Keeping Up With the Patches: A Tour Through Spring 2019 Threat Alerts

Team Tenable

This spring brought a number of security updates from major tech players such as Oracle, Microsoft and Cisco. Which ones affect your enterprise? The Tenable Research team breaks it all down.

Spring 2019 brought with it a string of security updates plus a new directive from the U.S. Department of Homeland Security requiring federal agencies to speed up the time it takes to patch critical vulnerabilities from 30 days to 15 days.

As with all vulnerabilities, knowing which ones could actually affect your infrastructure can help save time and resources when it comes to patching. The question is: With all the vulnerabilities coming out each week, which ones are most likely to be exploited? 

These were among the topics discussed during a recent Tenable Research webinar hosted by Product Marketing Manager Claire Tills, and featuring Pablo Ramos, Research Engineering Manager, and Satnam Narang, Senior Security Response Manager.

Alerts, Alerts and More Alerts

Microsoft’s April Patch Tuesday alert addressed 74 vulnerabilities. The same month, Oracle’s quarterly Critical Patch Update contained nearly 300 different alerts and notifications affecting a wide range of the company’s products. And, for good measure, Cisco released a string of security alerts this spring as well.

With each alert and update, the Tenable Research team digs deep into the details to analyze how potential vulnerabilities might affect your business. For example, the team explored an Oracle update addressing a possible zero-day vulnerability, which could have affected unpatched versions of the company’s WebLogic servers — a type of middleware that sits between the front end and back end of large-scale web applications.

During the webinar, the team discussed the news of a zero-day vulnerability in Oracle WebLogic that was first reported through China’s National Vulnerability Database (CNVD) on April 17. Shortly after it was reported, researchers began to experiment with developing proof-of-concept (PoC) code based on the information in the CNVD report, most of which were not fully functional. 

“It wasn’t until Oracle almost released the patch that we started to see actual functioning proof-of-concept code,” said Narang. “That’s when we started working with the [Tenable] Vulnerability Detection Team to make sure we had something in place, and we did our own tests and we actually even tweaked one of the proof-of-concepts that we had seen out there to make sure it worked.” Around this time, Tenable’s Security Response Team observed chatter that attackers were utilizing working PoC code in attacks in the wild.

Malicious Sea Turtle

Another issue capturing the team’s attention originated with a report from Cisco Talos. It’s a DNS hijacking attack targeting organizations in the Middle East and North Africa, which originated with a previously unknown advanced persistent threat (APT) group called Sea Turtle.

During the webinar, the research team discussed how these types of attacks are designed to spoof websites to steal credentials and passwords. The goal? According to the Cisco Talos analysis, it’s about gaining access to the networks of organizations targeted by Sea Turtle as part of a fairly widespread espionage campaign.

In these types of DNS attacks, threat actors — especially those with connections to nation-states — take advantage of one of the older internet protocols. Many of these protocols were designed and built before modern cybersecurity concerns were a factor. 

The Tenable Research team discussed their interest in the background of this attack. Sea Turtle took advantage of a series of older vulnerabilities — some dating back to 2009 — including the Shellshock vulnerabilities found in the Unix Bash shell and bugs still found in Apache Tomcat.

The lesson here is obvious but worth repeating: patching, especially older flaws and bugs that linger, still matters.

DHS Directive: “Patch Faster”

Finally, the Research Team took note of a new directive issued from the U.S. Department of Homeland Security requiring federal agencies to speed up the time it takes to patch vulnerabilities in the software they use.

Under the new rules, security teams must patch software vulnerabilities deemed critical within 15 calendar days and fix high severity vulnerabilities within 30 days. Under previous rules, established in 2015, critical vulnerabilities needed remediation within 30 days and there were no specific guidelines for vulnerabilities deemed high.

Knowing which vulnerabilities are the most critical to patch is an ongoing challenge for cybersecurity professionals everywhere. Earlier this year, Tenable unveiled Predictive Prioritization to help teams improve their ability to prioritize vulnerabilities based on risk to the business. Predictive Prioritization combines Tenable-collected vulnerability data with third-party vulnerability and threat data and analyzes them together using an advanced data science algorithm developed by Tenable Research. The data analysis is used to develop a Vulnerability Priority Rating (VPR) for each vulnerability. VPR scores are now available in Tenable.sc and Tenable.io to help security teams improve their vulnerability management process.

The ability to zero in on those vulnerabilities that are actually being exploited enables security teams to focus their resources on patching the vulnerabilities posing the greatest threat to the network.

Learn more:

Read more >

Published on Jun 26, 2019

People also viewed

Enterprise Territory Manager - Chicago

Chicago Illinois United States Chicago, Illinois, United States Sales Sales
Your Role:Tenable is currently searching for an Enterprise Territory Manager. The Enterprise Territory Manager (ETM) is responsible for establishing and developing business through existing and new clients in an assigned territory.Your Opportunity...

Enterprise Territory Manager - Chicago

Milwaukee Wisconsin United States Milwaukee, Wisconsin, United States Sales Sales
Your Role:Tenable is currently searching for an Enterprise Territory Manager. The Enterprise Territory Manager (ETM) is responsible for establishing and developing business through existing and new clients in an assigned territory.Your Opportunity...

Software Engineer - Web Scraping (Python)

Remote United States Remote, United States, 97458 Research Engineering
Your Role:Tenable is looking for a Software Engineer to join our Automation research team.  This position will involve building and maintaining our framework for automated content creation, validation, and deliveryYour Opportunity: Impact: You wi...

Product Security Architect - Security Development Lifecycle

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Information Security IT
Your Role:As part of the Information Security team, the Principal Product Security Architect will help drive and coordinate security for Tenable’s applications and services portfolio. This includes designing and working on Security Development Lif...

Software Engineer

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Engineering Engineering
Your Role:Are you excited about the opportunity to work with microservices at scale? Do you like knowing that the changes that you deploy to production will improve the customer experience of many users worldwide? Do you like both the exciting, fa...

Software Engineering Manager, UI

San Jose California United States E Santa Clara St., San Jose, California, United States, 95113 Engineering Engineering
Your Role:Tenable is looking for an extraordinary Engineering Manager to join the Tenable.io Engineering team. This is an opportunity to make a high impact while helping the team deliver on a next-generation enterprise web application. The ideal c...

We have big plans for continued global growth, and we’re looking for people who are creative, flexible and dedicated to helping us build something great – something that matters.