InfoSec News

DoD

U.S. Army Cyber Command releases the DoD Identity Awareness and Protection Management Guide

By

 

By William Knowles @c4i
Senior Editor
InfoSec News
August 1, 2019

U.S. Army Cyber Command has posted the DoD Identity Awareness and Protection Management Guide for easy downloading.

The Identity Awareness, Protection, and Management (IAPM) Guide is a comprehensive resource to help you protect your privacy and secure your identity data online.

The IAPM Guide is divided into two-page chapters detailing key privacy considerations on the most popular online services, mobile apps, and consumer devices available in the market today. Each chapter provides you with tools, recommendations, and step-by-step guides to implement settings that maximize your security. The guide is updated twice a year, in March and September.

While some of the chapters in the IAPM Guide deal with technical issues, they do not require a technical background to follow.

The US Department of Defense creates this guide as a public service and hopes this guide will help readers keep their identities private and secure.

NSA Cybersecurity Advisory: Patch Remote Desktop Services on Legacy Versions of Windows

By

FORT MEADE, Md., June 4, 2019 —

The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats. Recent warnings by Microsoft stressed the importance of installing patches to address a protocol vulnerability in older versions of Windows. Microsoft has warned that this flaw is potentially “wormable,” meaning it could spread without user interaction across the internet. We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.

CVE-2019-0708, dubbed “BlueKeep,” is a vulnerability in the Remote Desktop (RDP) protocol. It is present in Windows 7, Windows XP, Server 2003 and 2008, and although Microsoft has issued a patch, potentially millions of machines are still vulnerable.

This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability. For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation code is widely available for this vulnerability. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.

NSA urges everyone to invest the time and resources to know your network and run supported operating systems with the latest patches. Please refer to our advisory for additional information. This is critical not just for NSA’s protection of National Security Systems but for all networks. In order to increase resilience against this threat while large networks patch and upgrade, there are additional measures that can be taken:

  • Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection.
  • Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.
  • Disable remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.

Someone repeatedly compromised NASA servers

By

By William Knowles @c4i
Senior Editor
InfoSec News
December 19, 2018

 

This isn’t going to improve NASA’s FISMA scorecard rating for 2018.

On Tuesday, December 18, 2018. Bob Gibbs, Assistant Administrator, Office of the Chief Human Capital Officer sent an agency-wide message to the 17,000+ NASA employees, according to SpaceRef which posted the memo on their site.

On Oct. 23, 2018, NASA cybersecurity personnel began investigating a possible compromise of NASA servers where personally identifiable information (PII) was stored. After initial analysis, NASA determined that information from one of the servers containing Social Security numbers and other PII data of current and former NASA employees may have been compromised.

Upon discovery of the incidents, NASA cybersecurity personnel took immediate action to secure the servers and the data contained within. NASA and its Federal cybersecurity partners are continuing to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals. This process will take time. The ongoing investigation is a top agency priority, with senior leadership actively involved. NASA does not believe that any Agency missions were jeopardized by the cyber incidents.

NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018, may have been affected.

NASA employees should be counting their lucky stars that this doesn’t happen more often, In 2016 NASA’s Office of Inspector General found that NASA lacks a mature cyber program, earning a score of 27 out of 100 under the Office of Management and Budget’s and DHS’ five-step maturity model.

In the 2017 Federal Information Security Modernization Act: Fiscal Year 2017 Evaluation of NASA came to the conclusion that…

Despite progress made to address previously identified weaknesses related to its cybersecurity program, we concluded that NASA, based on the results of our current review, has not implemented an effective information technology security program. Further, without implementing additional improvements to ensure that NIST requirements are implemented, the Agency may lose ground in its efforts to address the challenges in a rapidly evolving cybersecurity landscape. To strengthen its information security program, we believe the Agency should continue its initiatives in each of the seven IG FISMA domains.

  1. Risk Management. Strengthen the enterprise architecture risk management framework by closing the gap between mission systems and inventory, and complete the transition to RISCS.
  2. Configuration Management. Augment secure configuration settings, improve hardware and software asset management, and remediate configuration-related vulnerabilities including unsupported operating systems.
  3. Identity and Access Management. Increase the use of PIV authentication for unprivileged users.
  4. Security Training. Complete applicable role-based training for personnel with significant security responsibilities.
  5. Continuous Monitoring. Develop a comprehensive continuous monitoring strategy for automatic hardware and software inventory detection and data exfiltration defense capabilities.
  6. Incident Response. Bridge the gap between reactive and proactive intelligence gathering and analysis techniques.
  7. Contingency Planning.

Finally, we are concerned that many recommended corrective actions from prior FISMA and other IT-related reviews remain open after more than a year. We urge a renewed Agency commitment to addressing our previous recommendations given the constant and growing cybersecurity threats. Although this memorandum made no specific recommendations to NASA, management provided a brief response that is reproduced in Enclosure V. Technical comments provided by management have been incorporated, as appropriate.

Sadly, Its easier to blame this all on aliens.

The DoD Cybersecurity Policy Chart

By

By William Knowles @c4i
Senior Editor
InfoSec News
November 11, 2018
Updated January 8, 2019

The goal of the DoD Cybersecurity Policy Chart, developed by the Cyber Security and Information Systems Information Analysis Center (CSIAC) is to capture the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme. The use of color, fonts, and hyperlinks are all designed to provide additional assistance to cybersecurity professionals navigating their way through policy issues in order to defend their networks, systems, and data.

At the bottom center of the chart is a legend that identifies the originator of each policy by a color-coding scheme. On the right-hand side of the Cybersecurity Policy Chart, there are boxes, which identify key legal authorities, federal/national level Cybersecurity policies, and operational and subordinate level documents that provide details on defending the DoD Information Network (DoDIN) and its assets. Links to these documents can be found in the Chart.

Click on the image above to download an interactive copy of .pdf of the DoD Cybersecurity Policy Chart, The chart was last updated on January 7, 2019. View the changelog here.

Malware Scam Uses NSA/CSS Seal

By

 

National Security Agency Seal

By William Knowles @c4i
Senior Editor
InfoSec News
September 29, 2014

For an agency that for the longest time used to be known as No Such Agency, now thanks to Edward Snowden it’s on center stage for everyone including malware writers.

The NSA Public Affairs Office is alerting the public of a scam that uses the NSA/CSS seals and banner. Victims of this malware scam report that a pop-up or a locked Internet browser alerts them that they have violated the law and/or are being monitored. Depending on where they are in the world, the latter part is likely true.

The malware scammer may also request that victims pay a fine. This activity and the associated alerts have no affiliation to the federal government, NSA included, and no money should be paid to the scammers.

Victims should consult a computer professional on how to address the computer infection. Victims may also contact the Internet Crime and Complaint Center, a partnership between the FBI and the National White Collar Crime Center that accepts Internet-related criminal complaints.

The NSA recommends users looking for more information on malware to review the NIST Guide to Malware Incident Prevention and Handling.