Intel AMT Provides Backdoor

    Intel has been taking a beating lately for the Meltdown and Spectre vulnerabilities discovered in its processor chips. As if that wasn’t enough, a new
security flaw was recently discovered in Intel’s Active
Management Technology (AMT) that can cause a full system compromise. Even
worse, it can bypass many strong security measures.


   AMT is Intel’s technology for allowing IT
departments to remotely monitor access and perform maintenance on corporate
computers. It allows a system administrator full control of the system,
intended for performing IT-related tasks. The system doesn’t even need to be on
as long as it is connected to a network and a power source. Systems with Intel
vPro-enabled processors, as well as many with Xeon processors, have AMT
included.

 

    The flaw in AMT, discovered by researchers at
Finnish cyber security company F-Secure, can be exploited with under a minute
of physical access to the machine. A reboot is required and then the Intel
Management Engine Bios Extension (MEBx), which handles manual AMT
configuration, is entered by pressing CTRL-P. Most AMT instances are not
provisioned by IT departments and the default password of “admin” will allow
access to change the password and disable user notification for remote access.
After this is complete, the system can be accessed remotely as long as the
attacker is on the same network as the target and provides full control.

 

    Wireless access can also be configured at this point
by browsing to http://TARGETIP:16992/wlan.htm” and logging in as
“admin” with the new password. Changing the “Wireless Management” option to “Enabled in S0, Sx/AC” will
allow remote access over a Wi-Fi network, once again provided the attacker is
on the same network. AMT can also be configured to allow remote access from
anywhere as long as the system is connected to the internet. Intel’s Client Initiated Remote Access (CIRA)
enables systems to connect back to IT management rather than the other way
around and can be configured to point to a server controlled by the attacker
instead.
 
   The severity of this flaw is that AMT can be
accessed even with a BIOS password enabled, local firewalls, Bitlocker encryption, and strong
password policies. While the physical access needed to initiate the attack is a
limiting factor, some clever social engineering or the possibility of an insider
threat can still lead to compromise. Basic IT security practices, such as never
leaving systems unattended in unsecure locations can help mitigate this attack.
Also, it is recommended to disable or set a
strong password for AMT on all systems
during the provisioning process.

Sources:

 Article was originally posted on CIP report produced by PERATON

Microsoft 365 powered device lab kit

The
Microsoft 365 powered device Lab Kit is an updated version of the
Windows 10 Deployment and Management lab kit. This lab is designed to
help you plan your deployment of modern devices running Windows 10
Enterprise and Office 365 Pro Plus, managed by Enterprise Mobility +
Security.
Extending the value of Microsoft 365,

Microsoft 365 powered device
makes security the top priority, helps
ease deployment and management, delivers the latest innovation to users,
and provides robust insights that enable IT teams to proactively run
and manage their businesses.
This free evaluation lab kit features:

A complete lab environment

The kit includes a pre-configured virtual lab environment with evaluation versions of: 
  • Windows 10 Enterprise, version 1709 (Fall Creators Update)
  • System Center Configuration Manager, version 1702
  • Windows Assessment and Deployment Kit for Windows 10, version 1709
  • Microsoft Deployment Toolkit (8443)
  • Microsoft Application Virtualization (App-V) 5.1
  • Microsoft BitLocker Administration and Monitoring 2.5 SP1
  • Windows Server 2016
  • Microsoft SQL Server 2014
PLUS, the lab can be connected to trials of:
  • Office 365 Enterprise E5
  • Enterprise Mobility + Security

Step-by-step labs

Illustrated lab guides take you through multiple deployment and management scenarios, including:

Servicing

  • NEW! Windows Analytics Update Compliance
  • Servicing Windows 10 with Configuration Manager
  • Servicing Office 365 ProPlus with Configuration Manager

Deployment and management

  • Modern Device Deployment
  • UPDATED! Modern Device Management with AutoPilot
  • UPDATED! Office 365 ProPlus Deployment with Intune
  • BIOS to UEFI Conversion
  • UPDATED! Modern Application Management with Intune
  • Enterprise State Roaming

Security

  • Windows Information Protection
  • Windows Defender Advanced Threat Protection
  • NEW! Windows Defender Application Guard
  • NEW! Windows Defender Exploit Guard
  • NEW! Windows Hello
  • Credential Guard
  • Device Encryption (MBAM)
  • Device Guard – User Mode Code Integrity
  • Remote Access (VPN)

Compatibility

  • Windows App Certification Kit
  • Windows Analytics Upgrade Readiness
  • Browser Compatibility
  • Application Virtualization
  • Desktop Bridges


DOWNLOAD THE MICROSOFT 365 POWERED DEVICE LAB KIT >

Please
use a broad bandwidth to download this content to enhance your
downloading experience. Lab environment requires a minimum of 16 GB of
available memory and 150 GB of free disk space. For optimal performance,
32 GB of available is recommended. Lab expires March 6, 2018. A new
version will be published prior to expiration.

Cisco has released security updates to address vulnerabilities affecting multiple products

Original
release date: January 17, 2018

Cisco has released security updates to address vulnerabilities affecting
multiple products. An attacker could exploit one of these vulnerabilities to
take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review the following
Cisco Security Advisories and apply the necessary updates:

Are you a (ISC)² Members free training Cyber Forensics Incident Recovery Interactive Lab

Cyber
Forensics Incident Recovery Interactive Lab
FREE for (ISC)² Members for a Limited Time – $600 Value
(ISC)²
has teamed up with Architecture Technology Corporation (ATCorp) to
provide our members with a limited opportunity to pilot an
interactive, online, cyber forensics lab – a $600 value that is being
offered free for members. 
Interactive,
Hands-On Learning
This
Cyber Forensics Incident Recovery lab gives you a deeper
understanding of how to extract evidence from a suspect’s hard drive
learning detailed file formats used by popular P2P software and
methods for extracting information by hand.

You’ll learn key concepts, watch demos, work through the hands-on lab
and test your knowledge. Following completion of the course, you’ll
earn 4 CPEs.

Take advantage of this exciting new opportunity – only available to
(ISC)² members through April 1st.

 
btn-enroll-free.png
CPE_Logo-Single-175.gif

NIST Releases Draft NIST Internal Report (NISTIR) 7511 Revision 5, Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements for public comment.

News Release about DRAFT NISTIR 7511 Rev. 5 document from
the CSRC website
https://csrc.nist.gov/News/2018/NIST-Releases-Draft-NISTIR-7511-Rev-5

To view the Draft NISTIR 7511 Rev. 5 document details:
https://csrc.nist.gov/publications/detail/nistir/7511/rev-5/draft

The NIST Security Content Automation Protocol (SCAP) Validation Program
tests the ability of products and modules to use the features and
functionality available through SCAP and its components.  SCAP 1.3
consists of a suite of specifications for standardizing the format and
nomenclature by which security software communicates information about
software flaws and security configurations. The standardization of
security information facilitates interoperability and enables
predictable results among disparate SCAP enabled security software. The
SCAP Validation Program provides vendors an opportunity to have
independent verification that security software correctly processes SCAP
expressed security information and provides standardized output. NISTIR
7511 Revision 5 describes the test requirements for SCAP version 1.3.

Send comments to:  <ir7511comments@nist.gov>

Deadline to submit comments: February 19, 2018.

If you are having trouble viewing the link to the Draft
NISTIR 7511 document, you can use this link below:
<https://csrc.nist.gov/publications/detail/nistir/7511/rev-5/draft>