F5 Server iControl REST unauthenticated remote command execution vulnerability

RedSeal Cyber Threat Series

F5 has released patches for several BIG-IP and BIG-IQ critical vulnerabilities. CVE-2021-22986 is the most critical since it allows unauthenticated attackers with network access to use the iControl REST interface, via the BIG-IP management interface and self IP addresses, to execute system commands that could lead to complete system compromise. This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane.

RedSeal customers should:

  1. Run a custom best practice check to receive a list of vulnerable devices
  2. Create and run daily reports until all affected systems are patched.

For additional details, contact your RedSeal sales representatives or email info@redseal.net

References:

https://support.f5.com/csp/article/K03009991

https://www.tenable.com/blog/cve-2021-22986-f5-patches-several-critical-vulnerabilities-in-big-ip-big-iq

 

RedSeal Given 5-Star Rating in 2021 CRN Partner Program Guide

CRN | March 29, 2021

RedSeal has received a 5-Star rating from CRN, a brand of The Channel Company, in its 2020 Partner Program Guide. This annual guide lists the best partner programs from technology companies. The 5-Star rating is awarded to an elite group of technology suppliers in the IT channel that provide the best of the best — maximum value and support for solution providers.

RedSeal Named Winner of TMC’s Cloud Computing Product of the Year Awards

Technology Marketing Corporation | March 26, 2021

RedSeal was named of a winner of Technology Marketing Corporation’s Cloud Computing Product of the Year Awards,. The awards, presented by Cloud Computing magazine, honors vendors with the most innovative, useful, and beneficial cloud products and services that have been available to deploy within the past year.

5 Things I Wish Someone Told Me Before I Began Leading My Company

Authority Magazine | March 23, 2021

An Interview Between Charlie Katz and RedSeal CEO Bryan Barney

What do you think makes your company stand out? Can you share a story?
What makes RedSeal so great is we understand network paths better than anyone in the cybersecurity industry. Modern networks are so complex, no one really understands them. Companies don’t understand what is on their network, how everything is connected, or the security implications. You can’t secure what you don’t understand, and we allow people to understand their network environment. This is particularly important and urgent in the cloud environments that are quickly becoming the heart of all networks.

RedSeal Delivers the Most Comprehensive Cloud Security Solution to Reduce Cyber Risk by Identifying Network Resources Exposed to the Internet

Integration with Oracle Cloud Infrastructure expands visibility to include majority of public and private clouds and on-premises network environments

SAN JOSE, Calif. — Today RedSeal, announced its integration with Oracle Cloud Infrastructure, cementing its position as the most comprehensive solution for measurably reducing cyber risk across cloud and hybrid cloud environments. Now, RedSeal can consolidate network data from four of the five most prevalent cloud infrastructures – Amazon Web Services, Microsoft Azure, Google Cloud Platform and Oracle Cloud Infrastructure– as well as VMware NSX and Cisco ACI, and physical networks, to provide the most holistic network security awareness.

To accurately identify and locate assets unintentionally exposed to the internet, RedSeal brings data from network environments into one comprehensive, dynamic visualization. With 93% of enterprises having a multi-cloud strategy and 87% having a hybrid cloud strategy, the demand for unified, holistic insight is unprecedented. (The 2020 Cloud Computing Trends report).

“Across enterprises, security teams, CISOs and CIOs are struggling to secure the large and quickly growing cache of enterprise assets moving to various cloud environments,” said Chris Steffen, research director for information security at EMA. “RedSeal can play an important role in helping these teams and individuals understand their complex network environments, while delivering confidence that there is no unintended exposure in their network.”

Distinguishing itself from other cloud security products, RedSeal provides cyber teams with mission-critical insights, including:

  • Understanding exactly what resources exist and where they are, across all public, private cloud and on-premises environments
  • If any of those resources are unintentionally exposed to the internet
  • What access is possible within and between cloud and on-premises environments
  • Confirmation of the riskiest vulnerabilities in the cloud, so they can be remediated first

In addition, RedSeal automates essential processes, such as:

  • Verifying that network devices and cloud environments meet security best practices
  • Validating cloud network segmentation policies
  • Continuously monitoring compliance with internal policies and external regulations

“Organizations are using a combination of cloud native and third-party security controls from multiple vendors,” said Kurt Van Etten, chief product officer at RedSeal. “Only RedSeal can accurately evaluate all these controls in one place.”

Fully Managed Services Formally Available

To help inundated security teams reduce security risk and ensure their network is configured the way they intended, RedSeal is formally offering additional value via three levels of subscription-based, professional services. All three tiers include a RedSeal security engineer who will work collaboratively with cybersecurity teams on an ongoing basis to deliver various assessments and make prioritized recommendations to mitigate risks. For subscribers, RedSeal will optimize, upgrade and maintain the RedSeal solution, along with their security engineer’s assessments and recommendations. The three levels are:

  • Cyber Visibility — includes assessments of both the network and endpoint inventory, as well as their secure configurations
  • Cyber Compliance — adds network segmentation and compliance monitoring as well as security change reviews, in addition to the Cyber Visibility offerings. As a result, staff can be confident that they are continuously monitoring compliance with policies and regulations like PCI DSS and NERC-CIP, and validating segmentation policies
  • Cyber Risk Management adds incident investigation, security posture monitoring, vulnerability risk prioritization and cyber risk assessment, in addition to the offerings from the other two tiers

In 2020, RedSeal won Cloud Computing Magazine’s Security Excellence Award and Security Today’s New Product of the Year for its cloud security solutions and services.

Prioritizing risk in M&A due diligence in the COVID-19 era, and beyond

Cybersecurity Drive | March 22, 2021

The recession caused by the coronavirus pandemic had a chilling effect on economic activity, as companies determined next steps. For some, the solution to weather the contraction was to limit spending, while others accelerated innovation and technology adoption.

The good news is that there is nowhere to go but up. There is likely to be significant pent up demand in the coming year for M&As. In fact, a global survey of 250 senior M&A executives conducted by law firm White & Case LLP found dealmakers are optimistic about the outlook for M&A activity, with three-quarters saying they expect M&A activity to increase in their region in the coming year.

Security Think Tank: CNI operators are in an unenviable position

Computer Weekly | March 15, 2021

The operators of critical national infrastructure (CNI) are in an unenviable position, between the devil and the deep blue sea, as two very different worlds collide.

Most critical infrastructure was built up over a century or more of careful, incremental steps by civil engineers, and they focused on the primary threat they faced – lack of availability. If you deliver power, water, or anything else that lives depend on, you focus your attention on making sure the service is never interrupted.

You think through scenarios such as natural disasters, extreme weather, even longer-term risks such as climate change. It’s always you against Murphy’s Law – you assume each element will eventually fail, and so you build in double or triple redundancy.

Microsoft Releases Fixes for 4 Zero Day Exchange Server Vulnerabilities

RedSeal Cyber Threat Series

Multiple news sources, security researchers and security agencies have reported on a new attack against tens, if not hundreds, of thousands of Internet accessible Exchange servers configured for Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Outlook Web App (OWA) access. These attacks are being carried out by the China nation/state sponsored hacking group known as Hafnium.

The exploit utilizes 4 Zero Day vulnerabilities in Microsoft Exchange software, three in Exchange and one in Unified Messaging Services.

The four Zero Day Microsoft CVEs are as follows:
• CVE-2021-26855 – allows an attacker to send specific HTTP requests and authenticate to the Exchange Server
• CVE-2021-26857 – insecure deserialization in Unified Messaging allows remote code execution on Exchange sever
• CVE-2021-26858 – post authentication arbitrary file write vulnerability in Exchange
• CVE-2021-27065 – post authentication arbitrary file write vulnerability in Exchange

The result is a persistent web shell that allows attackers to steal data and perform other malicious actions.

RedSeal customers should:

1) Track the Hosts that the vulnerability scanner identifies as Exchange servers (this example was done with Rapid7 data).

2) Report to inventory the existence of hosts with any of the four vulnerabilities required for this exploit

3) Report on the access from subnets indicated as Internet to Exchange servers via TCP 443

4) -optional- Report on the access from ALL subnets to Exchange servers via TCP 443

All of these actions will be performed using the RedSeal Java UI.

For additional details, contact your RedSeal sales representatives or email info@redseal.net

References:
https://cyber.dhs.gov/ed/21-02/

How these C-suite leaders managed their teams and innovated during Covid-19

Silicon Valley Business Journal | March 9, 2021

Hear from members of this year’s C-Suite Award honorees, including RedSeal CTO Dr. Mike Lloyd, talk about how they approached leading their teams and innovating their products during the pandemic.