Understanding Risks of Unpatched Vulnerabilities

𝗘𝘃𝗲𝗿 𝘀𝗸𝗶𝗽𝗽𝗲𝗱 𝗮 𝘀𝘆𝘀𝘁𝗲𝗺 𝘂𝗽𝗱𝗮𝘁𝗲 𝗯𝗲𝗰𝗮𝘂𝘀𝗲 𝗶𝘁 𝘄𝗮𝘀 𝗶𝗻𝗰𝗼𝗻𝘃𝗲𝗻𝗶𝗲𝗻𝘁?  ⏳ I used to think it was just a bother, disrupting my workflow, until I realized how one simple delay could leave my application vulnerable to serious security risks. - Now, I rarely think twice before hitting that update button!! (Well, maybe thrice 😀) Outdated libraries and frameworks can quietly turn into ticking time bombs within any application. A vulnerability in just one outdated dependency can open the door to security breaches, bugs, and performance issues. Problems that could have been avoided with a simple update. A recent example is the 2023 Microsoft Azure API Management vulnerability, which allowed attackers to bypass authentication and gain unauthorized access to sensitive API data. Despite Microsoft’s prompt release of a patch, many organizations delayed updating, leaving their APIs exposed. The consequences were severe: attackers exfiltrated sensitive data from unpatched APIs, compromising personal information, financial records, and other confidential data. This incident is a vital reminder of the importance of not only timely patching but also thorough testing to ensure that security updates don’t introduce new vulnerabilities. ⏰ The clock is ticking; have you checked your dependencies today, or are you risking a breach? #QAQuestFriday #SoftwareTesting #QualityAssurance #Security #Cybersecurity #DevSecOps #BukolaOnQAQuestFriday

🆕 GreyNoise Research 🎉: Resurgent Vulnerabilities Demand Attention Now. There's a persistent security blindspot many organizations miss: resurgent vulnerabilities. These are flaws that fade from headlines and patch cycles, only to be revived and exploited by attackers years later. Our latest GreyNoise report—“A Blindspot in Cyber Defense: How Resurgent Vulnerabilities Jeopardize Organizational Security,”—reveals findings that should concern all defenders. We identified four vulnerability categories: Eternal ♾️(always under attack) Utility 🛠️ (frequently exploited with quiet periods) Periodic 🔂 (unpredictable bursts), and Black Swan/🧟 (dormant for years, then suddenly exploited). Resurgent vulnerabilities have surged since 2017 and disproportionately impact edge technologies—your network's front door. Over half of top exploited resurgent vulnerabilities affect edge tech. For unpredictable "Black Swan" vulnerabilities, that jumps to nearly 70%. It was also pretty cool to see that our VZ DBIR data-driven siblings themselves independently confirmed this edgy mal-intent by attackers. Our adversaries deliberately wait until defenders have moved on, leaving legacy flaws unpatched. Why do these slip through? Traditional vulnerability management focuses on new and high-severity issues. Resurgent vulnerabilities get deprioritized after initial patches. Attackers target edge systems and small business equipment precisely because they're less monitored. They leverage these for launching attacks and establishing footholds. Though resurgent vulnerabilities typically have high CVSS scores, don't ignore lower-severity flaws—they can still enable devastating campaigns. If you're responsible for network defense or security policy, you *need* to understand this phenomenon. Our report contains unique findings to help position your organization against what's coming. And, you can find our report at: https://lnkd.in/eZ_rRcsa and feel encouraged to reach out to research@greynoise.io with any inquiries about the report and the data behind it.

🚨Stop what you are doing and read this if your business uses ConnectWise’s popular remote management tool #ScreenConnect.🚨 A critical vulnerability has been found in on-premise versions 23.9.7 or earlier. Organizations and third-party technology service providers heavily utilize this software. The exploit permits unknown third parties to easily bypass user authentication controls and gain access to networks, allowing for malware and malicious activity like data theft, fraud, and ransomware. Bad actors that gain network access before the vulnerability is fixed can remain within environments undetected. Technical guidance and next steps can be found in: ConnectWise’s advisory (link below) and 23.9.8 version upgrade instructions; and the Cybersecurity and Infrastructure Security Agency’s (CISA) exploit alert (link below) and related critical vulnerability detail (link below). If your organization or third-party technology providers recently used ScreenConnect version 23.9.7 or earlier, they should: ☑️Ensure proper software updates. ☑️Fully investigate for any signs of unauthorized activity within the environment. ☑️Check data backups for versioning and segmentation. ☑️Conduct global passwords resets. ☑️Understand any insurer or contractual reporting requirements. ☑️Document the above efforts. Any impacted organization should also commence incident response efforts immediately to secure the environment, optimize threat monitoring, and determine the extent of any unauthorized network activity. Involve external digital forensics and legal counsel to ensure a privileged response to the incident that addresses action items and risk management. The technical, operational, and legal impact of this vulnerability continues to highlight the need for established incident response plans and resources, as well as proactive cyber and vendor risk management. Having baseline safeguards and documentation can insulate organizations from the unstoppable expansion of cybercrime, technological integration, and digital third-party risk. I'm but a humble employment law attorney and did not stay at a Holiday Inn Express last night. But my Pierson Ferdinand LLP #cyber partners are aces and have more details on vulnerability, vendor and risk management. Edmund Brown Simone McCormick, Esq., CIPP (US/E) Kelly Garrison Jed Davis Maryam Meseha, Esq. (CIPP/US) Michael Kar Richard Reiter Stu Panensky Tony Onorato #cybersecurity #dataprivacy

🚨 The FBI and CISA just issued a critical security advisory about a dangerous ransomware group called "Ghost" that's actively targeting organizations across 70+ countries. Unlike typical ransomware operations that rely on phishing, Ghost exploits unpatched vulnerabilities in internet-facing servers to gain access and deploy their malicious payload. What makes Ghost particularly concerning is their methodology. Operating out of China, these threat actors (who also go by names like Cring, Phantom, and Strike) target vulnerabilities in common business applications like Fortinet FortiOS, Adobe ColdFusion, and Microsoft SharePoint. Some of the exploited vulnerabilities date back to 2009, highlighting a critical gap in many organizations' security practices. Once inside a network, Ghost uploads web shells to compromised servers and uses Cobalt Strike (ironically, a legitimate penetration testing tool) to steal credentials, disable antivirus software, and move laterally through systems. Security experts describe this as a "commercial global onslaught" that particularly threatens organizations with poor patch management practices. The future of ransomware attacks will likely continue this trend of targeting known but unpatched vulnerabilities. As security professionals note, attackers are evolving faster than many organizations can patch their systems. We'll see more sophisticated exploitation of "patch fatigue" – where overwhelmed security teams simply can't keep up with the volume of vulnerabilities. Legacy systems and IoT devices with long lifecycles will become increasingly vulnerable targets. What should you be thinking about? The FBI recommends four immediate actions: 1. Maintain regular system backups stored separately from source systems 2. Patch known vulnerabilities promptly 3. Segment networks to restrict lateral movement 4. Implement phishing-resistant multi-factor authentication for privileged accounts Beyond these basics, consider implementing a privileged access management solution with zero-trust principles. Develop a long-term operations and risk mitigation plan for legacy systems. And remember – the FBI strongly discourages paying ransoms, as this only encourages more attacks. Is your organization prepared for threats that bypass traditional phishing defenses? How current is your patch management strategy? The time to act is now. 🔐 Source: forbes

Security patching in OT/ICS can get someone hurt or killed. And it could bring down your plant. No more production. -> No more power. -> No more clean water. -> No gasoline at the pump. -> No more food on the table. -> No more manufactured goods. -> The list goes on and on and on and on. You start to get the idea. Vulnerability management and patching is VERY different in OT. VERY different than in IT. Here's an abbreviated OT vulnerability management checklist... 1. Asset Discovery & Inventory -> Make sure your asset inventory is up-to-date (as much as possible) -> Identify which assets are essential to safety and production -> Include firmware versions for finding vulnerabilities 2. Vulnerability Data Collection -> Review vulnerability data for assets you have deployed -> Leverage free resources like CISA and the ICS Advisory Projects -> Keep track of assets that are End of Support/End of Life 3. Vulnerability Identification -> Using passive gathering techniques to understand what you have -> Limit active scanning according to your organization's policies -> Explore other options for keeping your asset register current 4. Risk Prioritization -> Remember that OT risk is handled differently than in IT -> Determine if a vulnerability presents a safety or production issue -> If not, does anything need to be done with it? 5. Remediation & Mitigation Planning -> Deploy any updates to test systems first -> Review vendor security data -> Evaluate compensating controls which can lower risk 6. Documentation & Reporting -> Keep track of vulnerability assets and associated owners -> Follow up with owners to get issues addressed (and escalate when needed) -> Provide metrics on remediation progress to leadership 7. Continuous Monitoring -> Monitor news feeds and cyber intel for latest vulnerabilities -> Determine when new vulnerabilities apply to your environment Vulnerability management is VERY different in OT/ICS. That doesn't mean it has to be complicated though. Use this checklist to help guide your management efforts. And keep everyone from getting hurt or killed. And keep the plant up and running. P.S. What's your #1 quick OT security tip? 🔔 Follow Mike Holcomb for more OT/ICS cybersecurity ♻️ Share to help others!

🔍 A Familiar Risk Resurfaces: Unitronics PLCs Still Exposed Following the attacks on Unitronics PLCs in 2023, one might expect a reduction in internet-exposed devices. Instead, we’ve seen a 23% increase in open connections since last year. 🔓 What’s still exposed? TCP 443 / 9443 – Often the admin interface of attached cellular modems, predominantly Sierra Wireless hardware. TCP 20256 – The remote application management port for Unitronics software. Outdated OS and Builds – Vulnerabilities remain unpatched in many deployments. In OT environments, visibility without remediation is a risk multiplier. We can’t keep revisiting the same playbook of mistakes. These exposures aren’t just technical oversights—they’re echoes of past incidents and warnings left unheeded. If you are an organization that has Unitronics deployments, or has a third party engineering firm managing and maintaining your Unitronics controls systems and process environments, ensure that these systems and their application/services ports are not open and exposed on the Internet. These should be behind a firewall or VPN remote access for the monitoring and data collection, as opposed to the convenience of open management ports and access. Basic critical asset management is a first step to operations safety, uptime, productivity, and the bottom line. Please share your additional thoughts, concerns, points, and counterpoints. #security #otsecurity #criticalinfrastructure #data #cybersecurity #privacy #riskmanagement #strategy #technology #informationsecurity #innovation OT SECURITY PROFESSIONALS Joe Weiss PE CISM CRISC ISA Fellow Aaron C. Crow Mike Holcomb Sinclair KoelemijAgustín Valencia Gil-Ortega Daniel Ehrenreich Jonathon Gordon Shiv Kataria Sean S. Costigan PhD Daren Klum Matthew Wainwright Alexandro Fernandez Clea Ostendorf, CISSP Robert M. Lee Sam Van Ryder Colin Dunn E. Christian Hager Clea Ostendorf, CISSP Tim Herman Eric Ong Ron Kuriscak Kristin Demoranville John Kingsley Puneet Tambi Keon McEwen John Cusimano Jessica E. Lytle Monta Elkins Mini TT Nicolás Rodríguez Guevara Dr. Claudia Rivas, DIT, MSIT, CISM, GSEC Kenneth Warren Eric Visker Larry Grate, PE,GICSP,CISSP Marty R.

Patching is just one way to remediate risk, not the only way. There are 250,000+ known vulnerabilities cataloged in the Common Vulnerabilities and Exposures (CVE) database. Yet, a significant number of these vulnerabilities remain unpatched. In fact, unpatched vulnerabilities are directly responsible for up to 60% of all data breaches. Even when patches are available, deploying them can be challenging: ⚠️ They can break production environments. ⚠️ They may not be applicable to legacy systems. ⚠️ They require extensive testing and resources to implement. So, what happens to the vulnerabilities that remain unpatched or systems where patching isn't feasible? Hardening configurations, restricting exploitability, and isolating risky assets are alternate strategies that keep your business safe when patching isn't an option. Curious? Let's talk

As security practitioners we know that swift action is crucial to protect our systems and data. I noticed CISA's guidance on remediation timelines suggests addressing critical vulnerabilities within 15 calendar days of initial detection. While this timeline is a step in the right direction, I firmly believe that 15 days is simply too long to wait to patch critical vulnerabilities. Every moment a critical vulnerability remains unpatched is an opportunity for cybercriminals to exploit it. With threat actors constantly scanning for weaknesses and now leveraging AI to speed up their exploit times, delaying remediation by even a few days can result in severe consequences, including data breaches, financial loss, and reputational damage. Organizations must prioritize and accelerate their patch management processes to close these critical gaps as quickly as possible. Leveraging automated tools, continuous monitoring, and proactive threat intelligence can help reduce the window of exposure, ensuring that vulnerabilities are addressed within hours or days, not weeks. By adopting a more aggressive approach to vulnerability management, we can better protect our systems and build a more resilient cybersecurity posture. Do you agree? Would love to hear your thoughts? #CyberSecurity #VulnerabilityManagement #PatchManagement #CISAGuidance #CyberResilience #InformationSecurity https://lnkd.in/gy4-z__9