The Briefing – WK47 2020
Curated for business leaders, small business owners and security staffers; The Briefing is a compact summary of noteworthy security stories impacting global business sectors and industries prevalent across the Caribbean Region.
GLOBAL NEWS
Remote Code Execution Vulnerability Patched in Drupal:Â
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This vulnerability is tracked under CVE-2020-13671
Researchers Find Tens of AWS APIs Leaking Sensitive Data:Â
Palo Alto Networks security researchers identified more than 20 Amazon Web Services (AWS) APIs that can be abused to obtain information such as IAM users and roles. The root cause of the issue is that the AWS backend proactively validates all the resource-based policies attached to resources such as Amazon Simple Storage Service (S3) buckets and customer-managed keys. A Principal field is typically included in resource-based policies, to specify the users or roles with access to the resource. However, if a nonexistent identity is included in the policy, the API call to create or update the policy fails, and an attacker can abuse this feature to check existing identities in an AWS account.
Russia, China ‘Cyber Threats’ Target Canada: Report:Â
State-sponsored programs from China, Russia, Iran and North Korea pose the greatest high-tech threats to Canada according to The Canadian Centre for Cyber Security. The most sophisticated capabilities belong to state sponsored cyber threat actors who are motivated by economic, ideological, and geopolitical goals. The center found that those four countries are very likely attempting to build up capacities to disrupt key Canadian infrastructure like the electricity supply to further their goals.
Study Finds New/Remote Employees Immediately Given Access to Millions of Files:Â
Study finds that many remote workers have unrestricted freedom to view, copy, move and change data to almost 20% of all company files containing sensitive employee and customer data. A new report demonstrates that the size of the problem for financial services created by the COVID-related switch to remote working can only be solved by automation. Mobilizing workforces without proper security controls exponentially increases the risk posed by insiders, malware, and ransomware attacks, and opens companies up to possible non-compliance with regulations such as SOX, GDPR, and PCI.
CARIBSOC advises organisations to corroborate all data and information as a matter of course when determining impacts to their staff & infrastructure.