Iran is being linked to an attempted cyberattack last month that authorities believe was aimed at disrupting water supplies in at least two locations in Israel as that country was seeking to contain a covid-19 outbreak, according to foreign intelligence officials familiar with the matter.
...
The foreign intelligence officials described the attack as coordinated, but not particularly sophisticated. The intruders targeted “programmable logic controllers” that operate valves for water distribution networks. The two affected districts serve a variety of residential, medical and commercial customers, providing fresh water as well as wastewater removal and treatment. At the time, much of the population was under lockdown because of the pandemic.
Abbott said during an interview with the Wichita Falls CBS affiliate that he thinks Texas is a perfect fit for Tesla (TSLA.O). A spokesman for Abbott confirmed to Reuters the governor spoke with Musk over the weekend.
“I’ve had the opportunity to talk to Elon Musk and he’s genuinely interested in Texas and genuinely frustrated with California,” Abbott said. “We’ve just got to wait and see how things play out.”
Tesla is fully reopening the Gigafactory in Nevada, where it makes batteries for its electric cars and energy storage products, as well as parts for the Model 3, according to an internal email viewed by The Verge.
The full reopening is more aggressive move than what the company told employees to expect last week, when Tesla said it would only resume “limited operations” as the state began the first phase of its plan to restart some businesses during the novel coronavirus pandemic.
Organizations are turning to automation to address challenges in cybersecurity operations. In one recent survey, more than 19% of enterprises had already implemented "extensive" automation (or orchestration) within their security operations programs. Thirty-nine percent had done so in a limited fashion, and 26% had projects planned or in the works.
So, what new skills are former SOC Level 1 analysts going to need to know? To function well in the new SOC, they will need to know about data lakes and how people are collecting information and then applying analytics to the data.
And when you start thinking about applying analytics, you realize that you need data scientists and sensor grid specialists. The latter role entails active defense. Now that workers are freed from watching screens all day, they can do things that they couldn't do before — such as spending time actively defending the network.
The report, authored by the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) and the Federal Bureau of Investigation (FBI), urges organizations in the public and private sector to apply necessary updates in order to prevent the most common forms of attacks encountered today....Other observations from the joint CISA & FBI security alert include:
- The most commonly attacked was Microsoft's Object Linking and Embedding (OLE), a technology that allows Office documents to embed content from other applications.
- OLE vulnerabilities like CVE-2017-11882, CVE-2017-0199, and CVE-2012-0158, were the most exploited bugs by foreign nation-state sponsored groups, from countries like China, Iran, North Korea, and Russia.
- Apache Struts was the second most attacked technology. This is in line with a recent RiskSense report.
- The most commonly exploited vulnerabilities in 2020 were CVE-2019-19781 (bug in Citrix VPN appliances) and CVE-2019-11510 (bug in Pulse Secure VPN servers).
- During the coronavirus outbreak, many organizations shifting to work from home setups have misconfigured Office 365 deployments.
- CVE-2017-11882 - Microsoft Office - Loki, FormBook, Pony/FAREIT
- CVE-2017-0199 - Microsoft Office - FINSPY, LATENTBOT, Dridex
- CVE-2017-5638 - Apache Struts -JexBoss
- CVE-2012-0158 - Microsft Office -Dridex
- CVE-2019-0604 - Microsoft Sharepoint - China Chopper
- CVE-2017-0143 - Microsoft Windows - EternalSynergy, EternalBlue
- CVE-2018-4878 - Adobe Flash Player - DOGCALL
- CVE-2017-8759 - Microsoft .NET Framework - FINSPY, FINFisher, WingBird
- CVE-2015-2041 - Microsoft Word - Toshliph, UWarrior
- CVE-2018-7600 - Drupal - Kitty
The Cyber Security Body of Knowledge project or CyBOK is a collaborative initiative mobilised in 2017 with an aspiration to “codify the foundational and generally recognized knowledge on Cyber Security.” Version 1.0 of the published output of this consultative exercise was quietly released last year and then more publicly launched in January 2020.
Yet, this free and information-packed publication does not appear to have captured the attention it perhaps deserves across the wider industry. Hence the reason for blogging and discussing a very quick overview of it here on State of Security.
It's hard to tell what this thing can do. Possibly a lot, but it's all still in prototype stage.
Historically, cyber operations occurred over landline networks and electronic warfare over radio-frequency (RF) airwaves. The rise of wireless networks has caused the two to blur. The military wants to move away from traditional high-powered jamming, which filled the frequencies the enemy used with blasts of static, to precisely targeted techniques, designed to subtly disrupt the enemy's communications and radar networks without their realizing they're being deceived. There are even reports that "RF-enabled cyber" can transmit computer viruses wirelessly into an enemy network, although Wojnar declined to confirm or deny such sensitive details.
The next major version of the Windows 10 operating system will include a new security option that will allow users to enable a Windows Defender secret feature that can detect and block the installation of known PUAs (potentially unwanted applications), Microsoft announced on Tuesday.
The malware, dubbed Ramsay, is still under active development — so far, researchers have found three different samples, with each sample adding new features. However, Ramsay’s targeting of air-gapped networks make the toolkit a formidable threat, researchers say. An air gap is a security measure to ensure that computer networks are physically isolated from other, potentially unsecured networks (such as the public internet or an unsecured local area network).
A shift toward zero-trust architectures appears to be gaining momentum, with a global survey of 500 senior cybersecurity executives published today showing that 40% of respondents have launched an initiative to achieve that goal.
In North America, the survey finds there has been a 275% year-over-year growth in the number of organizations that have or plan to have a defined zero-trust initiative in place in the next 12 to 18 months.
The U.S. agencies accused Chinese hackers as well as spies of trying to pilfer intellectual property and other information related to coronavirus treatments.
“The FBI is investigating the targeting and compromise of U.S. organizations conducting COVID-19-related research by [People’s Republic of China]-affiliated cyber actors and non-traditional collectors,” reads the statement from DHS’s Cybersecurity and Infrastructure Security Agency and the FBI. “The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.”
A cyberattack brought a Czech coronavirus testing laboratory to its knees in the middle of the pandemic. Japan faced a deluge of hacking attempts from Russia and China, immediately after the coronavirus lockdown ended in Wuhan. And as the world leader with more than 50 million internet assets that are remotely accessible — thus vulnerable — the United States is a giant sitting duck.
Chris Kubecka shares all these threats on her computer screen over Zoom, watching them like some strange, digital guardian angel from her Amsterdam apartment. The half Puerto Rican, half Dutch expat was already a well-respected security researcher, responsible for exposing major security weaknesses in the airplane manufacturing giant Boeing as well as saving Saudi Arabia’s oil giant Aramco after it was crippled by the devastating Shamoon cyberwarfare offensive in 2012. Now the former U.S. Air Force and Space Command veteran is becoming a pivotal player in helping institutions protect themselves from a spate of cyberattacks launched amid the pandemic panic.

No comments:
Post a Comment