vulnerabilities, all of which they have listed on their Twitter page. But, unfortunately, further information about the cyberattack itself is not available at this time.

Google’s BeyondCorp enterprise security platform now generally available
Google announced that their BeyondCorp zero-trust security platform is now generally available! BeyondCorp Enterprise builds on the existing BeyondCorp Remote Access, offering additional enterprise features such as embedded data and threat protection, DDoS protection, and more. As part of BeyondCorp Enterprise, businesses get an end-to-end zero trust solution.

Any security news you’d like to share from this week? Leave it down below!

1 Like