October 2023 – Page 4 – My information Resource (blog.mir.net)

CISA, FBI, NSA, and Treasury Release Guidance on OSS in IT/ICS Environments

Today, CISA, the Federal Bureau of Investigation, the National Security Agency, and the U.S. Department of the Treasury released guidance on improving the security of open source software (OSS) in operational technology (OT) and industrial control systems (ICS). In alignment with CISA’s recently released Open Source Security Roadmap, the guidance provides recommendations to OT/ICS organizations on:

Supporting OSS development and maintenance,
Managing and patching vulnerabilities in OT/ICS environments, and
Using the Cross-Sector Cybersecurity Performance Goals (CPGs) as a common framework for adopting key cybersecurity best practices in relation to OSS.

Alongside the guidance, CISA published the Securing OSS in OT web page, which details the Joint Cyber Defense Collaborative (JCDC) OSS planning initiative, a priority within the JCDC 2023 Planning Agenda. The initiative will support collaboration between the public and private sectors—including the OSS community—to better understand and secure OSS use in OT/ICS, which will strengthen defense against OT/ICS cyber threats. CISA encourages OT/ICS organizations to review this guidance and implement its recommendations.

Two or More Ransomware Variants Impacting the Same Victims and Data Destruction Trends

This FBI Private Industry Notification (PIN) is provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals.

The FBI is releasing this PIN to highlight emerging ransomware trends and encourage organizations to implement the recommendations in the mitigations section to reduce the likelihood and impact of ransomware incidents.

As of July 2023, the FBI noted two trends emerging across the ransomware environment and is releasing this notification for industry awareness. These new trends included multiple ransomware attacks on the same victim in close date proximity and new data destruction tactics in ransomware attacks.

This FBI PIN provides an overview of the threat, mitigation recommendations, and is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals.

Guide to Operational Technology (OT) Security: NIST Publishes SP 800-82, Revision 3

NIST has published Special Publication (SP) 800-82r3 (Revision 3), Guide to Operational Technology (OT) Security, which provides guidance on how to improve the security of OT systems while addressing their unique performance, reliability, and safety requirements.

OT encompasses a broad range of programmable systems and devices that interact with the physical environment (or manage devices that interact with the physical environment). These systems and devices detect or cause a direct change through the monitoring and/or control of devices, processes, and events. Examples include industrial control systems (ICS), building automation systems, transportation systems, physical access control systems, physical environment monitoring systems, and physical environment measurement systems.

SP 800-82r3 provides an overview of OT and typical system topologies, identifies typical threats to organizational mission and business functions supported by OT, describes typical vulnerabilities in OT, and provides recommended security safeguards and countermeasures to manage the associated risks.

Updates in this revision also include:

Expansion in scope from ICS to OT
Updates to OT threats and vulnerabilities
Updates to OT risk management, recommended practices, and architectures
Updates to current activities in OT security
Updates to security capabilities and tools for OT
Additional alignment with other OT security standards and guidelines, including the Cybersecurity Framework (CSF)
New tailoring guidance for SP 800-53r5 security controls, including an OT overlay that provides tailored security control baselines for low-impact, moderate-impact, and high-impact OT systems

In addition to SP 800-82r3, a collection of NIST resources for OT cybersecurity can be found at the Operational Technology Security website.

Dirt Cheap CISSP bootcamp!

Dirt Cheap CISSP Bootcamp!Register for our dirt cheap 5-day bootcamp to prepare yourself for the CISSP exam. This bootcamp is only available to ISC2 New Jersey Chapter members.
Dates: October 21st, October 28th, November 4th, November 11th, and November 18th, 2023
Time: 9 a.m. – 5 p.m.
Location: Virtual
The course textbook is not included, but it is less than $100.
Register here.

NY Metro Joint Cyber Security Conference

NY Metro Joint Cyber Security Conference

Registration is now open for the 2023 NY Metro Joint Cyber Security Conference and Workshop!

Date: October 19th and 20th, 2023
Time: 8:30 a.m. – 5:30 p.m.
Location: Microsoft, 11 Times Sq. NYC (Workshops are virtual)

It will be held in-person at Microsoft in Manhattan on October 19th and 20th, celebrating their 10th anniversary. Featuring a keynote by Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance. For details, click here.

To register for this event, click here.

To learn more about becoming a sponsor for this event, click here.

Cybersecurity Awareness Month 2023 Blog Series – Enabling MFA

October is always an exciting time for us as we celebrate Cybersecurity Awareness Month and some of NIST’s greatest accomplishments, resources, guidance, and latest news in the cybersecurity space. This year is a big one because 2023 marks the 20^th anniversary of this important initiative —and we will celebrate in various ways every day throughout the month.

To kick-off our 2023 blog series, we sat down to interview NIST’s David Temoshok—and he walked us through his insights and ideas relative to enabling multi-factor authentication, along with sharing a bit about what he’s up to these days at NIST…

Read the Blog

Learn the latest security trends from the Microsoft 2023 Digital Defense Report

The cyber-threat landscape is ever evolving. To effectively protect your organization, it’s essential to stay up to date on cutting-edge security innovations such as AI. In this webinar, discover how AI-empowered cybersecurity can help you defend infrastructure, multicloud environments, hybrid workers, and more. You will also: Uncover key findings from the Microsoft 2023 Digital Defense Report Learn the latest cybersecurity trends from a panel of experts Get insights about the future of AI in cybersecurity Register now so you won’t miss this opportunity to bolster your security ecosystem. Tuesday, October 24, 2023
11:00 AM Pacific Time / 2:00 PM Eastern Time

Unlocking the Future of Cybersecurity and AI

Register now >

Critical Vulnerabilities Discovered in WS_FTP

Progress Software released information regarding multiple vulnerabilities, several critical, in their WS_FTP Server software. These flaws were discovered in the WS_FTP Server Ad hoc Transfer Module and the WS_FTP Server manager interface.

The most critical of the vulnerabilities is CVE-2023-40044, which has the highest severity rating of 10/10, and affects WS_FTP Server versions prior to 8.7.4 and 8.8.2. If exploited, a pre-authenticated threat actor could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. Proof-of-concept exploit code for CVE-2023-40044 is publicly available.

Additionally, CVE-2023-42657, which has a severity rating of 9.9/10, is a directory traversal vulnerability affecting WS_FTP Server versions prior to 8.7.4 and 8.8.2. An attacker could leverage this vulnerability to perform file operations on files and folders outside of their authorized WS_FTP folder path. Threat actors could also escape the context of the WS_FTP Server file structure and perform the same level of operations on file and folder locations on the underlying operating system.

According to Rapid7, attempts to exploit the disclosed WS_FTP vulnerabilities were observed in multiple customer environments. They provide indicators of compromise, process execution chains, and other technical details in their blog post. A full write-up of CVE-2023-40044 was also published by Assetnote.

Guidance on Identity and Access Management

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and Enduring Security Framework (ESF) partners released New Guidance on Identity and Access Management to enable developers and integrators to refine their existing tools to address the gaps with achieving secure identity and access management (IAM) and, if necessary, develop new tools to address the challenges for their IAM products and solutions. IAM is a framework of business processes, policies, and technologies that facilitate the management of digital identities. It ensures that users only gain access to data when they have the appropriate credentials. The new guidance identifies the adoption and secure employment of multi-factor authentication (MFA) and single sign-on (SSO) technologies as a key developer and vendor challenge that has been difficult to meet with the technology that is currently available. IAM solutions must enable an organization’s staff to differentiate between authorized users performing the organization’s mission and unauthorized entities attempting to access the infrastructure while also supporting a prompt and effective response to indicators of compromise. Successful implementation of secure IAM capabilities, to include MFA and SSO, depends on the vendor community to provide solutions to achieve secure outcomes. For interoperability to be effective, the community must work together to provide IAM solutions that will enable successful and secure outcomes.

Multiple Vulnerabilities in Google Android OS

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.

Threat Intelligence There are reports of these vulnerabilities being exploited in the wild. (CVE-2023-4863, CVE-2023-4211)

Systems Affected

Android OS patch levels prior to 2023-10-05

Risk
Government: – Large and medium government entities: High – Small government entities: Medium

Businesses: – Large and medium business entities: High
– Small business entities: Medium

Home Users: Low

Technical Summary Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution in the context of the affected component.

Recommendations

Apply the stable channel update provided by Google to vulnerable systems immediately after appropriate testing. Restrict execution of code to a virtual environment on or in transit to an endpoint system. Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.

References
Google:
https://source.android.com/docs/security/bulletin/2023-10-01

MediaTek:
https://corp.mediatek.com/product-security-bulletin/October-2023

Unisoc:
https://www.cybersecurity-help.cz/vdb/SB2023100252

Qualcomm:
https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2023-bulletin.html