Information To Help Entities Assess Threats
by Artie Kaye
CISA has released information to help companies make educated decisions about threat assessment. The overview from the guide:
“The CISA Stakeholder-Specific Vulnerability Categorization (SSVC) is a customized decision tree model that assists in prioritizing vulnerability response for the United States government (USG), state, local, tribal, and territorial (SLTT) governments; and critical infrastructure (CI) entities. This document serves as a guide for evaluating vulnerabilities using the CISA SSVC decision tree. The goal of SSVC is to assist in prioritizing the remediation of a vulnerability based on the impact exploitation would have to the particular organization(s). The four SSVC scoring decisions, described in this guide, outline how CISA messages out patching prioritization. Any individual or organization can use SSVC to enhance their own vulnerability management practices.”
While this is aimed at the specific entities mentioned above, it can be a starting point for managing threats. The guide can be found linked below.
https://www.cisa.gov/sites/default/files/publications/cisa-ssvc-guide%20508c.pdf
Cookie Theft As An Attack Vector
by Artie Kaye
Browsers use cookies to validate sessions and users online. Cookies are locally stored files that a website can call on to verify information. They are also a high-value commodity for hackers. Certain cookies can tell a website that you’ve not only logged in, but also that you have been validated through your multi-factor authentication. Because cookie sessions can have a long time before they expire, they can potentially give access until the stolen file hits that termination date. The cookies can also be easily obtained from low-access attacks as the locations where they are stored are not usually protected.
The advice to log out of everything often is good, even if it can be tedious to log back in later. Periodically clearing the cookies on your browser is also advisable. If you run a web portal that relies on cookies, you can shorten the length of time that cookie is valid to help protect yourself and your customers.
https://www.darkreading.com/threat-intelligence/cookies-mfa-bypass-cyberattackers
https://news.sophos.com/en-us/2022/08/18/cookie-stealing-the-new-perimeter-bypass/
Aiphone Security System Vulnerability
by Artie Kaye
A flaw was discovered that could allow a brute force Near Field Communications attack to return the door code, or allow the injection of a new verified tag credential. The affected products are entry systems used by companies and governments alike. The flaw is not found in products produced after December 7, 2021. If you have a system from before that date, the company has requested reaching out to them for information to mediate it.
The affected devices are:
GT-DMB-N
GT-DMB-LVN
GT-DB-VN
https://www.aiphone.net/support/
https://promon.co/security-news/aiphone-vulnerability/
https://techcrunch.com/2022/11/10/aiphone-door-entry-nfc-bug/