A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of the DNS reputation enforcement rule. An attacker could exploit this vulnerability by sending crafted UDP packets through an affected device to force a buildup of UDP connections. A successful exploit could allow the attacker to cause traffic that is going through the affected device to be dropped, resulting in a DoS condition. Note: This vulnerability only affects Cisco FTD devices that are running Snort 3.

**Cisco Firepower Threat Defense Software DNS Enforcement Denial of Service Vulnerability**

High

CVE-2022-20767

CWE-399

Download CVRF

Email

**

Summary

**

*   A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
    
    The vulnerability is due to improper handling of the DNS reputation enforcement rule. An attacker could exploit this vulnerability by sending crafted UDP packets through an affected device to force a buildup of UDP connections. A successful exploit could allow the attacker to cause traffic that is going through the affected device to be dropped, resulting in a DoS condition.
    
    **Note:** This vulnerability only affects Cisco FTD devices that are running Snort 3.
    
    Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
    
    This advisory is available at the following link:  
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FTD-snort3-DOS-Aq38LVdM
    
    This advisory is part of the April 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2022 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication.
    

**

Affected Products

**

*   This vulnerability affects Cisco platforms if they are running a vulnerable release of Cisco FTD Software and both of the following conditions are met:
    
    *   The device is running Snort 3.
    *   DNS reputation enforcement is enabled on the device.
    
    For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory.
    
    Snort 3 is running by default for new installations of Cisco FTD releases 7.0.0 and later. On devices that were running Cisco FTD Release 6.7.0 or earlier and were upgraded to Release 7.0.0 or later, Snort 2 is running by default.
    
    DNS reputation enforcement is enabled by default on Cisco FTD releases 6.7 and later. DNS reputation enforcement was introduced in Cisco FTD Release 6.7.
    
    **Determine Cisco FTD Configuration through the FTD CLI**
    
    To determine if Snort 3 is configured on a device, log in to the FTD CLI and use the **show snort3 status** command. If the command produces the following output, the device is running Snort 3 and may be affected by this vulnerability:
    
    > \> **show snort3 status**  
    > Currently running Snort 3
    
    To determine if DNS Reputation Enforcement is enabled, do the following:
    
    1.  Log in to the FTD CLI.
    2.  Use the **expert** command to enter expert mode.
    3.  Go to the lua directory. This directory is located at /ngfw/var/sf/detection\_engines/_uuid_/lua, where _uuid_ is the universally unique identifier for the Cisco FTD installation.
    4.  Use the **grep** command to search for _dns\_filter_ in the _firewall.lua_ file in the lua directory.
        *   If **dns\_filtering\_enabled = true** is in the file, the device is affected by this vulnerability.
        *   If **dns\_filtering\_enabled = false** is in the file, the device is not affected by this vulnerability.
        *   If **dns\_filtering\_enabled** is not in the file, the device is not affected by this vulnerability.
    
    > \>expert  
    > expert admin@ftd700:~$ cd /ngfw/var/sf/detection\_engines/e4dec56e-ef9e-11eb-b690-6843d4a521ed/lua/  
    > expert admin@ftd700:~$ grep dns\_filter firewall.lua  
    >  dns\_filtering\_enabled = true
    
    **Note:** The show **access-control-config** command does not show the correct status of the DNS reputation enforcement setting due to defect CSCwb37077.
    
    **Determine Cisco FTD Configuration for Cisco Firepower Management Center (FMC) Managed Devices**
    
    To determine if Snort 3 is configured on a device, do the following:
    
    1.  Log in to the FMC web interface.
    2.  From the **Devices** menu, choose **Device Management**.
    3.  Choose the appropriate FTD device.
    4.  Click the **Edit** pencil icon.
    5.  Click the **Device** tab and look in the **Inspection Engine** area.
        *   If **Snort 2** is listed, the device is not affected by this vulnerability.
        *   If **Snort 3** is listed, the device may be affected by this vulnerability.
    
    To determine if DNS reputation enforcement is enabled, do the following:
    
    1.  Log in to the FMC web interface.
    2.  From the **Policies** menu, choose **Access Control**.
    3.  Choose the policy to review.
    4.  Click the **Edit** pencil icon.
    5.  Click the **Advanced** tab.
    6.  In the **General Settings** area, look for **Enable reputation enforcement on DNS traffic.**
    
    *   If the setting is **Yes**, the device is affected by this vulnerability.
    *   If the setting is **No**, the device is not affected by this vulnerability.
    
    **Determine Cisco FTD Configuration for Cisco Firepower Device Management (FDM) Managed Devices**
    
    To determine if Snort 3 is configured on a device, do the following:
    
    1.  Log in to the FTD web interface.
    2.  From the main menu, choose **Policies**.
    3.  Click the **Intrusion** tab.
    4.  Look for the **Inspection Engine** version. The version will start with either a _2_ for Snort 2 or a _3_ for Snort 3.
        *   If the version begins with a _2_, the device is running a Snort 2 version and is not affected by this vulnerability.
        *   If the version begins with a _3_, the device is running a Snort 3 version and could be affected by this vulnerability.
    
    To determine if DNS reputation enforcement is enabled, do the following:
    
    1.  Log in to the FTD web interface.
    2.  From the main menu, choose **Policies**.
    3.  Click the **Access Control** tab.
    4.  Click the **Settings** gear.
    5.  Look for **Reputation Enforcement on DNS traffic**.
    
    *   If the setting is on, the device is affected by this vulnerability.
    *   If the setting is off, the device is not affected by this vulnerability.
    
    **Determine Cisco FTD Configuration for Cisco Defense Orchestrator Managed Devices**
    
    To determine if Snort 3 is configured, do the following:
    
    1.  Log in to the Cisco Defense Orchestrator web interface.
    2.  From the **Inventory** menu, choose the appropriate FTD device.
    3.  In the **Device Details** area, look for **Snort Version**. The version will start with either a _2_ for Snort 2 or a _3_ for Snort 3.
        *   If the version begins with a _2_, the device is running a Snort 2 version and is not affected by this vulnerability.
        *   If the version begins with a _3_, the device is running a Snort 3 version and could be affected by this vulnerability.
    
    To determine if DNS reputation enforcement is enabled, do the following:
    
    1.  Log in to the Cisco Defense Orchestrator web interface.
    2.  From the **Inventory** menu, choose the appropriate FTD device.
    3.  In the **Management** area, click **Policy**.
    4.  Click the **Settings** gear.
    5.  Look for **Reputation Enforcement on DNS traffic.**
        *   If the setting is on, the device is affected by this vulnerability.
        *   If the setting is off, the device is not affected by this vulnerability.
    
    Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.
    
    Cisco has confirmed that this vulnerability does not affect the following Cisco products:
    
    *   Adaptive Security Appliance (ASA) Software
    *   FMC Software
    *   FTD Software that is running Snort 2
    *   Meraki MX Series Software
    *   Open source Snort 2 Project
    *   Open source Snort 3 Project
    

**

Workarounds

**

*   There are no workarounds that address this vulnerability. However, as a mitigation, administrators can disable DNS reputation enforcement. Disabling DNS reputation enforcement from the FTD CLI is not recommended because that process does not update the setting in the management device. This could cause instability in the system or unplanned reversion of the setting.
    
    To disable DNS reputation enforcement for Cisco FMC managed devices, do the following:
    
    1.  Log in to the FMC web interface.
    2.  From the **Policies** menu, choose **Access Control**.
    3.  Choose the policy to review.
    4.  Click the **Edit** pencil icon.
    5.  Click the **Advanced** tab.
    6.  Click the **Edit** pencil icon for **General Settings**.
    7.  Uncheck the **Enable reputation enforcement on DNS traffic** check box to turn the setting off.
    8.  Click **OK**.
    9.  Deploy the change to the FTD devices.
    
    To disable DNS reputation enforcement for Cisco FDM managed devices, do the following:
    
    1.  Log in to the FTD web interface.
    2.  From the main menu, click **Policies**.
    3.  Click the **Access Control** tab.
    4.  Click the **Settings** gear.
    5.  Look for the **Reputation Enforcement on DNS traffic**.
    6.  Click the switch to turn the setting off.
    7.  Click **OK**.
    
    To disable DNS Reputation Enforcement for Cisco Defense Orchestrator managed devices, do the following:
    
    1.  Log in to the Cisco Defense Orchestrator web interface.
    2.  From the **Inventory** menu, choose the appropriate FTD device.
    3.  In the **Management** area, click **Policy**.
    4.  Click the **Settings** gear.
    5.  Look for the **Reputation Enforcement on DNS traffic**.
    6.  Click the switch to turn the setting off.
    7.  Click **OK**.
    8.  Deploy the change to the FTD device.
    
    While these mitigations have been deployed and were proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.
    

**

Fixed Software

**

*   Cisco has released free software updates that address the vulnerability described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels.
    
    Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:  
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
    
    Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
    
    The Cisco Support and Downloads page on Cisco.com provides information about licensing and downloads. This page can also display customer device support coverage for customers who use the My Devices tool.
    
    When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
    
    In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
    
    **Customers Without Service Contracts**
    
    Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html
    
    Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
    
    **Fixed Releases**
    
    In the following table(s), the left column lists Cisco software releases. The center column indicates whether a release is affected by the vulnerability described in this advisory and the first release that includes the fix for this vulnerability. The right column indicates whether a release is affected by any of the Critical or High SIR vulnerabilities described in this bundle and which release includes fixes for those vulnerabilities.
    
    **FTD Software**
    
    Cisco FTD Software Release
    
    First Fixed Release for This Vulnerability
    
    First Fixed Release for All Vulnerabilities Described in the Bundle of Advisories
    
    6.2.2 and earlier1
    
    Not vulnerable.2
    
    Migrate to a fixed release.
    
    6.2.3
    
    Not vulnerable.2
    
    Migrate to a fixed release.
    
    6.3.01
    
    Not vulnerable.2
    
    Migrate to a fixed release.
    
    6.4.0
    
    Not vulnerable.2
    
    6.4.0.15 (May 2022)
    
    6.5.01
    
    Not vulnerable.2
    
    Migrate to a fixed release.
    
    6.6.0
    
    Not vulnerable.2
    
    6.6.5.2
    
    6.7.0
    
    Migrate to a fixed release.3
    
    Migrate to a fixed release.
    
    7.0.0
    
    7.0.2 (May 2022)
    
    7.0.2 (May 2022)
    
    7.1.0
    
    7.1.0.1
    
    7.1.0.1
    
    1\. Cisco FMC and FTD Software releases 6.2.2 and earlier, as well as releases 6.3.0 and 6.5.0, have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability.
    
    2\. Snort 3 was first included in Cisco FTD Release 6.7.0 for Cisco FDM and Cisco Defense Orchestrator managed devices. Snort 3 was first released in Cisco FTD Release 7.0.0 for Cisco FMC managed devices.
    
    3\. Only Cisco FDM and Cisco Defense Orchestrator managed devices are vulnerable in Release 6.7.0. Cisco FMC managed devices are not vulnerable because Snort 3 was not released in Cisco FMC managed devices until Release 7.0.0.
    
    For instructions on upgrading your FTD device, see Cisco Firepower Management Center Upgrade Guide.
    
    The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.
    

**

Exploitation and Public Announcements

**

*   The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
    

**

Source

**

*   This vulnerability was found during the resolution of a Cisco TAC support case.
    

**

Cisco Security Vulnerability Policy

**

*   To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
    

*   Subscribe
    

**

Related to This Advisory

**

*   Cisco Event Response: April 2022 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication
    

**

URL

**

*   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FTD-snort3-DOS-Aq38LVdM
    

**

Revision History

**

*   Version
    
    Description
    
    Section
    
    Status
    
    Date
    
    1.0
    
    Initial public release.
    
    \-
    
    Final
    
    2022-APR-27
    
    Show Less
    

**

Legal Disclaimer

**

*   THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
    
    A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
    

**

Feedback

**

*   Leave additional feedback

CVE-2022-20767: Cisco Security Advisory: Cisco Firepower Threat Defense Software DNS Enforcement Denial of Service Vulnerability

Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation's prison population to perform low-cost IT work for domestic companies.

Image: Proxima Studios, via Shutterstock.

Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies.

Multiple Russian news outlets published stories on April 27 saying the Russian **Federal Penitentiary Service** had announced a plan to recruit IT specialists from Russian prisons to work remotely for domestic commercial companies.

Russians sentenced to forced labor will serve out their time at one of many correctional centers across dozens of Russian regions, usually at the center that is closest to their hometown. **Alexander Khabarov**, deputy head of Russia’s penitentiary service, said his agency had received proposals from businessmen in different regions to involve IT specialists serving sentences in correctional centers to work remotely for commercial companies.

Khabarov told Russian media outlets that under the proposal people with IT skills at these facilities would labor only in IT-related roles, but would not be limited to working with companies in their own region.

“We are approached with this initiative in a number of territories, in a number of subjects by entrepreneurs who work in this area,” Khabarov told Russian state media organization TASS. “We are only at the initial stage. If this is in demand, and this is most likely in demand, we think that we will not force specialists in this field to work in some other industries.”

According to Russian media site Lenta.ru, since March 21 nearly 95,000 vacancies in IT have remained unfilled in Russia. Lenta says the number unfilled job slots actually shrank 25 percent from the previous month, officially because “many Russian companies are currently reviewing their plans and budgets, and some projects have been postponed.” The story fails to even mention the recent economic sanctions that are currently affecting many Russian companies thanks to Russia’s invasion of Ukraine in late February.

The **Russian Association for Electronic Communications** (RAEC) estimated recently that between 70,000 and 100,000 people will leave Russia as part of the second wave of emigration of IT specialists from Russia. “The study also notes that the number of IT people who want to leave Russia is growing. Experts consider the USA, Germany, Georgia, Cyprus and Canada to be the most attractive countries for moving,” Lenta reported of the RAEC survey.

It’s not clear how many “IT specialists” are currently serving prison time in Russia, or precisely what that might mean in terms of an inmate’s IT skills and knowledge. According to the BCC, about half of the world’s prison population is held in the United States, Russia or China. The BCC says Russia currently houses nearly 875,000 inmates, or about 615 inmates for every 100,000 citizens. The United States has an even higher incarceration rate (737/100,000), but also a far larger total prison population of nearly 2.2 million.

**Sergei Boyarsky**, deputy chairman of the Russian Duma’s Committee on Information Policy, said the idea was worth pursuing if indeed there are a significant number of IT specialists who are already incarcerated in Russia.

“I know that we have a need in general for IT specialists, this is a growing market,” said Boyarsky, who was among the Russian leaders sanctioned by the United States Treasury on Marc. 24, 2022 in response to the Russian invasion of Ukraine. Boyarsky is head of the St. Petersburg branch of United Russia, a strongly pro-Putin political party that holds more than 70 percent of the seats in the Russian State Duma.

“Since they still work there, it would probably be right to give people with a profession that allows them to work remotely not to lose their qualifications,” Boyarsky was quoted as saying of potentially qualified inmates. “At a minimum, this proposal is worth attention and discussion if there are a lot of such specialists.”

According to Russia’s penitentiary service, the average salary of those sentenced to forced labor is about 20,000 rubles per month, or approximately USD $281. Russian news outlet RBC reports that businesses started using prison labor after the possibility of creating correctional centers in organizations appeared in 2020. RBC notes that Russia now has 117 such centers across 76 Russian regions.

Russia to Rent Tech-Savvy Prisoners to Corporate IT?

Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2

This release includes the following new features and enhancements:

*   Identity Server Authentication APIs
    
*   Integration of Microsoft Windows Autopilot with Access Manager
    
*   Support for Specifying Scopes for a Client Application
    
*   Integration with Itsme
    
*   Analytics Dashboard Plug-in Support
    
*   Enhanced WS-Federation Service Provider
    
*   Enhancements to Upgrade Assistant
    
*   Support for Integration with Advanced Authentication as a Service
    
*   Enhanced UserInfo Endpoint to Decrypt Tokens Encrypted Using Custom Keys
    
*   Updates for Dependent Components
    
*   Videos
    

**1.1 Identity Server Authentication APIs**

This release introduces Identity Server authentication APIs. These APIs enable you to build your own end-to-end login experience replacing the built-in user portal login experience. You can use these APIs in the following scenarios:

Primary Authentication: Verifies the end-users' credentials using one of the following methods:

*   Name/Password - Basic
    
*   Name/Password - Form
    
*   Secure Name/Password - Basic
    
*   Secure Name/Password - Form
    

Multi-factor Authentication: When Access Manager is integrated with Advanced Authentication through the plug-in approach, the API supports multi-factor authentication for the following methods:

*   Smartphone
    
*   Voice call
    

For more information about these APIs, see Identity Server Authentication API.

You can also configure the default user attributes that you want in the authentication response.

For information about configuring the attributes list, see Identity Server Authentication APIs in the NetIQ Access Manager 5.0 Administration Guide.

**1.5 Analytics Dashboard Plug-in Support**

This release introduces Analytics Dashboard plug-in for the following products: NetIQ SecureLogin.

*   NetIQ SecureLogin
    
    For more information, see Analytics Dashboard in the NetIQ SecureLogin 9.0 Administration Guide.
    
*   NetIQ Secure API Manager
    

_NOTE:_The plug-in is not supported with Access Manager container deployment.

**1.8 Support for Integration with Advanced Authentication as a Service**

In addition to the integration with on-premises Advanced Authentication, Access Manager now supports integration with the Advanced Authentication as a Service.

For more information about how to integrate, see Multi-Factor Authentication Using Advanced Authentication.

**1.9 Enhanced UserInfo Endpoint to Decrypt Tokens Encrypted Using Custom Keys**

With this release, when JWT is encrypted using custom keys provided in the resource server, user info endpoint is able to decrypt the JWT and provide valid user info details in response.

**1.10 Updates for Dependent Components**

This release provides the following updated components:

*   Tomcat 9.0.55
    
*   Apache 2.4.53
    
*   Log4j 2.17.1
    
*   JDK 1.8.0\_312
    
*   OpenSSL 1.0.2zd
    

**1.11 Videos**

This release includes the following videos:

*   Access Manager Upgrade Assistant: Registration and Upgrade on RHEL and SLES
    

*   Integrating Access Manager with Itsme

CVE-2022-26326: Access Manager 5.0 Service Pack 2 Release Notes

Breaches can happen to anyone, but a well-oiled machine can internally manage and externally remediate in a way that won't lead to extensive damage to a company's bottom line. (Part 1 of a series.)

Wise security professionals understand that threat actors aren't sitting still, and they aren't playing by the same rules as old-school groups. Lapsus$, for example, is gaining notoriety for its unpredictable behavior, using tactics like extortion and bribing insiders for initial access. It has left even the most experienced security pros scratching their heads.

When you find your organization has been breached, will you be scrambling to figure out your security incident response and remediation plan when your team can't think straight, or will your response be as simple as muscle memory? To minimize the damage done when a security incident occurs, it's important to look inward.

**Keep a Tight Ship  
**I would never dare promise to "eliminate cyber threats," but I can provide strong recommendations to improve internal security. Analyzing some of the latest Lapsus$ victims, we can learn a few things.

First, **_credential security is imperative._** Sooner or later, a threat actor will compromise credentials in your organization. It's not realistic for a business to expect all employees to refuse extortion attempts at all costs. Understanding this reality turns the impossible task into a practical solution.

Security teams should shift their focus from purely _preventing_ credential compromise to _tracking_ user behavior so that anomalies can be quickly identified and acted upon.

Lastly, when discussing the Lapsus$ incidents and others like them that are using extortion and bribery to initiate entry, we must discuss the importance of cybersecurity awareness and insider threat training. Many organizations have put some level of end-user security training into practice. But clearly, that isn't enough to stop novel threat groups from breaching the last line of defense.

**Managing Third-Party Companies  
**Organizations can't prepare their own privacy and security practices in a vacuum — we all depend on a large network of products and services to do our jobs.

Repeat after me: _Anyone (or any organization) could easily be a victim of a third-party incident._

If you were to assess the privileges of each of your third-party solutions, would you be proud of what you found? Chances are, there are weak spots in access protocols. Your third-party solutions likely have access to things they shouldn't. Your contractual agreements probably aren't bulletproof either.

While it's important to factor in the balance of manageable risk with return on investment, it's also essential to foster a collaborative yet vigilant relationship with all of your external parties. It's about defining a clear contract with vendors that involves security early on, focusing on shared responsibilities for security, good architecture, and timely communication.

**Check on Cybersecurity Checklists  
**Creating a cybersecurity checklist should be a requirement to do business with any third party. The checklist should include (but is not limited to): thoroughly vetting vendors' privacy and security standards; adding terms and conditions within your contract to address what would happen in the case of an outage and the costs each party would incur; and contingency plans for employees who may depend on technology or software solutions to do their jobs. Take a similar approach whenever your organization is involved in any type of M&A activity, as the risks apply to those scenarios as well.

There will always be risks associated with third-party solutions, but living in a bubble isn't realistic. Managing this risk by having visibility and security capabilities across the entire security incident response life cycle must be the endgame.

**Communicating Gaps  
**Organizations experiencing a security incident must not hide behind a third party and shouldn't blame their employees. They also must not allow lawyers to create smokescreens around what happened. This helps no one in the long term and only saves face until it doesn't anymore.

Communication around current vulnerabilities and threats is constantly flowing in healthy, well-prepared organizations. As a security practitioner, you should be proactive in how you communicate with leadership. It's extremely effective to manage up by sending a notice to leadership about a new breach or vulnerability with your insight added. Security analysts can offer value by proactively showing that they've already checked "XYZ" and that they're running automated queries for indicators of compromise, etc. They can forward that to their CISO for that person to share upward. CISO/SOC leadership can then take action to fill that gap.

Additionally, when a security incident occurs, security analysts should feel comfortable saying "we didn't have the capabilities to identify this incident." Effective operations require reflection on your own security incidents and thought experiments with other shared problems in the security community. Be honest and document everything. From there, they can use these proof points to work with leadership and fill in the gaps.

**Culture Is Key  
**No one with a straight face can deny the importance of security culture when it comes to keeping a tight ship, managing third-party security, and mastering internal communication. Culture weaves through it all. Motivated employees with excellent support from their team members and leadership are less likely to make errors and are also less likely to turn around and give information to a cybercriminal when faced with the temptation of shiny rewards or, worse, revenge.

Fostering a culture of open communication (as opposed to fear of making a mistake) will help your security analysts feel like they can talk to leadership about what gaps need to be filled to properly do their jobs and minimize the impact of future breaches.

Security incidents will happen to everyone, but a well-oiled machine can internally manage and externally remediate in a way that won't lead to extensive damage to a company's bottom line. Many companies are overwhelmed with just the thought of a breach happening — imagine how they panic when a breach actually occurs.

_Stay tuned for Part 2 later this week, which will provide advice on handling the public's response after an incident._

Security Stuff Happens: What Do You Do When It Hits the Fan?

Aamir Lakhani, global security strategist and researcher at FortiGuard Labs, zeroes in on how adversaries are targeting 'remote everything'.

Aamir Lakhani, global security strategist and researcher at FortiGuard Labs, zeroes in on how adversaries are targeting ‘remote everything’.

The rise of remote work and learning opened new opportunities for many people – as we’ve seen by the number of people who have moved to new places or adapted to “workcations.” Cybercriminals are taking advantage of the same opportunities – just in a different way. Evaluating the prevalence of malware variants by region reveals a sustained interest by cyber adversaries in maximizing the remote work and learning attack vector.

****What Malware Trends are Showing****

Our FortiGuard Labs research team dug into the prevalence of malware variants by region for the second half of 2021. What they found shows a sustained interest by cyber adversaries in maximizing the remote work and learning attack vector. The team found that various forms of browser-based malware were prevalent. Often, this takes the form of phishing lures or scripts that inject code or redirect users to malicious sites.

Detections vary across regions, of course, but can be largely grouped into three broad distribution mechanisms: Microsoft Office executables (MSExcel/, MSOffice/), PDF files and browser scripts (HTML/, JS/). Files packed with the Microsoft Intermediate Language (MSIL) are another common feature.

It’s worthy of note that some kinds of browser-based malware occupy the top spots in all regions. Such techniques have gained prominence recently as a way to exploit peoples’ desire for the latest news about COVID-19, politics, sports or any current headline. And since many are browsing from their home networks these days, there are fewer layers of protection between such malware and would-be victims (e.g., no corporate web filters).

****The Rise of Exploit Kits****

The use of exploit kits (EKs) is one element that has clearly helped cybercriminals in their efforts to execute malware. These kits are automated programs attackers use to exploit systems or applications. What makes an exploit kit very dangerous is its ability to identify victims while they browse the web. After they target a potential victim’s vulnerabilities, attackers can download and execute their malware of choice.

Exploit kits work automatically and silently as they look for vulnerabilities on a user’s machine while they browse the web. Currently, exploit kits are the preferred method for the distribution of remote access tools (RATs) or mass malware by cybercriminals, especially those seeking to profit financially from an exploit.

What’s especially insidious is that EKs don’t require victims to download a file or attachment. The victim need only browse on a compromised website, and then that site pulls in hidden code that attacks vulnerabilities in the user’s browser.

Currently, older kits are available to the public. Attackers have been taking these older kits and modifying them, making them more resilient to newer security detection strategies. Also, many of these kits are being advertised for sale online. Attackers offer these kits for rent on these sites and offer support and update contracts to guarantee they work against future updates.

****Addressing the Remote Everything Security Problem****

As hybrid work and learning become embedded paradigms in our culture, there are fewer layers of protection between malware and would-be victims. And bad actors are gaining access to more tools to help them pull off their nefarious deeds – like exploit kits. At the same time, the attack surface has rapidly expanded and continues to do so.

That means enterprises must take a work-from-anywhere approach to their security. They need to deploy solutions capable of following, enabling and protecting users no matter where they are located. They need security on the endpoint (EDR) combined with zero trust network access (ZTNA) approaches.

Another vital component and best practice of modern security strategy is the development of a holistic security mesh, wherein fully integrated security, services and threat intelligence seamlessly follow users on the road, at home or in the office to provide enterprise-grade protection and productivity across the extended network.

This simplifies and satisfies the demands of today’s three most common WFA scenarios: the corporate office, the home office and the mobile worker. Enterprises must secure mission-critical applications, so securing access to those applications, the networks to connect to those applications, and the devices that run those applications remain a vital component of a layered defense – even when working from a traditional location.

In the home office, risk lurks in the home networks that are often poorly secured with retail wireless routers and contain vulnerable IoT devices, which can be a pathway for hacker to gain access. And mobile workers regularly rely on untrusted and unsecured networks to access critical business resources. This can introduce unique threats, enabling cybercriminals to launch attacks against inadequately protected devices or intercept exposed communications.

A holistic integration of endpoint security, network security and ZTA/ZTNA addresses the challenges that WFA presents.

Criminals will make the most of any possible threat scenario, and the past two years have provided many opportunities for network attack. Malware trends and the rise of exploit kits have proven this point, and it’s now incumbent upon IT security teams to re-evaluate their security posture and adjust as needed. A comprehensive, integrated security mesh that accounts for all work possibilities is a best practice.

**_Aamir Lakhani is cybersecurity researcher and practitioner at FortiGuard Labs_.**

**_Enjoy additional insights from Threatpost’s Infosec Insiders community by visiting our microsite._**

Bad Actors Are Maximizing Remote Everything

CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection.

**Older versions of CSV-Safe gem doesn't filter out special characters which could trigger CSV Injection. (< 3.0.0)**

**Vulnerability Type**  
CSV Injection

**Product**  
csv-safe

**Affected Product Code Base**  
CSV-safe - <3.0.0 are effected

**Affected Component**  
Sanitization of CSV Injection vectors.

**Attack Type**  
Remote

**Attack Vector**  
**%0A-3+3+cmd|' /C calc'!D2** could be used to bypass CSV injection sanitizations in older versions.

**Discoverers**  
Danish Tariq

**Fixed by**  
Gabriel Rios - #8

**References**  
https://github.com/zvory/csv-safe  
#8  
https://hackerone.com/reports/223999  
WeblateOrg/weblate@d9e136f  
https://bugzilla.mozilla.org/show\_bug.cgi?id=1259881

CVE-2022-28481: Older versions of CSV-Safe gem doesn't filter out special characters which could trigger CSV Injection. (< 3.0.0)  · Issue #7 · zvory/csv-safe

A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.

**

Applications

**

Download PingID as a mobile application for your iOS or Android device, or as a simple and secure desktop application for macOS or Windows. Fully managed by Ping, these applications help enterprises provide convenient security factors that ensure their employees and partners are who they say they are.

**

Mobile

**

**

Desktop

**

SHA256 590269efe33ddf94cfaee5e5a45cf96afb14bf4493781d95d0f355530cee872b Copied!

SHA256 3ae57cb2b2847c2522ca13a926d1e8e5926c22c086ee97521da4e7562e4240c9 Copied!

**

SDK Integration Kit

**

The PingID SDK is a multi-factor authentication (MFA) solution for your customers that prioritizes security and convenience. For MFA, it allows you to send push notifications from your own mobile application, or to send one-time passcodes (OTPs) via email, SMS or voice. It also includes the ability to login with a QR code to give your customers passwordless and usernameless authentication. This integration kit has everything you need to deploy the PingID SDK standalone or with PingFederate. The download includes:

*   **A mobile SDK** to embed secure, user-friendly MFA into your own mobile app (including server-side and mobile sample apps).
    
*   **A PingFederate adapter** that allows you to trigger MFA from PingFederate policies.
    
*   **A PingFederate connector** to provision and manage user lifecycles in the PingID SDK.
    

_\* By downloading the PingID SDK Integration Kit you agree to the license terms._

**DOCUMENTATION**

Admins | Developers

**

Integrations

**

You can integrate PingID with a wide variety of products and services.  

Start Today

See how Ping can help you deliver secure employee and customer experiences in a rapidly evolving digital world.

CVE-2021-41992: PingID Downloads

A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.

This document

All documents

This document

Contents

Loading...

CVE-2021-41994: Ping Identity Documentation Portal

Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection.

**About Us**

We **Red Planet Computers** has started development in Laundry Management System in 2017. We have 7+ years experience in development, customization and implementation Web, Mobile application Services.

*   Well and Experienced Staff.
*   User Friendly Services
*   24x7 remote support servies

Our team have hands-on experience in all aspects of IT planning, deployment, operational management and maintenance support. Our design consultants design solutions that fit best within your environment and help achieve your laundry business goals – working with you as trusted advisors to help determine the best solution for your laundry business.

See More

**Development Skills**

**Laundry Management System Developed in following skills**

Our professional and experience developers team are used skill to the top most computer launguages and framworks for ui design, developement, making user friendly and secure laundry application for small business.

Boostrap & CSS _Website and Admin UI Design_

Javascript & Ajax _Website Development_

PHP Codeigniter & Mysqli _Website and Admin Panel_

Flutter, Swift and Kotlin _Android, iOS Mobile App_

**Screenshots**

Here some application UI screens to help you how its look and work LMS Application

*   Admin
*   Website
*   Mobile

**Pricing**

**RPL Standard Package  
(Point Of Sale\*)****INR 30K USD $399/- for lifetime**

*   **Full 100% Source Code  
    Free Source Code for testing Click Here**
*   **License - Lifetime (25 Years)**
*   **Payment - One Time Payment** \[No need Renew/Payment every year\]
*   **Install - Unlimited Devices**
*   Bootstrap Admin Panel
*   Multi-Store Management
*   Multi-user Management
*   POS Screen Management
*   Multi-Launguage Management
*   Barcode Tag Management
*   POS/Laser Printer Management
*   Discount/Taxes Management
*   World Currency Management
*   Wallet/Credit Management
*   Laundry Packages Management
*   SMS, Email Management
*   Profit/Loss Reports
*   Daily/Monthly Reports
*   Mobile(Android, iOS) App
*   Customer / Driver App
*   Customer Front-End Website
*   Payment Gateway
*   Customized UI
*   One Year Free Service & Updates.

Buy Now

**RPL Professional Package  
(E-Commerce\*)****INR 50K USD $649/- for lifetime**

*   **Full 100% Source Code  
    Free Source Code for testing Click Here**
*   **License - Lifetime (25 Years)**
*   **Payment - One Time Payment** \[No need Renew/Payment every year\]
*   **Install - Unlimited Devices**
*   Bootstrap Admin Panel
*   Multi-Store Management
*   Multi-user Management
*   POS+E-Comm Management
*   Multi-Launguage Management
*   Barcode Tag Management
*   POS/Laser Printer Management
*   Discount/Taxes Management
*   World Currency Management
*   Wallet/Credit Management
*   Laundry Packages Management
*   SMS, Email Management
*   Profit/Loss Reports
*   Daily/Monthly Reports
*   Mobile(Android, iOS) App
*   Customer / Driver App
*   Customer Front-End Website
*   Payment Gateway
*   Customized UI (Mobile, Website)
*   One Year Free Service & Updates.

Buy Now

**RPL Development Package  
(Customization\*\*)****Extra 50% POS+50% (OR) E-Commerce+50%**

*   **Full 100% Source Code  
    Free Source Code for testing Click Here**
*   **License - Lifetime (25 Years)**
*   **Payment - One Time Payment** \[No need Renew/Payment every year\]
*   **Install - Unlimited Devices**
*   Bootstrap Admin Panel
*   Multi-Store Management
*   Multi-user Management
*   POS/E-Commerce Management
*   Multi-Launguage Management
*   Barcode Tag Management
*   POS/Laser Printer Management
*   Discount/Taxes Management
*   World Currency Management
*   Wallet/Credit Management
*   Laundry Packages Management
*   SMS, Email Management
*   Profit/Loss Reports
*   Daily/Monthly Reports
*   Mobile(Android, iOS) App
*   Customer / Driver App
*   Customer Front-End Website
*   Payment Gateway
*   Customized UI (Mobile, Website)         \[ as per your requirements\*\* \]
*   One Year Free Service & Updates.

Buy Now

\* Terms and Conditions apply (see FAQ section )  
\*\* Cost may vary depends on the customization

**Frequently Asked Questions**

Here are some of the most Frequently Asked Questions for Laundry Management Systems.

*   Can we get all liceses for lifetime ?
    
    Ans : Yes, if you purchase application with full source code then it's one-time payment and you will get multiple digital license \[lifetime\]. The amount is non-refundable , Once if you have got full source code then you will not getting return amount for any circumstances.
    
*   After purchase full source code can we sell this software ?
    
    Ans : Yes, after purchase application with full source code then you can use or sell anywhere with remove red planet computers company logo and name.
    
*   Can you will provide full source code ?
    
    Ans : Yes, you should have to pay 100% amount, if you want application with full source code. We will send full source code (zip or download link ) within half hours after successfully payment done. We will not provide any kind of equipment. Only RPL Business Package we will not provide source files.
    
*   What is **RPL Development / Customization Package** ?
    
    Ans : If you want manipulation or any changes in application through our professional developer team then you will have to pay selected (standard or professional) package amount plus extra 50% amount for manipulation charges. **Firstly, you have to pay 70% amount of total amount** and remaining 30% amount to pay after project completed, but note that in this period you will not getting full source code, you will getting our web hosting softwares link for testing, after completed project and 100% payment done then we will upload full source code in your website/web hosting server or send full source code link).  
    \- As per your requirement, project will be completed within 20-25 days or earlier.  
    \- Bulk SMS, Payment Gateway, Apple App Store, Google Map API & Play Store Console charges you will have to pay, if you are require.
    
*   Service and Support ?
    
    Ans : We will provide a FREE technical support upto one year after purchase LMS Application. We will answer your question regarding website management, technical details or anything about operating your own website; we can provide this through remotly in 24x7 Hours.
    

**Free Trail Full Version**

Not required fill any personal information or credit card details just click on button and login it

Username : admin  
Password : 1234  
\[ Admin Login Details \]

  
Best view in Desktop or Laptop

Mobile : 8767228990  
Password : 1983  
\[ Demo User Login Details \]

  
Best view in Desktop or Laptop

User Mobile : 8767228990  
Driver Mobile : 1234567890  
\[ Demo User / Driver Login Details \]

   
iOS app install : Download and Extract zip in Mac-OS then drag-drop .app file on Xcode 10+ simulator or connected iphone {iOS v10.0+}.

**Contact**

You can call to us 24x7 regarding Laundry Management System enquiry or solutions

**Location:**

B-02, Sai Sanklap Complex, Survey No. 145/0,  
Usarli Khurd, Panvel, Mumbai, India 410206

**Call:**

Mobile : +91 87672 28990.  
Whatsapp : +91 87672 28990.  
Skype : rpcits2013 / +918767228990.

CVE-2022-28452: Better solutions for Small Laundry and Dry Cleaning Business

**About Us**

We **Red Planet Computers** has started development in Laundry Management System in 2017. We have 7+ years experience in development, customization and implementation Web, Mobile application Services.

*   Well and Experienced Staff.
*   User Friendly Services
*   24x7 remote support servies

Our team have hands-on experience in all aspects of IT planning, deployment, operational management and maintenance support. Our design consultants design solutions that fit best within your environment and help achieve your laundry business goals – working with you as trusted advisors to help determine the best solution for your laundry business.

See More

**Development Skills**

**Laundry Management System Developed in following skills**

Our professional and experience developers team are used skill to the top most computer launguages and framworks for ui design, developement, making user friendly and secure laundry application for small business.

Boostrap & CSS _Website and Admin UI Design_

Javascript & Ajax _Website Development_

PHP Codeigniter & Mysqli _Website and Admin Panel_

Flutter, Swift and Kotlin _Android, iOS Mobile App_

**Screenshots**

Here some application UI screens to help you how its look and work LMS Application

*   Admin
*   Website
*   Mobile

**Pricing**

**RPL Standard Package  
(Point Of Sale\*)****INR 25K USD $349/- for lifetime**

*   **Full 100% Source Code  
    Free Source Code for testing Click Here**
*   **License - Lifetime (25 Years)**
*   **Payment - One Time Payment** \[No need Renew/Payment every year\]
*   **Install - Unlimited Devices**
*   Bootstrap Admin Panel
*   Multi-Store Management
*   Multi-user Management
*   POS Screen Management
*   Multi-Launguage Management
*   Barcode Tag Management
*   POS/Laser Printer Management
*   Discount/Taxes Management
*   World Currency Management
*   Wallet/Credit Management
*   Laundry Packages Management
*   SMS, Email Management
*   Profit/Loss Reports
*   Daily/Monthly Reports
*   Mobile(Android, iOS) App
*   Customer / Driver App
*   Customer Front-End Website
*   Payment Gateway
*   Customized UI
*   One Year Free Service & Updates.

Buy Now

**RPL Professional Package  
(E-Commerce\*)****INR 45K USD $599/- for lifetime**

*   **Full 100% Source Code  
    Free Source Code for testing Click Here**
*   **License - Lifetime (25 Years)**
*   **Payment - One Time Payment** \[No need Renew/Payment every year\]
*   **Install - Unlimited Devices**
*   Bootstrap Admin Panel
*   Multi-Store Management
*   Multi-user Management
*   POS+E-Comm Management
*   Multi-Launguage Management
*   Barcode Tag Management
*   POS/Laser Printer Management
*   Discount/Taxes Management
*   World Currency Management
*   Wallet/Credit Management
*   Laundry Packages Management
*   SMS, Email Management
*   Profit/Loss Reports
*   Daily/Monthly Reports
*   Mobile(Android, iOS) App
*   Customer / Driver App
*   Customer Front-End Website
*   Payment Gateway
*   Customized UI (Mobile, Website)
*   One Year Free Service & Updates.

Buy Now

**RPL Development Package  
(Customization\*\*)****Extra 50% POS+50% (OR) E-Commerce+50%**

*   **Full 100% Source Code  
    Free Source Code for testing Click Here**
*   **License - Lifetime (25 Years)**
*   **Payment - One Time Payment** \[No need Renew/Payment every year\]
*   **Install - Unlimited Devices**
*   Bootstrap Admin Panel
*   Multi-Store Management
*   Multi-user Management
*   POS/E-Commerce Management
*   Multi-Launguage Management
*   Barcode Tag Management
*   POS/Laser Printer Management
*   Discount/Taxes Management
*   World Currency Management
*   Wallet/Credit Management
*   Laundry Packages Management
*   SMS, Email Management
*   Profit/Loss Reports
*   Daily/Monthly Reports
*   Mobile(Android, iOS) App
*   Customer / Driver App
*   Customer Front-End Website
*   Payment Gateway
*   Customized UI (Mobile, Website)         \[ as per your requirements\*\* \]
*   One Year Free Service & Updates.

Buy Now

\* Terms and Conditions apply (see FAQ section )  
\*\* Cost may vary depends on the customization

**Frequently Asked Questions**

Here are some of the most Frequently Asked Questions for Laundry Management Systems.

*   Can we get all liceses for lifetime ?
    
    Ans : Yes, if you purchase application with full source code then it's one-time payment and you will get multiple digital license \[lifetime\]. The amount is non-refundable , Once if you have got full source code then you will not getting return amount for any circumstances.
    
*   After purchase full source code can we sell this software ?
    
    Ans : Yes, after purchase application with full source code then you can use or sell anywhere with remove red planet computers company logo and name.
    
*   Can you will provide full source code ?
    
    Ans : Yes, you should have to pay 100% amount, if you want application with full source code. We will send full source code (zip or download link ) within half hours after successfully payment done. We will not provide any kind of equipment. Only RPL Business Package we will not provide source files.
    
*   What is **RPL Development / Customization Package** ?
    
    Ans : If you want manipulation or any changes in application through our professional developer team then you will have to pay selected (standard or professional) package amount plus extra 50% amount for manipulation charges. **Firstly, you have to pay 70% amount of total amount** and remaining 30% amount to pay after project completed, but note that in this period you will not getting full source code, you will getting our web hosting softwares link for testing, after completed project and 100% payment done then we will upload full source code in your website/web hosting server or send full source code link).  
    \- As per your requirement, project will be completed within 20-25 days or earlier.  
    \- Bulk SMS, Payment Gateway, Apple App Store, Google Map API & Play Store Console charges you will have to pay, if you are require.
    
*   Service and Support ?
    
    Ans : We will provide a FREE technical support upto one year after purchase LMS Application. We will answer your question regarding website management, technical details or anything about operating your own website; we can provide this through remotly in 24x7 Hours.
    

**Free Trail Full Version**

Not required fill any personal information or credit card details just click on button and login it

Username : admin  
Password : 1234  
\[ Admin Login Details \]

  
Best view in Desktop or Laptop

Mobile : 8767228990  
Password : 1983  
\[ Demo User Login Details \]

  
Best view in Desktop or Laptop

User Mobile : 8767228990  
Driver Mobile : 1234567890  
\[ Demo User / Driver Login Details \]

   
iOS app install : Download and Extract zip in Mac-OS then drag-drop .app file on Xcode 10+ simulator or connected iphone {iOS v10.0+}.

**Contact**

You can call to us 24x7 regarding Laundry Management System enquiry or solutions

**Location:**

B-02, Sai Sanklap Complex, Survey No. 145/0,  
Usarli Khurd, Panvel, Mumbai, India 410206

**Call:**

Mobile : +91 87672 28990.  
Whatsapp : +91 87672 28990.  
Skype : rpcits2013 / +918767228990.

Tag

#ios