Data Privacy Day 2018 – Live From LinkedIn Event Highlights

In honor of Data Privacy Day – an international effort held annually on Jan. 28 to generate awareness about the importance of respecting privacy, safeguarding data and enabling trust – the National Cyber Security Alliance (NCSA) hosted a daylong event streamed live from LinkedIn’s offices in San Francisco, CA, on Thursday, Jan. 25. The event showcased fast-paced, cutting-edge discussions and TED-style talks with leading experts focusing on what businesses and consumers must know about privacy.

The day's discussions focused on the following privacy hot topics:

• Looking Into a Crystal Ball: What Your Data Says About You
• Five Things You Can Do to Manage Your Privacy Now
• What You Should Know About the Internet of Me and Your Privacy
• Tracking My Location – Business Uses and Consumer Choices
• Staying Competitive – Why Privacy Is Good for Your Business
• The Problem With Your Online Privacy
• Balancing Act: Privacy and Innovation
• What's an Algorithm Got to Do With It?

Missed the event? Check out the full video here – and the full event recap, including photos, here. 

Tax Identity Theft Awareness Week

Tax Identity Theft Awareness Week is January 29 to February 2, and many federal agencies are offering information and resources to help consumers learn to protect themselves from tax-related identity theft and Internal Revenue Service (IRS) imposter scams.

NCCIC/US-CERT encourages consumers to review IRS publication Taxes.Security.Together. and NCCIC/US-CERT Tip Preventing and Responding to Identity Theft. Users can also participate in a series of free webinars and chats on avoiding tax identity theft, hosted by the Federal Trade Commission, IRS, Department of Veterans Affairs, and others

Apple Releases Multiple Security Updates

Original release date: January 23, 2018

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:

• Safari 11.0.3
• watchOS 4.2.2
• iOS 11.2.5
• macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan
• tvOS 11.2.5

Save up to 60% on SQL Server 2017 learning resources

SQL Server 2017 gives you the power to build modern applications using the language of your choice, on-premises and in the cloud, on Windows, Linux, and Docker containers. In two new titles from Microsoft Press, explore the concepts and methodologies of managing SQL Server databases with hands-on practice to become a more experienced—and more efficient—database administrator.

SPECIAL OFFER: For a limited time, save 50% when you buy either SQL Server 2017 Administration Inside Out or SQL Server 2017 Administration Inside Out (Video). Even better? Add both products to cart and save 60% on your purchase*! Use discount code SQL2017 during checkout to apply discount.
 

PowerShell Core 6.0: Generally Available (GA) and Supported!

PowerShell Core 6.0 is a new edition of PowerShell that is cross-platform (Windows, macOS, and Linux), open-source, and built for heterogeneous environments and the hybrid cloud.

 From the Microsoft Blog

 

First and foremost, thank you to all of our amazing community, especially our open-source contributors (the most recent of which you can find on our community dashboard at https://aka.ms/PSGitHubBI) for donating your time and energy to PowerShell Core. Whether you contributed code, tests, documentation, issues, or even just your feedback and opinions, we are extremely grateful for the sweat and tears that you’ve invested in PowerShell. (For those interested in contributing, hop and over to our Contribution Guide on GitHub. You don’t have to be a guru to help out!)

How to disrupt attacks caused by social engineering ( copied from Microsoft Secure Blog)

 5: Stages of a phishing attack

• Phase 1: Threat actor targets employee(s) via phishing campaign
• Phase 2: An employee opens the attack email which allows the threat actor access to load the malicious payload or compromise the user identity
• Phase 3: The workstation is compromised, threat actor persists malware, threat actor gathers credentials
• Phase 4: Threat actors use stolen credentials to move laterally and gain unsolicited access and compromise key infrastructure elements
• Phase 5: Threat actors exfiltrate PII and other sensitive business data

There is a great article on this topic here

ISACA member only offer

Start off 2018 with these brand-new, member-exclusive ISACA offers:

NEW! Member-only content from MIT’s Center for Information Systems Research and Wapack Labs   NEW! GDPR Data Protection Impact Assessments—Free for a limited time.   Plus, as a valued ISACA Member, you'll save US $200 off our newest Virtual Training course: Cybersecurity for Auditors.

2017 data breaches

Winter Olympics Targeted in Wake of Russia Ban

Malicious documents have been discovered in the inboxes of several organizations involved in the Winter Olympics in Pyeongchang, South Korea. The initial target of the email was icehockey@pyeongchang2018.com, but several other organizations also involved with the event were included in the BCC line of the email. The email contained a document titled "Organized by Ministry of Agriculture and Forestry and Pyeongchang Olympics.doc" written out in Korean, which upon opening initialized a macro that opens a PowerShell script containing malware. The script was hidden in the document as an image file by using an open source steganography tool. Upon analysis of the PowerShell script, it was determined that the code allowed a set schedule to occur at certain times to initialize certain tasks and establish an encrypted channel from the victim’s computer to the attacker’s server, which was located remotely.
As of right now, no perpetrator has been discovered, but researchers believe that the attackers’ motive was mainly to gather intelligence about any information regarding the Olympics and the organizations behind the event. Despite no confirmed suspect, it is found to be suspicious that these attacks have occurred in the wake of Russia’s hacks of Olympic emails. A Russian hacking organization associated with the Russian government had hacked and released emails associated with the International Olympic Committee in what is believed to be a response to the Olympic ban Russia was given, keeping them from participating in the 2018 Olympics taking place in Pyeongchang.

Going by the name Fancy Bear, the hacker group gathered fame from attacking the World Anti-Doping Agency back in 2016 in response to their country being banned from the Olympics after several Russian Olympians were discovered to be using banned substances. Fancy Bear posted medical information on their website of non-Russian athletes who were also taking substances in the pretense that allowing countries to have athletes take prescription medications such as anti-inflammatory medication as a double standard.

The hacks on the Winter Olympics came in the form of phishing campaigns to target very specific people, including Canadian lawyer Richard McLaren and Colorado lawyer Richard Young. Both worked together in investigating Russian cheating techniques. With the Olympics only a month away, more attacks from Russia and other countries with motive to disrupt the games are expected, and the International Olympic Committee is keeping a close eye on possible breaches and attack vectors.


Sources:
 https://www.zdnet.com/article/hackers-target-winter-olympics-with-new-custom-built-fileless-malware/

 https://securingtomorrow.mcafee.com/mcafee-labs/malicious-document-targets-pyeongchang-olympics/

 https://www.buzzfeed.com/kevincollier/russia-banned-from-the-winter-olympics-apparently-is?utm_term=.nia1j99okQ#.jt57IDDBbr

Article was originally posted on CIP report produced by PERATON

Wireless Info System for Emergency Responders (WISER)

This post is a little different than my normal but this is a good tool for Security professionals.

WISER 5.1 is now available on all platforms! Take a quick look at the what's included in this release:

• CHEMM (“CHEMM 2.0”) has extensive new and updated content, e.g., guidance and reference materials.
• New Acute Exposure Guideline Levels for airborne chemicals (AEGL) data from the EPA
• Data updates based on the latest Hazardous Substances Data Bank (HSDB) content.
• Android 
• Upgrades for KitKat. OS 4.4 is now required.
• Protective distance "point into the wind" feature added for devices with a compass.
• Windows 
• Completely new installer.
• Leverages new features of .NET. Version 4.6.1 is now required.
• Fixes to Emergency Response Guide UN searches (duplicates now displayed) across all platforms
• Many smaller updates and bug fixes

 

Tutorial Videos

Check out WISER’s new series of YouTube videos. These videos introduce WISER’s functionality, walk through a known substance scenario, and explore WISER’s protective distance mapping feature in detail. Take a look!

Coming Soon

WebWISER enhancements and WISER 5.2, which adds three toxic syndromes (toxidromes) and related content to CHEMM’s Intelligent Syndromes Tool (CHEMM-IST) to all WISER platforms.

Also of Interest

Radiation Emergency Medical Management (REMM) is a great resource for medical management of radiation events, and contains information for First Responders. A mobile version is also available on the Apple App Store and the Google Play Store.

Intel AMT Provides Backdoor

    Intel has been taking a beating lately for the Meltdown and Spectre vulnerabilities discovered in its processor chips. As if that wasn’t enough, a new security flaw was recently discovered in Intel’s Active Management Technology (AMT) that can cause a full system compromise. Even worse, it can bypass many strong security measures.

   AMT is Intel’s technology for allowing IT departments to remotely monitor access and perform maintenance on corporate computers. It allows a system administrator full control of the system, intended for performing IT-related tasks. The system doesn’t even need to be on as long as it is connected to a network and a power source. Systems with Intel vPro-enabled processors, as well as many with Xeon processors, have AMT included.

 

    The flaw in AMT, discovered by researchers at Finnish cyber security company F-Secure, can be exploited with under a minute of physical access to the machine. A reboot is required and then the Intel Management Engine Bios Extension (MEBx), which handles manual AMT configuration, is entered by pressing CTRL-P. Most AMT instances are not provisioned by IT departments and the default password of “admin” will allow access to change the password and disable user notification for remote access. After this is complete, the system can be accessed remotely as long as the attacker is on the same network as the target and provides full control.
 
    Wireless access can also be configured at this point by browsing to http://TARGETIP:16992/wlan.htm” and logging in as “admin” with the new password. Changing the “Wireless Management” option to “Enabled in S0, Sx/AC” will allow remote access over a Wi-Fi network, once again provided the attacker is on the same network. AMT can also be configured to allow remote access from anywhere as long as the system is connected to the internet. Intel’s Client Initiated Remote Access (CIRA) enables systems to connect back to IT management rather than the other way around and can be configured to point to a server controlled by the attacker instead.  
   The severity of this flaw is that AMT can be accessed even with a BIOS password enabled, local firewalls, Bitlocker encryption, and strong password policies. While the physical access needed to initiate the attack is a limiting factor, some clever social engineering or the possibility of an insider threat can still lead to compromise. Basic IT security practices, such as never leaving systems unattended in unsecure locations can help mitigate this attack. Also, it is recommended to disable or set a strong password for AMT on all systems during the provisioning process.

Sources:

·        https://threatpost.com/intel-amt- loophole-allows-hackers-to-gain- control-of-some-pcs-in-under-a- minute/129408/

·        https://business.f- secure.com/intel-amt-security- issue

·        https://sintonen.fi/advisories/intel- active-management-technology- mebx-bypass.txt

 Article was originally posted on CIP report produced by PERATON

Microsoft 365 powered device lab kit

The Microsoft 365 powered device Lab Kit is an updated version of the Windows 10 Deployment and Management lab kit. This lab is designed to help you plan your deployment of modern devices running Windows 10 Enterprise and Office 365 Pro Plus, managed by Enterprise Mobility + Security.

Extending the value of Microsoft 365, Microsoft 365 powered device makes security the top priority, helps ease deployment and management, delivers the latest innovation to users, and provides robust insights that enable IT teams to proactively run and manage their businesses.

This free evaluation lab kit features:

A complete lab environment The kit includes a pre-configured virtual lab environment with evaluation versions of:  Windows 10 Enterprise, version 1709 (Fall Creators Update) System Center Configuration Manager, version 1702 Windows Assessment and Deployment Kit for Windows 10, version 1709 Microsoft Deployment Toolkit (8443) Microsoft Application Virtualization (App-V) 5.1 Microsoft BitLocker Administration and Monitoring 2.5 SP1 Windows Server 2016 Microsoft SQL Server 2014 PLUS, the lab can be connected to trials of: Office 365 Enterprise E5 Enterprise Mobility + Security
Step-by-step labs Illustrated lab guides take you through multiple deployment and management scenarios, including:
Servicing NEW! Windows Analytics Update Compliance Servicing Windows 10 with Configuration Manager Servicing Office 365 ProPlus with Configuration Manager Deployment and management Modern Device Deployment UPDATED! Modern Device Management with AutoPilot UPDATED! Office 365 ProPlus Deployment with Intune BIOS to UEFI Conversion UPDATED! Modern Application Management with Intune Enterprise State Roaming	Security Windows Information Protection Windows Defender Advanced Threat Protection NEW! Windows Defender Application Guard NEW! Windows Defender Exploit Guard NEW! Windows Hello Credential Guard Device Encryption (MBAM) Device Guard - User Mode Code Integrity Remote Access (VPN) Compatibility Windows App Certification Kit Windows Analytics Upgrade Readiness Browser Compatibility Application Virtualization Desktop Bridges
DOWNLOAD THE MICROSOFT 365 POWERED DEVICE LAB KIT > Please use a broad bandwidth to download this content to enhance your downloading experience. Lab environment requires a minimum of 16 GB of available memory and 150 GB of free disk space. For optimal performance, 32 GB of available is recommended. Lab expires March 6, 2018. A new version will be published prior to expiration.

Cisco has released security updates to address vulnerabilities affecting multiple products

Original release date: January 17, 2018

Cisco has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

• Email Security and Content Security Management Appliance Privilege Escalation Vulnerability cisco-sa-20180117-esasma
• NX-OS Software Pong Packet Denial of Service Vulnerability cisco-sa-20180117-nx-os
• Unified Customer Voice Portal Denial of Service Vulnerability cisco-sa-20180117-cv

Are you a (ISC)² Members free training Cyber Forensics Incident Recovery Interactive Lab

Cyber Forensics Incident Recovery Interactive Lab

FREE for (ISC)² Members for a Limited Time - $600 Value (ISC)² has teamed up with Architecture Technology Corporation (ATCorp) to provide our members with a limited opportunity to pilot an interactive, online, cyber forensics lab – a $600 value that is being offered free for members.

Interactive, Hands-On Learning

This Cyber Forensics Incident Recovery lab gives you a deeper understanding of how to extract evidence from a suspect's hard drive learning detailed file formats used by popular P2P software and methods for extracting information by hand. You'll learn key concepts, watch demos, work through the hands-on lab and test your knowledge. Following completion of the course, you'll earn 4 CPEs. Take advantage of this exciting new opportunity – only available to (ISC)² members through April 1st.

NIST Releases Draft NIST Internal Report (NISTIR) 7511 Revision 5, Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements for public comment.

News Release about DRAFT NISTIR 7511 Rev. 5 document from the CSRC website
https://csrc.nist.gov/News/2018/NIST-Releases-Draft-NISTIR-7511-Rev-5

To view the Draft NISTIR 7511 Rev. 5 document details:
https://csrc.nist.gov/publications/detail/nistir/7511/rev-5/draft


The NIST Security Content Automation Protocol (SCAP) Validation Program tests the ability of products and modules to use the features and functionality available through SCAP and its components.  SCAP 1.3 consists of a suite of specifications for standardizing the format and nomenclature by which security software communicates information about software flaws and security configurations. The standardization of security information facilitates interoperability and enables predictable results among disparate SCAP enabled security software. The SCAP Validation Program provides vendors an opportunity to have independent verification that security software correctly processes SCAP expressed security information and provides standardized output. NISTIR 7511 Revision 5 describes the test requirements for SCAP version 1.3.

Send comments to:  <ir7511comments@nist.gov>

Deadline to submit comments: February 19, 2018.

If you are having trouble viewing the link to the Draft NISTIR 7511 document, you can use this link below:
<https://csrc.nist.gov/publications/detail/nistir/7511/rev-5/draft>