When an organization gets breached by malicious actors, it often follows a familiar script. Often the intrusion is the result of someone running unpatched or out-of-date software. One the one hand, given the inertia of a lot of large organizations, it’s easy to see admins taking an “if it ain’t broke, don’t fit it” approach. But as quickly as that excuse comes to mind, the Cassandras can be heard wailing, “Patch all the things!”
For many reasons, organizations can take some time to roll out patches. Especially for mission-critical applications, adequate testing is often needed to ensure nothing breaks in production. So some window needs to be accounted for. If an exploit follows safe disclosure from security researchers, usually this isn’t much of an issue. A patch is released prior to the details of an exploit being published. So even though the severity of the exploit is newly discovered, organizations have had time to get patches out there.
That’s what made a recent patch from Saltstack so problematic. They released two critical patches to their Salt server management platform, but it appears it was already being actively exploited. Even as the patches were being released, attackers appeared to used automated scanning to find vulnerable systems and get entry. This was within 24 hours of the patch being published.
It’s easy to blame complacent IT practices for not patching “all the things.” But these kinds of exploits show that even a militant stance isn’t impervious to malicious actors. Patching software in a timely manner is an essential part of maintaining security. But this instance shows it’s only one part of your security posture.
- Ep. 14: Why Does Nvidia Want Arm? - August 10, 2020
- Public Cloud Growth Continues to Slow - August 10, 2020
- What is Driving Low-Code? - August 7, 2020
- Nvidia, Arm, and SoftBank | Gestalt IT Rundown: August 5, 2020 - August 5, 2020
- Ep. 13: 3 Reasons Ransomware is Hard - August 3, 2020
- Intel Announces Reorg After 7nm Production Slips - August 3, 2020
- Garmin’s Ransomware Outage | Gestalt IT Rundown: July 29, 2020 - July 29, 2020
- Ep. 12: What Happened to Skype? - July 27, 2020
- HPE, Silver Peak, and the Maturation of SD-WAN - July 24, 2020
- EU Lowers Its Privacy Shield | Gestalt IT Rundown: July 22, 2020 - July 22, 2020