What I am Reading 1/22/2023

 Importance of signing in Windows environments

https://isc.sans.edu/diary/rss/29456

"NTLM relaying has been a plague in Windows environments for many years – and we have witnessed many exploits that rely on the fact that it is possible to relay NTLM authentication attempts to various target services.

While there are many potential targets here, in most red team engagements my colleagues and myself are relaying credentials to other SMB, LDAP or HTTP(S) services (especially on AD CS server, used for issuing certificates). So one of the mandatory “health check” activities should be to verify if your systems really have signing enabled."

CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers

https://thehackernews.com/2023/01/cisa-warns-for-flaws-affecting.html

Many ICS flaws remain unpatched as attacks against critical infrastructure rise

https://www.csoonline.com/article/3686131/many-ics-flaws-remain-unpatched-as-attacks-against-critical-infrastructure-rise.html#tk.rss_all

Too many default 'admin1234' passwords increase risk for industrial systems, research finds

https://www.cyberscoop.com/industrial-system-cybersecurity-default-passwords/

Vulnerable Historian Servers Imperil OT Networks

https://www.darkreading.com/ics-ot/vulnerable-historian-servers-imperil-ot-networks

Hacking ICS Historians: The Pivot Point from IT to OT

https://claroty.com/team82/research/hacking-ics-historians-the-pivot-point-from-it-to-ot?utm_campaign=%5BTeam82%5D+Hacking+ICS+Historians%3A+The+Pivot+Point+from+IT+to+OT&utm_content=Oktopost-twitter&utm_source=twitter&utm_tags=remote+code+execution%2CBlog%2Cvulnerabilities%2Cvulnerability+disclosures%2CTEAM82%2Cresearch%2Chacking&mc_cid=135ec1c84f&mc_eid=UNIQID

ICS Confronted by Attackers Armed With New Motives, Tactics, and Malware

https://www.darkreading.com/ics-ot/ics-confronted-by-attackers-armed-with-new-motives-tactics-and-malware

The lights have been on at a Massachusetts school for over a year because no one can turn them off

https://www.nbcnews.com/news/us-news/lights-massachusetts-school-year-no-one-can-turn-rcna65611

"Mustone said the pandemic essentially shut down the factories in China that produce the components they need to do this kind of work. He said it’s a lot cheaper to build things over there, but lots of American companies like his are now paying the price.

'I have been doing this for 42 years and I have never seen this kind of supply chain disruption,” he said. “We made a deal with the devil by moving the factories to China.' ”

More than 4,400 Sophos firewall servers remain vulnerable to critical exploits

https://arstechnica.com/information-technology/2023/01/more-than-4400-sophos-firewall-servers-remain-vulnerable-to-critical-exploits/

Chinese Hackers Exploited Fortinet VPN Vulnerability as Zero-Day

https://www.securityweek.com/chinese-hackers-exploited-fortinet-vpn-vulnerability-zero-day

Government watchdog: Feds fail to implement vast majority of cybersecurity recommendations

https://www.cyberscoop.com/government-watchdog-cybersecurity-recommendations/

T-Mobile suffers 8th data breach in less than 5 years

https://www.csoonline.com/article/3686053/t-mobile-suffers-8th-data-breach-in-less-than-5-years.html#tk.rss_all

6 Types of Risk Assessment Methodologies + How to Choose

https://thehackernews.com/2023/01/6-types-of-risk-assessment.html

Video - What Really Happened with the Substation Attack in North Carolina?

https://www.youtube.com/watch?v=bPwY-FTqWxM