Cybersecurity's Week From Hell
Two years after WannaCry ransomware was unleashed, the cybersecurity realm isn't any calmer. This week, multiple flaws - all serious, all exploitable and some already being actively exploited in the wild - have come to light. Big names - including Cisco, Facebook, Intel and Microsoft - build the software and hardware at risk. And fixes for some of the flaws are not yet available.
A buffer overflow flaw in WhatsApp has been used to target individuals and apparently to install Pegasys spyware, built by Israel's NSO Group and sold to governments and law enforcement agencies.
Side-channel speculative execution flaws continue to be discovered in CPUs. This week, a team of researchers as well as Intel confirmed that they'd found more flaws in processors along the lines of the Spectre and Meltdown flaws that came to light in early 2018. Dubbed ZombieLoad, the vulnerabilities would allow an attacker to retrieve private data from a processor's buffers.
To block another WannaCry-type worm, Microsoft is urging many users to update Remote Desktop Services - formerly known as Terminal Services - to fix CVE-2019-0708 (see: To Prevent Another WannaCry, Microsoft Patches Old OSs).
Thangrycat: Research published this week shows that secure boot functionality built into many Cisco devices isn't secure.
Hence organizations will have to patch. But in the meantime, in some cases they're still waiting for patch release dates, and thus having to track when they might be able to start testing and then planning to roll out future fixes.