Check out this month's Defrag as principia/RAID Digital Security brings you the latest excitement in the world of cybersecurity.
*Discover the not so hidden, yet invisible thread woven through this month's Defrag and email us for some super-rare, hard-to-find, vintage principia/RAID swag. While supplies last, of course.
There's glitter on the floor after the party... It's a brand new year and we're back with a brand new Defrag. Ready For it? The year is starting off with a cybersecurity bang! Popular genetics companies are losing their user's keys, and venerable automotive manufacturers are losing some of their code DNA. All that and more in this month's Defrag, so buckle up, and read on intrepid cybersecurity heroes. |
VULNS
Ivanti finally says I'm the problem, It's me.
Two critical zero-day vulnerabilities in Ivanti's VPN appliance under active exploit have been patched. but two newly discovered vulns have been discovered. Vulnerabilities CVE-2023-46805 and CVE-2024-21887, are being used by China state-backed hackers to breach customer networks and steal information. Over 1,700 Ivanti Connect Secure appliances worldwide have already reportedly been exploited, affecting organizations in various industries. Ivanti has finally acknowledged the mass exploitation (after first claiming it only affected less than 10 customers) and released patches. Two new vulnerabilities were identified in the patching process. Institute some appropriate safeguards if you use the affected appliances and services.
Ivanti Connect Secure-ish
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive, requiring federal agencies to safeguard against a critical vulnerability in the Ivanti Connect Secure program. The directive comes amid investigations into whether China exploited the program for spying on federal agencies. CISA has observed increased targeting of federal agencies using Connect Secure, with ongoing investigations into potential breaches. While not explicitly blaming China, CISA's findings align with patterns associated with Chinese actors. China denies involvement.
An Apple a day does not, in fact, keep the malware away.
The amount of Malware targeting Apple devices continues to rise. A new macOS backdoor malware called SpectralBlur has been identified. It shares similarities with the KandyKorn macOS backdoor associated with the North Korean hacking group Lazarus. SpectralBlur, undetected by antivirus software until recently, can upload/download files, delete files, and hibernate on command from a hacker-controlled server. It aims to evade detection by encrypting and decrypting network traffic and can erase and overwrite files. The rise of Mac malware is evident, with 21 new strains targeting macOS discovered in 2023, emphasizing the need for regular updates, antivirus software, and cautious online behavior for Mac users.
Salt in the Airdrop wound.
If you find a bit of salt on your apples to be an affront to the senses, know that Security researchers disagree. (And we here at the Defrag stand by them. It is delicious!) Researchers alerted Apple in 2019 about vulnerabilities in the AirDrop wireless sharing feature, which Chinese authorities reportedly exploited. Concerns are raised about global privacy implications and Apple's relationship with China. Despite warnings and proposed fixes, Apple allegedly did not address the flaws. The Chinese tech firm, Wangshendongjian Technology, claimed to compromise AirDrop for law enforcement purposes. Notably, the Chinese firm was able to reverse-engineer encrypted data since Apple did not salt the data transferred between two Apple devices when they use AirDrop.
Apple knew AirDrop users could be identified and tracked as early as 2019, researchers say (dailynews.com)
INSIGHTS
Four Practical Ways for Businesses to Manage Cyber Risk in 2024
The rise in cyberattacks, accelerated by remote work trends during the pandemic, has led to a surge in data breaches and cyber threats. The recent wave of cyberattacks highlights the growing threat of AI fueled attacks and tactical cooperation among hacker organizations. Businesses should be proactive with managing cyber risks, prioritize risk management strategies, maintain continuous software testing, emphasize incident response, and resilience planning to address the emerging artificial and machine intelligence threat landscape.
New Year, New You: Passwords to Avoid and Change
12345 is still topping the charts as the most common password. If you're in the habit of using passwords similar to any of these, or you re-use the same password across multiple accounts, shake it off and look into using a password manager. There are a number of free to use password managers, Bitwarden as an example, so get working on it.
Thank very much Mr. Roboto, for doing your job.
Generative AI is seen by the NSA as a valuable tool in enhancing cybersecurity efforts to combat cyber threats and attacks. Rob Joyce, the director of cybersecurity at the US NSA agency, emphasized the benefits of generative AI in identifying malicious activity However, he acknowledged that cybercriminals have been increasingly leveraging generative AI to enhance fraud and scams. While generative AI offers advantages in combating attacks and addressing global cybercriminal groups, Joyce cautioned that it is not a "silver bullet" and won't substitute for the competence of cybersecurity practitioners.
BREACHES
23andme Says Look What You Made Me Do
After a data breach affecting 14,000 accounts, 23andMe blamed users in a letter, stating that victims "negligently recycled and failed to update their passwords." The breach involved unauthorized access through credential stuffing, exploiting reused passwords compromised in other breaches. Despite facing over 30 lawsuits, 23andMe contends the incident resulted from users' security practices and not a failure on its part. Critics argue the company should have implemented safeguards, considering the sensitive information it stores, and accuse 23andMe of downplaying the severity of the data breach.
Mercedes-Benz Giving Out Free Keys.
Mercedes-Benz accidentally exposed internal data when a private key was left online, providing "unrestricted access" to the company's source code. While no one said "put the money in the bag, I stole the keys", an employee's GitHub authentication token, found in a public repository, granted full access to Mercedes’s GitHub Enterprise Server. Mercedes revoked the API token and removed the public repository after being notified by TechCrunch.
C M M C
All External Service Providers Are Not Equal
The DOD released a memo outlining what FedRAMP equivalency for Cloud-based external Service providers looks like. There are still significant questions surrounding the requirements, but it is likely that ESPs will need to be successfully assessed at NIST 800-53 moderate level by a certified C3PAO.
Cyber AB Town Hall
As the window for comments draws closer, the Cyber AB held a town hall on January 30th, agenda topics included CMMC Rulemaking, and MSPs and a CMMC: Discussion with Stuart Itkin of the Managed Service Provider Collective.
UPCOMING EVENTS
principia/RAID will be at the Defense IT summit in Arlington on February 9
principia/RAID will be at the CISO Forum Canada on February 12-13
principia/RAID will be at the FutureCon Baltimore Cybersecurity Conference on March 14th
Drop us a line if you'll be at any of these events, we'd love to see you in person.
BRACE YOURSELF FOR GOODBYE
That's the long Cybersecurity story short this month. As a special post-holiday gift to you, intrepid reader, we're offering special, limited-edition, very rare, vintage, hard to find principia/RAID swag if you identify the invisible thread woven throughout this month's Defrag. Shoot us an Email if you've identified the theme hidden in this month's Defrag bottle.
And until next time, be careful out there, you Cybersecurity Heroes!
principia/RAID Digital Security delivers information technology advisory and consulting services with a specific focus on vCISO services, information security and compliance management. We thrive on helping our clients reduce their cybersecurity risk and achieve compliance with their CMMC, NIST 800-171, NIST 800-53, DFARS, and SOC/ISO requirements.
Have questions? We can help you