Blog

OpenSSL cert parsing bug causes infinite denial of service loop

OpenSSL has released a security update to address a vulnerability in the library that, if exploited, activates an infinite loop function and leads to denial of service conditions.

Denial of service attacks may not be the most disastrous security problem. However, it can still cause significant business interruption, long-term financial repercussions, and brand reputation degradation for those affected.

That is especially the case for software like OpenSSL, a ubiquitous secure communication library used by many large online platforms. Therefore, any vulnerability that affects the library can significantly impact a large number of users.

Certificates causing DoS

In this case, the high-severity OpenSLL problem lies in a bug on the BN_mod_sqrt() function, that if served a maliciously crafted certificate to parse, it will enter an infinite loop.

The certificate has to contain elliptic curve public keys in compressed form or elliptic curve parameters with a base point encoded in compressed form to trigger the flaw.

“Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack,” describes OpenSSL’s security notice.

“The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters.” 

Unfortunately, the problem impacts quite a few deployment scenarios, such as: 

  • TLS clients consuming server certificates
  • TLS servers consuming client certificates
  • Hosting providers taking certificates or private keys from customers
  • Certificate authorities parsing certification requests from subscribers
  • Anything else which parses ASN.1 elliptic curve parameters

The vulnerability is tracked as CVE-2022-0778, and affects OpenSSL versions 1.0.2 to 1.0.2zc, 1.1.1 to 1.1.1n, and 3.0 to 3.0.1. 

Google’s security researcher Tavis Ormandy discovered the certificate parsing vulnerability and reported his findings to the OpenSSL team on February 24, 2022.https://platform.twitter.com/embed/Tweet.html?creatorScreenName=BleepinComputer&dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NrZWxldG9uX2xvYWRpbmdfMTMzOTgiOnsiYnVja2V0IjoiY3RhIiwidmVyc2lvbiI6bnVsbH0sInRmd19zcGFjZV9jYXJkIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1503771787733069826&lang=en&origin=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fopenssl-cert-parsing-bug-causes-infinite-denial-of-service-loop%2F&sessionId=311e29408eba4153b418ae523e23f843cf490dd1&siteScreenName=BleepinComputer&theme=light&widgetsVersion=f9f80a909a60b%3A1648751432723&width=550px

The fixed versions released yesterday are 1.1.1n and 3.0.2, while only premium users of 1.0.2 will be offered a fix through 1.0.2zd.

Because version 1.0.2 does not parse the public key during the parsing of the certificate, the infinite loop is slightly more complicated to trigger than the other versions, but it’s still doable.

OpenSSL 1.0.2 has reached EOL and is not actively supported, so non-premium users are advised to upgrade to a new release branch as soon as possible.

Already exploited by threat actors?

Although OpenSSL has not said that the bug is already used by threat actors, Italy’s national cybersecurity agency, CSIRT, has marked it as actively exploited in the wild.

Bleeping Computer has contacted the OpenSSL team to request a clarification on this point, and they told us they are not aware of any active exploitation at this time.

Even if the message is mixed on that front, the low complexity of exploitation and the published information will allow threat actors to test and play quickly with the vulnerability in the future.

An OpenSSL spokesperson shared the following statement with Bleeping Computer:

The flaw is not too difficult to exploit, but the impact is limited to DoS. The most common scenario where exploitation of this flaw would be a problem would be for a TLS client accessing a malicious server that serves up a problematic certificate. TLS servers may be affected if they are using client authentication (which is a less common configuration) and a malicious client attempts to connect to it. It is difficult to guess to what extent this will translate to active exploitation.

Because most users obtain OpenSSL from a third party, there’s no centralized authority to count upgrade stats, so it’s impossible to estimate how many vulnerable deployments are out there.

Source :
https://www.bleepingcomputer.com/news/security/openssl-cert-parsing-bug-causes-infinite-denial-of-service-loop/

Critical SonicWall firewall patch not released for all devices

Security hardware manufacturer SonicWall has fixed a critical vulnerability in the SonicOS security operating system that allows denial of service (DoS) attacks and could lead to remote code execution (RCE).

The security flaw is a stack-based buffer overflow weakness with a 9.4 CVSS severity score and impacting multiple SonicWall firewalls.

Tracked as CVE-2022-22274, the bug affects TZ Series entry-level desktop form factor next-generation firewalls (NGFW) for small- and medium-sized businesses (SMBs), Network Security Virtual (NSv series) firewalls designed to secure the cloud, and Network Security services platform (NSsp) high-end firewalls.

Exploitable remotely without authentication

Unauthenticated attackers can exploit the flaw remotely, via HTTP requests, in low complexity attacks that don’t require user interaction “to cause Denial of Service (DoS) or potentially results in code execution in the firewall.”

The SonicWall Product Security Incident Response Team (PSIRT) says there are no reports of public proof-of-concept (PoC) exploits, and it found no evidence of exploitation in attacks.

The company has released patches for all impacted SonicOS versions and firewalls and urged customers to update all affected products.

“SonicWall strongly urges organizations using impacted SonicWall firewalls listed below to follow the provided guidance,” the company said in a security advisory published on Friday.

ProductImpacted PlatformsImpacted VersionFixed Version
SonicWall FireWallsTZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, Nsv 270, NSv 470, NSv 8707.0.1-5050 and earlier7.0.1-5051 and higher
SonicWall NSsp FirewallNSsp 157007.0.1-R579 and earlierMid-April (Hotfix build 7.0.1-5030-HF-R844)
SonicWall NSv FirewallsNSv 10, NSv 25, NSv 50, Nsv 100, NSv 200, Nsv, 300, NSv 400, NSv 800, NSv 16006.5.4.4-44v-21-1452 and earlier6.5.4.4-44v-21-1519 and higher

NSsp 15700 firewall gets hotfix, full patch in April

The only affected firewall still waiting for a patch against CVE-2022-22274 is the NSsp 15700 enterprise-class high-speed firewall.

While a hotfix is already available for those reaching out to the support team, SonicWall estimates that a full patch to block potential attacks targeting this firewall will be released in roughly two weeks.

“For NSsp 15700, continue with the temporary mitigation to avoid exploitation or reach out to the SonicWall support team who can provide you with a hotfix firmware (7.0.1-5030-HF-R844),” the company explained.

“SonicWall expects an official firmware version with necessary patches for NSsp15700 to be available in mid-April 2022.”

Temporary workaround available

SonicWall also provides a temporary workaround to remove the exploitation vector on systems that cannot be immediately patched.

As the security vendor explained, admins are required to only allow access to the SonicOS management interface to trusted sources.

“Until the [..] patches can be applied, SonicWall PSIRT strongly recommends that administrators limit SonicOS management access to trusted sources (and/or disable management access from untrusted internet sources) by modifying the existing SonicOS Management access rules (SSH/HTTPS/HTTP Management),” SonicWall added.

The updated access rules will ensure that the impacted devices “only allow management access from trusted source IP addresses.”

The company’s support website also provides customers with more information on how to restrict admin access and tips on when to allow access to the firewalls’ web management interface.

“SonicWall has proactively communicated mitigation guidance to any impacted organizations,” the security vendor told BleepingComputer. 

Source :
https://www.bleepingcomputer.com/news/security/critical-sonicwall-firewall-patch-not-released-for-all-devices/

Sophos warns critical firewall bug is being actively exploited

British-based cybersecurity vendor Sophos warned that a recently patched Sophos Firewall bug allowing remote code execution (RCE) is now actively exploited in attacks.

The security flaw is tracked as CVE-2022-1040, and it received a critical severity rating with a 9.8/10 CVSS base score. 

It enables remote attackers to bypass authentication via the firewall’s User Portal or Webadmin interface and execute arbitrary code.

The vulnerability was discovered and reported by an anonymous researcher who found that it impacts Sophos Firewall v18.5 MR3 (18.5.3) and older.

“Sophos has observed this vulnerability being used to target a small set of specific organizations primarily in the South Asia region,” the company said in an update to the original security advisory.

“We have informed each of these organizations directly. Sophos will provide further details as we continue to investigate.”

Hotfixes and workarounds

To address the critical bug, Sophos released hotfixes that should be automatically deployed to all vulnerable devices since the ‘Allow automatic installation of hotfixes’ feature is enabled by default.

However, hotfixes released for end-of-life versions of Sophos Firewall must manually upgrade to patch the security hole and defend against the ongoing attacks.

For these customers and those who have disabled automatic updates, there’s also a workaround requiring them to secure the User Portal and Webadmin interfaces by restricting external access.

“Customers can protect themselves from external attackers by ensuring their User Portal and Webadmin are not exposed to WAN,” Sophos added.

“Disable WAN access to the User Portal and Webadmin by following device access best practices and instead use VPN and/or Sophos Central for remote access and management.”

In the wild exploitation of Sophos Firewall bugs

Sophos provides detailed information on enabling the automatic hotfix installation feature and checking if the hotfix was successfully deployed.

After toggling on automatic hotfix installation, Sophos Firewall will check for new hotfixes every thirty minutes and after restarts.

Patching your Sophos Firewall instances is critically important especially since they have been previously exploited in the wild, with threat actors abusing an XG Firewall SQL injection zero-day starting with early 2020.

Asnarök trojan malware was also used to exploit the same zero-day to try and steal firewall credentials from vulnerable XG Firewall instances.

The zero-day was also exploited in attacks attempting to push Ragnarok ransomware payloads onto Windows enterprise networks.

Source :
https://www.bleepingcomputer.com/news/apple/sophos-warns-critical-firewall-bug-is-being-actively-exploited/

Trend Micro fixes actively exploited remote code execution bug

Japanese cybersecurity software firm Trend Micro has patched a high severity security flaw in the Apex Central product management console that can let attackers execute arbitrary code remotely.

Apex Central is a web-based management console that helps system admins manage Trend Micro products and services (including antivirus and content security products and services) throughout the network.

They can also use it to deploy components (e.g., antivirus pattern files, scan engines, and antispam rules) via manual or pre-scheduled updates.

The vulnerability (CVE-2022-26871) is a high severity arbitrary file upload weakness in the file handling module that unauthenticated attackers can abuse for remote code execution.

On Thursday, Trend Micro said it observed attempts to exploit the vulnerability in the wild as part of an ongoing attack.

“Trend Micro has observed an active attempt of exploitation against this vulnerability in-the-wild (ITW) in a very limited number of instances, and we have been in contact with these customers already,” the company said.

CISA orders federal agencies to patch

The Japanese antivirus vendor also urged customers of affected products (on-premise and as a Service) to update to the latest released version as soon as possible.

“Please note that the SaaS version has already been deployed on the backend and no further action is required from SaaS customers on this issue,” the company added for SaaS customers.

When asked how many customers were targeted in these attacks and if any of their networks were breached following these exploitation attempts, Trend Micro spokesperson Funda Cizgenakad told BleepingComputer that the company is “not able to comment on customers” since “this is confidential.”

On Thursday, following Trend Micro’s disclosure, the Cybersecurity and Infrastructure Security Agency (CISA) ordered federal civilian agencies to patch the actively exploited Apex Central bug within the next three weeks, until April 21, 2022.

The cybersecurity agency also urged private and public sector organizations in the US to prioritize patching this actively exploited bug to decrease their networks’ exposure to ongoing attacks.

CISA added the Trend Micro flaw to its Known Exploited Vulnerabilities Catalog, a list of security bugs exploited in the wild, with seven others, including a critical Sophos firewall bug.

Source :
https://www.bleepingcomputer.com/news/security/trend-micro-fixes-actively-exploited-remote-code-execution-bug/

Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac Devices

Apple on Thursday rolled out emergency patches to address two zero-day flaws in its mobile and desktop operating systems that it said may have been exploited in the wild.

The shortcomings have been fixed as part of updates to iOS and iPadOS 15.4.1, macOS Monterey 12.3.1, tvOS 15.4.1, and watchOS 8.5.1. Both the vulnerabilities have been reported to Apple anonymously.

Tracked as CVE-2022-22675, the issue has been described as an out-of-bounds write vulnerability in an audio and video decoding component called AppleAVD that could allow an application to execute arbitrary code with kernel privileges.

Apple said the defect was resolved with improved bounds checking, adding it’s aware that “this issue may have been actively exploited.”

The latest version of macOS Monterey, besides fixing CVE-2022-22675, also includes remediation for CVE-2022-22674, an out-of-bounds read issue in the Intel Graphics Driver module that could enable a malicious actor to read kernel memory.

The bug was “addressed with improved input validation,” the iPhone maker noted, once again stating there’s evidence of active exploitation, while withholding additional details to prevent further abuse.

The latest updates bring the total number of actively exploited zero-days patched by Apple to four since the start of year, not to mention a publicly disclosed flaw in the IndexedDB API (CVE-2022-22594), which could be weaponized by a malicious website to track users’ online activity and identities in the web browser.

  • CVE-2022-22587 (IOMobileFrameBuffer) – A malicious application may be able to execute arbitrary code with kernel privileges
  • CVE-2022-22620 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution

In light of active exploitation of the flaws, Apple iPhone, iPad, and Mac users are highly recommended to upgrade to the latest versions of the software as soon as possible to mitigate potential threats.

The iOS and iPad updates are available to iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

Source :
https://thehackernews.com/2022/03/apple-issues-patches-for-2-actively.html

Zyxel Releases Patches for Critical Bug Affecting Business Firewall and VPN Devices

Networking equipment maker Zyxel has pushed security updates for a critical vulnerability affecting some of its business firewall and VPN products that could enable an attacker to take control of the devices.

“An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions,” the company said in an advisory published this week. “The flaw could allow an attacker to bypass the authentication and obtain administrative access to the device.”

The flaw has been assigned the identifier CVE-2022-0342 and is rated 9.8 out of 10 for severity. Credited with reporting the bug are Alessandro Sgreccia from Tecnical Service Srl and Roberto Garcia H and Victor Garcia R from Innotec Security.

The following Zyxel products are impacted –

  • USG/ZyWALL running firmware versions ZLD V4.20 through ZLD V4.70 (fixed in ZLD V4.71)
  • USG FLEX running firmware versions ZLD V4.50 through ZLD V5.20 (fixed in ZLD V5.21 Patch 1)
  • ATP running firmware versions ZLD V4.32 through ZLD V5.20 (fixed in ZLD V5.21 Patch 1)
  • VPN running firmware versions ZLD V4.30 through ZLD V5.20 (fixed in ZLD V5.21)
  • NSG running firmware versions V1.20 through V1.33 Patch 4 (Hotfix V1.33p4_WK11 available now, with standard patch V1.33 Patch 5 expected in May 2022)

While there is no evidence that the vulnerability has been exploited in the wild, it’s recommended that users install the firmware updates to prevent any potential threats.

CISA warns about actively exploited Sophos and Trend Micro flaws

The disclosure comes as both Sophos and SonicWall released patches this week to their firewall appliances to resolve critical flaws (CVE-2022-1040 and CVE-2022-22274) that could allow a remote attacker to execute arbitrary code on affected systems.

The critical Sophos firewall vulnerability, which has been observed exploited in active attacks against select organizations in South Asia, has since been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities Catalog.

Also added to the list is a high-severity arbitrary file upload vulnerability in Trend Micro’s Apex Central product that could allow an unauthenticated remote attacker to upload an arbitrary file, resulting in code execution (CVE-2022-26871, CVSS score: 8.6).

“Trend Micro has observed an active attempt of exploitation against this vulnerability in-the-wild (ITW) in a very limited number of instances, and we have been in contact with these customers already,” the company said. “All customers are strongly encouraged to update to the latest version as soon as possible.”

Source :
https://thehackernews.com/2022/03/zyxel-releases-patches-for-critical-bug.html

QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Devices

Taiwanese company QNAP this week revealed that a selected number of its network-attached storage (NAS) appliances are affected by a recently-disclosed bug in the open-source OpenSSL cryptographic library.

“An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS,” the company said in an advisory published on March 29, 2022. “If exploited, the vulnerability allows attackers to conduct denial-of-service attacks.”

Tracked as CVE-2022-0778 (CVSS score: 7.5), the issue relates to a bug that arises when parsing security certificates to trigger a denial-of-service condition and remotely crash unpatched devices.

QNAP, which is currently investigating its line-up, said it affects the following operating system versions –

  • QTS 5.0.x and later
  • QTS 4.5.4 and later
  • QTS 4.3.6 and later
  • QTS 4.3.4 and later
  • QTS 4.3.3 and later
  • QTS 4.2.6 and later
  • QuTS hero h5.0.x and later
  • QuTS hero h4.5.4 and later, and
  • QuTScloud c5.0.x

To date, there is no evidence that the vulnerability has been exploited in the wild. Although Italy’s Computer Security Incident Response Team (CSIRT) released an advisory to the contrary on March 16, the agency clarified to The Hacker News that it has “updated the alert with an errata corrige.”

The advisory comes a week after QNAP released security updates for QuTS hero (version h5.0.0.1949 build 20220215 and later) to address the “Dirty Pipe” local privilege escalation flaw impacting its devices. Patches for QTS and QuTScloud operating systems are expected to be released soon.

Source :
https://thehackernews.com/2022/03/qnap-warns-of-openssl-infinite-loop.html

Is there such a thing as Spring4Shell?

Very early in the morning on March 30th (for me), my colleague DeveloperSteve posted a “Hey, have you seen this?” message in our slack channel. It was an “advance warning” of a “probable” remote code execution (RCE) in the massively popular Java Spring framework. I would come to find out that even earlier than that, the Snyk Security team started investigation a potential RCE in Spring after seeing a tweet that has since been deleted.

Details seemed sketchy at best at this point (about 1:20am EDT). There was a tweet with screenshots that had been deleted. There were references to a pull request (PR) that, as it turns out, was first put up on February 18th, but only merged on March 29th.

Various parties were trying to make the nickname “Spring4Shell” stick (or, sometimes just SpringShell), while Spring Core maintainers were adding comments to the PR saying there was no known RCE.

So, just what the heck was going on and what is going on now?

What’s the bottom line (for now)?

There’s a credible RCE vulnerability in spring-beans package, which is part of Spring Core. This is a key enabler of the inversion of control (IoC) capabilities of Spring. This is often referred to as dependency injection.

If you’ve used the @Autowired annotation or utilized the magic of constructor injection, you’ve encountered dependency injection in the Spring ecosystem.

In affected versions, an RCE is achievable by manipulating the ClassLoader via a carefully composed HTTP POST request.

At this time, the exploit is only known to be possible with a Java Runtime Environment (JRE) version 9 or greater AND Tomcat version 9 or greater.

The best immediate remediation is to deploy your application in an older version of the JRE and/or an older version of Tomcat.

We’ll continue to provide updates through our vulnerability database as the situation evolves.

Where is all the confusion coming from?

One of the first blog posts our team was alerted to in the wee hours of March 30th has since been deleted. This post referenced a tweet that was also deleted. Despite the double-delete, there was a verifiable reference to a commit to Spring Core related that is related to deserialization (a Java feature that has led to RCEs before – Log4Shell, anyone?).

The comment on this commit says:

Since SerializationUtils#deserialize is based on Java's serialization
mechanism, it can be the source of Remote Code Execution (RCE)
vulnerabilities.

As the day progressed, there was more buzz (with very little verifiable fact to back it up) that we might be dealing with an RCE in Spring Core.

Further down in the comments, a Spring Core committer validated another comment stating that this commit had nothing to do with any known RCE.

And, in fact, if you look at the PR the commit resolves, it was first opened on February 18th.

Now, here’s the kicker: while all this was going on, the Interwebs was busy conflating this evolving issue with another known issue in a completely different project: Spring Cloud Function. So as to not further this confusion, I won’t go into the details of this vulnerability. Suffice it to say that if you’re reading something on vulnerabilities in Spring Cloud, you’re barking up the wrong tree for information on Spring4Shell (please, can we give it a different name?)

So, what is Spring4Shell after all?

Stay tuned

We’ll be updating this blog as we learn more about Spring4Shell (last update: March 31, 2022)

Out of an abundance of caution and not wanting to act on incomplete information, security researchers at Snyk spent time reviewing the situation over the course of the day on March 30th.

At this time, our conclusion is that there’s a credible RCE threat in the Spring Core spring-beans package. For better or worse, Spring4Shell is sticking. It makes sense as there’s already a legitimate Spring Shell project in the Spring ecosystem.

Spring4Shell remediation

A new version of the Spring Framework has been released that the current exploit does not work on. It’s version 5.2.20.

And, if you work with Spring Boot, just today version 2.5.12 was released which integrates the changes to the Spring framework and spring-beans. Note: The latest Spring Boot release, 2.6.5, does NOT have these fixes in place. The Spring Boot team is working on release 2.6.6 which will include these updates as well. We’ll keep you posted when that becomes available.

Here’s a list of remediation steps you can take in order of preference:

  • If you use Spring Framework directly, upgrade to version 5.2.20
  • If you use Spring Boot, use version 2.15.12Note: This may represent a downgrade if you are already on 2.6.x as that version has not yet been updated to integrate these fixes
  • If you can’t upgrade your version of Spring at this time, use a version 8 JRE and/or Tomcat container to mitigate the issue

It’s worth noting that there will likely be additional updates to Spring as more (and potentially different) vulnerabilities are discovered. This is often the trajectory when a high degree of focus is put on a high severity issue like this (Log4Shell, anyone?).

Snyk’s tools have already been updated to notify you if you’re project is vulnerable!

Head on over to Snyk to sign up for a free account. From there (or on the command line) you can test your project to see if it’s vulnerable to Spring4Shell.

We expect to update this post and to produce a PoC code repository to demonstrate the RCE in version 9 and greater of the JRE and Tomcat. Tune in here for updates.

Source :
https://snyk.io/blog/is-there-such-a-thing-as-spring4shell/

New Data Centers Show Cisco’s Investment in a Global Cloud Architecture

You want a cybersecurity solution that safeguards your enterprise, not one that slows it down. So, finding a security partner that maintains a global data center network is crucial – this reduces latency and improves reliability. Fortunately, the Cisco Umbrella team backs an award-winning solution with an ever-expanding data center network that spans the globe.

Our data centers – located at key Internet Exchange Points (IXPs) around the world – improve Software-as-a-Service (SaaS) performance by up to 33% over direct internet access (DIA). And our engineers continue to build out this network to support global enterprise customers. We supplement this growing data center network with Anycast routing and a robust assortment of peering relationships, enabling Cisco Umbrella customers to experience the best of both worlds when it comes to security and performance.     

Expanding Cisco Umbrella’s Data Center Network

The Cisco Umbrella data center network allows our customers to utilize cybersecurity functionality that includes – but isn’t limited to – DNS-layer security, Secure Web Gateway (SGW), and Cloud Access Security Broker (CASB). A security efficacy test performed by AV-TEST found that Cisco Umbrella had the highest threat detection rate in the industry at 96.39%. And thanks in part to the network of data centers backing Umbrella, this security doesn’t come at the expense of performance.

The most recent additions to the Cisco Umbrella data center network include both brand-new locations and upgrades to existing facilities in:

Our team chooses new locations for their proximity to IXPs, allowing customers to take advantage of faster service. We also prioritize carrier-neutral data centers and heavily utilize colocation facilities. This gives users peace of mind, since Cisco Umbrella is fortified against downtime caused by carrier outages.

How Anycast Routing Makes a Difference

Anycast augmented routing allows our team to maximize performance for our customers. Anycast routing automatically selects the best path to a Cisco Umbrella data center, evaluating things like availability and connection quality.

Not only does Anycast routing reduce latency, but it also helps shield Cisco Umbrella users from outages. If one of the data centers in our network goes down, traffic will automatically fail over to the best available data center. Alternately, users can manually configure tunnels to a Cisco Umbrella data center of their choice to ensure ongoing availability and redundancy.  

Reducing Latency With Peering Partners

Of course, a robust data center network isn’t the only factor affecting latency within a cybersecurity solution. That’s why Cisco Umbrella maintains peering partnerships with 1,000+ internet service providers (ISPs), Content Delivery Networks (CDNs), and Software-as-a-Service (SaaS) providers. These partnerships result in more than 6,000 peering sessions with our premier partners.

Text reading "Some of our peering partners." Underneath the text are logos for AT&T, BT Media & Broadcast, GoogleFiber, Verizon, Amazon, Netflix, Dell Services, Huawei, Microsoft, Alibaba.com, SalesForce, Google, Facebook, Box, Baidu, and Cisco Webex.

Peering partnerships serve as a valuable shortcut between customer networks, ISPs, CDNs, and SaaS solutions. This reduces routing hops and shrinks latency, allowing customers to enjoy enhanced performance without ever sacrificing Cisco Umbrella’s world-class security.

Ready to See the Cisco Umbrella Data Center Network In Action?

Explore the full potential of Cisco Umbrella when you sign up for a free, personalized demo today!

Source :
https://umbrella.cisco.com/blog/new-data-centers-show-cisco-investment-global-cloud-architecture

Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability

Google on Friday shipped an out-of-band security update to address a high severity vulnerability in its Chrome browser that it said is being actively exploited in the wild.

Tracked as CVE-2022-1096, the zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine. An anonymous researcher has been credited with reporting the bug on March 23, 2022.

Type confusion errors, which arise when a resource (e.g., a variable or an object) is accessed using a type that’s incompatible to what was originally initialized, could have serious consequences in languages that are not memory safe like C and C++, enabling a malicious actor to perform out-of-bounds memory access.

“When a memory buffer is accessed using the wrong type, it could read or write memory out of the bounds of the buffer, if the allocated buffer is smaller than the type that the code is attempting to access, leading to a crash and possibly code execution,” MITRE’s Common Weakness Enumeration (CWE) explains.

The tech giant acknowledged it’s “aware that an exploit for CVE-2022-1096 exists in the wild,” but stopped short of sharing additional specifics so as to prevent further exploitation and until a majority of users are updated with a fix.

CVE-2022-1096 is the second zero-day vulnerability addressed by Google in Chrome since the start of the year, the first being CVE-2022-0609, a use-after-free vulnerability in the Animation component that was patched on February 14, 2022.

Earlier this week, Google’s Threat Analysis Group (TAG) disclosed details of a twin campaign staged by North Korean nation-state groups that weaponized the flaw to strike U.S. based organizations spanning news media, IT, cryptocurrency, and fintech industries.

Google Chrome users are highly recommended to update to the latest version 99.0.4844.84 for Windows, Mac, and Linux to mitigate any potential threats. Users of Chromium-based browsers such as Microsoft Edge, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

Source :
https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html