Drupal Vulnerability, Sectigo DevOps Integrations, & Vulnerable Fortinet VPNs – ESW #208

Data Point Reason No. 2: The remote workforce expands the threat surface. Data Point Reason No. 3: Cybersecurity experts that meet your needs are hard to find, nurture and retain. Data Point Reason No. 4: It takes too much time and money to get in-house SOCs up and running. Data Point Reason No. 5: Businesses and other organizations want to lower their liability.

Sectigo released Chef, Jenkins, JetStack Cert-Manager, Puppet, and SaltStack integrations for its certificate management platform. The new integrations, which expand upon Sectigo's first round of DevOps integrations, seize the benefits of automation for DevOps environments and further aid DevSecOps teams in speeding application deployment by using automation to provision certificates.

“We address high and critical CVEs in LTS offerings, and fix critical issues within 24 hours.” The Snyk report finds the average time for enterprises to remediate homegrown images is 68 days.

A malicious file with a double extension (e.g., php.txt) could be “interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations,” the Drupal security team noted.

Today, FireEye announced that Respond Software is joining our Team. Respond is the creator of an AI Based Cloud native XDR Engine that automates the investigation of security alerts at machine speed. Respond Software is a perfect fit with our Mandiant Advantage platform, adding proven automation technology in the fast-growing category of Extended Detection and Response (XDR) to help secure our customers.

With this acquisition, Splunk will continue to deliver on its vision to offer the world’s most comprehensive Observability Suite. With Flowmill, Splunk further expands its existing observability capabilities, giving customers the ability to ingest, analyze and take action on additional cloud network and infrastructure data to quickly resolve network-related issues, optimize network performance and reduce network costs.

Digital Shadows SearchLight™ already detects exposure of a protectively marked document (i.e. a document that says "private and confidential" or another identifier). From December 1st, two new alert types will be added for exposed technical documents (including security assessments and product designs) and exposed commercial documents (such as legal and payroll data). These documents do not need to have protective markings to be identified and associated with their organizations.

The exploitation of critical FortiOS vulnerability CVE-2018-13379 lets an attacker access the sensitive "sslvpn_websession" files from Fortinet VPNs. These files contain session-related information, but most importantly, may reveal plain text usernames and passwords of Fortinet VPN users. Today, threat intelligence analyst Bank_Security has found another thread on the hacker forum where a threat actor shared a data dump containing "sslvpn_websession" files for every IP that had been on the list.