Broadcom recently issued important patches for VMware, addressing two critical vulnerabilities in its vCenter Server platform, the more severe of them being CVE-2024-38812. Due to the vulnerability, the company cites risk of potential Remote Code Execution (RCE) attacks.
Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure
Summary
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm
since at least 2020. GRU Unit 29155 cyber actors began deploying the destructive WhisperGate malware against multiple Ukrainian victim organizations as early as January 13, 2022. These cyber actors are separate from other known and more established GRU-affiliated cyber groups, such as Unit 26165 and Unit 74455.
To mitigate this malicious cyber activity, organizations should take the following actions today:
Prioritize routine system updates and remediate known exploited vulnerabilities.
Segment networks to prevent the spread of malicious activity.
Enable phishing-resistant multifactor authentication (MFA) for all externally facing account services,
especially for webmail, virtual private networks (VPNs), and accounts that access critical systems.
Read the full article here
SpyAgent Harnesses OCR to Discover Crypto Seed Phrases
Image Source: McAfee |
Security researchers recently discovered an Android mobile malware dubbed SpyAgent. Using optical character recognition (OCR), SpyAgent parses through saved screenshots to search for cryptocurrency seed phrases. These phrases are 12-24 words and are provided as a backup key to restore access to cryptocurrency wallets. Threat actors can use these seed phrases to access stolen cryptocurrency wallets. |
SpyAgent’s campaign begins with a phishing attack by sending malicious links through text or direct messages on social media platforms. Threat actors pose as a reputable business or a trusted person to trick users into clicking malicious links. Once clicked, these links will direct its target to an imitation website, often created to mimic the appearance of a legitimate website. Users will be prompted to install an app that loads the SpyAgent malware onto the victim’s device. If installed, the malicious app will request permission to access sensitive information and the ability to run in the background, which, if granted, will allow the threat actors to compromise the infected device further. |
While the primary goal is to steal cryptocurrency seed phrases, researchers have found that it also targets phone contacts, text messages, photos, and device information. This campaign has mostly been localized to South Korea but has begun a tentative expansion into the United Kingdom. Security researchers have also found signs that an iOS variant is in early development. Cryptocurrency has often been the target of malware campaigns, including one targeting MacOS Bitcoin and Exodus wallet users this past January and an older Android malware campaign utilizing OCR to capture cryptocurrency wallet credentials. |
Recommendations |
Refrain from clicking links found in text messages and direct messages sent from unverified sources. Type official website URLs into browsers manually. Avoid installing apps outside the Google Play store, and be wary of granting invasive and unnecessary permissions to apps. Obtain software from legitimate developers or companies after analyzing customer reviews. Forward SMiShing messages to 7726 (SPAM) and report the messages to mobile carriers. |
GRU Unit Linked to Multiple Cyberattacks on Critical Infrastructure
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and several partner-nation organizations attributed various cyber operations to Unit 29155, also known as EMBER BEAR , a group affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center. These operations include espionage, sabotage, reputational harm, attempted coups, influence operations, and assassination attempts in Europe. Since 2020, the group has expanded its campaigns to include offensive cyber operations. |
Prior to the Russian invasion of Ukraine on February 24, 2022, the Russian group conducted cyberattacks as early as January 13, 2022, using the WhisperGate malware as a preemptive strike to prepare the field for the upcoming military operations. Unit 29155 uses common red teaming techniques and publicly available tools, which can lead to misattribution. They use VPNs to anonymize their activity and typically exploit weaknesses in internet-facing systems. Additionally, they target critical infrastructure and key resource sectors, including government services, financial services, transportation systems, energy, and healthcare sectors of various NATO countries, as well as Europe, North America, Latin America, and Central Asia. Analysts assess that Unit 29155 cyber actors include junior active-duty GRU officers under the direction of experienced leadership. These individuals are enhancing their technical skills by performing cyber operations and intrusions. Furthermore, Unit 29155 cyber actors rely on non-GRU actors, including known cyber-criminals and enablers, to conduct their operations. Their recent focus appears to target and disrupt aid efforts to Ukraine. |
Recommendations |
Users are encouraged to educate themselves and others on state-sponsored cyber threats to prevent victimization. Implement cybersecurity best practices to reduce risk and increase resiliency to cyber threats. Avoid clicking links, responding to, or otherwise acting on unsolicited text messages or emails. Use strong, unique passwords and enable multi-factor authentication (MFA) for all accounts where available, choosing authentication apps or hardware tokens over SMS text-based codes. Keep systems up to date and apply patches after appropriate testing. Utilize monitoring and detection solutions to identify suspicious login attempts and user behavior. Enforce the principle of least privilege, disable unused ports and services, and use web application firewalls (WAFs). Employ a comprehensive data backup plan and ensure operational technology (OT) environments are segmented from information technology (IT) environments. Regularly perform scheduled backups, keeping an updated copy offline in a separate and secure location, and testing it regularly. Cyber incidents can be reported to the FBI’s IC3 and the NJCCIC. |
Comparison of Random Number Generation Standards and Guidelines: SP 800-90 Series and AIS 20/31 | Draft NIST Report
The initial public draft (ipd) of NIST Interagency Report (IR) 8446, Bridging the Gap between Standards on Random Number Generation: Comparison of SP 800-90 Series and AIS 20/31, is now available for public comment.
This report studies the cryptographic random number generation standards and guidelines written by Germany’s Federal Office for Information Security (BSI) and NIST, namely AIS 20/31 and the NIST Special Publication (SP) 800-90 series. It compares these publications, focusing on the similarities and differences in their terminology, assumptions, and requirements. The report also aims to improve communications between all involved parties, promote a shared understanding, and reduce and resolve inconsistencies in related standards.
The public comment period is open through December 20, 2024. See the publication details for a copy of the draft; comments can be submitted to [email protected]. Comments received in response to this request will be posted on the NIST website after the due date.
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution – PATCH NOW
OVERVIEW:
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
THREAT INTELLEGENCE:
There are currently no reports of the vulnerabilities being exploited.
SYSTEMS AFFECTED:
- Versions prior to iOS 18 and iPadOS 18
- Versions prior to macOS Sequoia 15
- Versions prior to tvOS 18
- Versions prior to watchOS 11
- Versions prior to visionOS 2
- Versions prior to iOS 17.7 and iPadOS 17.7
- Versions prior to macOS Sonoma 14.7
- Versions prior to macOS Ventura 13.7
RISK:
Government:
- Large and medium government entities: High
- Small government entities: Medium
Businesses:
- Large and medium business entities: High
- Small business entities: Medium
Home users: Low
TECHNICAL SUMMARY:
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Details of the vulnerabilities are as follows:
Tactic: Execution (TA0002):
Technique: Exploitation for Client Execution (T1203):
- An attacker with physical access may be able to use Siri to access sensitive user data. (CVE-2024-40840)
- An app may be able to enumerate a user’s installed apps. (CVE-2024-40830)
- An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features. (CVE-2024-44171)
- An attacker may be able to see recent photos without authentication in Assistive Access. (CVE-2024-40852)
- A remote attacker may be able to cause a denial-of-service. (CVE-2024-27874)
- Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files. (CVE-2024-27876)
- An app may be able to record the screen without an indicator. (CVE-2024-27869)
- A malicious Bluetooth input device may bypass pairing. (CVE-2024-44124)
- An app may be able to access sensitive user data. (CVE-2024-44131, CVE-2024-40847)
- An app may be able to access user-sensitive data. (CVE-2024-40850, CVE-2024-44170, CVE-2024-44184, CVE-2024-44153, CVE-2024-44177, CVE-2024-44152, CVE-2024-44166, CVE-2024-40859, CVE-2024-40842)
- Processing a maliciously crafted file may lead to unexpected app termination. (CVE-2024-27880, CVE-2024-44154, CVE-2023-4504, CVE-2024-41957)
- Processing an image may lead to a denial-of-service. (CVE-2024-44176)
- An app may be able to cause unexpected system termination. (CVE-2024-44169)
- Network traffic may leak outside a VPN tunnel. (CVE-2024-44165)
- An app may gain unauthorized access to Bluetooth. (CVE-2024-44191)
- Processing maliciously crafted web content may lead to an unexpected process crash. (CVE-2024-44198)
- An app may be able to access information about a user’s contacts. (CVE-2024-40791)
- An app may be able to cause a denial-of-service. (CVE-2024-44183, CVE-2024-23237)
- Processing a maliciously crafted image may lead to a denial-of-service. (CVE-2023-5841)
- An app may gain unauthorized access to Local Network. (CVE-2024-44147)
- An app may be able to overwrite arbitrary files. (CVE-2024-44167)
- An unencrypted document may be written to a temporary file when using print preview. (CVE-2024-40826)
- Private Browsing tabs may be accessed without authentication. (CVE-2024-44202, CVE-2024-44127)
- An app may be able to leak sensitive user information. (CVE-2024-40863, CVE-2024-44129)
- An attacker with physical access may be able to access contacts from the lock screen. (CVE-2024-44139, CVE-2024-44180)
- An attacker may be able to cause unexpected app termination. (CVE-2024-27879)
- Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2024-40857)
- A malicious website may exfiltrate data cross-origin. (CVE-2024-44187)
- An attacker may be able to force a device to disconnect from a secure network. (CVE-2024-40856)
- An app may be able to access protected user data. (CVE-2024-44188, CVE-2024-40837, CVE-2024-27858, CVE-2024-44186, CVE-2024-44149, CVE-2024-40801)
- A malicious app with root privileges may be able to modify the contents of system files. (CVE-2024-40825)
- An app with root privileges may be able to access private information. (CVE-2024-44130)
- An app may be able to access sensitive data logged when a shortcut fails to launch another app. (CVE-2024-44182)
- Processing a maliciously crafted video file may lead to unexpected app termination. (CVE-2024-40845, CVE-2024-40846, CVE-2024-40841)
- An app may be able to bypass Privacy preferences. (CVE-2024-44164, CVE-2024-40814)
- An attacker may be able to read sensitive information. (CVE-2024-40848)
- An app may be able to modify protected parts of the file system. (CVE-2024-44168, CVE-2024-44151, CVE-2024-44178, CVE-2024-40860, CVE-2024-40843)
- An application may be able to read restricted memory. (CVE-2024-27860, CVE-2024-27861)
- A camera extension may be able to access the internet. (CVE-2024-27795)
- An app may be able to access protected files within an App Sandbox container. (CVE-2024-44135)
- An app may be able to break out of its sandbox. (CVE-2024-44132, CVE-2024-44146, CVE-2024-44148)
- An Automator Quick Action workflow may be able to bypass Gatekeeper. (CVE-2024-44128)
- Privacy Indicators for microphone or camera access may be attributed incorrectly. (CVE-2024-27875)
- An app may be able to access a user’s Photos Library. (CVE-2024-40831)
- An app may be able to gain root privileges. (CVE-2024-40861)
- Processing a maliciously crafted texture may lead to unexpected app termination. (CVE-2024-44160, CVE-2024-44161)
- An app may be able to read sensitive location information. (CVE-2024-44181, CVE-2024-44134)
- A malicious app may be able to access notifications from the user’s device. (CVE-2024-40838)
- Multiple issues in OpenSSH. (CVE-2024-39894)
- Visiting a malicious website may lead to user interface spoofing. (CVE-2024-40797)
- A malicious application may be able to leak sensitive user information. (CVE-2024-44125)
- A malicious application may be able to access private information. (CVE-2024-44163)
- A shortcut may output sensitive user data without consent. (CVE-2024-44158)
- An app may be able to observe data displayed to the user by Shortcuts. (CVE-2024-40844)
- An app may be able to read arbitrary files. (CVE-2024-44190)
- On MDM managed devices, an app may be able to bypass certain Privacy preferences. (CVE-2024-44133)
- Visiting a malicious website may lead to address bar spoofing. (CVE-2024-40866)
- A non-privileged user may be able to modify restricted network settings. (CVE-2024-40770)
- A logic issue existed where a process may be able to capture screen contents without user consent. (CVE-2024-44189)
- An app may be able to read sensitive data from the GPU memory. (CVE-2024-40790)
- A malicious application may gain access to a user’s Keychain items. (CVE-2024-44162)
- An attacker may be able to determine the Apple ID of the owner of the computer. (CVE-2024-40862)
- An unprivileged app may be able to log keystrokes in other apps including those using secure input mode. (CVE-2024-27886)
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
RECOMMENDATIONS:
We recommend the following actions be taken:
- Apply the stable channel update provided by Apple to vulnerable systems immediately after appropriate testing. (M1051: Update Software)
- Safeguard 7.1 : Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 7.2 : Establish and Maintain a Remediation Process: Establish and maintain a risk-based remediation strategy documented in a remediation process, with monthly, or more frequent, reviews.
- Safeguard 7.6 : Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets: Perform automated vulnerability scans of externally-exposed enterprise assets using a SCAP-compliant vulnerability scanning tool. Perform scans on a monthly, or more frequent, basis.
- Safeguard 7.7 : Remediate Detected Vulnerabilities: Remediate detected vulnerabilities in software through processes and tooling on a monthly, or more frequent, basis, based on the remediation process.
- Safeguard 16.13 Conduct Application Penetration Testing: Conduct application penetration testing. For critical applications, authenticated penetration testing is better suited to finding business logic vulnerabilities than code scanning and automated security testing. Penetration testing relies on the skill of the tester to manually manipulate an application as an authenticated and unauthenticated user.
- Safeguard 18.1 : Establish and Maintain a Penetration Testing Program: Establish and maintain a penetration testing program appropriate to the size, complexity, and maturity of the enterprise. Penetration testing program characteristics include scope, such as network, web application, Application Programming Interface (API), hosted services, and physical premise controls; frequency; limitations, such as acceptable hours, and excluded attack types; point of contact information; remediation, such as how findings will be routed internally; and retrospective requirements.
- Safeguard 18.2 : Perform Periodic External Penetration Tests: Perform periodic external penetration tests based on program requirements, no less than annually. External penetration testing must include enterprise and environmental reconnaissance to detect exploitable information. Penetration testing requires specialized skills and experience and must be conducted through a qualified party. The testing may be clear box or opaque box.
- Safeguard 18.3 : Remediate Penetration Test Findings: Remediate penetration test findings based on the enterprise’s policy for remediation scope and prioritization.
- Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. (M1026: Privileged Account Management)
- Safeguard 4.7: Manage Default Accounts on Enterprise Assets and Software: Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.
- Safeguard 5.4: Restrict Administrator Privileges to Dedicated Administrator Accounts: Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user’s primary, non-privileged account.
- Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc. (M1021: Restrict Web-Based Content)
- Safeguard 2.3: Address Unauthorized Software: Ensure that unauthorized software is either removed from use on enterprise assets or receives a documented exception. Review monthly, or more frequently.
- Safeguard 2.7: Allowlist Authorized Scripts: Use technical controls, such as digital signatures and version control, to ensure that only authorized scripts, such as specific .ps1, .py, etc., files, are allowed to execute. Block unauthorized scripts from executing. Reassessbi-annually, or more frequently.
- Safeguard 9.3: Maintain and Enforce Network-Based URL Filters: Enforce and update network-based URL filters to limit an enterprise asset from connecting to potentially malicious or unapproved websites. Example implementations include category-based filtering, reputation-based filtering, or through the use of block lists. Enforce filters for all enterprise assets.
- Safeguard 9.6: Block Unnecessary File Types: Block unnecessary file types attempting to enter the enterprise’s email gateway.
- Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. (M1050: Exploit Protection)
- Safeguard 10.5: Enable Anti-Exploitation Features: Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and Gatekeeper™.
- Safeguard 10.5: Enable Anti-Exploitation Features: Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and Gatekeeper™.
- Block execution of code on a system through application control, and/or script blocking. (M1038:Execution Prevention)
- Safeguard 2.5 : Allowlist Authorized Software: Use technical controls, such as application allowlisting, to ensure that only authorized software can execute or be accessed. Reassess bi-annually, or more frequently.
- Safeguard 2.6 : Allowlist Authorized Libraries: Use technical controls to ensure that only authorized software libraries, such as specific .dll, .ocx, .so, etc., files, are allowed to load into a system process. Block unauthorized libraries from loading into a system process. Reassess bi-annually, or more frequently.
- Safeguard 2.7 : Allowlist Authorized Scripts: Use technical controls, such as digital signatures and version control, to ensure that only authorized scripts, such as specific .ps1, .py, etc., files, are allowed to execute. Block unauthorized scripts from executing. Reassess bi-annually, or more frequently.
- Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior. (M1040: Behavior Prevention on Endpoint)
- Safeguard 13.2 : Deploy a Host-Based Intrusion Detection Solution: Deploy a host-based intrusion detection solution on enterprise assets, where appropriate and/or supported.
- Safeguard 13.7 : Deploy a Host-Based Intrusion Prevention Solution: Deploy a host-based intrusion prevention solution on enterprise assets, where appropriate and/or supported. Example implementations include use of an Endpoint Detection and Response (EDR) client or host-based IPS agent.
REFERENCES:
Apple:
https://support.apple.com/en-us/100100
https://support.apple.com/en-us/121250
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121248
https://support.apple.com/en-us/121240
https://support.apple.com/en-us/121249
https://support.apple.com/en-us/121241
https://support.apple.com/en-us/121239
https://support.apple.com/en-us/121246
https://support.apple.com/en-us/121247
https://support.apple.com/en-us/121234
CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4504
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5841
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23237
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27869
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27875
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27876
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27886
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39894
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40770
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40791
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40801
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40814
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40831
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40841
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40842
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40846
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40848
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40859
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40866
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44128
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44149
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44154
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44202
WPEC 2024: NIST Workshop on Privacy-Enhancing Cryptography 2024
- Date & time: September 24th–26th (2024), 9:20 a.m. – 3:40 p.m. (EDT)
- Featured topics: Private-Set Intersection (PSI); Fully-Homomorphic Encryption (FHE); Secure Multiparty Computation (MPC); Zero-Knowledge Proofs (ZKP)
- Six sessions across three days:
- 1st day (Tue, Sep 24th): PSI (morning [1a]) and More PSI (afternoon [1b])
- 2nd day (Wed, Sep 25th): PEC in Gov (morning [2a]) and FHE (afternoon [2b])
- 3rd day (Thu, Sep 26th): MPC (morning [3a]) and ZKP (afternoon [3b])
- Free registration (virtual event): ZoomGov Event
- Details and updates: WPEC 2024 webpage
- Tweet:https://twitter.com/NISTcyber/status/1802806825747882138
- Host team: NIST Privacy-Enhancing Cryptography (PEC)
- PEC-Forum: For future related announcements, join the “PEC-forum” mailing list
WPEC 2024, the NIST Workshop on Privacy-Enhancing Cryptography 2024, will bring together multiple perspectives of PEC stakeholders. The three-day virtual workshop is organized for sharing insights about PEC capabilities, use cases, real-world deployment, initiatives, challenges and opportunities, and the related context of privacy and auditability. The program will cover:
- Private Set Intersection (PSI): for a deep dive into this technique, exploring its technicalities, readiness, feasibility, applicability, variants, and broader context.
- Other PEC techniques: for a broader perspective of PEC, including FHE, MPC, and ZKP.
ISC2 Announces 2024 Global Achievement Awards Recipients
Annual program celebrates honorees’ achievements and their outstanding contributions to the cybersecurity field
Alexandria, Va., September 17, 2024 – ISC2 – the world’s leading nonprofit member organization for cybersecurity professionals – today announced recipients of its 2024 ISC2 Global Achievement Awards, honoring individuals who have made significant contributions to the cybersecurity field, furthering ISC2’s vision of a safe and secure cyber world.
“These cybersecurity professionals are at the forefront of mitigating threats and protecting critical information systems to keep our societies safe and secure around the world,” said ISC2 EVP, Advocacy, Global Markets and Member Engagement, Tara Wisniewski. “The ISC2 Global Achievement Awards provide an opportunity to celebrate and recognize the remarkable contributions of both individuals and ISC2 Chapters as they shape the future of the cybersecurity profession.”
The awards fall into several categories, including Special Recognition, Professional and Chapter and the Center for Cyber Safety and Education.
SPECIAL RECOGNITION AWARDS
The Special Recognition Awards recognize outstanding contributions and achievements in cybersecurity throughout a career.
The ISC2 CEO Award recognizes individuals who have made a significant impact on the cybersecurity community through their dedicated and exceptional efforts. They are the trailblazers and true change-makers whose intentions and actions have shaped enduring effects within the industry, leaving a legacy that extends for years to come.
- Dr. Bushra AlBlooshi, Director of Governance and Risk Management, Dubai Electronic Security Center
- David Koh, Chief Executive, Cyber Security Agency of Singapore
The ISC2 Lifetime Achievement Award is the highest tribute in cybersecurity. In memory of Harold F. Tipton, CISSP, the award recognizes members for their lifelong contributions to the advancement of information security and the profession by serving, over the long term, with sustained excellence and distinction throughout their entire cybersecurity career.
- Americas: Teresa Fryer, CISSP, HCISSP, Chief, Security and Data Integration Staff, Administrative Office of U.S. Courts
- Asia-Pacific: Leonard Ong, CISSP, CCSP, CSSLP, ISSAP, ISSMP, Director, Cyber Defence Group, Synapxe
- Europe, Middle East and Africa: H.E. Dr. Mohamed Al Kuwaiti, The Head of UAE Cybersecurity Council, The UAE Cybersecurity Council
The ISC2 Volunteer Service Award recognizes volunteers who have provided sustained and valuable service to ISC2. Named in memory of James R. Wade, an esteemed, long-time contributor to ISC2, this award is ISC2’s privilege to honor his legacy.
- Jay Ferron, CISSP, Principal at Interactive Security Training
PROFESSIONAL AWARDS
The Professional Awards recognize the achievements and contributions of cybersecurity professionals during different stages of their careers.
The ISC2 Senior Professional Award recognizes an individual regionally who has significantly contributed to the enhancement of the cybersecurity workforce by demonstrating a leadership role in their profession.
- Americas: Sametria McKinney, CISSP, Director, National Computer Incident Response Team
- Asia-Pacific: Ameen Sharif, CISSP, CEO, ITnIS Consulting
- Europe, Middle East and Africa: Niel Harper, CISSP, Chief Information Security Officer & Data Protection Officer, Doodle
The ISC2 Mid-Career Award recognizes an individual regionally who is at the mid-career stage and has demonstrated commitment and achievement in their profession.
- Americas: Aaron Bond, CISSP, CCSP, Cybersecurity Senior Manager, Defensive Security, The Home Depot
- Asia-Pacific: Jadet Khuhakongkit, CISSP, CC, Assistant Secretary General, National Cyber Security Agency of Thailand
- Europe, Middle East and Africa: Maxwell Ash, CISSP, Cyber Security Consultant, Inceptiv Ltd
The ISC2 Rising Star Professional Award recognizes the accomplishments and contributions of an up-and-coming professional regionally who has made a significant impact in the cybersecurity industry early in their career.
- Americas: Daniel Baloch, CC, Associate of ISC2, Threat Analyst, New York City Office of Technology & Innovation
- Asia-Pacific: Tien-Hao Chan, CISSP, CC, Principal Security Engineer, XREX.
- Europe, Middle East and Africa: Nadine Hickey, SSCP, Senior Cyber Engagement Technical Analyst, Bank of Ireland
ISC2 PROGRAM AWARDS
The ISC2 Program Awards recognize individuals and organizations for their outstanding contributions and community impact within the cybersecurity community.
The Center for Cyber Safety and Education, the charitable arm of ISC2, is committed to making the cyber world a safe place for everyone. The Center’s mission is to grow the cybersecurity profession and its positive impact on the world by raising awareness, building a diverse pipeline of cybersecurity professionals and activating a more secure digital world.
The Outstanding Volunteer Award recognizes an individual who has significantly contributed to the betterment of society and the cybersecurity community through the support of the Center. With a passion for the cybersecurity community and a desire to give back, this recipient is considered a go-to volunteer helping to make society safer while supporting various initiatives within the Center.
- Ameen Sharif, CISSP, CEO, ITnIS Consulting
The Outstanding Partner Award recognizes a company or organization for their support of the Center and its mission to grow the cybersecurity profession and its positive impact on the world by raising awareness, building a diverse pipeline of cybersecurity professionals, and activating a more secure digital world. This must be a group or company effort of support – not that of a lone employee or member.
- ISC2 New Jersey Chapter
ISC2 Chapter Recognition Awards are presented to official chapters of ISC2 within a specific region that best promotes the vision of ISC2 by inspiring a safe and secure cyber world. The chapter must demonstrate a well-rounded offering of activities and services designed to benefit its members and affiliates while significantly contributing to the profession and local community through the ISC2 Chapter Program of Connect, Educate, Inspire and Secure.
This year’s regional chapter award recipients are:
- Asia-Pacific: Colombo, Sri Lanka Chapter
- Europe, Middle East and Africa: Hellenic Chapter
- Latin America: Guatemala Chapter
- North America: New Jersey Chapter
The ISC2 Inclusion Impact Award (formerly Diversity Award) recognizes individuals who have made significant contributions to driving a more diverse workforce in the global cybersecurity community by initiating and leading actions to remove barriers and positively impact the cyber profession’s diversity, equity and inclusion. ISC2 recognizes three regional and one global award recipient demonstrating a significant commitment and passion for increasing diversity, equity and inclusion across the global cybersecurity ecosystem.
- Americas: Francisca Boateng, Candidate of ISC2, Director of Operations, Slamm Technologies
- Asia-Pacific: Ricson Singson Que, CC, CEO, SQrity Consulting
- Europe, Middle East and Africa: Zoé Cuisin, Head of Cybersecurity Governance, Risk & Compliance, Bouygues Construction
For more information on the Global Achievement Awards program, including descriptions of each award category and eligibility details, please visit: https://www.isc2.org/About/Award-Programs.
About ISC2
ISC2 is the world’s leading member organization for cybersecurity professionals, driven by our vision of a safe and secure cyber world. Our nearly 675,000 members, candidates and associates around the globe are a force for good, safeguarding the way we live. Our award-winning certifications – including cybersecurity’s premier certification, the CISSP® – enable professionals to demonstrate their knowledge, skills and abilities at every stage of their careers. ISC2 strengthens the influence, diversity and vitality of the cybersecurity profession through advocacy, expertise and workforce empowerment that accelerates cyber safety and security in an interconnected world. Our charitable foundation, The Center for Cyber Safety and Education, helps create more access to cyber careers and educate those most vulnerable. Learn more and get involved at ISC2.org. Connect with us on X, Facebook and LinkedIn.
NYMJCSC – 2024 NY Metro Joint Cyber Security Conference
Building a Cybersecurity and Privacy Learning Program: NIST Publishes SP 800-50r1
NIST Special Publication (SP) 800-50r1 (Revision 1), Building a Cybersecurity and Privacy Learning Program, provides updated guidance for developing and managing a robust cybersecurity and privacy learning program in the Federal Government. This revision was informed by National Defense Authorization Act (NDAA) for FY2021, the Cybersecurity Enhancement Act of 2014, and the NICE Workforce Framework for Cybersecurity (NICE Framework). In addition, the 2016 update to Office of Management and Budget (OMB) Circular A-130 emphasizes the role of both privacy and security in the federal information life cycle and requires agencies to have both security and privacy awareness and training programs.
This revision to SP 800-50:
- Integrates privacy with cybersecurity in the development of organization-wide learning programs
- Introduces a life cycle model that allows for ongoing, iterative improvements and changes to accommodate cybersecurity, privacy, and organization-specific events
- Introduces a learning program concept that incorporates language found in other NIST documents
- Leverages current NIST guidance and terminology in reference documents, such as the NICE Workforce Framework for Cybersecurity, the NIST Cybersecurity Framework, the NIST Privacy Framework, and the NIST Risk Management Framework
- Proposes an employee-focused cybersecurity and privacy culture for organizations
- Integrates learning programs with organizational goals to manage cybersecurity and privacy risks
- Addresses the challenge of measuring the impacts of cybersecurity and privacy learning programs
- Incorporates guidance for using standard instructional design elements, maturity models, and assessment approaches
With the publication of SP 800-50r1, NIST has ceased developing a companion guide—SP 800-16r1 third public draft, A Role-Based Model for Federal Information Technology/Cybersecurity Training—and has withdrawn SP 800-16, Information Technology Security Training Requirements: a Role- and Performance-Based Model (1998).