Drupal Vulnerability, Sectigo DevOps Integrations, & Vulnerable Fortinet VPNs – ESW #208
This week, Why Companies Should Outsource Cybersecurity During COVID and Beyond, Sectigo Adds Five PKI DevOps Integrations, a Drupal vulnerability press statement from ExtraHop, Palo Alto Networks launches Industry’s first 5G-Native Security offering, And Passwords exposed for almost 50,000 vulnerable Fortinet VPNs!
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Hosts
Paul Asadoorian
Principal Security Evangelist at Eclypsium
- 1. Why Companies Should Outsource Cybersecurity During COVID and BeyondData Point Reason No. 2: The remote workforce expands the threat surface. Data Point Reason No. 3: Cybersecurity experts that meet your needs are hard to find, nurture and retain. Data Point Reason No. 4: It takes too much time and money to get in-house SOCs up and running. Data Point Reason No. 5: Businesses and other organizations want to lower their liability.
- 2. Sectigo Adds Five PKI DevOps IntegrationsSectigo released Chef, Jenkins, JetStack Cert-Manager, Puppet, and SaltStack integrations for its certificate management platform. The new integrations, which expand upon Sectigo's first round of DevOps integrations, seize the benefits of automation for DevOps environments and further aid DevSecOps teams in speeding application deployment by using automation to provision certificates.
- 3. Canonical publishes set of secure container application images – Help Net Security“We address high and critical CVEs in LTS offerings, and fix critical issues within 24 hours.” The Snyk report finds the average time for enterprises to remediate homegrown images is 68 days.
- 4. Drupal vulnerability press statement from ExtraHopA malicious file with a double extension (e.g., php.txt) could be “interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations,” the Drupal security team noted.
- 5. Respond Software Joins the FireEye TeamToday, FireEye announced that Respond Software is joining our Team. Respond is the creator of an AI Based Cloud native XDR Engine that automates the investigation of security alerts at machine speed. Respond Software is a perfect fit with our Mandiant Advantage platform, adding proven automation technology in the fast-growing category of Extended Detection and Response (XDR) to help secure our customers.
- 6. FireEye receives USD 400 mln investment from Blackstone, buys Respond Software
- 7. Splunk to Acquire Network Performance Monitoring Leader FlowmillWith this acquisition, Splunk will continue to deliver on its vision to offer the world’s most comprehensive Observability Suite. With Flowmill, Splunk further expands its existing observability capabilities, giving customers the ability to ingest, analyze and take action on additional cloud network and infrastructure data to quickly resolve network-related issues, optimize network performance and reduce network costs.
- 8. Palo Alto Networks launches Industry’s first 5G-Native Security offering
- 9. Digital Shadows launches sensitive document alerts with added contextDigital Shadows SearchLight™ already detects exposure of a protectively marked document (i.e. a document that says "private and confidential" or another identifier). From December 1st, two new alert types will be added for exposed technical documents (including security assessments and product designs) and exposed commercial documents (such as legal and payroll data). These documents do not need to have protective markings to be identified and associated with their organizations.
- 10. McAfee launches app marketplace, developer portal
- 11. Passwords exposed for almost 50,000 vulnerable Fortinet VPNsThe exploitation of critical FortiOS vulnerability CVE-2018-13379 lets an attacker access the sensitive "sslvpn_websession" files from Fortinet VPNs. These files contain session-related information, but most importantly, may reveal plain text usernames and passwords of Fortinet VPN users. Today, threat intelligence analyst Bank_Security has found another thread on the hacker forum where a threat actor shared a data dump containing "sslvpn_websession" files for every IP that had been on the list.