Weekly IT Security News Bulletin, 2020-W12 16 March 2020 – 22 March 2020

Headlines

Ransomware deployment trends

By looking into tens of ransomware incidents from 2017 to 2019, a cyber intelligence company analysed several ransomware deployment trends including the initial infection vectors, dwell time and time of day of deployment. The incidents under research impacted organisations in various business sectors across different regions including North America, Europe, Asia Pacific and the Middle East.

Most ransomware victims were initially infected via Remote Desktop Protocol (RDP), phishing with web links or email attachments, and drive-by-downloads from compromised websites. The attackers in 75% of the incidents waited for three days to deploy the ransomware after gaining access into an organisation’s network, buying time to locate valuable systems for more effective attacks. Early detection, containment and remediation of initial intrusions or infections could therefore be more likely to break the kill chains of most ransomware attacks.

The researchers also found that in 76% of the incidents ransomware was executed outside office hours, possibly with an intent to defer discovery. As a trend, the attackers were expected to do more harm on their victims by combining the ransomware execution with data theft, demanding higher ransom payments, targeting on critical systems, and provoking higher urgency for victims’ payments.

Advice Restrict RDP access and deploy strong authentication for the access, especially for Internet-facing systems.

Educate end users to avoid risks of phishing and drive-by-downloads when they read emails and browse websites, and take offline backup of important data regularly.

Deploy automatic intrusion detection or protection solutions to monitor and alert for intrusions round the clock.

Sources FireEye ZDNet

GovCERT.HK Weekly IT Security News Bulletin 2020-W12 1

Mind the risks of virtual meetings

In the shadow of the Coronavirus-disease outbreak, the United States National Institute of Standards and Technology (NIST) advised organisations to exercise precautions when arranging virtual meetings for their home or remote office workers. Security measures were suggested to prevent information leakage and secure privacy in that remote and collective mode of communication.

Users of conference calls and web meetings were warned of the risk of eavesdropping if their virtual meetings were not set up properly. In particular, reusing the same access code for multiple virtual meetings might lead to inadvertent disclosure of sensitive conversations in a meeting to attendees of another meeting.

The NIST suggested that users should consider the sensitivity of topics to be discussed and follow their organisations’ security policies for holding virtual meetings. They should make use of built-in security functions of virtual meeting services such as multi-factor authentication to secure access, and dashboards to monitor attendees, if any. Recordings of a meeting should be encrypted and removed from the service provider’s storage after the meeting. Attendees should use end devices issued by their organisations to participate in the meetings and on-screen sharing of sensitive information should be avoided.

Advice Follow your organisation’s security policy and assess the security risks, especially in information confidentiality, before adopting virtual meeting services.

Avoid reusing access codes, adopt multi-factor authentication, and monitor attendees with a dashboard, as far as possible when holding virtual meetings.

Do not record meetings if not essential; encrypt the recordings and delete them from the service provider’s storage after the meetings if it is required to do so.

Sources NIST BleepingComputer

GovCERT.HK Weekly IT Security News Bulletin 2020-W12 2

Product Vulnerability Notes & Security Updates

1. Cisco SD-WAN Solution vManage

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200318-vmanage- cypher-inject https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200318-vmanage-xss https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanbo-QKcABnS2 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwclici-cvrQpH9v https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwpresc-ySJGvE9

2. Debian

https://www.debian.org/security/2020/dsa-4640 https://www.debian.org/security/2020/dsa-4641

3. Delta Electronics Industrial Automation CNCSoft ScreenEditor

https://www.us-cert.gov/ics/advisories/icsa-20-077-01

4. Gentoo Linux

https://security.gentoo.org/glsa/202003-09 https://security.gentoo.org/glsa/202003-11 https://security.gentoo.org/glsa/202003-12 https://security.gentoo.org/glsa/202003-13 https://security.gentoo.org/glsa/202003-14 https://security.gentoo.org/glsa/202003-15 https://security.gentoo.org/glsa/202003-16 https://security.gentoo.org/glsa/202003-17 https://security.gentoo.org/glsa/202003-18 https://security.gentoo.org/glsa/202003-19 https://security.gentoo.org/glsa/202003-20 https://security.gentoo.org/glsa/202003-21 https://security.gentoo.org/glsa/202003-22 https://security.gentoo.org/glsa/202003-23 https://security.gentoo.org/glsa/202003-24 https://security.gentoo.org/glsa/202003-25 https://security.gentoo.org/glsa/202003-26 https://security.gentoo.org/glsa/202003-27 https://security.gentoo.org/glsa/202003-28 https://security.gentoo.org/glsa/202003-29 https://security.gentoo.org/glsa/202003-30 https://security.gentoo.org/glsa/202003-31 https://security.gentoo.org/glsa/202003-32 https://security.gentoo.org/glsa/202003-33 https://security.gentoo.org/glsa/202003-34 https://security.gentoo.org/glsa/202003-35 https://security.gentoo.org/glsa/202003-36 https://security.gentoo.org/glsa/202003-37 https://security.gentoo.org/glsa/202003-38 https://security.gentoo.org/glsa/202003-39

GovCERT.HK Weekly IT Security News Bulletin 2020-W12 3

https://security.gentoo.org/glsa/202003-40 https://security.gentoo.org/glsa/202003-41 https://security.gentoo.org/glsa/202003-42 https://security.gentoo.org/glsa/202003-43 https://security.gentoo.org/glsa/202003-44 https://security.gentoo.org/glsa/202003-45 https://security.gentoo.org/glsa/202003-46

5. Google Chrome

https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html

6. McAfee Products

https://kc.mcafee.com/corporate/index?page=content&id=SB10310

7. OpenSSL

https://www.openssl.org/news/cl111.txt

8. openSUSE

https://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html https://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html https://lists.opensuse.org/opensuse-security-announce/2020-03/msg00024.html https://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html https://lists.opensuse.org/opensuse-security-announce/2020-03/msg00026.html https://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html

9. Oracle Linux

https://linux.oracle.com/errata/ELSA-2020-0815.html https://linux.oracle.com/errata/ELSA-2020-0820.html https://linux.oracle.com/errata/ELSA-2020-0834.html https://linux.oracle.com/errata/ELSA-2020-0850.html https://linux.oracle.com/errata/ELSA-2020-0851.html https://linux.oracle.com/errata/ELSA-2020-0853.html https://linux.oracle.com/errata/ELSA-2020-0892.html https://linux.oracle.com/errata/ELSA-2020-0896.html https://linux.oracle.com/errata/ELSA-2020-0897.html https://linux.oracle.com/errata/ELSA-2020-0898.html https://linux.oracle.com/errata/ELSA-2020-0902.html https://linux.oracle.com/errata/ELSA-2020-0903.html https://linux.oracle.com/errata/ELSA-2020-5569.html https://linux.oracle.com/errata/ELSA-2020-5576.html

10. PHP

https://www.php.net/ChangeLog-7.php#7.2.29 https://www.php.net/ChangeLog-7.php#7.3.16

GovCERT.HK Weekly IT Security News Bulletin 2020-W12 4

11. Red Hat

https://access.redhat.com/errata/RHSA-2020:0795 https://access.redhat.com/errata/RHSA-2020:0796 https://access.redhat.com/errata/RHSA-2020:0798 https://access.redhat.com/errata/RHSA-2020:0799 https://access.redhat.com/errata/RHSA-2020:0800 https://access.redhat.com/errata/RHSA-2020:0801 https://access.redhat.com/errata/RHSA-2020:0802 https://access.redhat.com/errata/RHSA-2020:0803 https://access.redhat.com/errata/RHSA-2020:0815 https://access.redhat.com/errata/RHSA-2020:0816 https://access.redhat.com/errata/RHSA-2020:0819 https://access.redhat.com/errata/RHSA-2020:0820 https://access.redhat.com/errata/RHSA-2020:0824 https://access.redhat.com/errata/RHSA-2020:0831 https://access.redhat.com/errata/RHSA-2020:0839 https://access.redhat.com/errata/RHSA-2020:0850 https://access.redhat.com/errata/RHSA-2020:0856 https://access.redhat.com/errata/RHSA-2020:0860 https://access.redhat.com/errata/RHSA-2020:0861 https://access.redhat.com/errata/RHSA-2020:0870 https://access.redhat.com/errata/RHSA-2020:0889 https://access.redhat.com/errata/RHSA-2020:0892 https://access.redhat.com/errata/RHSA-2020:0895 https://access.redhat.com/errata/RHSA-2020:0896 https://access.redhat.com/errata/RHSA-2020:0897 https://access.redhat.com/errata/RHSA-2020:0898 https://access.redhat.com/errata/RHSA-2020:0899 https://access.redhat.com/errata/RHSA-2020:0901 https://access.redhat.com/errata/RHSA-2020:0902 https://access.redhat.com/errata/RHSA-2020:0903

12. SUSE

https://www.suse.com/support/update/announcement/2020/suse-su-20200667-1/ https://www.suse.com/support/update/announcement/2020/suse-su-20200668-1/ https://www.suse.com/support/update/announcement/2020/suse-su-20200670-1/ https://www.suse.com/support/update/announcement/2020/suse-su-20200671-1/ https://www.suse.com/support/update/announcement/2020/suse-su-20200684-1/ https://www.suse.com/support/update/announcement/2020/suse-su-20200686-1/ https://www.suse.com/support/update/announcement/2020/suse-su-20200688-1/ https://www.suse.com/support/update/announcement/2020/suse-su-20200693-1/ https://www.suse.com/support/update/announcement/2020/suse-su-20200697-1/ https://www.suse.com/support/update/announcement/2020/suse-su-20200699-1/ https://www.suse.com/support/update/announcement/2020/suse-su-20200705-1/ https://www.suse.com/support/update/announcement/2020/suse-su-20200706-1/ https://www.suse.com/support/update/announcement/2020/suse-su-20200712-1/ https://www.suse.com/support/update/announcement/2020/suse-su-20200715-1/ https://www.suse.com/support/update/announcement/2020/suse-su-20200717-1/ https://www.suse.com/support/update/announcement/2020/suse-su-20200722-1/ https://www.suse.com/support/update/announcement/2020/suse-su-20200725-1/ https://www.suse.com/support/update/announcement/2020/suse-su-202014323-1/

GovCERT.HK Weekly IT Security News Bulletin 2020-W12 5

13. Ubuntu

https://usn.ubuntu.com/4171-5/ https://usn.ubuntu.com/4300-1/ https://usn.ubuntu.com/4301-1/ https://usn.ubuntu.com/4301-5/ https://usn.ubuntu.com/4302-1/ https://usn.ubuntu.com/4303-1/ https://usn.ubuntu.com/4303-2/ https://usn.ubuntu.com/4304-1/ https://usn.ubuntu.com/4305-1/ https://usn.ubuntu.com/4306-1/ https://usn.ubuntu.com/4307-1/ https://usn.ubuntu.com/4308-1/

14. VMware Products

https://www.vmware.com/security/advisories/VMSA-2020-0004.html

Sources of product vulnerability information: Cisco Debian Gentoo Linux Google Chrome McAfee openSSL openSUSE Oracle Linux PHP Red Hat SUSE Ubuntu US-CERT VMware

Contact: [email protected]

GovCERT.HK Weekly IT Security News Bulletin 2020-W12 6