Archive for Digital Defense

Digital Defense, Inc. Discloses cPanel & WHM Vulnerability

Posted in Commentary with tags on November 24, 2020 by itnerd

Digital Defense, Inc., a leader in vulnerability and threat management solutions, today announced that its Vulnerability Research Team (VRT) uncovered a previously undisclosed vulnerability affecting the cPanel & WebHost Manager (WHM) web hosting platform. cPanel &WHM version 11.90.0.5 (90.0 Build 5) exhibits a two-factor authentication bypass flaw, vulnerable to brute force attack, resulting in a scenario where an attacker with knowledge of or access to valid credentials could bypass two-factor authentication protections on an account. Digital Defense’s internal testing demonstrated that an attack can be accomplished in minutes.

cPanel & WHM is a suite of tools built for Linux OS that allows hosting providers and users the ability to automate server management and web hosting tasks while simplifying the process of website hosting for the end user. Serving the global hosting community for over 20 years, cPanel touts having over 70 million domains launched on servers using cPanel & WHM to date.

What You Can Do

cPanel’s recent advisory provides more details about the updates that have been released, which should be applied: https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/. For additional information, customers should contact cPanel directly.

Digital Defense Research Methodology and Practices

The Digital Defense VRT regularly works with organizations promoting the responsible disclosure of zero-day vulnerabilities. The expertise of the VRT, when coupled with the company’s next generation hybrid cloud platform, Frontline Vulnerability Manager, enables early detection capabilities. When zero-days are discovered and internally validated, the VRT immediately contacts the affected vendor to notify the organization of the new finding(s) and assists, where possible, with the vendor’s remediation actions.

To view Digital Defense’s zero-day advisories to date, please visit: https://www.digitaldefense.com/vulnerability-research-team/vulnerability-research/.

New Report: Insight Into Vulnerability Preparedness Across Financial Sector

Posted in Commentary with tags on September 25, 2020 by itnerd

New pressures presented by the hastened digital transformation due to this year’s global pandemic have put banks, credit unions and other financial institutions of all sizes in the position of assessing and implementing new cloud technologies faster than they would prefer. Additionally, the speed with which they have had to stand up remote workers and deliver services to remote customers has introduced new areas of risk. Malicious actors have discovered this and pounced. The frequency of cyberattacks on financial institutions is relentless with alerts and warnings being issued constantly. According to recent reports, cybersecurity attacks targeting banks have surged 238% due in large part to COVID-19.

Digital Defense, Inc., provider of vulnerability and threat management solutions, recently ran peer comparison reports on its bank, credit union, and financial services clients to gain greater insight into industry-specific threats and threat and vulnerability preparedness across the financial sector.

The chart below provides the 12-month average Security GPAs** for internal and external scanning and compares 2020 scores with the same period in 2019. For additional context, the Security GPAs for banks, credit unions, and financial services firms were averaged to calculate an overall financial industry GPA for internal and external vulnerability scanning.

Report findings:

  • Over the past 12 months, all financial verticals performed above the platform average Security GPA for both their internal (2.72 B-) and external (3.37 B+) vulnerability scanning and remediation efforts.
  • The bank and credit union Security GPAs for external scanning indicate that these two groups have made headway improving their external security posture by prioritizing high-impact vulnerabilities that put their organizations most at risk. 
  • On the other hand, the financial services vertical’s 2020 internal GPA (2.81 B-) is noticeably lower than 2019 (3.05 B+). Many variables can impact a decreased Security GPA, especially as we account for the extensive network changes in the financial industry over the past several months. Situations that could be contributing factors to the lower 2020 internal GPA for financial services include:
    • A large deployment of hardware, software, or operating systems triggered several high-level vulnerabilities that are not being addressed because organizations are going through a technology refresh.
    • New vulnerabilities discovered that are targeting applications specific to the financial services vertical.
    • Financial services customers may have a sizeable deployment of applications or operating systems that have recently reached end-of-life (EOL), triggering additional vulnerabilities.
  • Most notable in this industry comparison is that most of Digital Defense’s financial clients’ year-over-year scores exceed platform averages, remain consistent and improve during a time of significant technology changes across the industry. The data indicates that financial organizations are prioritizing vulnerabilities that have the most impact on their security posture and are putting security first by acting on incidents identified through their vulnerability management program.

More info can be found here.

Digital Defense Announces New Partner Program For Managed Service Providers

Posted in Commentary with tags on August 4, 2020 by itnerd

Digital Defense, Inc., today announced a new Managed Service Provider (MSP) partner program that empowers partners to raise their brand profile, service offerings and proof of value to their clients in the new economics of cloud and on-premises security solutions.

By 2026, 77% of cybersecurity spending is expected to be for externally managed security services.* The Digital Defense MSP Partner Program, along with Digital Defense’s cloud-native SaaS platform, Frontline.Cloud, supports the growing trend of clients procuring Security-as-a-Service from MSPs and creates actionable opportunity for MSP, MSSP (managed security service providers) and MDR (managed detection and response) partners to capture their piece of this rapidly growing market.

Proof of value is essential for MSPs who are under increasing pressure to prove their worth as clients reevaluate spending and adjust to new business models.

Frontline.Cloud boasts a true multi-tenant architecture that streamlines administration of multiple clients so MSPs can operate at scale. The platform also enables quick and easy deployment for rapid monetization. Other benefits include easy productization with an open framework of APIs, documented integrations with leading ISV solutions and robust customizable reporting that enhances the MSP’s brand and demonstrates proof of value. Building on the company’s established success with its existing partner program for global telecom service providers and VARs, Digital Defense is asserting a new value message to the MSP channel and the buying journey of their clients.

The Digital Defense MSP Partner Program offers benefits such as flexible billing cycles that align to MRR business models, self-provisioning on the Frontline.Cloud platform and procurement directly or through cloud marketplaces including AWS, Azure, Oracle and Google. To learn more about the program, benefits and how to apply, visit: https://www.digitaldefense.com/partners/channel-partners/.

*2020 Roundup of Cybersecurity Forecasts and Market Estimates, Forbes, April 5, 2020

Digital Defense Introduces Frontline Threat Landscape

Posted in Commentary with tags on July 14, 2020 by itnerd

Digital Defense, Inc. today announced the release of Frontline Threat Landscape, a unique feature within the company’s vulnerability management technology that incorporates threat intelligence to prioritize critical vulnerabilities that can be exploited. Accessible within Frontline.Cloud, the company’s proprietary software as a service (SaaS) security assessment platform, the feature leverages machine-based learning to provide threat intelligence data that delivers a more granular determination of risk for vulnerabilities identified in an organization’s network.

According to Gartner’s Market Guide for Vulnerability Assessment, “Not all vulnerabilities are created equally. Exploitability, prevalence in malware and exploit kits, asset context, and active exploitation by threat actors are critical qualifiers in assessing cyber risk.” The report further describes the incorporation of threat intelligence into vulnerability management technologies. “Methods are applied that analyze and prioritize vulnerabilities by using threat intelligence, organizational asset context, and risk modeling approaches such as attack path analysis. This is also an area in which advanced analytics methods are also being used, such as ML [machine learning]. This permits more granular and intelligent remediation strategies than the more simplistic severity approaches, especially at scale and when remediating with constrained resources.”*

Frontline Threat Landscape empowers organizations to prioritize remediation and optimize resources by combining:

  • Real-world vulnerability exploitation metrics
  • Industry-standard severity scores  
  • Digital Defense Vulnerability Research Team analyst insight 

*Gartner, Market Guide for Vulnerability Assessment, Craig Lawson et al, 20 November 2019 (Gartner subscription required).

Learn more about Frontline Threat Landscape here.

Palo Alto PAN-OS: Authentication Bypass in SAML Authentication Discovered

Posted in Commentary with tags on July 7, 2020 by itnerd

A critical severity authentication bypass vulnerability in certain configurations of Palo Alto Networks PAN-OS devices using Security Assertion Markup Language (SAML) authentication has been discovered.

On June 29, 2020, Palo Alto issued a security advisory for PAN-OS versions with SAML authentication enabled and the ‘Validate Identity Provider Certificate’ option disabled (unchecked). Improper verification of signatures in PAN-OS SAML authentication could allow an unauthenticated network-based attacker to access protected resources.

Mark Bell, EVP of operations at Digital Defense, Inc., a provider of vulnerability and threat management solutions had this comment:

The fact that these devices are generally externally facing and the simplicity of exploiting the Palo Alto PAN-OS vulnerability significantly increases the threat exposure. Bad actors are probably already scanning the internet looking for vulnerable instances.

Here’s some specific details about this issue. Affected versions of PAN-OS are:

  • PAN-OS 9.1 versions earlier than PAN-OS 9.1.3
  • PAN-OS 9.0 versions earlier than PAN-OS 9.09
  • PAN-OS 8.1 versions earlier than PAN-OS 8.1.15
  • All versions of PAN-OS 8.0 (EOL)

This issue does not affect PAN-OS 7.1

This issue cannot be exploited if SAML is not used for authentication.

This issue cannot be exploited if the ‘Validate Identity Provider Certificate’ option is enabled (checked) in the SAML Identity Provider Server Profile.

Palo Alto Networks provided a patch for this vulnerability and indicated they are not aware of any malicious attempts to exploit this vulnerability at this time.

The Digital Defense Vulnerability Research Team is developing checks for the condition for its Frontline.Cloud vulnerability management solution as more information is made available.