Mediaboss Marketing

Cyber attackers regularly exploit unpatched software vulnerabilities, but they "routinely" target security misconfigurations for initial access, so the US Cybersecurity and Infrastructure Security Agency (CISA) and its peers have created a to-do list for defenders in today's heightened threat environment.

CISA, the FBI and National Security Agency (NSA), as well as cybersecurity authorities from Canada, New Zealand, the Netherlands, and the UK, have compiled a list of the main weak security controls, poor configurations, and poor security practices that defenders should implement to thwart initial access. It also contains the authorities' collective recommended mitigations.

"Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim's system," CISA says.

SEE: Just in time? Bosses are finally waking up to the cybersecurity threa

The list of actions includes all obvious candidates, such as enabling multi-factor authentication (MFA) on key systems, such as virtual private networks (VPNs), but which are prone to misconfigurations when implemented in complex IT environments.

For example, last year Russian hackers combined a default policy shared by multiple MFA solutions and a Windows printer privilege of escalation flaw to disable MFA for active domain accounts and then establish remote desktop protocol (RDP) connections to Windows domain controllers. This complexity can also be seen in the choice of, deployment and use of VPNs, whose adoption escalated after the pandemic struck.

Recent research by Palo Alto Networks found that 99% of cloud services utilize excessive permissions, against the well-known principle of least privilege to limit opportunities for attackers to breach a system.

The security controls outlined in CISA's list serve as a useful checklist for organizations, many of which deployed remote-working IT infrastructure hastily due to the pandemic, and amid today's heightened geopolitical tensions due to Russia's invasion of Ukraine. It also follows the EU joining the US-Five Eyes in jointly blaming the Russian military on this year's cyberattack against Viasat's European satellite broadband users.

As noted in the joint alert, attackers commonly exploit public-facing applications, external remote services, and use phishing to obtain valid credentials and exploit trusted relationships and valid accounts.

The joint alert recommends MFA is enforced for everyone, especially since RDP is commonly used to deploy ransomware. "Do not exclude any user, particularly administrators, from an MFA requirement," CISA notes.

Incorrectly applied privileges or permissions and errors in access control lists can prevent the enforcement of access control rules and could give unauthorized users or system processes access to objects.

Of course, make sure software is up to date. But also don't use vendor-supplied default configurations or default usernames and passwords. These might be 'user friendly' and help the vendor deliver faster troubleshooting, but they're often publicly available 'secrets'. The NSAstrongly urges admins to remove vendor-supplied defaults in its network infrastructure security guidance.

"Network devices are also often pre-configured with default administrator usernames and passwords to simplify setup," CISA notes. "These default credentials are not secure they may be physically labeled on the device or even readily available on the internet. Leaving these credentials unchanged creates opportunities for malicious activity, including gaining unauthorized access to information and installing malicious software."

SEE: What is ransomware? Everything you need to know about one of the biggest menaces on the web

CISA notes that remote services, such as VPNs, lack sufficient controls to prevent unauthorized access. Defenders should add access control mechanisms like MFA to reduce risks. Also, put the VPN behind a firewall, and use IDS and IPS sensors to detect suspicious network activity.

Other key problems include: strong password policies are not implemented; open ports and internet-exposed services that can be scanned via the internet by attackers; failure to detect or block phishing using Microsoft Word and Excel documents booby-trapped with malicious macros; and poor endpoint detection and response.

CISA's recommendations include control access measures, implanting credential hardening, establishing centralized log management, using antivirus, employing detection tools and searching for vulnerabilities, maintaining configuration management programs, and implementing patch management.

CISA also recommends adopting a zero-trust security model, but this is likely a long-term goal. US federal agencies have until 2024 to make significant headway on thisaim.

The full list of security 'don'ts' includes:

Read the original here:
FBI and NSA say: Stop doing these 10 things that let the hackers in - ZDNet

Since the Russia-Ukraine conflict broke out, war on the ground has been brutal and catastrophic. Cyber warfare has been comparably insignificant, and projections about mass online shutdowns have not materialised.

However, there has been some intervention from hostile state actors. Just last week, the Foreign, Commonwealth and Development Office (FCDO) announced that Russia was almost certainly behind a major cyber operation targeting the US commercial communications and internet satellite company Viasat, which happened an hour before the invasion on 24 February.

After months of analysis, the UK governments National Cyber Security Centre (NCSC) has now attributed the hacks to the Russian state. While the primary target was the Ukrainian military, the attacks also impacted Ukrainian Viasat customers, and caused disruption to wind farms and internet users across central Europe. Additionally, the NCSC has ascertained that Russia was also behind an earlier attack on the Ukrainian government on 13 January, which involved defacing government websites and the deployment of destructive malware.

Interestingly, global sanctions on Russia have caused ransomware attacks to decrease since March, noted Rob Joyce, cyber security director of the US National Security Agency (NSA), at the NCSCs CyberUK conference in Wales this week. Sanctions have made it harder for criminals to organise attacks and move money in the West, he said.

But cyber threats do not only come from hostile states. Speaking in a panel discussion, Joyce highlighted the rise of cyber vigilantes lone actors on both sides of the conflict who are taking matters into their own hands to infiltrate and destroy their enemys systems.

While activism in support of Ukraine might seem commendable, Joyce warned that such an approach is not conducive to ethical behaviour. You want to sit back and root for the folks who are trying to do noble things but it is problematic, he said. We are trying to hold bad actors accountable in other nations [and] we have to be good international citizens in the cyber arena.

Abigail Bradshaw, head of the Australian Cyber Security Centre (ACSC), said that roughly 300,000 hactivists related to the Russia-Ukraine conflict have been identified so far, and added that the extent of cyber vigilantism has taken [government] by surprise.

There is an extreme unpredictability associated with these exploits that make it difficult to attribute, contain and stop them, she said. Hactivism can also impact regular citizens quite significantly, due to spillover onto non-primary targets (such as with the Viasat campaign) and breaches on public tools like Google Maps, impeding peoples ability to travel and infiltrating personal location data.

Some hactivists do not act alone and have the advantage of an organisation behind them, making them even more of a threat. Perhaps the best-known is Anonymous, the pro-Ukraine collective that has vowed to keep attacking Russia until its aggression stops. The groups actions have caused Russia to become the most hacked country in the world in 2022 so far, with breaches affecting 3.5 million people, according to research from virtual private network (VPN) provider Surfshark.

But hactivist collectives exist on both sides. Conti, a group of pro-Russia ransomware cyber criminals, have now restyled themselves as political activists, said Jonathan Hope, senior technology evangelist at cyber security firm Sophos, who spoke in another session at CyberUK on ransomware.

Vigilantes can be more ruthless and chaotic than other cyber criminals, he noted, as they destroy data for the sake of it rather than for financial gain, meaning victims are less likely to get their information back. Theyre hacking for Mother Russia with no checks, controls or balances, Hope said. Its a tool, a weapon to destroy data.

The rise in such sporadic hacking makes it ever more important that governments secure and stress-test their critical national infrastructure, said Juhan Lepassaar, executive director of the European Union Agency for Cyber Security.

He said that the UK has done great work in securing its telecoms sector, and other industries and countries need to follow suit. It pays off to build a framework where you stress-test the most critical sectors in society. [The sectors should be] incentivised to do it themselves.

There was consensus that both organisations and individuals need to be encouraged to undertake basic steps in cyber security. Joyce said that attitudes are changing, albeit a little late intelligence agencies have focused on counter-insurgency and terrorism for the past two decades, he said, which has caused cyber defence to fall by the wayside.

Weve not been investing in IT and now China is threatening those systems, he said. We will now do the things that we should have done ten or 20 years ago. The narrative has shifted.

Moving the onus of cyber security from response to prevention is key, added Lepassaar. In fact, Ukraines thorough preparations are what has helped the country stay online despite multiple setbacks and has even enabled them to host press conferences in besieged cities, he said. There has been a good deal of resilience from the Ukrainian state around maintaining connectivity. [This shows] the value of building partnerships early on and making sure you build distributed systems that are difficult to take down and attack.

Sign up for The New Statesmans newsletters Tick the boxes of the newsletters you would like to receive. Morning Call Quick and essential guide to domestic and global politics from the New Statesman's politics team. World Review The New Statesmans global affairs newsletter, every Monday and Friday. The New Statesman Daily The best of the New Statesman, delivered to your inbox every weekday morning. Green Times The New Statesmans weekly environment email on the politics, business and culture of the climate and nature crises - in your inbox every Thursday. This Week in Business A handy, three-minute glance at the week ahead in companies, markets, regulation and investment, landing in your inbox every Monday morning. The Culture Edit Our weekly culture newsletter from books and art to pop culture and memes sent every Friday. Weekly Highlights A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. Ideas and Letters A newsletter showcasing the finest writing from the ideas section and the NS archive, covering political ideas, philosophy, criticism and intellectual history - sent every Wednesday. Events and Offers Sign up to receive information regarding NS events, subscription offers & product updates.

Here is the original post:
NSA's Rob Joyce: Even the good hactivists are problematic - The New Statesman

At a glance.

The Council of Europe has announced that the Second Additional Protocol to the Convention on Cybercrime (also known as the Budapest Convention) was opened for signature at a conference of the Councils Committee of Ministers.. The protocols goal is to encourage the sharing of electronic evidence like subscriber info and traffic data among council member states through direct cooperation with service providers and registrars. Representatives from member states including Austria, Finland, Italy, Spain, and Sweden were present at the signing, as well as non-member states including the US and Japan. Secretary General Marija Pejinovi Buri explained, The Second Protocol brings the Budapest Convention up to date with current, technological challenges, so that it remains the most relevant and effective international framework for combating cybercrime in the years ahead. Justice Minister of Italy, Marta Cartabia, added, The use of ICT (Information and Communication Technologies) by organised crime in all sectors (sexual exploitation, drug trafficking, smuggling, terrorism) represents a further challenge for our judicial authorities and for our institutionsThe Second Additional Protocol, therefore, responds to the need for greater and more efficient co-operation between States and between the States and the private sector, clarifying the cases in which the service providers will be able to provide the data in their possession directly to the competent authorities of other countries. The Protocol is open for signature by Parties to the Convention and will be implemented once ratified by five States.

Ilia Kolochenko, Founder of ImmuniWeb, a member of Europol Data Protection Experts Network and EU CyberNet Member, commented on the importance of the Protocol:

As of today, The Budapest Convention remains the most comprehensive and the most important international treaty designed to combat cybercrime. The Convention, among other things, harmonizes the criminalization of computer offences, accelerates collaboration between law enforcement agencies and facilitates the preservation and seizure of digital evidence stored in a foreign country.

"The 20-year old Convention, however, certainly requires some updates to stay ahead of the rapidly evolving technology landscape and novel tactics deployed by sophisticated threat actors. Despite reasonable concerns expressed by the EU EDPB in relation to possible privacy risks created by the long-awaited Second Protocol, the Protocol brings several major improvements.

"Enhanced mutual assistance in emergency situations is probably the most crucial development. While procedurally its not yet crystal clear how the emergency assistance provisions will be implemented by signatory countries, the provisions definitely bring a sound legal framework to remove some bureaucratic barriers that have been hindering mutual legal assistance in cross-border investigations when time was of the essence.

"Other provisions, such as disclosure of domain name owners and subscriber information, will probably have a less palpable impact, as many countries have already established tenable processes and procedures related thereto. Novel provisions on joint investigation teams will undoubtedly boost multiagency and multijurisdictional cooperation, however, the recent success of numerous joint operations, conducted by national authorities led by Europol and Interpol, convincingly demonstrates that joint investigations work pretty well today.

"That being said, in 2022, the challenges remain pretty similar to 2001. First, countries like Russia, China, India and most African countries are not signatories of the Convention. It is impossible to effectively investigate and prosecute cybercriminals without frictionless cooperation with those states, representing over 3 billionInternet users. Second, the Convention does not create specific duties binding upon national law enforcement agencies, but rather encourages governments to adopt necessary legislation and implement the requisite infrastructure. Third, most law enforcement agencies are already overwhelmed with an avalanche of domestic cases and will unlikely prioritize external requests even if the law provides so. Thus, we will probably observe more countries passing national laws to authorized legal hacking by police to obtain digital evidence in a rapid, licit and straightforward manner.

The US National Institute of Standards and Technology (NIST) is working on establishing quantum encryption standards for the nation, and some might be concerned the advanced technology might be used by another agency, NSA, for surveillance. NSAs director of cybersecurity Rob Joyce attempted to put such worries to rest by promising there will be no backdoors that could allow for spying. Joyce told Dark Reading, Those candidate algorithms that NIST is running the competitions on all appear strong, secure, and what we need for quantum resistance. Weve worked against all of them to make sure they are solid.

The Assembly of the US state of New York on Wednesday passed legislation aimed at securing the states energy grid against cyberattack. The bill was introduced by Assemblyman and chair of his chamber's Energy Committee Mike Cusick, who explained, "New York's energy grid is a prime target for hackers and cyber criminals across the globe...The passage of this legislation is a crucial step in our fight against cyber crime and our efforts to bolster the resiliency of our grid. GovTech notes that the bill will also provide a path for future legislation protecting infrastructure, and gives the state's Division of Homeland Security and Emergency Services the power to collaborate with state and federal agencies. Once passed by the Senate, the bill will be reviewed by Governor Kathy Hochul, who in February launched the "Joint Security Operations Center, a collaboration of federal and local partners offering a statewide view of the cyberactivity.

Read the original here:
Data sharing and the Budapest Convention. NSA says new encryption standard won't have backdoors. New York enacts measures to protect power grid. - The...

A new investigation reveals the immigration agency has collected data on most Americans. Its the latest case in a worrying trend.

By Farrah Hassen / OtherWords

Growing up in the Southern California suburbs, government surveillance never worried me. But my Syrian-American parents were more cautious. They would often warn me against talking about politics over the phone in case Big Brother was snooping.

As a teenager, I dismissed their concerns. Listen, were not in the Middle East, I would counter.

My parents knew better though. I soon received a rude awakening in the aftermath of the September 11 attacks.

Almost 1,200 people, mostly Muslims, wererounded upand detained after the attacks, often for months without charges. Arabs and South Asians wereracially profiledand deported for minor immigration violations. The FBI begansurveillingmosques across America.

As part of the homeland security reforms following 9/11, Congress created the U.S. Immigration and Customs Enforcement (ICE) agency in 2003 to ostensibly fight terrorism and enforce immigration law. But the truth is, ICE went on to use its newly established authority to spy on nearly everyone in the United States.

An independent, two-year investigation has now revealed that ICE collected data onhundreds of millions of Americansunder a legally and ethically questionable surveillance system largely outside of public oversight.

Georgetown Laws Center on Privacy and Technologyuncovered this dragnet after filing over 200 Freedom of Information Act requests and reviewing ICEs contracting records from 2008 to 2021.

In itsreport, released May 10, the Center found that ICE has spied onmost Americanswithout a warrant and circumvented many state privacy laws, such as those in California. The authors conclude: ICE now operates as a domestic surveillance agency.

ICE hascarried out this surveillanceby turning to third parties like state Departments of Motor Vehicles, large utility companies, and private data brokers like LexisNexis Risk Solutions.

From these sources, ICE gained access todrivers license datafor 3 in 4 adults living in the United States, and scanned a third of the license photos withfacial recognitiontechnology. ICE is also able to view over 218 millionutility customers recordsacross the country, including for over half of Californias residents.

This surveillance network has unsurprisingly hit immigrant communities hardest. The agency has targeted immigrants for deportation by cruelly exploiting their trust in public institutions, such as when undocumented people apply for adrivers licenseor sign up for essentialutilitieslike water and electricity.

These practices point to an agency that has clearly overstepped its boundaries. ICE does not have the congressional authority to do this kind of bulk data collection on the public. This overreach underscores the need to shift U.S. immigration law away from the deportation-driven status quo.

Unfortunately, this ICE program isnt an isolated case. Its part of a broader domestic surveillance apparatus that spans decades and multiple federal agencies including theFBI, CIA, and NSA and ultimately impacts all of us.

During the 1960s and 70s,federal agencies spied on anti-Vietnam War protesters and civil rights leaders. More recently, in 2013 whistleblower Edward Snowden revealed that the National Security Agency created a massive surveillance program thatsecretly gathered telephone recordson millions of Americans, regardless of whether they were suspected of any wrongdoing.

And this February, newly declassifieddocumentsexposed the CIAs ownsecret bulk data collection programto spy on Americans. The type of data remains classified, but Senators Ron Wyden (D-OR) and Martin Heinrich (D-NM) havecalledfor greater transparency on the agencys surveillance of Americans.

We should all be alarmed by this growing domestic surveillance state. Left unchecked, it corrodes public trust in our democratic institutions and undermines our civil liberties, most notably the embattled right to privacy.

The history of government surveillance demonstrates that we can never take this right for granted.

Farrah Hassen, J.D., is a writer, policy analyst, and adjunct professor in the Department of Political Science at Cal Poly Pomona.

Like Loading...

Excerpt from:
ICE Probably Spied on You - Scheerpost.com

Lucknow: TheYogi Adityanath government in Uttar Pradesh has decided to take action on illegal parking stands. CM Yogi Adityanath has ordered the removal of all illegal parking stands from the entire state in 48 hours during a review meeting on road safety. At the same time, CM Yogi has also ordered to put gangsters on the operator who did not remove the illegal parking stand and confiscate the property. CM Yogi Adityanath made it clear that roadside restaurantson the highway without parking will also have to be closed.

CM Yogi ordered to earmark the location for street vendors so that there are no shops on the roads. He said speed breakers should not be made 'waist breakers'. Wherever standard reverse speed breakers have been made in the state, they should be removed. CM Yogi said that 'waist breaker' speed breakers can be fatal for sick people and pregnant women. Only tabletop speed breakers should be made. He said that do not let anyone of mafia tendency get involved with any contract-lease. If a single mafia joins, his entire gang will create a base of illegal activities.

In a stern tone, CM Yogi said that breaks the back of every mafia. He said to remove illegal roadside restaurants with inadequate parking from the roadside. The roads connected to highways, expressways, PWD, urban development or any other department should also eliminate illegal encroachments.

Ajay Kothiyal, CM face of AAP in Uttarakhand, resigned from the party

Congress to now preparing for new 'camp' after Chintan Shivir, will brainstorm again in June

Farmers movement started on Mohali-Chandigarh border, Bhagwant Mann arrived to talk.

Visit link:
NSA to be imposed on those who do not remove illegal parking stands, property will be confiscated - News Track English