Friday, September 18, 2020

What I'm Reading 9/118/2020 - China, you lovable scamps

 SC magazine - FBI opens China-related counterintelligence case every 10 hours -

FBI Director Christopher Wray today offered the House Homeland Security Committee some sobering news about China – the FBI opens a new China-related counterintelligence case roughly every 10 hours.

Wray said of the nearly 5,000 active FBI counterintelligence cases underway across the U.S., almost half are related to China. He said China aims to compromise American health care organizations, pharmaceutical companies and academic institutions conducing important COVID-19 research.

“They are going after cost and pricing information, internal strategy documents, personally identifiable information – anything that can give them a competitive advantage,” Wray told House members this morning.

Krebs on Security - Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack -

The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm.

The Register - Video encoders using Huawei chips have backdoors and bad bugs – and Chinese giant says it's not to blame

Huawei insists the vulnerabilities were not introduced by its HiSilicon chips nor the SDK code it provides to manufacturers that use its components. That would mean someone else provided the makers of these video encoder devices application software riddled with holes, and this code was shipped with the equipment. The products just all happen to use the the hi3520d chipset.

In a statement emailed to The Register and posted online, a Huawei spokesperson said, "Following the media reports about the suspected security issues (CVE-2020-24214, CVE-2020-24215, CVE-2020-24216, CVE-2020-24217, CVE-2020-24218, and CVE-2020-24219) in HiSilicon video surveillance chips on September 16, 2020, Huawei has launched an immediate investigation. After technical analysis, it was confirmed that none of the vulnerabilities were introduced by HiSilicon chips and SDK packages. Huawei is in favor of coordinated vulnerability disclosure by all organizations and individuals in the security research ecosystem to reduce the impact on stakeholders."

 The Register - Feeling bad about your last security audit? Check out what just happened to the US Department of Interior -

"These attacks — which went undetected by security guards and IT security staff as we explored department facilities — were highly successful," the penetration-test report noted. "In fact, we intercepted and decrypted wireless network traffic in multiple bureaus."

It went on: "Even worse, with regard to two bureaus, our penetration test went far beyond the wireless network at issue and gained access to their internal networks. In addition, we successfully obtained the credentials of a bureau IT employee and were able to use that person’s credentials to log into the bureau’s help desk ticketing system and view the list of tickets assigned to the employee."

Thursday, September 17, 2020

What I Am Reading 9/17/2020 - Cryptography is Hard

 BBC - Revenge porn 'new normal' after cases surge in lockdown -

There has been a surge in reports of revenge porn this year, with campaigners saying the problem has been exacerbated by lockdown.

Around 2,050 reports have been made to a government-funded helpline, a 22% rise from last year.

As cases have remained high despite coronavirus restrictions easing, those that run the service fear this is "the new normal."

Al-Jazeera - As Europe's China scepticism grows, a glimmer of hope for Taiwan -

The pandemic brought to light the differences in Taiwan and China's political systems: Critics accuse China of suppressing news of the disease when it was first detected in the city of Wuhan, thereby allowing the virus to spread across borders, but Taiwan won plaudits for mobilising quickly, closing its borders and setting in place a stringent quarantine and testing system – moves that have kept the island's COVID-19 cases below 500 and fatalities at just seven.

"The COVID crisis has really put Taiwan in a very positive light. There have never been that many discussions on Taiwan in the European media," Duchatel said. "It's amazing how people talk about Taiwan, not for Cross-Strait relations and security; they talk about Taiwan as a successful model of effective democratic governance to manage such a huge public health crisis. The contrast is this creates space for Taiwan."

Sophos - Zerologon – hacking Windows servers with a bunch of zeros -

Nevertheless, Zerologon is a fascinating story that reminds us all of two very important lessons, namely that:

  1. Cryptography is hard to get right.
  2. Cryptographic blunders can take years to spot.

The gory details of the bug weren’t disclosed by Microsoft back in August 2020, but researchers at Dutch cybersecurity company Secura dug into the affected Windows component, Netlogon, and figured out a bunch of serious cryptographic holes in the unpatched version, and how to exploit them.


Wednesday, September 16, 2020

What I Am Reading 9/16/2020 - Crime Ops!

 NYTimes - W.T.O. Says American Tariffs on China Broke Global Trade Rules -

A World Trade Organization panel said Tuesday that the United States violated international trade rules by imposing tariffs on China in 2018 in the midst of President Trump’s trade war.

...

In a statement, Robert E. Lighthizer, the United States Trade Representative, blasted the World Trade Organization for trying to prevent the United States from helping its own workers.

“This panel report confirms what the Trump Administration has been saying for four years: The W.T.O. is completely inadequate to stop China’s harmful technology practices,” Mr. Lighthizer said. “Although the panel did not dispute the extensive evidence submitted by the United States of intellectual property theft by China, its decision shows that the W.T.O. provides no remedy for such misconduct.”

ZDNet -  MITRE releases emulation plan for FIN6 hacking group, more to follow -

MITRE and cyber-security industry partners have launched a new project that promises to offer free emulation plans that mimic today's biggest hacking groups in order to help train security teams to defend their networks.

Named the Adversary Emulation Library, the project is the work of the MITRE Engenuity's Center for Threat-Informed Defense.

The project, hosted on GitHub, aims to provide free-to-download emulation plans.

 Dark Reading - CISA Issues Alert for Microsoft Netlogon Vulnerability -

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory warning there is publicly available exploit code for CVE-2020-1472, a critical elevation of privilege vulnerability in Microsoft's Netlogon.

"Zerologon," as Secura researchers dubbed the bug, has a CVSS score of 10.0. It exists when an attacker creates a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). Microsoft patched the vulnerability as part of its August Patch Tuesday rollout; it's being addressed in a two-part rollout, the company reports.

 Dark Reading - Encrypted Traffic Inference: An Alternative to Enterprise Network Traffic Decryption -

(E)ncrypted traffic inference (ETI) is perhaps the most fascinating of all emerging alternative approaches. ETI solutions analyze aspects of encrypted traffic flows to discern whether they are likely to be malicious, without using decryption.

Based on concepts first published by Cisco Systems researchers in 2016, ETI works by capturing encrypted network flow data attributes -- including DNS metadata, TLS handshake metadata, and HTTP packet headers – and analyzing them for specific, intricate patterns that indicate malicious activity.

A number of vendors – including Cisco, Juniper, NTA vendor Corelight, NDR provider IronNet, and specialist vendor Barac – all offer some degree of ETI capability today.

 Cyberscoop - Chinese hacking groups are bullying telecoms as 2020 goes on, CrowdStrike says -

Six suspected Chinese hacking groups have zeroed-in on entities in the telecommunications sector in the first half of this year, according to CrowdStrike research published Tuesday.

While CrowdStrike did not identify the groups by name, attackers have likely been running their hacking operations in an effort to steal sensitive data about targets, or to conduct intellectual property theft, researchers at the threat intelligence firm determined. CrowdStrike also did not identify the targets.

Okta - CrimeOps: The Operational Art of Cyber Crime -

The secret of FIN7’s success is their operational art of cyber crime. They managed their resources and operations effectively, allowing them to successfully attack and exploit hundreds of victim organizations. FIN7 was not the most elite hacker group, but they developed a number of fascinating innovations. Looking at the process triangle (people, process, technology), their technology wasn’t sophisticated, but their people management and business processes were. 

Their business… is crime! And every business needs business goals, so I wrote a mock FIN7 mission statement:

Our mission is to proactively leverage existing long-term, high-impact growth strategies so that we may deliver the kind of results on the bottom line that our investors expect and deserve.

How does FIN7 actualize this vision? This is CrimeOps:

  • Repeatable business process 
  • CrimeBosses manage workers, projects, data and money.
  • CrimeBosses don’t manage technical innovation. They use incremental improvement to TTP to remain effective, but no more 
  • Frontline workers don’t need to innovate (because the process is repeatable)

 BBC - Boeing's 'culture of concealment' to blame for 737 crashes

The US report is highly critical of both Boeing and the regulator, the Federal Aviation Authority (FAA).

"Boeing failed in its design and development of the Max, and the FAA failed in its oversight of Boeing and its certification of the aircraft," the 18-month investigation concluded.

Threatpost - Report Looks at COVID-19’s Massive Impact on Cybersecurity -

Cynet found that cybercriminals are not just “sort of” leveraging the COVID-19 pandemic, they’re going all in.  Cybercriminals are pulling out their entire arsenal of new attack methods to best ensure attack success. This is like a sports team using all the new plays they’ve developed in one game rather than spreading them out across the season.

The report states that the percentage of attacks using new techniques has historically been around 20%.  That is, 80% of attacks have used well-known techniques that are easily identified assuming companies have updated preventative measures in place.

Since the start of the COVID-19 pandemic, Cynet found that new attacks jumped to roughly 35% of all attacks.  New attack techniques cannot be sufficiently detected by antivirus software alone and can only be effectively discovered using newer behavioral detection mechanisms.  That is, the new detection approaches must be used to detect the new attack techniques being deployed.

 Help Net Security - How security theater misses critical gaps in attack surface and what to do about it -

The insurance industry employs actuaries to help quantify and manage the risks insurance underwriters take. The organizations and individuals that in-turn purchase insurance policies also look at their own biggest risks and the likelihood they will occur and opt accordingly for various deductibles and riders.

Things do not work the same way when it comes to cyber security. For example: Gartner observed that most breaches are the result of a vulnerability being exploited. Furthermore, they estimate that 99% of vulnerabilities exploited are already known by the industry and not net-new zero-day vulnerabilities.

How is it possible that well known vulnerabilities are a significant conduit for attackers when organizations collectively spend at least $1B on vulnerability scanning annually? Among other things, it’s because organizations are practicing a form of security theater: they are focusing those vulnerability scanners on what they know and what is familiar; sometimes they are simply attempting to fulfill a compliance requirement.

NYTimes - Police or Prosecutor Misconduct Is at Root of Half of Exoneration Cases, Study Finds -

According to the report, by the National Registry of Exonerations, official misconduct contributed to false convictions in 54 percent of exonerations, usually with more than one type of misconduct. Over all, men and Black exonerees “were modestly more likely to experience misconduct,” although there were larger differences by race when it came to drug crimes and murder

 /r/Netsec - Lateral Movement Detection GPO Settings Cheat Sheet 


Twitter - 

15 weeks left, publishing my next book. Jam packed with pen testing, GPEN & OSCP prep, exam questions, tools & virtual machines. Looking for testers, RT for coverage

Tuesday, September 15, 2020

What I Am Reading 9/15/2020 - Nothing has really changed 3 years after the Equinox hack and The US has Dropped the Ball On Innovation

 Errata Security - Cliché: Security through obscurity (yet again) -

Obscurity has problems, always, even if it's just an additional layer in your "defense in depth". The entire point of the fallacy is to counteract people's instinct to suppress information. The effort has failed. Instead, people have persevered in believing that obscurity is good, and that this entire conversation is only about specific types of obscurity being bad.

Schneier on Security -  The Third Edition of Ross Anderson’s Security Engineering -

Coming in December 2020

IT Security Guru - Study identifies gaps in corporate cybersecurity systems -

A survey of 13,000 remote workers conducted by Trend Micro has discovered that almost 40% are accessing company data from their personal computers, tablets and phones. 

 Threatpost - Office 365 Phishing Attack Leverages Real-Time Active Directory Validation -

In the phishing attack, access to this immediate feedback “allows the attacker to respond intelligently during the attack,” researchers with Armorblox said on Thursday. “The attacker is also immediately aware of a live compromised credential and allows him to potentially ingratiate himself into the compromised account before any remediation.”

Yahoo - Feds ‘Very Concerned’ About AstraZeneca Vaccine Side Effect -

The Food and Drug Administration is weighing whether to follow British regulators in resuming a coronavirus vaccine trial that was halted when a participant suffered spinal cord damage, even as the National Institutes of Health has launched an investigation of the case.

...

A great deal of uncertainty remains about what happened to the unnamed patient, to the frustration of those avidly following the progress of vaccine testing. AstraZeneca, which is running the global trial of the vaccine it produced with Oxford University, said the trial volunteer recovered from a severe inflammation of the spinal cord and is no longer hospitalized.

BBC -  Ex-Google boss Eric Schmidt: US 'dropped the ball' on innovation -

In the battle for tech supremacy between the US and China, America has "dropped the ball" in funding for basic research, according to former Google chief executive Eric Schmidt.

And that's one of the key reasons why China has been able to catch up.

Dr Schmidt, who is currently the Chairman of the National Security Commission on Artificial Intelligence, said he thinks the US is still ahead of China in tech innovation, for now.

 Threatpost - Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs

The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers.

Patches are currently available for all these flaws – and in some cases, have been available for over a year – however, the targeted organizations had not yet updated their systems, leaving them vulnerable to compromise, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in a Monday advisory. CISA claims the attacks were launched by threat actors affiliated with the Chinese Ministry of State Security.

Related - Cyberscoop - Chinese intelligence-linked hackers are exploiting known flaws to target Washington, US says -

Hackers connected to a Chinese intelligence agency have infiltrated U.S. government and the private sector entities in recent months by exploiting a series of common vulnerabilities, the FBI and Department of Homeland Security’s cybersecurity agency announced Monday.

Attackers tied to China’s civilian intelligence and counterintelligence service, the Ministry of State Security (MSS), have been using phishing emails with malicious links to infiltrate victim organizations, according to the alert. By including malicious software in those messages, hackers are exploiting software flaws in commercial technologies and open-source tools, including services with known fixes. F5 Networks’ Big-IP Traffic Management User Interface, Citrix VPN Appliances, Pulse Secure VPN appliances, and Microsoft Exchange Server are among those affected, says the report from the FBI and DHS’ Cybersecurity and Infrastructure Security Agency (CISA).

 Threatpost - Chinese database detailing 2.4 million influential people, their kids, their addresses, and how to press their buttons revealed -

A US academic has revealed the existence of 2.4-million-person database he says is compiled by a Chinese company known to supply intelligence, military, and security agencies. The academic alleges the purpose of the database is enabling overseas influence operations to be conducted against prominent or influential people outside China.

That company is Shenzhen Zhenhua and the academic is Chris Balding, an associate professor at the Fulbright University Vietnam.

Balding and security researcher Robert Potter have co-authored a paper [PDF] claiming the trove is known as the “Overseas Key Information Database” (OKIDB) and that 10 to 20 per cent of it appears not to have come from any public source of information. The co-authors do not rule out hacking as the source of that data, but also say they can find no evidence of such activity.

SC magazine - What’s really changed three years after Equifax breach?   -

“Unfortunately, not much has changed,” said Greg Foss, senior threat researcher from VMware Carbon Black.

The breach led to significant fines and the retirement of Equifax’s chief executive and chief information officer, congressional probes and proposed legislative and regulatory changes. It also saw the credit monitoring company take a huge hit to its reputation.

But even with lessons from the Equifax breach looming large, organizations still are caught flat-footed by similar threats, in part because those threats continue to evolve and proliferate – and attackers are persistent. 

Threatpost - Critical Flaws in 3rd-Party Code Allow Takeover of Industrial Control Systems -

Six critical vulnerabilities have been discovered in a third-party software component powering various industrial systems. Remote, unauthenticated attackers can exploit the flaws to launch various malicious attacks – including deploying ransomware, and shutting down or even taking over critical systems.

The flaws exists in CodeMeter, owned by Wibu-Systems, which is a software management component that’s licensed by many of the top industrial control system (ICS) software vendors, including Rockwell Automation and Siemens. CodeMeter gives these companies tools to bolster security, help with licensing models, and protect against piracy or reverse-engineering.

 

Friday, August 21, 2020

What I'm Reading 8/21/2020 - Kamala Harris and Big Tech and How Tech Media Created the Gig Economy

HackRead - US-Cert warns of North Korean BLINDINGCAN malware -
 The report states that in conjunction with the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS), identified a remote access trojan (RAT) deployed by the North Korean government-sponsored hacking group referred as Hidden Cobra by the US government and also infamously known as the Lazarus Group or APT38.
The malware variant ensued by the North Korean threat actors is called BLINDINGCAN and it was used in concurrence with proxy servers in order to maintain a presence in the victim’s system and elongate network exploitation with its built-in functions.
Politico -  California has first rolling blackouts in 19 years — and everyone faces blame -
Earlier Monday, the California Independent System Operator blamed Friday's outages on "high heat and increased electricity demand." Yet some energy experts noted that demand wasn't particularly higher than normal, as is typical for weekends, and CAISO had predicted it would have adequate reserves on hand for the 80 percent of California's grid that it manages.
"What's weird about what happened is they were adequate until they weren't," said Michael Wara, director of Stanford University's climate and energy program and a member of the state's Catastrophic Wildfire Cost and Recovery Commission. "It seems as if certain power plants for some reason were not able to deliver on the commitments to supply reserves and also supply energy."
 SSRN - Words Matter: How Tech Media Helped Write Gig Companies into Existence -
When companies like Uber and TaskRabbit appeared in Silicon Valley, there was a collective media swoon over these new app-based service-delivery corporations and their products. Pundits and journalists made it seem like these companies were ushering in not only an inevitable future, but a desirable one. Their content helped convince the public and regulators that these businesses were different from existing corporations—that they were startups with innovative technology platforms designed to disrupt established firms by efficiently connecting consumers to independent, empowered gig workers. Those in the media normalized and at times generated this rhetoric and framing, which was then taken up by politicians, amplified by academics, and finally enshrined in laws that legalized the business models of these companies. The positive, uncritical coverage prevailed for years and helped pave the way for a handful of companies that represent a tiny fraction of the economy to have an outsized impact on law, mainstream corporate practices, and the way we think about work. The force that powered the swoon was a relatively new and journalistically problematic trend in media: “tech” reporting. 
 The Hacker News - Former Uber Security Chief Charged Over Covering Up 2016 Data Breach -
The federal prosecutors in the United States have charged Uber's former chief security officer, Joe Sullivan, for covering up a massive data breach that the ride-hailing company suffered in 2016.
According to the press release published by the U.S. Department of Justice, Sullivan "took deliberate steps to conceal, deflect, and mislead the Federal Trade Commission about the breach" that also involved paying hackers $100,000 ransom to keep the incident secret.
 Threatpost - Researchers Sound Alarm Over Malicious AWS Community AMIs -
Researchers are sounding the alarm over what they say is a growing threat vector tied to Amazon Web Services and its marketplace of pre-configured virtual servers. The danger, according to researchers with Mitiga, is that threat actors can easily build malware-laced Community Amazon Machine Images (AMI) and make them available to unsuspecting AWS customers.
The threat is not theoretical. On Friday, Mitiga released details of a malicious AMI found in the wild running an infected instance of Windows Server 2008. Researchers said the AMI was removed from a customer’s Amazon Elastic Compute Cloud (EC2) instance earlier this month but is still available within Amazon’s Community AMI marketplace.
Datbreach Today - Lucifer Botnet Now Can Target Linux Devices -
Lucifer, a botnet that has been infecting Windows devices with cryptominers and using compromised systems for distributed denial-of-service attacks, now has the ability to compromise Linux-based systems as well, according to Netscout's ATLAS Security Engineering & Response Team.
SC Magazine - Why we need a federal data privacy law – and how CCPA sets the pace -
The country needs to pass federal privacy legislation to establish a national standard for individual rights. Today, too many state laws exist, creating confusion and duplication. We need to create a national standard that would apply to all businesses and organizations.
By not having a national standard, we miss the opportunity to establish a consistent comprehensive framework for privacy in the United States. Without a federal law states have passed their own laws. Today, California, Nevada and Maine have privacy laws, but many other states have bills working their way through legislatures. Many of these state efforts are based in part on the California Consumer Privacy Act (CCPA), which went into effect January 1, 2020.
NY Times - How Kamala Harris Forged Close Ties With Big Tech -
For Ms. Harris, a Bay Area politician, connections to tech have been essential and perhaps inescapable. In past campaigns — her two elections to be attorney general, her successful run for the Senate and her failed bid for the Democratic presidential nomination — she relied on Silicon Valley’s tech elite for donations. And her network of family, friends and former political aides has fanned throughout the tech world.
Those close industry ties have coincided with a largely hands-off approach to companies that have come under increasing scrutiny from regulators and lawmakers around the world. As California’s attorney general, critics say, Ms. Harris did little to curb the power of tech giants as they gobbled up rivals and muscled into new industries. As a senator, consumer advocacy groups said, she has often moved in lockstep with tech interests.




Thursday, August 20, 2020

What I'm Reading 8/20/2020 - Stuff, Just Stuff

Sorry for the Gap, Was busy with on-boarding for the new job.  

CIS - Introducing the Community Defense Model -
CIS ascertained that the safeguards in IG1 provide defense against approximately 62% of the Techniques identified in the ATT&CK Framework with a focus on the Initial Access, Execution, Persistence, Privilege Escalation, and Defense Evasion of the top attack patterns’ stages (or Tactics). If these top attack patterns’ stages are successfully defended against, organizations can mitigate subsequent impacts of an attack.
Most importantly, though, CIS determined that the safeguards in IG1 defend against the five most significant attack patterns from the 2019 Verizon DBIR. Any organization can start by implementing IG1 to create a solid foundation for cyber defense.
The white paper is here .  The Community Defense Model looks at attacks across different industry groups, maps them to the MITRE ATT&CK Framework and then recommends mitigations.  The five most common attacks according to their research are:

  • Web Application Hacking
  • Insider and Privilege Misuse
  • Malware
  • Ransomware
  • Targeted Intrusions
In the 2020 “Security Culture Report”, data was collected from 120,050 employees in 1,107 organisations across 24 countries. There was a total of 17 industry sectors examined in detail and results revealed a large gap between the best performers and the poor performers when it comes to security culture. Only 7% of the analysed organisations have demonstrated a good security culture. The majority, 92%, were found to have developed a moderate security culture.

"This protocol that STUDENTS ONLY are required to sign and abide by says that they will download an app that tracks their locations, that they will not leave campus for 14 weeks, agree to give Albion College medical information that is none of their business and that they will not have jobs off campus," the petition says.
Perhaps more concerning is that the Amazon Web Services access keys for the backend servers of the Android version of Aura were, it is claimed, accessible within the app's code. The credentials were found by an Albion College student, who asked to be identified by her Twitter handle Q3w3e3. The keys could, we're told, be used to access the app's backend data and virtual machines in the Amazon-hosted US-West-2 region, including people's COVID-19 test result and medical insurance information.

There is also a Techcrunch article with a lot more depth, but it is not as excerptable.  I'm going to get on my soapbox a bit and say this is one of the things I hate about Agile and the Minimal Viable Product mentality.  This product appears to be a particularly egregious example, but in the last 4 years I have seen this numerous times and it's always because of a ship at any cost we'll fix it in a future sprint attitude.   It's bullshit!.  I know there are good reasons to ship products with known bugs and I know that mistakes happen but this, and other cases I have seen in the past, are beyond that.


Security Week - U.S. Details North Korean Malware Used in Attacks on Defense Organizations -
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have shared details on a piece of malware North Korean threat actors likely used in attacks targeting employees of defense organizations in Israel and other countries.
Dubbed BLINDINGCAN, the malware was apparently used in “Dream Job,” a campaign active since the beginning of this year, which hit dozens of defense and governmental companies in Israel and globally by targeting specific employees with highly appealing job offerings.
 Security Boulevard - Disrupting a power grid with cheap equipment hidden in a coffee cup -
Cyber-physical systems security researchers at the University of California, Irvine can disrupt the functioning of a power grid using about $50 worth of equipment tucked inside a disposable coffee cup.
...
For this project, Al Faruque and his team used a remote spoofing device to target electromagnetic components found in many grid-tied solar inverters.
“Without touching the solar inverter, without even getting close to it, I can just place a coffee cup nearby and then leave and go anywhere in the world, from which I can destabilize the grid,” Al Faruque said. “In an extreme case, I can even create a blackout.”
Help Net Security - 62% of blue teams have difficulty stopping red teams during adversary simulation exercises

Help Net Security - Most ICS vulnerabilities disclosed this year can be exploited remotely -
More than 70% of ICS vulnerabilities disclosed in the first half of 2020 can be exploited remotely, highlighting the importance of protecting internet-facing ICS devices and remote access connections, according to Claroty.

Monday, August 17, 2020

What I'm Reading 8/17/2020 - Slow Day

Security Week - US Adds Sanctions on China's Huawei to Limit Technology Access -
The US administration Monday expanded its sanctions on China's Huawei, a move aimed at further limiting the tech giant's access to computer chips and other technology.
A Commerce Department statement added 38 Huawei affiliates around the world to the "entity list," claiming that the company was using international subsidiaries to circumvent the sanctions which prevent export of US-based technology.
Commerce Secretary Wilbur Ross said Huawei and its affiliates "have worked through third parties to harness US technology in a manner that undermines US national security and foreign policy interests."
SC Magazine -  Five security points CISOs must communicate to the corporate board -
The responsibilities of top security executives are evolving constantly as most employees now work remotely, creating new opportunities for cyberattacks and disruption. In these tense times, strong communication skills are important for security leaders, especially for those protecting critical infrastructure. While businesses adapt to this new dispersed working environment, CISOs must  maintain constant communication with the board to ensure that top management understands the importance of security.
 CSO - Hybrid cloud complexity, rush to adopt pose security risks, expert says -
As enterprises race to adopt cloud technology, they also encounter a combination of new possible threats from the rapid and frequently unorganized deployment of different cloud-based technologies. Particular concerns surround the adoption of so-called hybrid cloud technologies, Sean Metcalf, founder of cloud security advisory company Trimark Technologies told the attendees of DEF CON Safe Mode last week
Krebs on Security - Microsoft Put Off Fixing Zero Day for 2 Years -
One of the 120 security holes Microsoft fixed on Aug. 11’s Patch Tuesday was CVE-2020-1464, a problem with the way every supported version of Windows validates digital signatures for computer programs.
Code signing is the method of using a certificate-based digital signature to sign executable files and scripts in order to verify the author’s identity and ensure that the code has not been changed or corrupted since it was signed by the author.
...
In fact, CVE-2020-1464 was first spotted in attacks used in the wild back in August 2018. And several researchers informed Microsoft about the weakness over the past 18 months