Researchers discovered that
Cyclops Blink, a botnet linked to Russian advanced
persistent threat group Sandworm, is actively targeting ASUS
routers and WatchGuardfirewall appliances. The malware is modular – meaning it can easily be
updated to target new devices – and features a specialized module that may
allow the malware to read flash memory in order to gather information about
critical files, executables, data, and libraries. The malware then receives a
command to nest in the flash memory and establish persistence, as this storage
space can survive factory resets. Due to the number of indiscriminate targets,
analysts assess that the group’s intent behind this iteration of distribution
is to build and maintain a botnet infrastructure for future attacks on
high-value targets.
Month: March 2022
A tale of Caution
A few days ago, I found an
interesting and dangerous situation that I would like to warn you about.
under attack from a weakness on their web site. It was a major intrusion
that needed immediate attention.
to contact anyone at the company to warn them about the problem.
tree” for support. When I finally got a human to answer, and I explained the
nature of the problem, and how it was time sensitive, the response I got was,
“Thanks for the information. Someone will get back to you in a WEEK!
(the people who answered the phone were not IT support!)
trained to do when an issue is called in? Do you train them and test the
process? Think about the issues if this was ransomware!! How long
would support have waited to call level 2 support? How much data would
your company lose while waiting for a ticket to even get to the proper person ?
that they can handle and respond to risks quickly in an appropriate
manner. Don’t become a victim!
Good site to learn about Exploit Kits
The list provided below is meant to provide an overview of the most prevalent exploit kit variants currently impacting US victims. This page is updated regularly with new information as it becomes available.
Go here
High severity vulnerability in the Kubernetes container
|
QNAP Network Attached Storage (NAS) high severity Linux vulnerability
QNAP is notifying users that Network Attached Storage (NAS) devices are impacted by the high severity Linux vulnerability dubbed “Dirty Pipe” that allows attackers with local access to gain root privileges.
Dirty Pipe a vulnerability was discovered in the Linux kernels’ handling of pipe buffer flags affecting Linux kernel versions 5.8 and later as well as some Android kernel versions. CVE-2022-0847 (CVSS v3 7.8), may allow a non-privileged user to overwrite data in arbitrary read-only files and SUID binaries. Successful exploitation of this vulnerability may allow for root privilege escalation through the editing of administrative files such as /etc/passwd and SUID programs.
Proof of Concept (PoC) exploits have been made publicly available. Although a patch was released for the flaw, QNAP states that there is no mitigation available at this time, further recommending that users install the security updates as soon as possible. Impacted NAS devices comprise of those running QTS 5.0.x and QuTS hero h5.0.x, including: QTS 5.0.x on all QNAP x86-based NAS and certain QNAP ARM-based NAS; and QuTS hero h5.0.x on all QNAP x86-based NAS and certain QNAP ARM-based NAS.
To learn more go here
Russian State-Sponsored Cyber Actors Access Network Misconfigured with Default MFA Protocols
CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity
Advisory that details how Russian state-sponsored cyber actors
accessed a network with misconfigured default multifactor authentication (MFA)
protocols. The actors then exploited a critical Windows Print Spooler
vulnerability, “PrintNightmare” (CVE-2021-34527), to run arbitrary code with
system privileges. The advisory provides observed tactics, techniques, and
procedures, as well as indicators of compromise and mitigations to protect
against this threat.
CISA encourages users and administrators to review AA22-074A: Russian
State-Sponsored Cyber Actors Gain Network Access by Exploiting Default
Multifactor Authentication Protocols and “PrintNightmare” Vulnerability.
For general information on Russian state-sponsored malicious cyber activity,
see cisa.gov/Russia. For more
information on the threat of Russian state-sponsored malicious cyber actors to
U.S. critical infrastructure, as well as additional mitigation recommendations,
see AA22-011A:
Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S.
Critical Infrastructure and cisa.gov/shields-up.
Updated: Kubernetes Hardening Guide
The National Security Agency (NSA) and CISA have updated their joint
Cybersecurity Technical Report (CTR): Kubernetes Hardening Guide,
originally released in August 2021, based on valuable feedback and inputs from
the cybersecurity community.
Kubernetes is an open-source system that automates deployment, scaling, and
management of applications run in containers. A container is a runtime
environment that contains a software package and its dependencies. Kubernetes
is often hosted in a cloud environment. The CTR provides recommended
configuration and hardening guidance for setting up and securing a Kubernetes
cluster.
CISA encourages users and administrators to review the updated Kubernetes
Hardening Guide—which includes additional detail and explanations—and apply
the hardening measures and mitigations to manage associated risks.
Changes to CISSP Exam Process
Beginning June 1, 2022, the CISSP exam in the Computerized
Adaptive Testing (CAT) format will contain 50 pretest (unscored)
items, which will increase the minimum and maximum number of
items candidates will need to respond to from 100-150 to 125-175 items during
the exam. To allow for these additional items, the maximum exam administration
time will increase from three to four hours.
The additional 25 pretest items are evaluated for inclusion
as operational (scored) items in future exams, however, as these pretest items
are indistinguishable from operational (scored) items, candidates should
consider each item carefully and select the best possible answer. Responses
to pretest items do not impact a candidate’s score or the pass/fail result on
their examination.
The CISSP CAT exam currently contains 25 pretest items. The
addition of another 25 enables (ISC)² to continue expanding our item bank to
strengthen the integrity and security of the CISSP for all those who earn the
certification.
There are no other changes to the content of the CISSP exam.
The domains and domain weights contained within the CISSP exam outline have not changed.
CISSP exams scheduled on or after June 1, 2022 will reflect
these changes. If you or your students have questions or need assistance,
please contact [email protected].
New Version of CISM EXAM Process
The new Courseware is out. You have to decide if you like to take the old test by May 1 or new content On June 1 and beyond.
The new content is as follows
1 Information Security Governance
A Enterprise Governance
1A1 Organizational Culture
1A2 Legal, Regulatory, and Contractual Requirements
1A3 Organizational Structures, Roles, and Responsibilities
B Information Security Strategy
1B1 Information Security Strategy Development
1B2 Information Governance Frameworks and Standards
1B3 Strategic Planning (e.g., budgets, resources, business case).
2 Information Security Risk Management
A Information Security Risk Assessment
2A1 Emerging Risk and Threat Landscape
2A2 Vulnerability and Control Deficiency Analysis
2A3 Risk Assessment and Analysis
B Information Security Risk Response
2B1 Risk Treatment / Risk Response Options
2B2 Risk and Control Ownership
2B3 Risk Monitoring and Reporting
3Information Security Program
A Information Security Program Development
3A1 Information Security Program Resources (e.g., people, tools, technologies)
3A2 Information Asset Identification and Classification
3A3 Industry Standards and Frameworks for Information Security
3A4 Information Security Policies, Procedures, and Guidelines
3A5 Information Security Program Metrics
B Information Security Program Management
3B1 Information Security Control Design and Selection
3B2 Information Security Control Implementation and Integrations
3B3 Information Security Control Testing and Evaluation
3B4 Information Security Awareness and Training/td>
3B5 Management of External Services (e.g., providers, suppliers, third parties, fourth parties)
3B6 Information Security Program Communications and Reporting
4 Incident Management
A Incident Management Readiness
4A1 Incident Response Plan
4A2 Business Impact Analysis (BIA)
4A3 Business Continuity Plan (BCP)
4A4 Disaster Recovery Plan (DRP)
4A5 Incident Classification/Categorization
4A6 Incident Management Training, Testing, and Evaluation
B Incident Management Operations
4B1 Incident Management Tools and Techniques
4B2 Incident Investigation and Evaluation
4B3 Incident Containment Methods
4B4 Incident Response Communications (e.g., reporting, notification, escalation)
4B5 Incident Eradication and Recovery
4B6 Post-incident Review Practices
Updated CISM Exam Content Outline Effective Beginning 1 June 2022
To learn more go Here
Updated: Conti Ransomware
CISA, the Federal Bureau of Investigation (FBI), the National Security
Agency (NSA), and the United States Secret Service (USSS) have re-released an
advisory on Conti
ransomware. Conti cyber threat actors remain active and reported Conti
ransomware attacks against U.S. and international organizations have risen to
more than 1,000.
CISA, the FBI, NSA, and the USSS encourage organizations to review AA21-265A: Conti
Ransomware, which includes new indicators of compromise, for more
information. See Shields Up and
StopRansomware.gov for
ways to respond against disruptive cyber activity.