Breaking News

According to the new report, stolen FireEye could close holes exploited by tools


According to the new report, stolen FireEye could close holes exploited by tools

Patch management is emerging as an important strategy for infosec professionals to deal with the potential exploitation of their networks from the recent theft of FireEye's intrusion testing tools.

The so-called Red Team tools used to mimic a cyber attack against customers authorized by FireEye were copied, exploiting vulnerabilities in the Solar Winds Orion Network Management Suite. According to FireEye, the devices range from simple scripts to entire frameworks used for automation that are similar to publicly available technologies such as Cobaltstrike and Metasploit.

In a blog on Tuesday, Qualis researchers said they have identified more than 7.54 million instances of FireEye tools-related sensitive applications across 5.29 million unique assets across their customer base.

However, of that 7.54 million, about 99.84 percent are from eight vulnerabilities in Microsoft Windows, Office and Exchange Server. Patches have been available for them for some time. They include a patch for the Windows Diveton vulnerability, which was released on 11 November.

Qualis also determined that there are hundreds of sensitive examples of the SolarWind Orion platform among its customers.

"Based on the broad risk and scale of these risks, it is imperative for organizations to assess the status of these vulnerabilities and the missing patches of all their assets," Qualis said.

FireEye tools can also be used to exploit unused vulnerabilities in products from Pulse Secure, Fortinet, Atlassian, Citrix, Zoho, and Adobe. FireEye has published this list of vulnerabilities in order of critical priority.

No comments