Insights

Google announced today that they have accidentally stored user passwords unprotected in plaintext. Google says that the bug affected "a small percentage of G Suite users," meaning it does not impact individual consumer accounts, but does affect some business and corporate accounts, which have their own risks and sensitivities. The company typically stores passwords in a cryptographic hash. However, a bug in G Suite's password recovery feature for administrators caused unprotected passwords to be stored in the infrastructure of the admin console. Google has disabled the features that contained the bug. Google is in the process of notifying G Suite administrators, and says that it will also automatically reset any impacted passwords that haven't already been changed. The company discovered the bug in April. Since all impacted passwords that haven't already been changed will be auto-reset by Google, you should focus on adding two-factor authentication to your G Suite account…

In the last 24 hours, Critical Path Security has seen a couple of critical vulnerabilities that could affect your IT infrastructure and employee communication streams. Here is what you need to know: Microsoft Remote Desktop Services Remote Code Execution Vulnerability Remote code execution vulnerabilities are considered to be the most effective means of breaching networks and spreading malware. It allows an adversary to compromise systems with relative ease. In most cases, this can result in circumvention of perimeter security technologies protecting internal corporate networks from attackers on the public Internet. Microsoft has released a patch which fixes a serious remote desktop services remote code execution vulnerability (CVE-2019-0708). This vulnerability affects Windows XP, Vista, 7, Server 2003 and Server 2008. The patch has been made available to currently supported operating systems, which are Windows 7 and Windows Server 2008. In a rare move, Microsoft is also releasing update for Windows XP…

The Mirai botnet that once only targeted home based IoT devices is now a threat to the enterprise. This new strain of the malware is targeting routers, IP cameras, and network storage devices. According to Palo Alto’s Unit 42 research, “This development indicates to us a potential shift to using Mirai to target enterprises.” The targeting of enterprise devices will allow Mirai to have larger bandwidth than it previously had before from consumer devices. This will enable it to launch more effective DDoS attacks, like the ones it became infamous for in 2016. The DDoS attacks in 2016 were so effective that at one point an estimated 25% of the Internet was disconnected and in another case the entire country of Liberia lost Internet connectivity. The original source code for Mirai was posted to GitHub and has been forked into new variants nearly 3,000 times. The evolving Mirai variants make…

This article began with ShadowHammer as the primary topic, a scathing rebuke of ASUS for their total lack of effort in securing an unnecessary utility that they install on every system they ship. However I then saw the news about OfficeDepot’s System Health Checker tool being a complete sham designed to pressure people into purchasing software and services they do not need which triggered memories of other similar betrayals. I can easily recall a dozen times “trusted third party vendors” were responsible for a breach: CCLeaner, a utility designed to improve performance, delivered malware. The malware ShadowPad was baked into popular server management tools. Saks Fifth Avenue and Lord & Taylor: 3rd party provided point of sale system. BestBuy, Sears, Kmart, Delta: customer service vendor. Corporation Service Company: unknown vendor. UnderArmour: MyFitnessPal (Acquired vulnerable environment) UMG: Cloud Storage provider. Target: HVAC contractor. Applebee’s: 3rd party provided point of sale system…