Cybersecurity Awareness Month 2023 Blog Series – Enabling MFA

October is always an exciting time for us as we celebrate Cybersecurity Awareness Month and some of NIST’s greatest accomplishments, resources, guidance, and latest news in the cybersecurity space. This year is a big one because 2023 marks the 20th anniversary of this important initiative —and we will celebrate in various ways every day throughout the month.

To kick-off our 2023 blog series, we sat down to interview NIST’s David Temoshok—and he walked us through his insights and ideas relative to enabling multi-factor authentication, along with sharing a bit about what he’s up to these days at NIST…

Read the Blog

Learn the latest security trends from the Microsoft 2023 Digital Defense Report

The cyber-threat landscape is ever evolving. To effectively protect your organization, it’s essential to stay up to date on cutting-edge security innovations such as AI. In this webinar, discover how AI-empowered cybersecurity can help you defend infrastructure, multicloud environments, hybrid workers, and more. You will also: Uncover key findings from the Microsoft 2023 Digital Defense Report Learn the latest cybersecurity trends from a panel of experts Get insights about the future of AI in cybersecurity Register now so you won’t miss this opportunity to bolster your security ecosystem. Tuesday, October 24, 2023
11:00 AM Pacific Time / 2:00 PM Eastern Time
 
Unlocking the Future of Cybersecurity and AI
 
Register now >

Critical Vulnerabilities Discovered in WS_FTP

Progress Software released information regarding multiple vulnerabilities, several critical, in their WS_FTP Server software. These flaws were discovered in the WS_FTP Server Ad hoc Transfer Module and the WS_FTP Server manager interface.
The most critical of the vulnerabilities is CVE-2023-40044, which has the highest severity rating of 10/10, and affects WS_FTP Server versions prior to 8.7.4 and 8.8.2. If exploited, a pre-authenticated threat actor could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. Proof-of-concept exploit code for CVE-2023-40044 is publicly available.
Additionally, CVE-2023-42657, which has a severity rating of 9.9/10, is a directory traversal vulnerability affecting WS_FTP Server versions prior to 8.7.4 and 8.8.2. An attacker could leverage this vulnerability to perform file operations on files and folders outside of their authorized WS_FTP folder path. Threat actors could also escape the context of the WS_FTP Server file structure and perform the same level of operations on file and folder locations on the underlying operating system.
According to Rapid7, attempts to exploit the disclosed WS_FTP vulnerabilities were observed in multiple customer environments. They provide indicators of compromise, process execution chains, and other technical details in their blog post. A full write-up of CVE-2023-40044 was also published by Assetnote.

Guidance on Identity and Access Management

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and Enduring Security Framework (ESF) partners released New Guidance on Identity and Access Management to enable developers and integrators to refine their existing tools to address the gaps with achieving secure identity and access management (IAM) and, if necessary, develop new tools to address the challenges for their IAM products and solutions.   IAM is a framework of business processes, policies, and technologies that facilitate the management of digital identities. It ensures that users only gain access to data when they have the appropriate credentials.    The new guidance identifies the adoption and secure employment of multi-factor authentication (MFA) and single sign-on (SSO) technologies as a key developer and vendor challenge that has been difficult to meet with the technology that is currently available.    IAM solutions must enable an organization’s staff to differentiate between authorized users performing the organization’s mission and unauthorized entities attempting to access the infrastructure while also supporting a prompt and effective response to indicators of compromise.   Successful implementation of secure IAM capabilities, to include MFA and SSO, depends on the vendor community to provide solutions to achieve secure outcomes. For interoperability to be effective, the community must work together to provide IAM solutions that will enable successful and secure outcomes.  

Multiple Vulnerabilities in Google Android OS

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights. 
Threat Intelligence There are reports of these vulnerabilities being exploited in the wild. (CVE-2023-4863, CVE-2023-4211
Systems Affected
Android OS patch levels prior to 2023-10-05 
Risk
Government:
– Large and medium government entities: High – Small government entities: Medium
Businesses: – Large and medium business entities: High
– Small business entities: Medium
Home Users: Low
Technical Summary Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution in the context of the affected component.
Recommendations
Apply the stable channel update provided by Google to vulnerable systems immediately after appropriate testing. Restrict execution of code to a virtual environment on or in transit to an endpoint system. Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.
References
Google:
https://source.android.com/docs/security/bulletin/2023-10-01
MediaTek:
https://corp.mediatek.com/product-security-bulletin/October-2023 

Unisoc:
https://www.cybersecurity-help.cz/vdb/SB2023100252

Qualcomm:
https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2023-bulletin.html

CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28348
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21273
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21291
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21673
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24848
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34970
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40116
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40121
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40128
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40137
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40638​​​​​

NSA, FBI, CISA, and Japanese Partners Release Advisory on PRC-Linked Cyber Actors

Today, the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cybersecurity and Infrastructure Security Agency (CISA), along with the Japan National Police Agency (NPA) and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) released joint Cybersecurity Advisory (CSA) People’s Republic of China-Linked Cyber Actors Hide in Router Firmware. The CSA details activity by cyber actors, known as BlackTech, linked to the People’s Republic of China (PRC). The advisory provides BlackTech tactics, techniques, and procedures (TTPs) and urges multinational corporations to review all subsidiary connections, verify access, and consider implementing zero trust models to limit the extent of a potential BlackTech compromise.

BlackTech has demonstrated capabilities in modifying router firmware without detection and exploiting routers’ domain-trust relationships to pivot from international subsidiaries to headquarters in Japan and the United States, which are the primary targets.

CISA strongly recommends organizations review the advisory and implement the detection and mitigation techniques described to protect devices and networks. For additional guidance, see People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices and visit CISA’s China Cyber Threat Overview and Advisories page.

Tackle cloud fundamentals and prep for the certification exam—register today

Build skills that help you create new technology possibilities and explore foundational cloud concepts at Azure Virtual Training Day: Fundamentals from Microsoft Learn. Join us for this free training event to expand your knowledge of cloud models and cloud service types. You’ll also review Azure services focused on computing, networking, and storage. You will have the opportunity to: Understand the value of the shared responsibility model between consumers and cloud providers. Identify the tools and services that can help you manage, secure, and stay compliant across your Azure cloud ecosystem and in on-premises, hybrid, and multicloud environments. See how to use Azure services to rapidly expand your cloud footprint while maintaining data security and privacy. Join us at an upcoming two-part event:
October 11, 2023 | 12:00 PM – 3:00 PM | (GMT-05:00) Eastern Time (US & Canada)
October 12, 2023 | 12:00 PM – 3:00 PM | (GMT-05:00) Eastern Time (US & Canada)

Delivery Language: English
Closed Captioning Language(s): English
 
REGISTER TODAY >

CISA Launches New Cybersecurity Awareness Program “Secure Our World”

The Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of “Secure Our World ,” a nationwide cybersecurity public awareness campaign to educate all Americans on how to stay safe online. The campaign includes a public service announcement (PSA) that will air on stations around the country, as well as digital content, a toolkit, and other resources. Recognizing that technology is an integral part of our modern lives, Congress tasked CISA with creating this program to provide small businesses, communities, and individuals with the guidance and tools they need to protect themselves online. 
By equipping individuals, families and businesses with the knowledge and resources needed to protect ourselves and our digital assets, the Secure Our World program promotes safe online practices as an everyday activity we should all adopt, especially when connected, and helps empower all of us to make informed decisions about our cyber habits. The Secure Our World program is focused on four simple steps everyone can take to stay safe online:
Strong passwords: Use passwords that are long, random, and unique to each account, and use a password manager to generate them and to save them. Multi-factor authentication (MFA): Use MFA for all accounts that offer it. We need more than a password to protect our most important data, including email, financial accounts, and social media.  Recognize and report phishing: Think before you click! Be cautious of unsolicited emails, texts, or calls asking you for personal information. Resist the urge to click on these links and do not click on links or open attachments from unknown sources. Update software: Enable automatic updates on software so the latest security patches keep our devices continuously protected.
The Secure Our World program is a year-round, enduring effort to educate individuals and small to medium-sized businesses about how to stay secure online, and it provides resources to improve cybersecurity habits to increase resilience against cyber threats.
For individuals and families, the Secure Our World program emphasizes the importance of securing personal accounts, offering guidance on personal device safety, safe internet browsing practices, social media usage, and protecting personal information online.  Small and medium-sized businesses (SMBs) face unique challenges, so we are working to help them Secure Our World by offering tools and resources that can help boost SMB’s cybersecurity defenses and minimizes the risk of data breaches or cyberattacks, making not only our businesses, but our communities safer. Tech manufacturers can Secure Our World by implementing security features built-in by design. Default settings should have the highest security measures implemented, and individuals can manually bypass security features if they do not want them. Users should not have to opt-in to necessary security measures.
The Secure Our World program leverages partnerships and collaborations with government, tribes, industry partners, and cybersecurity experts to ensure access to up-to-date resources such as guidance on personal device safety, safe internet browsing practices, social media usage, and protecting personal information online.  We encourage everyone to explore resources to keep you and your family safe by visiting Secure Our World | CISA, following us on X (formerly Twitter), LinkedIn, Facebook and YouTube, and using the hashtag #SecureOurWorld.

Microsoft Azure Virtual Training Day: AI Fundamentals

Explore core AI concepts at Azure Virtual Training Day: AI Fundamentals from Microsoft Learn. Join us for this free training event to learn how organizations use AI technology to solve real-world challenges and see how to build intelligent applications using Azure AI services. This training is suitable for anyone interested in AI solutions—including those in technical or business roles. You will have the opportunity to: Understand foundational AI concepts and real-world use cases. Get started using AI services on Azure and machine learning in Azure Machine Learning Studio. Identify common AI workloads and ways to use AI responsibly. Join us at an upcoming event:
October 6, 2023 | 12:00 PM – 3:30 PM | (GMT-05:00) Eastern Time (US & Canada)


Delivery Language: English
Closed Captioning Language(s): English
 
REGISTER TODAY >

NIST NCCoE Publishes Cybersecurity Framework Profile for Hybrid Satellite Networks

The NIST National Cybersecurity Center of Excellence (NCCoE) has published Final NIST IR 8441, Cybersecurity Framework Profile for Hybrid Satellite Networks (HSN)

The HSN Cybersecurity Framework (CSF) Profile provides a practical tool for organizations engaged in the design, acquisition, and operation of satellite buses or payloads involving HSN. Its primary intent is to help those organizations better understand the attack surface, incorporate security, and achieve greater resilience for space systems that may be leveraged by critical infrastructure owners and operators, the Department of Defense, or other government missions, in a manner that is consistent with the organization’s risk tolerance.

The HSN Profile will help organizations:

  • Identify systems, assets, data, and risks from the CSF that pertain to HSN.
  • Protect HSN services by utilizing cybersecurity principles and self-assessment.
  • Detect cybersecurity-related disturbances or corruption of HSN services and data.
  • Respond to HSN service or data anomalies in a timely, effective, and resilient manner.
  • Recover the HSN to proper working order at the conclusion of a cybersecurity incident.

As the space sector is transitioning away from traditional, vertically-integrated entities and towards an aggregation of independently-owned and operated segments, it is becoming more critical for all stakeholders to share a common understanding of the risks and how they can be mitigated.

To learn more about the project and to join our Community of Interest, visit the project page

View the Publication