Security Bulletin – Meltdown & Spectre
Throughout the day, CIS has been monitoring the ongoing reports related to two uncovered vulnerabilities in global PC hardware. These exploits were discovered by Google’s Project Zero team, whose findings were first reported via the Open Source community, and potentially impact processors from Intel, AMD, and ARM. Unlike many common vulnerabilities, “Meltdown” and “Spectre” reside at the chip level, exploiting foundational aspects of how processors work, potentially impacting computing hardware worldwide. Project Zero’s research suggest that Meltdown “potentially affects every Intel processor made since 1995.”
Both vulnerabilities take advantage of a process known as “Speculative Processing,” which is used to make computing more efficient through anticipating processing requirements and starting them ahead of time. Through this process, there is the potential to exploit discarded critical information, such as passwords and other access credentials, which can be utilized to gain further access to systems. It has been found that this vulnerability can be exploited across virtual servers resident on the same host systems. Because of this, public cloud based servers, such as AWS and Azure are also potentially vulnerable to this exploit.
This remains a developing situation. At this time all major manufacturers, including Microsoft, Apple, Amazon, and Google, are releasing security patches and updates to their cloud, server, and PC products to bridge the vulnerability until further firmware upgrades can be provided. The major public cloud services have already provided security updates to their back-end, and have announced that they are no longer vulnerable, however there may be a notable impact on processing speed.
Early in the response Microsoft issued a critical update to address Meltdown and Spectre, however it had unexpected impacts on various systems, causing failures and “Blue Screen of Death” outages. Microsoft responded to this by making the update available only to systems that have anti-virus from a vendor whose registry key provides compatibility with the released update. Once the update is deployed, systems will be protected against vulnerabilities from Speculative Processing, however Microsoft warns that this could slow system speeds by up to 30%.
CIS’ Security Team continues to monitor these developments. While there is no known code “in the wild” being used to take advantage of these vulnerabilities, several security experts have reported seeing such code in development. It is important to mitigate any potential security risks and, as always, be vigilant against allowing potential malware into secure computing environments.
The CIS team will be getting in touch with any Managed Services clients with specific information shortly. All required updates and patches will be handled as part of the standard patching process, or sooner, following update discussions. CIS has deployed Webroot Anti-Virus for most Managed Services clients, Webroot is fully compatible with the required updates, and should present no technical problems. Following initial fixes, CIS will continue to provide updates and further support as new options emerge. It is currently anticipated that this will require firmware updates, minimally there will be additional patches and required updates. Rest assured, incidents like this are precisely the reason to have a Managed Services contract, the CIS team will do everything in our power to ensure your protection.
For independent remediation, CIS recommends the following steps:
If you have any questions or concerns, or would like to engage the CIS team for direct support, please do not hesitate to contact our service department (email@example.com / 212-577-6033×235) or your account representative (Group Contact: firstname.lastname@example.org)
Further updates will be provided as more details emerge.
As a Premiere Micro Focus Identity and Access Partner, CIS is excited to announce that we will be hosting a webinar on December 5th, from 12:30 to 1:30pm EST, to formally introduce our Managed Services offering for Micro Focus NetIQ Identity and Access Management Solutions.
CIS has been architecting, implementing, and supporting large-scale Identity implementations since the first release of the product. The CIS Identity team is comprised of the foremost subject matter experts and thought-leaders who are known worldwide, are now available to provide ongoing support and production functionality in our CIS-MIAMITM services model.
Support is provided in various optional tiers, including:
Computer Integrated Services’ Network Security Team is monitoring the following…
At 12:37AM EST on October 16th, 2017, ARS Technica disclosed to the World a “new” flaw in a wireless protocol (communication language). They call it KRACK (“Key Reinstallation Attacks”). This vulnerability theoretically makes it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.
This issue potentially affects any device using WPA2 (Wi-Fi Protected Access II). To quote one report, “Both Windows and iOS aren’t believed to be vulnerable to the most effective attacks. Linux and Android appear to be more susceptible.”
CIS is monitoring this issue on behalf of our clients, and will provide patches or further advisories when they are available from manufacturers. At the time of this writing, the attack has NOT been reported to have stolen any information. If you have specific concerns about this issue, please contact the CIS Service and Support Desk at email@example.com.
CIS and Micro Focus, global leaders in Identity and Access Governance, are teaming up on October 5th to bring an exciting engaging dinner event to C-Level executives interested in learning more about the organizations and their cutting-edge Identity solution. The event will feature a private dinner and discussion with Dan Shmitt, Chief Information Officer, Major League Baseball (MLB) Advanced Media. Mr. Shmitt will share his experiences working with both organizations, and host a round-table discussion focused on the many advantages gained from implementing the solution. Highlights will include:
The event will take place at a famous New York City steakhouse, and is by invitation only. If you are interested in attending, please contact your CIS rep, or email us and someone will get right back to you.
To celebrate our many years of partnership, and reward our treasured mutual clients with a top-end dinner and night out, CIS and ShoreTel are pleased to announce we will be hosting an exclusive Client Appreciation Dinner on the evening of September 27th. The Italian restaurant selected for the event is among the most well-reviewed in New York City, and is sure to provide a first-class experience for everyone in attendance. We are doing everything possible to touch base with personal invitations, but if you are a CIS or ShoreTel client who has not heard from us, and would like to attend, please contact your CIS rep today!
Throughout CIS’ 14-year history with ShoreTel, both organizations have undergone significant change, typically to mutual benefit. As a ShoreTel Premier Gold Partner, CIS has been uniquely positioned to provide elite services to clients throughout the New York region, and all across the country. CIS designs, implements, configures, and supports ShoreTel IP telephony solutions of all types, including on-premises, cloud, and hybrid offerings.
On July 27th, 2017, an announcement was made that rival manufacturer Mitel has made financial arrangements to acquire ShoreTel, with the transaction expected to close during Q3 of 2017. The new combined organization will immediately become the 2nd largest in the Unified Communications as a Service (UCaaS) market.
Mitel has already released statements to existing ShoreTel clients and partners, fully committing to the continued support and availability of the product line. Mitel paid a 28% premium on ShoreTel’s July 26th closing price, a clear sign that they are acquiring the line in order to bring together technology from both organizations, enhancing and blending both product lines.
With a very large enterprise presence throughout Europe, the Middle East, and Africa, Mitel has a reputation for leading industry consolidation in the Unified Communications space. As such, they are fully expected to embrace the ShoreTel Connect and ShoreTel Summit CPaaS platforms, enhancing the product road-map and hardware portfolio available to existing ShoreTel customers.
Mitel’s next-generation platform allows an existing telephony call-control system to remain in place, working with new Mitel equipment, software APIs, and Cloud Applications. This means that existing customer investments in ShoreTel technology will be maintained, with NO requirement for upgrades or replacements.
The recently released July 2017 Gartner Unified Communications report ranked Mitel as a “Leader” in the Magic Quadrant. This ranking means that Mitel is a company that analysts consider to be on a path to success, earning the label “Industry Visionary” in the write-up. The acquisition of ShoreTel will only enhance the company’s strength and capability, through adding ShoreTel’s USA market share the new group will have annual sales reaching $1.3 billion, and will employ more than 4,000 people.
CIS is currently in the process of working with the Mitel Partner Team, ensuring a smooth transition for all clients’ administrative needs, manufacturer support, and equipment. The CIS team is fully capable of installing, configuring, customizing, and supporting Mitel systems, and will work with Mitel to continue providing clients with the highest levels of support and technological capability. CIS reps will be conducting awareness sessions with existing ShoreTel clients, either as a group or in a one-on-one format, and this website will continue to provide information as the acquisition progresses.
This is truly an exciting development for ShoreTel and their Client-Partner ecosystem. Mitel’s commitment to ShoreTel’s existing technology and relationships was CIS’ paramount concern as the deal was announced, and they quickly allayed any concerns. CIS has absolute confidence that the combined organizations will emerge as a titan in the Unified Communications industry, delivering the highest levels of service and capability to clients of all shapes and sizes, all around the world.
It has come to our attention that a new wave of Ransomware outbreaks has struck thousands of companies throughout Europe, Asia, and parts of the United States. CIS is monitoring the situation and will be providing ongoing updates to clients who may be impacted. As always, caution and diligence are the best answers in a situation like this. Further information for remediation and protection will be provided as new details emerge.
The malicious code is still under analysis from Security and Cyber Crimes experts from around the world. Roughly two thousand companies have reported infection, including giant enterprises such as Merck and Maersk, as well as critical government and private infrastructure in areas like power, healthcare, and emergency response. The target list also appears to include numerous small and medium sized organizations, such as law firms and accounting firms. Much like the recent “WannaCry” outbreak, the attack encrypts company data and demands a ransom; in this case $300 in bitcoin is the common demand, to unlock data.
As with any ongoing investigation, there have been numerous conflicting reports about the malware itself. At this time, we can report the following recommendations with confidence:
CIS advises clients to be diligent about rolling out any critical patches and updates released by Microsoft or other key vendors. End-user education is also increasingly important, in this scenario CIS recommends that a company-wide message be sent, reminding end-users not to click on anything in an email unless they are absolutely sure of the source and content.
We will provide further updates as more information emerges. If you have experienced a security breach, or would like to discuss any concerns or best practices approaches to IT Security, please contact us: 212-577-6033 / http://cisus.com/contact
Cyber Security Expert, and BeyondTrust Vice President of Technology, Office of the CTO, Morey Haber
I’m reaching out to invite you to a webinar that BeyondTrust and CIS are hosting for a small group of IT and security leaders at Mid-Atlantic colleges and universities: “Preventing IT Privilege Abuse in Higher Education.” Please pass on to your team members!!
Below is a presentation overview and login details, plus links to a couple relevant analyst reports. I hope you can make it! If so, please hit “accept” so we know to expect you.
The presentation will cover how PowerBroker Privileged Access Management (PAM) solutions from BeyondTrust can help you to:
We’ll start with a short overview from Morey Haber, VP of Technology at BeyondTrust, followed by a quick demo of how our integrated password management and least privilege solutions work together to prevent data breaches.
In the meantime, check out these PAM reports from Gartner and Forrester:
PHOENIX, March 1, 2017 – BeyondTrust, the leading cyber security company dedicated to preventing privilege misuse and stopping unauthorized access, today announced a new partnership with Computer Integrated Services (CIS), aimed to help more customers prevent privilege misuse and stop unauthorized access. As the BeyondTrust partner with the top-tier organization with a proven track record of successful joint identity and access management (IAM) and privileged access management (PAM) deployments, customers can trust CIS to accelerate deployment results, speed time to value, reduce ongoing costs and improve efficiencies.
CIS is delighted to announce the publication of Geoffrey Carman’s second book, which can be found for purchase here. Geoffrey is one of the most well regarded and widely read minds in the field of Identity and Access Governance. His first book, “Definitive Guide to IDM Tokens,” published in 2014, remains the authoritative work on the subject. For this next effort, Geoffrey focused on creating something he felt was lacking, a manual for IDM Validator, hence the book’s name “IDM Validator: The Missing Manual.” The work delves into covers testing methodologies and reviews all actions in Validator with highlighted examples; it is sure to be a fixture in the technical library of anyone working with Validator for years to come.
Click here to learn more about CIS’ Identity team and their capabilities.