Technical Support: 412-349-6678 | Incident Response

Security Updates & Workarounds You Need to Address

Security Updates for July 2021

You know how important it is to keep current with patches and security updates, and it’s a never-ending struggle. Recently, there’s been quite a bit to catch up on.

Although flaws in Windows lead the headlines, they’re not alone. Apple, Pulse Secure, and Atlassian also recently released patches for significant vulnerabilities.

And although you’ll want to fix these as soon as possible, this constant discovery of flaws also proves why you need strong cybersecurity and to monitor for signs of attack.

Here are the latest updates and fixes you need to know about.

Windows Workaround

The first problem you’ll want to address comes from Windows – a flaw known as “SeriousSAM.”

This exposes all Windows 10 machines to privilege escalation, through overly permissive Access Control Lists.

Strangely, patches for this important-rated vulnerability won’t be developed. But why?

A simple reason: the availability of a easy workaround. All you need to do is delete copies of the Windows Shadow Volume Copy (VSS) backup.

Researchers have posted a proof-of-concept code to help network admins check for exposure to the vulnerability. This can only be accessed when the Security Accounts Manager (SAM) is part of a VSS backup. Deleting the backup VSS copies eliminates the threat.

It’s a simple fix, but you’ll need to make sure it’s followed through.

Phishing attacks - 3 key strategies to staying safe and secure
Phishing attacks - 3 key strategies to staying safe and secure (click image to read more)

Apple Flaws

For quite some time, Mac users believed their machines were rarely targeted by malware.

However, recently Apple released urgent fixes to their OS, while researchers revealed that a major malware software also released MacOS versions.

Patches released by Apple in July address 40 vulnerabilities in iOS, iPadOS, macOS Big Sur 11.5 and macOS Catalina.

The key patches eliminate various flaws, including one that allows maliciously crafted web content in Apple’s Safari browser.

Even though many users let their Apple devices automatically update, you’ll still need to verify that key machines or devices are fully updated.

Unfortunately, these patches still don’t fix all known issues. A zero-day vulnerability, exploited by the Pegasus Spyware, remains unaddressed.

Meanwhile, researchers noted that the FormBook malware (created at least five years ago) provided the basis of the malicious XLoader software. XLoader is estimated to affect 4% of organizations worldwide.

Although that was over five years ago, a new macOS version of this malware is now available.

The developers provided a Java binder that allows attackers to create JAR files, allowing delivery of both macOS and Windows executable files.

Even though malware affects all types of systems and devices, some macOS and iOS users stubbornly cling to the belief they’re exempt.

Use this news to overcome their resistance, and show the universal need for comprehensive cybersecurity protection.

Other Updates and Vulnerabilities

On July 21, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert.

The alert stated that multiple Pulse Secure issues were exploited to conduct persistent attacks, difficult to detect using antivirus products.

You’re probably wondering, “how do they work?”

Attackers modified legitimate Pulse Secure files to contain webshells. These webshells extract and execute remote commands, steal credentials, or steal information.

CISA lists best practices to implement, and which files you need to check for the presence of malicious code.

The warning notes a wide variety of targets dating back to June 2020. This means if your business uses Pulse Secure, you should assume compromise – until you verify otherwise.

Even though software is easier to update than hardware, vulnerabilities are no less common or dangerous. For example, Atlassian recently sent an urgent notice for customers of various Jira Data Center products to upgrade the software and eliminate an arbitrary code vulnerability.

Researchers also located weaknesses in the CODESYS and WAGO Industrial Control Systems management platforms. These exploits use the cloud to control operational technology, which permitted attackers to take control of industrial equipment and operations.

Although both companies quickly issued patches, making modifications to industrial programmable logic controllers is time consuming, and requires downtime for critical operational systems.

Bringing It Together

The ever-increasing list of vulnerabilities certainly keeps you busy, even if it’s just applying patches and completing security updates.

However, it’s hard to determine if systems were compromised before patches were applied, and to monitor for zero-day attacks.

Keeping yourself informed is one of the best ways to stay secure. Pay attention to any new flaws, and do your best to apply updates as soon as possible. It’s not always easy to maintain security, but the alternative is far worse.

Ideal Integrations provides IT experts to lend a hand for emergency patching, deleting VSS backups, and updating networking gear. Our cybersecurity experts at Blue Bastion provide the extra resources you need to check for signs of compromise in existing equipment, and to take immediate action if compromise is found.

Whether your organization needs immediate help for a specific project or on-going security updates and monitoring to provide a security safety-net, one call can address the problem.

Call Ideal Integrations and Blue Bastion today at 412-349-6680 or fill out the form below – we’re here to help you 24/7/365!

Need a Managed IT Solution For Your Organization? Get Started Here!

  • This field is for validation purposes and should be left unchanged.