Blog entry by Les Bell

Les Bell
by Les Bell - Monday, 15 August 2022, 8:29 AM
Anyone in the world

Welcome to today's daily briefing on security news relevant to our CISSP (and other) courses. Links within stories may lead to further details in the course notes of some of our courses, and will only be accessible if you are enrolled in the corresponding course - this is a shallow ploy to encourage ongoing study. However, each item ends with a link to the original source.

News Stories


Microsoft Finally Reverses Advice on DogWalk

This story has been emerging for some time. Despite first claiming that the DogWalk vulnerability was not a security issue, Microsoft has now issued a patch for CVE-2022-34713 and is advising customers to install it as soon as possible. The patch was part of last week's Patch Tuesday (Wednesday in the Antipodes) update, so many users on an auto-update policy will already have installed it, but enterprise users may not yet have patched Windows Server systems.

The RCE vulnerability allows attackers to exploit the Microsoft Support Diagnostic Tool via either social engineering or phishing and has been known since January 2020, so this has been quite a long delay on Microsoft's part.

Trueman, Charlotte, Microsoft urges Windows users to run patch for DogWalk zero-day exploit, ComputerWorld, 11 August 2022. Available at https://www.computerworld.com/article/3669434/microsoft-urges-windows-users-to-run-patch-for-dogwalk-zero-day-exploit.html.

Massive Ransomware Outage Hit UK NHS

A service provider to the UK's National Health Service has been hit by a targeted ransomware attack, shutting down or slowing access to patient records, the 111 telephone advice service and the out-of-hours appointment booking system for general practices. Some urgent treatment centres and mental health providers have also been affected.

At the time of writing, the National Cyber Security Centre and the Information Commissioner's Office are both working to investigate the attack on service provider Advanced, but have not identified who is behind the attack. Idle speculation suggests that it could be any of several groups who have spun off from the Conti gang, but there are many others who have specialised in healthcare attacks, including BlackCat, Quantum, Hive and AvosLocker.

Full restoration of services could take some weeks, as data must be restored, systems reconfigured and updated, additional controls possibly installed, and the remediation plans approved by NHS Digital. The repercussions are likely to continue for even longer, as patient data may well have been exfiltrated.

36 different healthcare trusts use Advanced's services; while the NHS is able to achieve economies of scale through this kind of arrangement, this breach illustrates the danger of putting so many eggs in one basket.

Milmo, Dan and Denis Campbell, Fears for patient data after ransomware attack on NHS software supplier, The Guardian, 11 August 2022. Available online at https://www.theguardian.com/society/2022/aug/11/fears-patient-data-ransomware-attack-nhs-software-supplier.

9,000 Machines Online With No Passwords

VNC (virtual network computing) is a popular cross-platform software tool for providing graphical remote access for system installation, configuration and management - it is used to install SuSE Linux Enterprise Server on IBM zSeries mainframes, for example and is a popular alternative to SSH'ing to the command line for novice Linux system administrators.

Now security researchers at Cyble have discovered over 9,000 VNC endpoints which are not secured with a password, including SCADA and ICS systems such as water treatment plants, which could allow an attacker to remotely control pumps, causing all kinds of problems. While the systems are found all over the world, the majority are found in Sweden (perhaps unsurprising considering its size) with Sweden not far behind (surprising considering its size).

Toulas, Bill, Over 9,000 VNC servers exposed online without a password, Bleeping Computer, 14 August 2022. Available online at https://www.bleepingcomputer.com/news/security/over-9-000-vnc-servers-exposed-online-without-a-password/.

Want to Program? Go Python

The August edition of the TIOBE Index, which charts the popularity of different programming languages, shows that Python has now definitively passed long-time leaders C and Java. Although C and C++ did gain popularity, primarily for systems programming where performance is the key criterion in language selection, the all-round capability of Python will probably see it retain the top spot for some time to come.

Because Python features a REPL (Read, Evaluate, Print, Loop) interface which allows interactive execution, it is quite easy to learn its basic features. However, it can also compile its code for efficiency, and so the language is used in everything from small Raspberry Pi-based embedded systems through scripting applications for systems administration and reporting to scientific computing, data analysis and machine learning.

If asked to recommend which language security professionals should pick up for occasional use, the answer would have to be Python.

Other security-related language movements include the continued growth of safe systems-programming language Rust and the first appearance of Google's new C-derived language, Carbon.

Uncredited, TIOBE Index for August 2022: Python going through the roof, TIOBE (The Importance of Being Earnest), August 2022. Available online at https://www.tiobe.com/tiobe-index/.


These news brief blog articles are collected at https://www.lesbell.com.au/blog/index.php?courseid=1. If you would prefer an RSS feed for your reader, the feed can be found at https://www.lesbell.com.au/rss/file.php/1/dd977d83ae51998b0b79799c822ac0a1/blog/user/3/rss.xml.

Creative Commons LicenseCopyright to linked articles is held by their individual authors or publishers. Our commentary is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Tags: