Author: blogmirnet

Synopsis As the United States moves to establish space as an operational domain and seeks to support a space economy, there are corresponding challenges to addressing cybersecurity vulnerabilities and threats to the sector. While many existing cybersecurity principles and practices remain applicable to space as an emerging commercial critical infrastructure sector, there are many nuances and specialties that will require augmenting existing cybersecurity education and training content and learning experiences, and requirements for new work roles or competency areas are likely to emerge.  Register Today

Today, the National Security Agency (NSA) and CISA published 5G Network Slicing: Security Considerations for Design, Deployment, and Maintenance. This guidance—created by the Enduring Security Framework (ESF), a public-private cross-sector working group led by the NSA and CISA—presents recommendations to address some identified threats to 5G standalone network slicing, and provides industry recognized practices for the design, deployment, operation, and maintenance of a hardened 5G standalone network slice(s). This guidance builds upon the 2022 ESF guidance Potential Threats to 5G Network Slicing. 

CISA encourages 5G providers, integrators, and network operators to review this guidance and implement the recommended actions. For additional 5G guidance, visit CISA.gov/5G-library.

CISA has developed and published a factsheet, Free Tools for Cloud Environments, to help businesses transitioning into a cloud environment identify proper tools and techniques necessary for the protection of critical assets and data security. Free Tools for Cloud Environments provides network defenders and incident response/analysts open-source tools, methods, and guidance for identifying, mitigating, and detecting cyber threats, known vulnerabilities, and anomalies while operating a cloud or hybrid environment. 

Cloud service platforms and cloud service providers (CSPs) have developed built-in security capabilities for organizations to enhance security capabilities while operating in cloud environments. Organizations are encouraged to use the built-in security features from CSPs and to take advantage of free CISA- and partner-developed tools/applications to fill security gaps and complement existing security features. Publicly available PowerShell tools exist to all network defenders for investigation and aid of an organization’s security posture, including:  

• Cybersecurity Evaluation Tool (CSET),
• Secure Cloud Business Applications (SCuBA) Gear,
• Untitled Goose Tool,
• Decider, and
• Memory Forensic on Cloud (JPCERT/CC).

Note: These tools are highlighted and explained to assist with on-site investigation and remediation in cloud environments but are not all-encompassing and are provided for informational purposes only. CISA does not endorse any commercial product or service, including any subjects of analysis.

CISA encourages network defenders to take the measures above and consult the Free Tools for Cloud Environments factsheet to reduce the likelihood of a damaging cyber incident, detect malicious activity, respond to confirmed incidents, and strengthen resilience. 

Adobe has released security updates to address a critical vulnerability (CVE-2023-38203) affecting ColdFusion. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Adobe security release APSB23-41 and apply the necessary updates.

The National Cybersecurity Center of Excellence (NCCoE) today released for public comment the initial public draft of NIST Internal Report (NIST IR) 8473, Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure. The comment period is open through August 28, 2023.

About the Report

This Cybersecurity Framework Profile (Profile) has been developed for the Electric Vehicle Extreme Fast Charging (EV/XFC) ecosystem and the subsidiary functions that support each of the four domains: (i) Electric Vehicles (EV); (ii) Extreme Fast Charging (XFC); (iii) XFC Cloud or Third-Party Operations; (iv) and Utility and Building Networks. The document provides a foundation that relevant parties may use to develop profiles specific to their organization to assess their cybersecurity posture as a part of their risk management process. This non-regulatory, voluntary profile is intended to supplement, not replace, an existing risk management program or the current cybersecurity standards, regulations, and industry guidelines that are in current use by the EV/XFC industry.

Purpose

The EV/XFC Cybersecurity Framework Profile is designed to be part of an enterprise risk management program to aid organizations in managing threats to systems, networks, and assets within the EV/XFC ecosystem. The EV/XFC Cybersecurity Framework Profile is not intended to serve as a solution or compliance checklist. Users of this profile will understand that its application cannot eliminate the likelihood of disruption or guarantee some level of assurance.

Use of the Profile will help organizations:

• Identify key assets and interfaces in each of the ecosystem domains.
• Address cybersecurity risk in the management and use of EV/XFC services.
• Identify the threats, vulnerabilities, and associated risks to EV/XFC services, equipment, and data.
• Apply protection mechanisms to reduce risk to manageable levels.
• Detect disruptions and manipulation of EV/XFC services.
• Respond to and recover from EV/XFC service anomalies in a timely, effective, and resilient manner.

Submit Comments

The public comment period closes at 11:59 p.m. EDT on Monday, August 28, 2023. Please email all draft comments to evxfc-nccoe@nist.gov. We encourage you to submit all feedback using the comment template found on our project page.

Join the Community of Interest

If you have expertise in EV/XFC and/or cybersecurity, consider joining the Community of Interest (COI) to receive the latest project news and announcements. Email the team at evxfc-nccoe@nist.gov declaring your interest or complete the sign-up form on our project page.Learn More

Create more business impact using proactive and predictive analytics at Azure Virtual Training Day: Digitally Transform with Modern Analytics from Microsoft Learn. Join us for this free training event to learn how to build an analytics solution using Azure Synapse Analytics. Maximize your organization’s intelligent decision-making capabilities and learn to build an end-to-end solution by preparing data for storage, processing, and analysis. You will have the opportunity to: Create a data warehouse in the cloud. Accelerate your big data engineering with Spark in Azure Synapse Analytics. Build automated data integration with Azure Synapse Pipelines. Learn to perform operation analytics with Azure Synapse Link. Join us at an upcoming two-part event: Monday, August 14, 2023 | 9:00 AM – 12:15 PM | (GMT-08:00) Pacific Time (US & Canada) Tuesday, August 15, 2023 | 9:00 AM – 10:45 AM | (GMT-08:00) Pacific Time (US & Canada) Delivery Language: English Closed Captioning Language(s): English

REGISTER TODAY >

Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a remote code execution vulnerability exploited before disclosure to Microsoft via Word documents, using lures related to the Ukrainian World Congress.

Storm-0978 (DEV-0978; also referred to as RomCom, the name of their backdoor, by other vendors) is a cybercriminal group based out of Russia, known to conduct opportunistic ransomware and extortion-only operations, as well as targeted credential-gathering campaigns likely in support of intelligence operations. Storm-0978 operates, develops, and distributes the RomCom backdoor. The actor also deploys the Underground ransomware, which is closely related to the Industrial Spy ransomware first observed in the wild in May 2022. The actor’s latest campaign detected in June 2023 involved abuse of CVE-2023-36884 to deliver a backdoor with similarities to RomCom.

Storm-0978 is known to target organizations with trojanized versions of popular legitimate software, leading to the installation of RomCom. Storm-0978’s targeted operations have impacted government and military organizations primarily in Ukraine, as well as organizations in Europe and North America potentially involved in Ukrainian affairs. Identified ransomware attacks have impacted the telecommunications and finance industries, among others.

Microsoft 365 Defender detects multiple stages of Storm-0978 activity. Customers who use Microsoft Defender for Office 365 are protected from attachments that attempt to exploit CVE-2023-36884. In addition, customers who use Microsoft 365 Apps (Versions 2302 and later) are protected from exploitation of the vulnerability via Office. Organizations who cannot take advantage of these protections can set the FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION registry key to avoid exploitation. More mitigation recommendations are outlined in this blog.

Targeting

Storm-0978 has conducted phishing operations with lures related to Ukrainian political affairs and targeting military and government bodies primarily in Europe. Based on the post-compromise activity identified by Microsoft, Storm-0978 distributes backdoors to target organizations and may steal credentials to be used in later targeted operations.

The actor’s ransomware activity, in contrast, has been largely opportunistic in nature and entirely separate from espionage-focused targets. Identified attacks have impacted the telecommunications and finance industries.

Tools and TTPs

Tools

Storm-0978 uses trojanized versions of popular, legitimate software, leading to the installation of RomCom, which Microsoft assesses is developed by Storm-0978. Observed examples of trojanized software include Adobe products, Advanced IP Scanner, Solarwinds Network Performance Monitor, Solarwinds Orion, KeePass, and Signal. To host the trojanized installers for delivery, Storm-0978 typically registers malicious domains mimicking the legitimate software (for example, the malicious domain advanced-ip-scaner[.]com).

In financially motivated attacks involving ransomware, Storm-0978 uses the Industrial Spy ransomware, a ransomware strain first observed in the wild in May 2022, and the Underground ransomware. The actor has also used the Trigona ransomware in at least one identified attack.

Additionally, based on attributed phishing activity, Storm-0978 has acquired exploits targeting zero-day vulnerabilities. Identified exploit activity includes abuse of CVE-2023-36884, including a remote code execution vulnerability exploited via Microsoft Word documents in June 2023, as well as abuse of vulnerabilities contributing to a security feature bypass.

Read the full article on Microsoft Here

Get the skills to drive employee engagement at Microsoft 365 Virtual Training Day: Introduction to Microsoft Viva. Join us at this free event from Microsoft Learn to explore how the Viva employee experience platform works with Microsoft Teams to connect Viva Connections, Viva Insights, Viva Topics, and Viva Learning, helping you create more continuity and balance in a hybrid work environment. Learn how to help teams collaborate more effectively, use data-driven insights to work smarter, learn on the job, and nurture well-being. Discover how to create a more informed, connected, and inspired workforce and easily connect Viva with your existing systems and tools. You will have the opportunity to: Create a thriving culture that improves employee well-being through an employee experience platform. Use AI to recommend related documents and subject matter experts in the apps you use every day. Use data-driven, personalized insights to identify opportunities to improve employee well-being. Create a personalized destination for employees to discover relevant news, conversations, and the tools they need to succeed. Join us at an upcoming two-part event: Wednesday, August 9, 2023 | 10:00 AM – 12:20 PM | (GMT-05:00) Eastern Time (US & Canada) Thursday, August 10, 2023 | 10:00 AM – 11:45 AM | (GMT-05:00) Eastern Time (US & Canada) Delivery Language: English Closed Captioning Language(s): English

REGISTER TODAY >

NIST Digital Identity Events | Public Workshop (7/25) & Government-Only Meeting (7/26) Coming up in about two weeks! During these two separate events, NIST presenters will provide updates on Digital Identity Guidelines, share major themes from our recent public comment period, discuss plans for substantive updates and changes, and talk about the Identity and Access Management (IAM) Roadmap. Public Workshop (all are encouraged to attend) July 25, 2023 | 9:00 a.m. – 1:30 p.m. EDT | Hybrid Event (in-person and virtual) – Agenda just added! This event will give the public an opportunity to participate in discussions and talk about potential changes to our guidance as we continue the adjudication of comments received on NIST Special Publication 800-63, Digital Identity Guidelines (Draft NIST SP 800-63-4). The focus will be on key themes and major changes.Learn More & Register Now! NIST Cybersecurity and Privacy Program Questions/Comments about this notice: dig-comments@nist.gov NCCoE Website questions: nccoe@nist.gov

If you are a cybersecurity/IT practitioner or developer or a human-centered cybersecurity researcher, we want to hear from you!

The National Institute of Standards and Technology (NIST) is conducting a survey to understand the interactions between human-centered cybersecurity researchers and practitioners, including if/how practitioners use human-centered cybersecurity insights.

The survey results will lead to the creation of mutually beneficial “bridges” between the research and practitioner communities that facilitate the relevance and application of research findings to real-world practice.

We invite you to share your thoughts and experiences by responding to our survey, which is open through July 31:

PRACTITIONERS – Take the survey here: https://usability.gov1.qualtrics.com/jfe/form/SV_80us9OFNHPPjiPs?so=govdel

(Note: You don’t have to be familiar with human-centered cybersecurity to take the survey.)

HUMAN-CENTERED SECURITY RESEARCHERS – Take the survey here: https://usability.gov1.qualtrics.com/jfe/form/SV_3CqcCk5wMAeFLqm?so=govdel

Are you BOTH a practitioner and a researcher? Choose one of the surveys above!

We understand that your time is valuable. The practitioner survey should only take about 5 minutes to complete, and the researcher survey about 10 minutes. Your responses will be anonymous.

Contact Susanne Furman susanne.furman@nist.gov (through July 21) or Clyburn Cunningham (after July 21) at clyburn.cunningham@nist.gov should you have any questions about the study. We also encourage you to forward this email to your colleagues.

We hope you can participate in the survey. Thank you!