Breaking News

According to the new report, holes exploited by stolen FireEye tools can be closed

According to the new report, holes exploited by stolen FireEye tools can be closed.

Patch management is emerging as an important strategy for infosec professionals to deal with the recent exploitation of FireEye's intrusion testing devices to the potential exploitation of their networks.

The so-called Red Team tools used to mimic a cyber attack against customers authorized by FireEye were copied, exploiting vulnerabilities in the Solar Winds Orion Network Management Suite. According to FireEye, the tools are used to automate everything from simple scripts to entire structures that are similar to publicly available technologies such as Cobaltstrike and Metasploit.

In a blog on Tuesday, Qualis researchers said they have identified more than 7.54 million instances of FireEye tools-related sensitive applications across 5.29 million unique assets across their customer base.

However, of that 7.54 million, approximately 99.84 percent are from eight vulnerabilities in Microsoft Windows, Office and Exchange Server. Patches have been available for them for some time. They include a patch for the Windows Diveton vulnerability, which was released on 11 November.

Qualis also determined that there are hundreds of unsafe examples of the SolarWind Orion platform among its customers.

"Based on the broad risk and scale of these risks, it is necessary for organizations to quickly assess the status of these vulnerabilities and quickly patch all their assets to the missing patch," Qualis said.

FireEye tools can also be used to exploit unused vulnerabilities in products from Pulse Secure, Fortinet, Atlassian, Citrix, Joho and Adobe. FireEye has published this list of vulnerabilities in order of critical priority.

1 comment: