Just released 2022 Annual Threat Assessment of the U.S. Intelligence Community

The Office of the Director of National Intelligence has released an annual report providing an assessment of worldwide threats to U.S. national security.

The 2022 Annual Threat Assessment of the U.S. Intelligence Community was released in accordance with Section 617 of the Intelligence Authorization Act for fiscal year 2021, ODNI said Tuesday.

The report details the national security challenges posed by China, Russia, Iran and North Korea to the U.S. across various areas, including military capabilities, economy, cyber and space domain.

The document explains how China works to modify global norms and threaten its neighbors and discusses Russia’s willingness to use military force to “impose its will on neighbors” as seen in Ukraine and other countries.

Other issues covered in the report are health security concerns including infectious diseases and the COVID-19 pandemic, climate change and environmental degradation, transnational organized crime, violent extremism, illicit drugs and surges in migration.

Article was posted on (executivegov.com)

 

Introduction to Cybersecurity for Commercial Satellite Operations

 Introduction to
Cybersecurity for Commercial Satellite Operations: 2nd Draft of NISTIR 8270 is
Available for Comment

Space operations are vital to advancing the security, economic
prosperity, and scientific knowledge of the Nation. However, cyber-related
threats to space assets and their supporting infrastructure pose increasing
risks to the economic promise of emerging markets in space. This second draft of NISTIR 8270Introduction to
Cybersecurity for Commercial Satellite Operations
,
presents a specific method for applying the Cybersecurity Framework (CSF) to
commercial space business and describes an abstracted set of cybersecurity
outcomes, requirements, and suggested controls.

The draft also:

  • Clarifies scope with an
    emphasis on the satellite itself,
  • Updates examples for clarity,
  • Adds more detailed steps for
    developing a current and target profile and risk analysis, and
  • Provides references for
    relevant regulations around commercial space.

Reviewers are asked to provide feedback on additional threat
models that might help in the development of organization profiles, informative
references on the application of security controls to satellites, and standards
or informative references that might benefit all readers.

The
public comment period is open through April 8, 2022. 
See the publication
details
 for a copy of the draft and instructions for submitting
comments

WARNING QR Code Scanner: Add-On on Andriod

 TeaBot, posing as “QR Code Scanner: Add-On”, is downloaded from two specific GitHub repositories created by the user feleanicusor. It has been verified that those repositories contained multiple TeaBot samples starting from Feb 17, 2022:


As reported at TeaBot is now spreading across the globe | Cleafy Labs

Background and key points

TeaBot is an Android banking trojan emerged at the beginning of 2021 designed for
 stealing victim’s credentials and SMS messages

TeaBot RAT capabilities are achieved via the device screen’s live streaming 
(requested on-demand) plus the abuse of Accessibility Services for remote
interaction and key-logging. This enables Threat Actors (TAs) to perform ATO
 (Account Takeover) directly from the compromised phone, also known as 
“On-device fraud”
.
Initially TeaBot has been distributed through smishing campaigns using a 
predefined list of lures, such as TeaTV, VLC Media Player, DHL and UPS
 and others.
Recent samples show how TAs are evolving their side-loading techniques,
including the distribution of applications on the official Google Play Store, 
also known as “dropper applications”.

In the last months, we detected a major increase of targets which now count 
more than 400 applications, including banks, crypto exchanges/wallets and 
digital insurance, and new countries such as Russia, Hong Kong, and the US 


See the full report Here

NIST Releases Ransomware Risk Management Cybersecurity Framework Profile & Quick Start Guide

Final Ransomware Risk Management Cybersecurity Framework Profile & Quick
Start Guide Released Today!

Ransomware is a type of malicious attack where attackers encrypt an
organization’s data and demand payment to restore access. In some instances,
attackers may also steal an organization’s information and demand an additional
payment in return for not disclosing the information to authorities,
competitors, or the public. This serious cybersecurity challenge is becoming
more widespread.

To help address this challenge, NIST is releasing two guides:

The final Ransomware Risk Management: A Cybersecurity Framework
Profile (NISTIR 8374)
 incorporates feedback from earlier drafts and
is based on the broader Cybersecurity
Framework Version 1.1
. It can be used as a guide to manage the risk of
ransomware events—which includes helping to gauge an organization’s level of
readiness to counter ransomware threats and to deal with the potential
consequences of events.

NIST has also developed a companion quick start guide
called Getting Started with Cybersecurity Risk
Management: Ransomware’
 designed for organizations—including those
with limited resources to address cybersecurity challenges—to easily understand
the advice given in the Profile and to get guidance on what they can begin
implementing today. It’s important to recognize that you don’t need to do
everything all at once…getting started is the key!

Read More

High-severity vulnerability in the UpdraftPlus WordPress plugin

 Our new UpdraftPlus release, 1.22.3 (free version) / 2.22.3 (paid versions) is a security release. The short version is: you should update. To get the details, read on!

On the evening of February 15th, we received a security defect report from security researcher Marc-Alexandre Montpas of Automattic, who during an audit of UpdraftPlus found a previously unknown defect in current versions of UpdraftPlus, which has had a CVE identifier reserved of CVE-2022-23303.

This defect allows any logged-in user on a WordPress installation with UpdraftPlus active to exercise the privilege of downloading an existing backup, a privilege which should have been restricted to administrative users only. This was possible because of a missing permissions check on code related to checking current backup status. This allowed the obtaining of an internal identifier which was otherwise unknown, and could then be used to pass a check upon permission to download.

This means that if your WordPress site allows untrusted users to have a WordPress login, and if you have any existing backup, then you are potentially vulnerable to a technically skilled user working out how to download the existing backup. Affected sites are at risk of data loss / data theft via the attacker accessing a copy of your site’s backup, if your site contains anything non-public. I say “technically skilled”, because at that point, no public proof of how to leverage this exploit has been made. At this point in time, it relies upon a hacker reverse-engineering the changes in the latest UpdraftPlus release to work it out. However, you should certainly not rely upon this taking long, but should update immediately. If you are the only user on your WordPress site, or if all your users are trusted, then you are not vulnerable, but we still recommend updating in any case.

Users who are using UpdraftPlus Premium’s feature for encrypting your database backup are protected against data loss/theft from this problem, assuming that you have kept your encryption password secret. (There is no known vulnerability allowing the attacker to also access this). In such cases, only any confidential information in the backup of your files is at risk (and then usually only your media/upload files, since plugins and themes are usually only public code that contains nothing sensitive, being downloadable from their original supplier/author by any member of the public). Note also that the WordPress database, following modern security standards, hashes stored passwords. This means that your WordPress login password is protected even from someone who has obtained even an unencrypted copy of it.

This information is now being released approximately a day after updated, secured versions of UpdraftPlus became available. During that time, the majority of sites have been updated.

Again, we urge all users to update if they have not done so already. We at UpdraftPlus sincerely apologise for any and all inconvenience that has been caused, and wish to thank Marc for working together with us. From the moment we received the report, it was “all hands on deck”. An update was pushed to Premium users within the hour. We have lost a good amount of sleep, because your sites and their backups matter to us, and we will continue working hard to make sure that continues to be the case.

(Addendum: versions 1.22.4 / 2.22.4 have subsequently been released, which deals with a conflict with a bug in a popular third-party plugin, via adding a work-around (we have also reported the issue to the plugin author)).

From https://updraftplus.com/updraftplus-security-release-1-22-3-2-22-3/