YOU’RE INVITED TO THE CHANNELPRO SMB FORUM: DALLAS on June 6 – 7th! This event will send you home with actionable strategies for making more money and spending less, straight from some of the channel’s leading MSPs and resellers. You can’t afford to miss it! Find out more and register here.
The cybersecurity authorities of the United Kingdom (NCSC�UK), Australia (ACSC), Canada (CCCS), New Zealand
(NCSC-NZ), and the United States (CISA), (NSA), (FBI) are
aware of recent reports that observe an increase in
malicious cyber activity targeting managed service providers
(MSPs) and expect this trend to continue.[1] This joint
Cybersecurity Advisory (CSA) provides actions MSPs and
their customers can take to reduce their risk of falling victim
to a cyber intrusion.
This advisory describes cybersecurity best practices for
information and communications technology (ICT) services
and functions, focusing on guidance that enables
transparent discussions between MSPs and their customers
on securing sensitive data.
Organizations should implement
these guidelines as appropriate to their unique
environments, in accordance with their specific security
needs, and in compliance with applicable regulations. MSP
customers should verify that the contractual arrangements with their provider include cybersecurity
measures in line with their particular security requirements.
The guidance provided in this advisory is specifically tailored for both MSPs and their customers and
is the result of a collaborative effort from the United Kingdom National Cyber Security Centre (NCSUK), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS),
the New Zealand National Cyber Security Centre (NCSC-NZ), the United States’ Cybersecurity and
Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of
Investigation (FBI) with contributions from industry members of the Joint Cyber Defense Collaborative (JCDC). Organizations should read this advisory in conjunction with NCSC-UK guidance on actions to
take when the cyber threat is heightened, CCCS guidance on Cyber Security Considerations for
Consumers of Managed Services, and CISA guidance provided on the Shields Up and Shields Up
Technical Guidance webpages.
To read the full details go HERE
Mozilla has released security updates to address vulnerabilities in Firefox
and Firefox ESR. An attacker could exploit some of these vulnerabilities to
take control of an affected system.
CISA encourages users and administrators to review the Mozilla Security
Advisory for Firefox
100 and Firefox ESR 91.9
and apply the necessary updates.
The NIST National Cybersecurity Center of Excellence (NCCoE) has
published NIST Internal Report (NISTIR) 8419, Blockchain and Related Technologies to Support
Manufacturing Supply Chain Traceability: Needs and Industry Perspectives.
Supply chains are increasingly complex, making the origins of
products difficult to discern. Efforts are emerging to increase traceability of
goods by exchanging traceability data records using blockchain and related
technologies among relevant supply chain participants.
NISTIR 8419 explores the issues that surround traceability,
the role that blockchain and related technologies may be able to play to
improve traceability, and several industry case studies of efforts in use
today.
The publication covers:
If you have questions, or would like to join the NCCoE Blockchain
Project Community of Interest, email: [email protected].
Each of the reports below, NISTIR 8320A, NISTIR 8320B, and NISTIR
8320C, are intended to be used as a blueprint or template that the general
security community can use as example proof of concept implementations.
CISA, the National Security Agency (NSA), the Federal Bureau of
Investigation (FBI), the Australian Cyber Security Centre (ACSC), the Canadian
Centre for Cyber Security (CCCS), the New Zealand National Cyber Security
Centre (NZ NCSC), and the United Kingdom’s National Cyber Security Centre
(NCSC-UK) have released a joint Cybersecurity
Advisory that provides details on the top 15 Common Vulnerabilities
and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as
well as other CVEs frequently exploited.
CISA encourages users and administrators to review joint Cybersecurity
Advisory: 2021 Top Routinely Exploited Vulnerabilities and apply the
recommended mitigations to reduce the risk of compromise by malicious cyber
actors.
Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could allow an attacker to elevate privileges to root on many Linux desktop endpoints. The vulnerabilities can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution. Moreover, the Nimbuspwn vulnerabilities could potentially be leveraged as a vector for root access by more sophisticated threats, such as malware or ransomware, to achieve greater impact on vulnerable devices.
We discovered the vulnerabilities by listening to messages on the System Bus while performing code reviews and dynamic analysis on services that run as root, noticing an odd pattern in a systemd unit called networkd-dispatcher. Reviewing the code flow for networkd-dispatcher revealed multiple security concerns, including directory traversal, symlink race, and time-of-check-time-of-use race condition issues, which could be leveraged to elevate privileges and deploy malware or carry out other malicious activities. We shared these vulnerabilities with the relevant maintainers through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR). Fixes for these vulnerabilities, now identified as CVE-2022-29799 and CVE-2022-29800, have been successfully deployed by the maintainer of the networkd-dispatcher, Clayton Craft. We wish to thank Clayton for his professionalism and collaboration in resolving those issues. Users of networkd-dispatcher are encouraged to update their instances.
To read the full details go here
The National Cybersecurity Center of Excellence (NCCoE) has
released a new preliminary draft publication, Special Publication (SP) 1800-33
Volume B, 5G Cybersecurity: Approach, Architecture, and Security Characteristics.
Commercial mobile network operators, potential private 5G network operators,
and organizations using and managing 5G-enabled technology will find SP 1800-33
Volume B of particular interest.
About This Guide
As 5G rolls out more widely, we must safeguard the technology from
cyberattacks as 5G development, deployment, and usage continuously evolves. The
NCCoE is addressing these challenges by collaborating with industry to design
and implement examples of practical solutions that operators and users of 5G
networks can use to mitigate 5G cybersecurity risks.
Our solutions build upon the work of the NCCoE’s Trusted Cloud project, where hardware-enabled
security serves as the foundation of cloud security. We are also using a
combination of 5G standards-based security features and a secure cloud-based
hosting infrastructure. The result will be a commercial-grade security
reference architecture for 5G networks that bridges the gap between IT and
telecommunications cybersecurity capabilities.
Other features of this volume include—
We Want to Hear from You!
The NCCoE is making each SP 1800-33 volume available as a
preliminary draft for public comment while work continues on the project.
Review the preliminary draft and submit comments online on or before June 27, 2022. You
can also email your comments to [email protected].
We welcome your input and look forward to your comments. We invite
you to join the 5G
Community of Interest to receive news and updates about this
project.
The National Initiative for Cybersecurity Education (NICE) is continuing to refine and clarify the Workforce Framework for Cybersecurity (NICE Framework) as a fundamental reference resource that is agile, flexible, modular, and interoperable. As such, a review of the NICE Framework data – Competency Areas, Work Roles, and Task, Knowledge, and Skill (TKS) statements – is in progress and we are pleased to announce that the initial review of Knowledge and Skill statements is ready for your feedback!
Updated Knowledge and Skill statements are here!
Draft updated Knowledge statements and Skill statements are available for public review and comment. Adjustments address:
As a result of these adjustments, the TKS building blocks are more measurable, meaningful, and useful. Please note that this process will be an iterative one, and the NICE Program Office will conduct a full review of the updated Knowledge and Skill statements and the refactored Ability statements (previously released for comment) as a whole following comment adjudication.
We want to hear from you!
Comments on the updated Knowledge and Skill statements should be submitted by email to [email protected] by 11:59pm ET on June 3, 2022.
This FLASH is part of a
series of FBI reports to disseminate known indicators of compromise (IOCs)
and tactics, techniques and procedures (TTPs) associated with ransomware
variants identified through FBI investigations. As of March 2022, BlackCat/ALPHV
ransomware as a service (RaaS) had compromised at least 60 entities
worldwide and is the first ransomware group to do so successfully using
RUST, considered to be a more secure programming language that offers
improved performance and reliable concurrent processing.
BlackCat-affiliated threat actors typically request ransom payments of
several million dollars in Bitcoin and Monero but have accepted ransom
payments below the initial ransom demand amount. Many of the developers
and money launderers for BlackCat/ALPHV are linked
to Darkside/Blackmatter, indicating they have extensive networks and
experience with ransomware operations.
Details
to read the full details go here