fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Cisco Fixes 6-month-old AnyConnect VPN Zero-day With Exploit Code

Cisco Fixes 6-month-old AnyConnect VPN Zero-day With Exploit Code

Cisco has fixed a six-month-old zero-day vulnerability found in the Cisco AnyConnect Secure Mobility Client VPN software, with publicly available proof-of-concept exploit code.

The company’s AnyConnect Secure Mobility Client allows working on corporate devices connected to a secure Virtual Private Network (VPN) through Secure Sockets Layer (SSL) and IPsec IKEv2 using VPN clients available for all major desktop and mobile platforms.

Cisco disclosed the zero-day bug tracked as CVE-2020-3556 in November 2020 without releasing security updates but provided mitigation measures to decrease the attack surface.

While the Cisco Product Security Incident Response Team (PSIRT) said that CVE-2020-355 proof-of-concept exploit code is available, it also added that there is no evidence of attackers exploiting it in the wild.

The vulnerability is now addressed n Cisco AnyConnect Secure Mobility Client Software releases 4.10.00093 and later.

These new versions also introduce new settings to help individually allow/disallow scripts, help, resources, or localization updates in the local policy, settings that are strongly recommended for increased protection.

Also Read: Practitioner Certificate In Personal Data Protection: Everything You Need To Know

Default configurations not vulnerable to attacks

This high severity vulnerability was found in Cisco AnyConnect Client’s interprocess communication (IPC) channel, and it may allow authenticated and local attackers to execute malicious scripts via a targeted user.

CVE-2020-3556 affects all Windows, Linux, and macOS client versions with vulnerable configurations; however, mobile iOS and Android clients are not impacted.

As the company disclosed in November, successful exploitation requires active AnyConnect sessions and valid credentials on the targeted device.

Cisco added that the vulnerability:

  • Is not exploitable on laptops used by a single user, but instead requires valid logins for multiple users on the end-user device.
  • Is not remotely exploitable, as it requires local credentials on the end-user device for the attacker to take action on the local system.
  • Is not a privilege elevation exploit. The scripts run at the user level by default. If the local AnyConnect user manually raises the privilege of the User Interface process, the scripts would run at elevated privileges.
  • Rated as high severity because, for configurations where the vulnerability is exploitable, it allows one user access to another user’s data and execution space.

Mitigation also available

Customers who cannot immediately install the security updates released yesterday can still mitigate the vulnerability by toggling off the Auto Update feature.

The attack surface can also be reduced by disabling the Enable Scripting configuration setting on devices where it’s enabled.

Cisco also provides detailed upgrade instructions for customers who have already applied the recommended workarounds or cannot upgrade to the patched releases.

One year ago, Cisco warned about two actively exploited zero-day vulnerabilities impacting the Internetworking Operating System (IOS) used on its networking equipment.

Also Read: The DNC Singapore: Looking At 2 Sides Better

Last week, the company also fixed critical SD-WAN vManage and HyperFlex HX software security flaws that could allow remote attackers to create rogue admin accounts or execute arbitrary commands as root.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us