Newsletter

The Fletch Press: You don’t have to secure everything…

August 12, 2021

Reading time: 4 min

Hi there,

We’re back with a new edition of our biweekly newsletter!

At Fletch, we are on a mission to democratize cybersecurity data intelligence so that security teams can elevate themselves and get ahead of threats. You are receiving this email because you’re an operator in the cybersecurity space and may find our content beneficial.

We’ve heard from many of you about how hard it is to secure data sprawled between several SaaS applications.

The good news is, you don’t have to let it overwhelm you.

Why?

Because you don’t have to monitor absolutely everything. It’s safer and more time-efficient to classify your data into 1 of 4 categories:

Low sensitivity
Moderate sensitivity
High sensitivity
Restricted

Based on your rankings, you’ll know what’s most critical to protect. We’ve got you covered with how to get started in this video.

More You Should Know

If only data classification alone could alleviate pain points.

Collective lack of investment into security, increased responsibilities due to remote work and the worsening skills shortage are distressing cybersecurity teams. 57% of cybersecurity professionals report feeling that the skills shortage impacts their company, and 10% say the impact is severe.

Managers have a hard time filling cloud computing security roles. Insight into the difficulty:

¾ say it’s hard to recruit for cybersecurity, but 38% say their company doesn’t offer competitive pay
29% report that their HR department doesn’t understand what's needed in terms of skills
25% report that their companies’ job postings are unrealistic
¾ of cybersecurity professionals report being approached by recruiters each month

Many boardrooms still view cybersecurity as a compliance check rather than a real business issue, even though one cyber attack can desolate a whole business. CISOs have the power to push boards to see the value in proper security investment (e.g., advanced technologies and process automation).

Emerging Threats

These are a couple of the latest threats in the news, and with our continuous Emerging Cyber Threat Analysis, you can evaluate if you are vulnerable, compromised, to what extent, and what to do next for free as a newcomer.

Cisco Issues Critical Security Patches to Fix Small Business VPN Router Bugs	Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now
Cisco rolled out patches to address critical vulnerabilities that impacted its Small Business VPN routers. Remote attackers can use these vulnerabilities to execute arbitrary code and even cause a denial-of-service (DoS) condition. The issues include: CVE-2021-1609 (CVSS score: 9.8) CVE-2021-1610 (CVSS score: 7.2) They exist in the web-based management interface of the Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers running a firmware release prior to version 1.0.03.22. Both issues are due to a lack of proper validation of HTTP requests. Cisco says there is no evidence of active exploitation attempts, and there are no workarounds that address the vulnerabilities.	Attackers are looking for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were aired at the Black Hat conference. ProxyShell is the name for 3 vulnerabilities that perform unauthenticated, remote code execution on Microsoft Exchange servers when they are combined. The 3 vulnerabilities (exploited remotely through Microsoft Exchange’s Client Access Service (CAS) on port 443 in IIS) are: CVE-2021-34473 - Pre-auth Path Confusion leads to ACL Bypass (Patched in April by KB5001779) CVE-2021-34523 - Elevation of Privilege on Exchange PowerShell Backend (Patched in April by KB5001779) CVE-2021-31207 - Post-auth Arbitrary-File-Write leads to RCE (Patched in May by KB5003435) Microsoft Exchange admins are advised to install the latest cumulative updates to stay secure.

Cisco Issues Critical Security Patches to Fix Small Business VPN Router Bugs

Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now

Cisco rolled out patches to address critical vulnerabilities that impacted its Small Business VPN routers. Remote attackers can use these vulnerabilities to execute arbitrary code and even cause a denial-of-service (DoS) condition.

The issues include:

CVE-2021-1609 (CVSS score: 9.8)
CVE-2021-1610 (CVSS score: 7.2)

They exist in the web-based management interface of the Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers running a firmware release prior to version 1.0.03.22.

Both issues are due to a lack of proper validation of HTTP requests.

Cisco says there is no evidence of active exploitation attempts, and there are no workarounds that address the vulnerabilities.

Attackers are looking for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were aired at the Black Hat conference.

ProxyShell is the name for 3 vulnerabilities that perform unauthenticated, remote code execution on Microsoft Exchange servers when they are combined.

The 3 vulnerabilities (exploited remotely through Microsoft Exchange’s Client Access Service (CAS) on port 443 in IIS) are:

CVE-2021-34473 - Pre-auth Path Confusion leads to ACL Bypass (Patched in April by KB5001779)
CVE-2021-34523 - Elevation of Privilege on Exchange PowerShell Backend (Patched in April by KB5001779)
CVE-2021-31207 - Post-auth Arbitrary-File-Write leads to RCE (Patched in May by KB5003435)

Microsoft Exchange admins are advised to install the latest cumulative updates to stay secure.

Fletch Announcements/Updates

Early Fletch users that sign up TODAY will receive our Insider Threat solution and Continuous Emerging Cyber Threat Analysis for FREE FOREVER.

Start solving the most common cybersecurity issues and gain peace of mind! Get on our waitlist today and be the first to get access to Fletch and these two offerings. We will follow a first come first serve model.

Get Access Now