All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 11, 2022. I’ve also included some comments on these stories.
Microsoft's Autopatch feature improves the patch management process
Microsoft announced a feature called Autopatch that will help organizations keep their systems up-to-date, starting with Windows Enterprise E3 (July 2022), reported Security Affairs. This aims to provide a layer of protection for companies that fail to patch themselves.
ANDREW SWOBODA | Senior Security Researcher at Tripwire
Microsoft is releasing a new feature called Autopatch. This feature allows enterprise environments to install updates with minimal patch interference. The feature allows an enterprise to create testing environments. These environments will be used to ensure that patches will not cause issues. These test environments will increase the number of systems and have testing periods to ensure that patched systems are stable.
Microsoft's New Autopatch Feature to Help Businesses Keep Their Systems Up-to-Date
The Hacker News also reported on the recent Microsoft announcement to roll out Autopatch as part of Windows Enterprise E3 this July. "This service will keep Windows and Office software on enrolled endpoints up-to-date automatically, at no additional cost," explained Lior Bela, senior product marketing manager at Microsoft.
DYLAN D'SILVA | Security Researcher at Tripwire
In a bid to help manage vulnerabilities and help businesses and organizations stay up-to-date, Microsoft announced a new feature called Autopatch, which will be available to Windows Enterprise E3 customers starting in July 2022.
Windows Enterprise E3 is based within the Cloud Solution Provider Channel which is subscription based and delivers features exclusively for Windows 10 and 11 Enterprise Editions. Autopatch is intended to keep Windows and Office software that exists on enrolled endpoints up-to-date automatically, forgoing the traditional monthly 'Patch Tuesday'. Aimed at all supported versions of Windows 10, Windows 11 and Windows 365 for Enterprise. Notably, Windows Server OS and Windows 365 for Business are not supported.
It takes a measured approach by applying updates in sequential 'rings', starting with a small set of devices in a corporate network within the 'test' ring. After that, it will apply to the next 1% of endpoints within the 'first' ring, then moving onto the 'fast' and 'broad' rings containing the rest of the 9% to 90% machines split between them. If issues are encountered, Autopatch can be paused, and where applicable roll-backs can also be applied or made available.
Thoughts
From my perspective, this is a great way to help organizations stay up-to-date, especially with business critical systems. Having systems patched automatically should help reduce the workload on your IT and Cybersecurity teams, and those specifically responsible for patching and vulnerability management. Keeping systems updated will help manage attack vectors and attack surfaces, thereby continuing to reduce and mitigate risks.
SuperCare Health Data Breach Impacts Over 300,000 People
California-based respiratory care provider SuperCare Health recently disclosed a data breach affecting more than 300,000 individuals, noted Security Week last Monday. In a data security notice posted on its website, SuperCare said the intrusion was discovered on July 27, 2021, when it noticed unauthorized activity on certain systems.
DYLAN D'SILVA | Security Researcher at Tripwire
Here is another example of healthcare being a prime target for cyberattacks because of the PII and PHI-rich data that's being sought. California-based SuperCare Health identified a breach within their network on July 27th, 2021. With a further investigation, they determined that an unauthorized individual had access between July 23rd and July 27th.
Unfortunately, it took them until February 4th, 2022, to determine the exposed files contained: names, address, date of birth, hospital or medical group, medical record number, patient account number, health-related information, and claim information. In some additional cases, social security numbers and driver’s license numbers were also stored.
It then took SuperCare another 1.5 months to notify impacted individuals.
There aren't any details as to how the breach occurred, so I can't provide thoughts/comments on that. Additionally, it's unclear as to what and why it took them 7 months to determine what data was affected, and then an additional 1.5 months to notify. Although taking a step back, you would need some time to identify that 318,379 people/records had been affected. Did some quick math here: 132 working days between July 27th and February 4th (excluding weekends and holidays), translates to 2411.9 records per day that needed to be evaluated to determine if they were a part of the breach. I'm sure some of the analysis was automated, but the key piece they missed is that they shouldn't have taken 7 months to publicly disclose the breach.
If you are by chance affected by this breach, these are some recommendations put forth by SuperCare Health, which in general is always good practice:
Review your account statements and notify Law Enforcement of any suspicious activity.
- Obtain a free copy of your credit report.
- Place fraud alerts on your credit reports.
- Place a security freeze on your credit file, which prevents new credit from being opened in your name without the use of a PIN that's issued when you initiate the freeze.
For those that are responsible for cybersecurity within your organization, take a refreshed look at vulnerability management. It will and should play a key role in reducing attack vectors and shrinking the attack surface. To quote CISA (Cybersecurity and Infrastructure Security Agency), Shields Up!
Keep in Touch with Tripwire VERT
Want more insights from Tripwire VERT before our next cybersecurity news roundup comes out? Subscribe to our newsletter here.