Security News

D3FEND, a framework for cybersecurity professionals to tailor defenses against specific cyber threats is now available through MITRE. NSA funded MITRE's research for D3FEND to improve the cybersecurity of National Security Systems, the Department of Defense, and the Defense Industrial Base. The D3FEND technical knowledge base of defensive countermeasures for common offensive techniques is complementary to MITRE's ATT&CK, a knowledge base of cyber adversary behavior.

A critical security bug in Palo Alto Networks' Cortex XSOAR could allow remote attackers to run commands and automations in the Cortex XSOAR War Room and to take other actions on the platform, without having to log in. Found internally by Palo Alto, the bug is an improper-authorization vulnerability that "Enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API," according to the security vendor's Tuesday advisory.

A BlueVoyant report highlights critical vulnerabilities within the defense supply chain ecosystem. Cybersecurity gaps were identified in the subcontractors' security practices to garner a better understanding of the security posture of less visible members of the complex defense supply chain.

The mitigations applied to exorcise Spectre, the family of data-leaking processor vulnerabilities, from computers hinders performance enough that disabling protection for the sake of speed may be preferable for some. "Before Spectre mitigations, those system calls hardly slowed down userspace execution at all."

Dragos and the North American Electric Reliability Corporation's Electricity Information Sharing and Analysis Center have announced a joint initiative to strengthen collective defense and community-wide visibility for industrial cybersecurity in the North American electricity industry. The joint initiative enables E-ISAC analysts to gain greater visibility into industrial control system cyber threats facing the electric sector through Dragos's Neighborhood Keeper technology.

As more businesses move their critical data and cybersecurity defenses to the cloud and the volume of network traffic increases substantially, enterprise cybersecurity teams are rethinking their use of sandbox environments. It's becoming increasingly easier to avoid the sandbox as enterprises generally direct only a sampling of their traffic to the sandbox.

Put differently, shortcomings in malware mitigation software could not just permit unauthorized code to turn off their protection features, design flaws in Protected Folders solution provided by antivirus vendors could be abused by, say, ransomware to change the contents of files using an app that's provisioned write access to the folder and encrypt user data, or a wipeware to irrevocably destroy personal files of victims. To this end, the ransomware reads the files in the folders, encrypts them in memory, and copies them to the system clipboard, following which the ransomware launches Notepad to overwrite the folder contents with the clipboard data.

In light of the ransomware attacks hitting high-profile targets such as the Colonial Pipeline and JBS, the White House has issued an open letter to private sector companies, urging them to do their part to stymie the threat. The Federal Government is working with partners around the world to disrupt and deter ransomware actors, by making an effort to disrupt ransomware networks, working with international partners to hold countries that harbor ransomware actors accountable, developing policies towards ransom payments and enabling rapid tracing and interdiction of virtual currency proceeds, noted Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology.

Changes and advances in technology have prompted a revamp of the CIS Community Defense Model. The findings in v1.0 show that the CIS Controls - a prioritized and prescriptive set of Safeguards that mitigate the most common cyber-attacks against systems and networks - are effective at mitigating approximately 83% of all the ATT&CK Techniques, and more specifically 90% of the ransomware ATT&CK Techniques identified in the framework.

U.S. pipeline operators will be required for the first time to conduct a cybersecurity assessment under a Biden administration directive in response to the ransomware hack that disrupted gas supplies in several states this month. The Transportation Security Administration directive being issued Thursday will also mandate that the owners and operators of the nation's pipelines report any cyber incidents to the federal government and have a cybersecurity coordinator available at all times to work with authorities in the event of an attack like the one that shut down Colonial Pipeline.