Security Advisory Notice – HPE SAS Solid State Drives…

Hewlett Packard Enterprise (HPE) has warned customers to install a critical firmware patch to prevent SAS SSDs (Serial-Attached SCSI solid-state drives) from permanently failing after 32,768 hours of operation — which is 3 years, 270 days, and 8 hours.

After the SSD failure occurs, neither the SSD nor the data can be recovered. In addition, SSDs which were put into service at the same time will likely fail nearly simultaneously.

The bug affects all HPE SAS SSDs with a firmware versions prior to HPD8. Upgrading the SSD firmware to version HPD8 fixes the problem.

Scope

HPE Model Number	HPE SKU	HPE SKU DESCRIPTION	HPE Spare Part SKU	HPE Firmware Fix Date
VO0480JFDGT	816562-B21	HP 480GB 12Gb SAS 2.5″ RI PLP SC SSD	817047-001	11/22/2019
VO0960JFDGU	816568-B21	HP 960GB 12Gb SAS 2.5″ RI PLP SC SSD	817049-001	11/22/2019
VO1920JFDGV	816572-B21	HP 1.92TB 12Gb SAS 2.5″ RI PLP SC SSD	817051-001	11/22/2019
VO3840JFDHA	816576-B21	HP 3.84TB 12Gb SAS 2.5″ RI PLP SC SSD	817053-001	11/22/2019
MO0400JFFCF	822555-B21	HP 400GB 12Gb SAS 2.5″ MU PLP SC SSD S2	822784-001	11/22/2019
MO0800JFFCH	822559-B21	HP 800GB 12Gb SAS 2.5″ MU PLP SC SSD S2	822786-001	11/22/2019
MO1600JFFCK	822563-B21	HP 1.6TB 12Gb SAS 2.5″ MU PLP SC SSD S2	822788-001	11/22/2019
MO3200JFFCL	822567-B21	HP 3.2TB 12Gb SAS 2.5″ MU PLP SC SSD S2	822790-001	11/22/2019
VO000480JWDAR	875311-B21	HPE 480GB SAS SFF RI SC DS SSD	875681-001	Week of 12/9/2019
VO000960JWDAT	875313-B21	HPE 960GB SAS SFF RI SC DS SSD	875682-001	Week of 12/9/2019
VO001920JWDAU	875326-B21	HPE1.92TB SAS RI SFF SC DS SSD	875684-001	Week of 12/9/2019
VO003840JWDAV	875330-B21	HPE 3.84TB SAS RI SFF SC DS SSD	875686-001	Week of 12/9/2019
VO007680JWCNK	870144-B21	HPE 7.68TB SAS 12G RI SFF SC DS SSD	870460-001	Week of 12/9/2019
VO015300JWCNL	870148-B21	HPE 15.3TB SAS 12G RI SFF SC DS SSD	870462-001	Week of 12/9/2019
VK000960JWSSQ	P06584-B21	HPE 960GB SAS RI SFF SC DS SSD	P08608-001	Week of 12/9/2019
VK001920JWSSR	P06586-B21	HPE 1.92TB SAS RI SFF SC DS SSD	P08609-001	Week of 12/9/2019
VK003840JWSST	P06588-B21	HPE 3.84TB SAS RI SFF SC DS SSD	P08610-001	Week of 12/9/2019
VK003840JWSST	P11329-B21	HPE 3.84TB SAS RI LFF SCC DS SPL SSD	P11360-001	Week of 12/9/2019
VK007680JWSSU	P06590-B21	HPE 7.68TB SAS RI SFF SC DS SSD	P08611-001	Week of 12/9/2019
VO015300JWSSV	P06592-B21	HPE 15.3TB SAS RI SFF SC DS SSD	P08612-001	Week of 12/9/2019

If any customers are using any of these devices, we advise to upgrade the drive firmware immediately.

This risk could cause a loss of any sensitive / non-sensitive data stored in the drive.

How do I Remediate?

Apply the relevant patch.

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us

How Can Ward Help?

If you would like additional information or would like support in assessing and protecting your environment, please contact us.

Leftover security budget- Here’s how you spend it?

How to prioritize security in the last quarter?

We’re in the middle of the last quarter and things are starting to look very busy before the end of the year. Things do get quiet from December, which leaves us with exactly two months to sort out the rest of the year and plan for 2020. When it comes to your business having any leftover budget for the year, consider putting into action a security plan with some of that budget.

Why?

It takes an average of 191 days to detect a data breach.  The global average cost of a data breach is €3.52 million. Click here

Fortunately, the average cybersecurity budget has also increased; according to Gartner IT security, spending in 2019 grew 8.7% over 2018’s figure. Click here for more details.

Here are 3 top investments to make before the year ends:

Brexit & GDPR

GDPR was a hot topic of interest last year until Brexit took over. A potential deal is still doing the rounds and with a General Election taking place in the UK on 12^th December, it is very hard to predict what will occur but it appears that the risk of a hard Brexit has faded somewhat. What is certain is that when (if?!) Brexit happens, the UK including Northern Ireland will become a third country within the meaning of the GDPR. While the amended Political Declaration on the future relationship between the EU and the UK (here) provides that the EU will start assessing the UK in respect of an adequacy decision as soon as the withdrawal occurs and will endeavour to adopt such a decision by the end of 2020, it also caveats this by reference to “the applicable conditions” which have to be met by the UK. Therefore, there is no certainty that the UK will receive an adequacy decision within that timeframe or at all.  This lack of certainty creates so much noise around this topic and confusion on where to invest and on what.

There are other methods which can be used to lawfully transfer personal data from the EEA to a third country and these are set out in the GDPR and additional guidance has been given by the relevant regulatory bodies. If you are concerned about the impact Brexit will have on data transfers that are crucial to your business, speak to our subject matter experts for further advice.

Risk Assessment for 2020

A risk assessment helps you identify which risks you face and document the assets you need to protect first. It analyses what impact the risks might have on your organisation, what are the main threats to your system and data and how likely these risks are to occur. From here, you can then prioritize and manage the risks in a structured and meaningful matter. This evaluation will help you plan your security goals for next year. You can take this evaluation to the board level to make them understand the results and consequences from the report.

Detect & Respond to Threats

As mentioned above it takes an average of 191 days to detect a breach but back in 2016 it took an average of 201 days to detect a breach. It takes an average of 66 days to contain a breach, which meant it ranges between 10 to 164 days. Click here

A Security Information Event Management (SIEM) solution is necessary to have in a business. A SIEM contains the following technologies: Log Management Systems, Security Event Management, Security Information Management and Security Event Correlation. A SIEM manages information from combined security infrastructure and controls, a security analyst can watch for security threats in real time, instead of working to secure every single product in the system.

Invest in a security culture and you will start seeing the benefits in the long run. Remember, a business is not going to ‘never’ be a target to an attack that is why the right security posture for your business is important.

It’s not simple and that is why it’s recommended to partner with a third party provider who can help you prioritize your risks and deliver a holistic view of what you need to do step by step.

Speak to our subject-matter experts to stay ahead of the security surface. We provide end-to-end security solutions that will protect your business from attack.  Contact Us to discuss your unique requirement.

 

 

 

Security Advisory Notice – Google Chrome CVE-2019-13720

Google has released patches for this critical remote code execution vulnerability. Patches are available for Windows, Mac and Linux operating systems.

If any customers are using an old version of Google Chrome, we advise that you update the Google Chrome Browser to the latest version.

This risk could be exploited when a user visits or is redirected to a specially crafted malicious web page.

How do I Remediate?

Update the Google Chrome browser to the latest stable version 78.0.3904.87.

How Can Ward Help?

If you would like additional information or would like support in assessing and protecting your environment, please contact support@ward.ie or your account manager, as appropriate.

Further Reading:

1. https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2019-118/

2. https://threatpost.com/google-discloses-chrome-flaw-exploited-in-the-wild/149784/

 

Security Advisory Notice – Microsoft RDP CVE-2019-0708

Microsoft has released a High-level security advisory. They have said that there is a critical remote code execution vulnerability in Remote Desktop Services that exists in the following operating systems:

• Windows XP
• Windows 7
• Windows Server 2003
• Windows Server 2008 R2
• Windows Server 2008

As of today Windows 8, Windows 10, Windows Server 2012, Windows Server 2016, Windows Server 2019 are not reported to be affected by this vulnerability. Currently, the unpatched machines are being exploited to mine cryptocurrency but most exploitation results in BSOD. However, these exploits can be further weaponized to cause more damage.

Microsoft has already released patches for both Windows XP and Windows Server 2003 even though they are both not being supported by Microsoft anymore.

If any customers are using any of these services, we advise that you patch the affect machines ASAP.

This risk could be exploited in two ways.

1. Unpatched RDP services open to the internet and exploited directly.
2. Unpatched RDP services used by Malware internally to spread from machine to machine.

How do I Remediate?

Apply the relevant patch from the below links:

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
• https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

Work Arounds available here:

• https://www.microsoft.com/security/blog/2019/08/08/protect-against-bluekeep/

How Can Ward Help?

For Managed Service customers, the Ward Support team will be reviewing individual environments and making recommendations on appropriate patching for all supported devices.

For all other customers, if you would like additional information or would like support in assessing and protecting your environment, please contact support@ward.ie or your account manager, as appropriate.

Further Reading:

1. https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/

 

#100securedays | Recap Week 20

“Cybersecurity needs to be taken seriously by everyone.” – Toomas Hendrik Ilves

Here’s a recap of week 20:

Day 95: Logout of sites when you’ve completed your transactions. And use trusted devices for any bank or online activity. #100securedays

Day 96:  Precaution is better than cure, if you see any unusual activity in your account, call customer support immediately. #100securedays

Day 97: Educate them on how to suspect any unusual activity and control sharing too much information online. Encourage them to ask for help if they feel something is wrong. It’s not only the work place, security is necessary even at home. #100securedays

Day 98: There are lots of ways on how to set this up. Here are a few tips for you to start with- https://hubs.ly/H0ljt130 #100securedays

Day 99: We’re coming to an end of #100securedays, here’s our second last update on this series- You might be gifting a new device like a smartwatch/tablet/phone, make sure you install a proper security software in any new device.

Day 100: Our last and final update in this series #100securedays is here. We hope you all found these tips useful. Don’t forget that each of us are an attractive target to a hacker, expect the unexpected.

This is the last set of updates on this series #100securedays, we hope you found them useful.

If you would like to speak to our security consultants on best practices to keep your business secure, please contact us to discuss your unique requirements.

#100securedays Recap 19

 “Information security is one of the few spots in the business where you can be involved in almost every part of the business.”

Here’s a recap of week 19:

Day 90: Attackers exploit weaknesses in the Transmission Control Protocol (TCP) connection three-way handshake, which is the communication process between the client, the host, and the server. Attackers send SYN packets to the aimed server as a spoofed message until the table memory connection of the server is exhausted causing the entire service to shut down. #100securedays

Day 91: If you’re interested, you’ll do what is convenient; if you’re committed, you’ll do whatever it takes. – John Assaraf Don’t take the risk and the easy way out. Stay secure! #100securedays

Day 92: Timely patching or timely installation of software update ranks as the top cyber security measure in preventing remote code execution attacks.#100securedays

Day 93: If you go through your device, you’ll see a lot of information stored in there. Encrypt your files and folders especially the one’s that contain sensitive data. #100securedays

Day 94: Believe it or not, 38% of Microsoft Office formats such as word, powerpoint and excel were found to have malicious file extensions. Via- https://hubs.ly/H0lcv8M0 #100securedays

If you would like to speak to our security consultants on best practices to keep your business secure, please contact us to discuss your unique requirements.

3 Myths about a CISO

Who is a CISO?

A Chief Information Security Officer (CISO) is a senior level executive within an organization responsible for the information and data security of a business.  The CISO leads the business’s Information Security strategy by identifying, developing, implementing and maintaining processes across the enterprise to reduce IT security risks. This risk is reduced by managing security technologies, leading the establishment and implementation of policies, responding to security incidents and conducting regular risk assessments. Many organisations cannot afford to retain or justify a CISO on a full-time basis.

With the rise in data breaches and hefty fines, companies are now reevaluating their commitment to their information security posture. A CISO has become a high demand role now especially after GDPR has come into force. However, this comes with many misconceptions on what this role can and should do.

Here are 3 top myths in this role:

We have a CISO, which means our business is secure:

It is never safe to assume that your organisation is safe from a breach because a CISO is in place. The role is only one part of it where they help the organisation meet the appropriate security standards and protocols. The fact is that a security gap can occur at any point in time, from an employee clicking a phishing e-mail to an employee accessing a vulnerable personal application within the organisations network. Having a CISO is a benefit but there are parallel actions that need to be taken unconditionally to help a business stay secure from an attack.

A CISO & DPO are the same:

A  CISO is responsible for the complete information security programme aimed to safeguard the company’s assets and the DPO would audit the corporate guidelines of that  same information security programme to ensure it supports GDPR compliance. These two roles can sometimes contradict each other, for example, when the CISO takes action to ensure the security of the business data assets that might go against the personal data security, privacy and confidentiality clause.

A CISO should ideally play as a support role to the DPO and  the heads of all other department to follow best compliance practices.

CIOs & CISOs often conflict with each other:

Just like CISOs, CIOs have seen their role changing, this is being driven by the need to keep pace with new technologies, increased security requirements, and the ever growing demands of the business.

A CIO helps a business to use modern information technology infrastructure to enable employee productivity and make processes more efficient. From a cyber-security set of tasks, they will be involved in ensuring a security process for areas such as IoT applications and seeing how other organisations in similar sectors are handling their cyber security landscape.

Do you see how the two collaborate with each other now?

Here is our CISO service offering.

Ward Solutions has a large pool of trained, certified and experienced CISOs that assist many businesses with their security standards and process in a timely and cost-effective manner. Speak to us to know more, contact us to discuss your unique requirement.

 

 

 

 

#100securedays Recap 18

“As cybersecurity leaders, we have to create our message of influence because security is a culture and you need the business to take place and be part of that security culture.”  — Britney Hommertzheim

If you missed last week’s updates, here’s a recap of week 18:

Day 85: We all like it a bit easy but why take the risk? Log out of your accounts and lock your screens. Follow our security tips to stay secure every day and everywhere you go. #100securedays

Day 86: You might be using a common device. Even if it is easier to look at sites you have already viewed in the past by looking up history, it is not as safe as you think. If you have, personal and sensitive information stored on those sites and someone else has access to it that can cause a lot more issues. Don’t take that risk! #100securedays

Day 87: Are you getting spammed or annoyed with so many e-mails that you aren’t going to open. Then, this is what you do- unsubscribe or opt-out, you have all the rights to do so. #100securedays

Day 88:How often do you share your date of birth? In some cases it’s relevant to ask for it but not in all. If you think you don’t need to share it then don’t. #100securedays

Day 89: Happy Friday! Tip for today- Remember the good old days of Orkut/MSN/Vine? Well, if you have created a number of social media accounts in the past, it is best to delete them if you aren’t using them anymore. #100securedays

If you would like to speak to our security consultants on best practices to keep your business secure, please contact us to discuss your unique requirements.