Author: blogmirnet

CyberSeek, a free online tool that can help career seekers learn more about cybersecurity, has been updated with new data showing a snapshot of open jobs across the United States.  The new data reveals that the labor market for cybersecurity talent remains undersupplied, with approximately 315,000 more cybersecurity workers needed to close current supply gaps. Read the full press release or explore CyberSeek.org to learn about common job titles, average salaries, commonly requested credentials, and more!

A vulnerability has been discovered in Cisco IOS XE Software Web UI that could allow for privilege escalation. Successful exploitation could allow an unauthenticated remote attacker to create an account on an affected system with privilege level 15 access, allowing them to use that account to gain control of the affected system. The Cisco IOS XE Software web UI is an embedded GUI-based system-management tool, that comes with the default image.

Threat Intelligence Cisco is aware of this vulnerability being exploited in the wild.

Systems Affected

This vulnerability affects Cisco IOS XE Software if the Web UI feature is enabled.

Risk Government: – Large and medium government entities: High – Small government entities: High

Businesses: – Large and medium business entities: High – Small business entities: High

Home Users: Low

Technical Summary According to Cisco, at this time a patch is not available, and there are no workarounds that address this vulnerability. As a defensive measure it is strongly recommended that users disable the HTTP Server feature on all internet-facing systems.

Recommendations

Once available, apply appropriate patches provided by Cisco to vulnerable systems immediately after appropriate testing. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. Block execution of code on a system through application control, and/or script blocking. Remove or deny access to unnecessary and potentially vulnerable software to prevent abuse by adversaries.

References Cisco: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20198

Grow your skills at Security Virtual Training Day: Defend Against Threats and Secure Cloud Environments from Microsoft Learn. At this free event, you’ll learn to perform advanced hunting, detections, and investigations, and remediate security alerts with Microsoft Defender and Microsoft Sentinel. Using automated extended detection and response (XDR) in Microsoft Defender and unified cloud-native security information and event management (SIEM) through Microsoft Sentinel, you’ll learn to confidently perform investigations and remediations to help defend against threats. You will have the opportunity to: Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender. Use Microsoft Defender for Cloud to perform cloud security posture management and to help protect cloud workloads. Understand ways to help protect people and data against cyberthreats with Microsoft technologies. Join us at an upcoming two-part event: November 16, 2023 | 12:00 PM – 2:45 PM | (GMT-05:00) Eastern Time (US & Canada) November 17, 2023 | 12:00 PM – 2:00 PM | (GMT-05:00) Eastern Time (US & Canada) Delivery Language: English Closed Captioning Language(s): English

REGISTER TODAY >

Register for our NIST Webinar! Learn about Revisions to Two of our Identity Special Publications

Event Date: November 8, 2023

Time: 1:00 PM-2:30 PM ET

Description:

The National Institute of Standards and Technology (NIST) will be hosting a webinar to introduce two recently published Public Draft Special Publications (SPs):  The 3-part Drafts of SP 800-73 Revision 5, Interfaces for Personal Identity Verification (PIV) and Draft SP 800-78 Revision 5, Cryptographic Algorithms and Key Sizes for Personal Identity Verification. These publications are complements to FIPS 201-3, which defines the requirements and characteristics of government-wide interoperable identity credentials used by federal employees and contractors.

The workshop will discuss the necessary changes made to the PIV card, its credentials, and cryptographic capability to align with FIPS 201-3. 

Full Agenda:

1:00 PM-1:05 PM – Introduction and Welcome

1:05 PM-1:15 PM – Introduction to the PIV Standard

1:15 PM-1:45 PM – Changes to Draft SP 800-73 Revision 5

1:45 PM-2:15 PM – Changes to Draft SP 800-78 Revision 5

2:15 PM-2:30 PM – Key Dates/Next Steps/Closing

Visit the event page to register and learn more about the workshop. If you have any questions, please reach out to our team at piv_comments@nist.gov.

Register Now

The National Cybersecurity Center of Excellence (NCCoE) is hosting a virtual event open to the public! Join the NCCoE Internet of Things (IoT) Onboarding team as we explore a process known as trusted network-layer onboarding, which in combination with additional device security capabilities could improve the security of networks and IoT devices.  

During this webinar, attendees will: 

• Meet the NCCoE IoT Onboarding team and their industry collaborators
• Learn about Draft NIST SP 1800-36, Vols. A-E, Trusted IoT Device Network-Layer Onboarding and Lifecycle Management, and how it can be used to help organizations protect both their IoT devices and their networks 
• Hear from the project’s collaborators about example technology solutions using Wi-Fi Easy Connect, BRSKI, and Thread 
• Engage in a Q&A period with the project team and industry experts 
• Gain resources and additional information to help contribute to this project  

Speakers

• Cherilyn Pascoe, Director, NIST NCCoE 
• Paul Watrobski, Principal Investigator, NIST NCCoE  
• Susan Symington, Cyber Architecture and Resiliency Principal, NCCoE/MITRE 
• Dan Harkins, Fellow, HPE Aruba  
• Danny Jump, Senior Product Manager, HPE Aruba  
• Michael Richardson, Chief Scientist, Sandelman Software Works  
• Craig Pratt, Lead Software Engineer, CableLabs 
• Darshak Thakore, Principal Architect, CableLabs 
• Andy Dolan, Senior Security Engineer, CableLabs 
• Brecht Wyseur, Senior Product Manager and Product Strategy, Kudelski IoT 
• Nick Allott, CEO, NquiringMinds  
• Steve Clark, Security Technologist, SEALSQ, a division of WISeKey

Contact Us

If you have any questions about this event, please reach out to the team at iot-onboarding@nist.gov.  

To receive the latest project news and updates, consider joining the NCCoE IoT Onboarding Community of Interest (COI). You can sign up by completing the COI form here or by emailing the team declaring your interest. 

View Agenda and Register

---

My Research Can Help Protect You — and Your Company — From Hackers Trying to Steal Your Money and Information A scene from the movie Ocean’s 8 provides a surprisingly useful lesson on cybersecurity. The character played by Rihanna needs to hack into a security person’s computer. She looks up his social media to find he loves corgis. The Rihanna character sends him a phishing email featuring corgis, and he can’t help but click on it. With one click of a mouse, someone can accidentally give away their company’s secrets, their bank account information, or an organization’s medical records. Read More

Learning

Learn how to enable Advanced Security in your Azure Repos > Step by step tutorial to enable Advanced Security at the organization, project, or repository level.   Microsoft Azure Developer Cloud Skills Challenge > In under 30 hours, you’ll learn about storing data in Azure, creating serverless applications, connecting your services together, and more.   Learn how to provision and manage Azure AI Services > This learning path helps prepare you for Exam AI-102: Designing and Implementing a Microsoft Azure AI Solution.

It’s week three in our Cybersecurity Awareness Month blog series! 

This week, we interviewed NIST’s Michael Ogata (Computer Scientist) and Paul Watrobski (IT Security Specialist) about the importance of updating software.

1. This week’s Cybersecurity Awareness Month theme is ‘updating software.’ How does your work/specialty area at NIST tie into this behavior?

NIST’s Applied Cybersecurity Division’s core mission is to explore, measure, and evaluate both the cybersecurity guidance NIST provides as well as industry best practices. One of our current projects involves putting the practices described in NIST 800-218 Secure Software Development Framework (SSDF) into action. Many people think of updating software in the context of “that thing that happens randomly after I purchase a piece of software”…but today’s continuous integration and continuous delivery (CI/CD) environments—and the rapid pace of software evolution—tightly couple software updates into the daily functionality of many systems…

Read the Blog

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released this Joint Cybersecurity Advisory in response to the active exploitation of CVE-2023-22515 . This recently disclosed vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious cyber threat actors to obtain initial access to Confluence instances by creating unauthorized Confluence administrator accounts. Threat actors exploited CVE-2023-22515 as a zero-day to obtain access to victim systems and continue active exploitation post-patch. Atlassian has rated this vulnerability as critical; CISA, FBI, and MS-ISAC expect widespread, continued exploitation due to ease of exploitation.

CISA, FBI, and MS-ISAC strongly encourage network administrators to immediately apply the upgrades provided by Atlassian. CISA, FBI, and MS-ISAC also encourage organizations to hunt for malicious activity on their networks using the detection signatures and indicators of compromise (IOCs) contained in this advisory. If a potential compromise is detected, organizations should apply the incident response recommendations found in this advisory.

For additional information on upgrade instructions, a complete list of affected product versions, and IOCs, see Atlassian’s security advisory for CVE-2023-22515. While Atlassian’s advisory provides interim measures to temporarily mitigate known attack vectors, CISA, FBI, and MS-ISAC strongly encourage upgrading to a fixed version or taking servers offline to apply necessary updates.

The US Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) released this Analyst Note to provide awareness of NoEscape ransomware.

A relatively new threat actor and ransomware to the cybercriminal community, NoEscape ransomware emerged in May 2023, but is believed to be a rebrand of Avaddon, a now defunct ransomware group shut down in 2021. Unlike many of its contemporaries, however, the unknown developers of this ransomware claim that in lieu of using source code or leaks from other established ransomware families, they have constructed their malware and its associated infrastructure entirely from scratch. Using unique features and aggressive multi-extortion tactics, in just under a year, it has targeted multiple industries, including the Healthcare and Public Health (HPH) sector. Their recent activities highlight the prominence and influence they have as a Ransomware-as-a-Service (RaaS) group.

This HC3 Analyst Note provides an overview of the group, possible connections to the Avaddon threat group, an analysis of NoEscape’s ransomware attacks, its target industries and victim countries, sample MITRE ATT&CK techniques, recommended defense and mitigations against the ransomware,  and is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cyber criminals.