V1.3.1 – Redux
What is a vulnerability?
A vulnerability is a software (or hardware) weakness, which can be exploited to perform unauthorized actions with in a computer system.
What does it mean?
Internet Explorer 9, (latest is internet explorer 11 – Edge) – You visit a website that contains a special code that just by viewing, as soon as you view the site the browser IE9 will start download and process the code of the website. Lets say for an example website has exploit.js inside the html code, ie9 downloads runs the javascript code, and the code calls for the vulnerability inside ie9. Code Gets injected and all of a sudden new code gets injected that execute Administrator level access. Exploit -> Run Code -> Admin yay!
www.securityfocus.com
https://www.us-cert.gov/
What do I do?
I Am a part of the SCCM Team (System Center Configuration Management), I take part with the lead with Vulnerability management Patch Management, also just took lead on Apple Mac patch and vulnerability management. I do a lot of Powershell scripting if really have to I would run vbscript.
SCCM Is a tool that is used across a network to do patch, application, and software management. (More information on such things is to read up on the ITiL foundations)
Current vulnerabilities we are working with, they lead to finding and locating Old machines that exist in over a huge network (est of over 4k computers desktop + laptop)
We have to hunt down old machines with broken SCCM Clients,
Recap: One part of SCCM, it is a central location for Microsoft updates across the network forcing with Group Policy to only update at this point instead of live internet. Reason for this; let say that there is a custom 3rd party application and one windows update fix breaks that 3rd party application now the employee is unable to do their job.
WannaCry:
(check this out for what is WannaCry https://en.wikipedia.org/wiki/WannaCry_ransomware_attack )
Mostly leads to -> SMB v1 -> ms17-010
https://support.microsoft.com/en-us/help/4013389/title
Dark Hotel APT -> Possible a group? Or a program? Labeled by the media from North Korea?
https://thehackernews.com/2014/11/darkhotel-apt-malware-targets-global.html
Current CVE’s linked to Dark Hotel.
CVE-2018-8174
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8174
CVE-2018-8242
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8242
CVE-2018-8373
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8373
Best Advice: Update yooourr! SHIT! (just update your stuff)
Windows -> patch Tuesday(second tueday of every month)
3rd party apps -> always update chrome(release weekly updates), adobe flash -> weekly updates -> Oracle Java Runtime Env. -> 1 maybe 2 times a month or 2 updates. Firefox -> week to bi-weekly updates.
Windows Defender – is good, 3rd party av’s are alright bloatware. Malwarebytes.