Are your systems secure? On this episode of The Cybersecurity Insider hosted by Yigal Behar, we dig into a series of critical vulnerabilities including the Globant Breach, Lapsus$ hacking group, the Linux Dirty Pipe exploit, and vulnerabilities impacting QNAP and OpenSSL.
Openssl, Qnap & Linux Vulnerabilities Are a Patchwork of Problems
Yigal discusses several important vulnerabilities impacting various systems.
He begins with a recently discovered and patched vulnerability in OpenSSL, an open-source framework widely used for SSL VPN connections in various devices and appliances. QNAP, known for its network-attached storage (NAS) devices, is one such user of OpenSSL, but has not yet released a fix for another vulnerability affecting its systems.
Yigal clarifies that while OpenSSL patched the initial vulnerability, another one exists within Palo Alto appliances that could lead to denial-of-service conditions. He advises users to patch their OpenSSL VPNs by downloading the updates and installing them on any third-party appliances as soon as possible.
The conversation then shifts to a Linux vulnerability called “Dirty Pipe,” which affects QNAP NAS devices running QTS 5 and QTS Hero h5.0.x. However, it doesn’t affect QNAP devices running QTS4.x, which is good news for users of those systems.
At the time of recording, there are no mitigations for the Dirty Pipe vulnerability, but QNAP is expected to release a fix soon. Yigal recommends that users install the patch on their QNAP devices as soon as it becomes available.
The Lapsus$ Group, Globant Breach & Importance of Authentication Security
Continuing the discussion, Yigal emphasizes the importance of updating Linux devices to protect against the Dirty Pipe vulnerability. He then shifts focus to an interesting development involving the Lapsus$ group and Okta.
Yigal explains that Lapsus$, a cyber extortion group, has been responsible for attacks on Microsoft and other companies, which is why Microsoft was interested in acquiring Okta.
The Lapsus$ group recently targeted another company called Globant and was able to release 70 gigabytes of stolen data belonging to various high-tech companies. This data includes source code and certificates, which could have major implications as it falls into the hands of malicious actors.
Yigal warns that the stolen source code could enable hackers to launch more sophisticated attacks that would be difficult to detect and mitigate.
He asserts the need to monitor and secure authentication mechanisms to prevent unauthorized access and potential misuse of sensitive data. “I’m not talking about protection or patches [sic], this goes beyond that point. So, be on a lookout, make sure you add it, make sure you know what’s going on with your authentication.”
Real-Life MFA Risks
Yigal shares a real-life example from his own experience to emphasize the importance of MFA (multi-factor authentication) verification.
He recounts how one of his technicians was trying to sign into a customer’s account, which triggered an MFA notification on his phone.
While he approved the access, he realized a minute later that he should have verified with the technician first before approving. This highlights the risk associated with blindly approving MFA requests without verifying the source.
Yigal claims that even security professionals can make these mistakes, and it’s best to be 100% aware and verify the authenticity of MFA requests before approving them. He stresses that even one such incident can cause significant damage.
Is Microsoft’s Internet Explorer Legacy Mode A Viable Solution?
He briefly mentions that Microsoft is retiring Internet Explorer 11 in June, marking the end of an era for the web browser.
Yigal continues, explaining that Microsoft is retiring Internet Explorer 11 in June and replacing it with Edge, which includes a legacy IE mode. However, Yigal expresses skepticism about the effectiveness of this mode, based on his experience.
He gives an example of a customer, Macy’s, whose vendor website only works with Internet Explorer 11 and does not support modern browsers like Edge, Chrome, or Firefox. With Internet Explorer being retired and no longer receiving updates, users like Macy’s will be forced to find alternative solutions.
Yigal understands that some users may still rely on legacy systems that require Internet Explorer 11, and he wants to inform them about the upcoming change.
He ends the podcast with a final reminder to be cautious when approving MFA requests and verify the source first to avoid possible security risks.For more cybersecurity updates and the latest news, head over to The Cybersecurity Insider podcast. You can also join us on our YouTube channel, Apple Podcasts, and Spotify to stay informed and up-to-date.
The CybersecurityInsider Ep 32
Globant Breach by Lapsus$ 70 GB and certificates were leaked.
Linux Dirty Pipe effect QNAP
OpenSSL affects QNAP and Palo Alto Networks
Microsoft IE11 is being retired in June
The CybersecurityInsider
Host – Yigal Behar