IT Security Guru - CISA Releases Emergency Directive on Microsoft Windows Netlogon Remote Protocol -
Basically the directive gives all federal agencies until 11:59pm on 21 Sep to apply the patch or remove the domain controllers.
Related - The Register - US Cybersecurity agency issues super-rare Emergency Directive to patch Windows Server flaw ASAP -
“We do not issue emergency directives unless we have carefully and collaboratively assessed it to be necessary,” the agency warned. CISA issued just two such directives in each of 2018 and 2019. 2020's status as a year of woe has seen it score four of the emergency warnings.
That the agency feels the need to issue one for this flaw is notable given that simply applying Microsoft's August patches would have fixed the problem. Yet US government agencies need the firmest possible prod to get it done.
Unit 42 - Introducing Actionable Threat Objects and Mitigations (ATOMs) -
Unit 42 has renamed the Adversary Playbooks to Actionable Threat Objects and Mitigations (ATOMs) and has directly relocated the ATOM viewer into the Unit 42 website. Furthermore, Unit 42 has enhanced the ATOM packages, introducing intelligence-driven security best practices and mitigation recommendations, mapped to MITRE ATT&CK techniques and presented as Courses of Action (COA), which allow consumers to understand more about the threat and how to mitigate it.
Each ATOM campaign provides indicators of compromise, the ATT&CK techniques utilized and COA for Palo Alto Networks products in one STIX 2.0 object deliverable that can easily be ingested for various purposes, whether for tactical defense, longer-term defense planning or simulating attacks.
Art of Manliness - How to Make a Bug Out Bag: Your 72-Hour Emergency Evacuation Survival Kit -
The thought of having to evacuate your home due to a sudden and imminent threat is not unrealistic. The reality is that sudden and uncontrollable events of nature and man do happen. Natural disasters such as hurricanes, storms, wildfires, earthquakes, floods, and volcanic explosions can strike fast and hard — wreaking havoc on homes, vehicles, roads, medical facilities, and resource supply chains such as food, water, fuel, and electricity. When Hurricane Katrina struck the Gulf Coast in 2005, tens of thousands of people had to evacuate their homes with little warning; this has been an all-too-common reoccurrence in the years since. Unprepared and with no emergency plan, many of these people were completely dependent on scavenging and hand-outs while living in make-shift shelters — fending for themselves in a time of complete chaos and disorder. A 72-hour emergency kit packed with survival essentials would have been an invaluable and priceless resource.
Security Week - FERC, NERC Conduct Study on Cyber Incident Response at Electric Utilities -
The report is based on a study conducted by staff at FERC, NERC and NERC regional entities. The study is based on information provided by experts at eight U.S. electric utilities of various sizes and functions, and its goal was to help the industry improve incident response and incident recovery plans, which authors of the study say help ensure the reliability of the bulk electric system in the event of a cybersecurity incident.
The Register - Amazon staffers took bribes, manipulated marketplace, leaked data including search algorithms – DoJ claims -
US prosecutors claim six people bribed corrupt Amazon insiders to rig the the web giant's Marketplace in their favor and leak terabytes of data including some search algorithms.
Amazon’s digital bazaar is open to third parties who can push their products on the e-commerce giant’s store, and even have Amazon do their deliveries. Amazon vets such vendors – who are known as “3Ps” – and then polices their activities on its platform.
In an indictment [PDF] filed late last week, the Dept of Justice asserted that the six defendants paid over US$100,000 to “complicit Amazon employees and contractors.” The DoJ claims at least ten Amazonians took the crooked coin and “baselessly and fraudulently conferred tens of millions of dollars of competitive benefits on hundreds of 3P seller accounts that the defendants purported to represent”.
Medium - The Risk Makers -
The failure to properly calculate risk sits at the core of most high-profile tech disasters of the last decade. The problem is endemic to the industry, critics say. “Harmful content, of any category, is not an aberration, but a condition of platforms,” says Tarleton Gillespie, a principal researcher at Microsoft and an adjunct associate professor at Cornell University, and author of the 2018 book Custodians of the Internet.
The internet’s “condition of harm” and its direct relation to risk is structural. The tech industry — from venture capitalists to engineers to creative visionaries — is known for its strike-it-rich Wild West individualistic ethos, swaggering risk-taking, and persistent homogeneity. Some of this may be a direct result of the industry’s whiteness and maleness. For more than two decades, studies have found that a specific subset of men, in the U.S. mostly white, with higher status and a strong belief in individual efficacy, are prone to accept new technologies with greater alacrity while minimizing their potential threats — a phenomenon researchers have called the “white-male effect,” a form of cognition that protects status. In the words of one study, the findings expose “a host of new practical and moral challenges for reconciling the rational regulation of risk with democratic decision making.”
No comments:
Post a Comment