• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

InfoSec News

  • Home
  • Subscribe
  • Contact Us
  • Advertising
  • Privacy
  • About

DoD

Someone repeatedly compromised NASA servers

December 19, 2018 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
December 19, 2018

 

This isn’t going to improve NASA’s FISMA scorecard rating for 2018.

On Tuesday, December 18, 2018. Bob Gibbs, Assistant Administrator, Office of the Chief Human Capital Officer sent an agency-wide message to the 17,000+ NASA employees, according to SpaceRef which posted the memo on their site.

On Oct. 23, 2018, NASA cybersecurity personnel began investigating a possible compromise of NASA servers where personally identifiable information (PII) was stored. After initial analysis, NASA determined that information from one of the servers containing Social Security numbers and other PII data of current and former NASA employees may have been compromised.

Upon discovery of the incidents, NASA cybersecurity personnel took immediate action to secure the servers and the data contained within. NASA and its Federal cybersecurity partners are continuing to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals. This process will take time. The ongoing investigation is a top agency priority, with senior leadership actively involved. NASA does not believe that any Agency missions were jeopardized by the cyber incidents.

NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018, may have been affected.

NASA employees should be counting their lucky stars that this doesn’t happen more often, In 2016 NASA’s Office of Inspector General found that NASA lacks a mature cyber program, earning a score of 27 out of 100 under the Office of Management and Budget’s and DHS’ five-step maturity model.

In the 2017 Federal Information Security Modernization Act: Fiscal Year 2017 Evaluation of NASA came to the conclusion that…

Despite progress made to address previously identified weaknesses related to its cybersecurity program, we concluded that NASA, based on the results of our current review, has not implemented an effective information technology security program. Further, without implementing additional improvements to ensure that NIST requirements are implemented, the Agency may lose ground in its efforts to address the challenges in a rapidly evolving cybersecurity landscape. To strengthen its information security program, we believe the Agency should continue its initiatives in each of the seven IG FISMA domains.

  1. Risk Management. Strengthen the enterprise architecture risk management framework by closing the gap between mission systems and inventory, and complete the transition to RISCS.
  2. Configuration Management. Augment secure configuration settings, improve hardware and software asset management, and remediate configuration-related vulnerabilities including unsupported operating systems.
  3. Identity and Access Management. Increase the use of PIV authentication for unprivileged users.
  4. Security Training. Complete applicable role-based training for personnel with significant security responsibilities.
  5. Continuous Monitoring. Develop a comprehensive continuous monitoring strategy for automatic hardware and software inventory detection and data exfiltration defense capabilities.
  6. Incident Response. Bridge the gap between reactive and proactive intelligence gathering and analysis techniques.
  7. Contingency Planning.

Finally, we are concerned that many recommended corrective actions from prior FISMA and other IT-related reviews remain open after more than a year. We urge a renewed Agency commitment to addressing our previous recommendations given the constant and growing cybersecurity threats. Although this memorandum made no specific recommendations to NASA, management provided a brief response that is reproduced in Enclosure V. Technical comments provided by management have been incorporated, as appropriate.

Sadly, Its easier to blame this all on aliens.

Filed Under: News Tagged With: China, Cyber Crime, Cybercrime, cybersecurity, DoD, Espionage, FBI, FISMA, Hacker, Hackers, Hacking, InfoSec, InfoSecNews, NASA, OIG, PII, SSN

The DoD Cybersecurity Policy Chart

November 11, 2018 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
November 11, 2018
Updated January 8, 2019

The goal of the DoD Cybersecurity Policy Chart, developed by the Cyber Security and Information Systems Information Analysis Center (CSIAC) is to capture the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme. The use of color, fonts, and hyperlinks are all designed to provide additional assistance to cybersecurity professionals navigating their way through policy issues in order to defend their networks, systems, and data.

At the bottom center of the chart is a legend that identifies the originator of each policy by a color-coding scheme. On the right-hand side of the Cybersecurity Policy Chart, there are boxes, which identify key legal authorities, federal/national level Cybersecurity policies, and operational and subordinate level documents that provide details on defending the DoD Information Network (DoDIN) and its assets. Links to these documents can be found in the Chart.

Click on the image above to download an interactive copy of .pdf of the DoD Cybersecurity Policy Chart, The chart was last updated on January 7, 2019. View the changelog here.

Filed Under: News Tagged With: Cryptography, Cybercrime, cybersecurity, Data Breach, DDoS, DoD, DoDIN, Encryption, Espionage, Hackers, Hacking, InfoSec, InfoSecNews, NSA, Passwords, Security

Malware Scam Uses NSA/CSS Seal

July 26, 2018 By William Knowles

 

National Security Agency Seal

By William Knowles @c4i
Senior Editor
InfoSec News
September 29, 2014

For an agency that for the longest time used to be known as No Such Agency, now thanks to Edward Snowden it’s on center stage for everyone including malware writers.

The NSA Public Affairs Office is alerting the public of a scam that uses the NSA/CSS seals and banner. Victims of this malware scam report that a pop-up or a locked Internet browser alerts them that they have violated the law and/or are being monitored. Depending on where they are in the world, the latter part is likely true.

The malware scammer may also request that victims pay a fine. This activity and the associated alerts have no affiliation to the federal government, NSA included, and no money should be paid to the scammers.

Victims should consult a computer professional on how to address the computer infection. Victims may also contact the Internet Crime and Complaint Center, a partnership between the FBI and the National White Collar Crime Center that accepts Internet-related criminal complaints.

The NSA recommends users looking for more information on malware to review the NIST Guide to Malware Incident Prevention and Handling.

 

Filed Under: News Tagged With: AntIvirus, Citizenfour, Cybercrime, DoD, Edward Snowden, FBI, IC3, InfoSec, Malware, NIST800, NSA, NSA/CSS, Security, Wolfking Awesomefox

DoD 8570 InfoSec Training and Compliance Vendors Vulnerable to XSS

July 26, 2018 By William Knowles

CVC8

By William Knowles @c4i
Senior Editor
InfoSec News
July 1, 2014

XSSposed (XSS exposed) is reporting that the Web sites of both the InfoSec Institute and the EC-Council are vulnerable to a Cross-site scripting (XSS) attack.

Cross-Site Scripting (XSS) inserts specially crafted data into existing applications through Web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a modification to a browser script, to a different end user. XSS attacks often lead to a bypass of access controls, unauthorized access, and disclosure of privileged or confidential information. Cross-site scripting attacks are listed as the number three vulnerability on the OWASP Top 10 list for 2013.

According to XSSposed, the InfoSec Institute has not one, two, three, four, five, six, but SEVEN XSS vulnerabilities discovered this week.

This most recent XSS vulnerability to the EC-Council is to their portal page where their customers sign in. This is not the only XSS vulnerability to their site, The Hacker News reported one back in 2011 and Rafay Baloch and Deepanker Arora discovered another in 2013.

In a previous Web defacement statement, the “EC-Council takes the privacy and confidentiality of their customers very seriously.” Regardless, the EC-Council Web site was compromised three times during a single week in February 2014. Since the breach, EC Council has neither confirmed nor denied allegations that the attacker exfiltrated thousands of passports, drivers. licenses, government, and military Common Access Cards (CAC).

It seems neither organization is practicing what they preach for thousands of taxpayer’s dollars training the next generation of cyber warriors.

A (supposedly) expert team of information security instructors founded the InfoSec Institute in 1998. Their goal was to build a business by offering the best possible training experience for students.’ ‘InfoSec Institute deeply understands the needs of today’s IT professionals and is best positioned to offer world-class training.

The EC-Council is an Albuquerque New Mexico based organization that offers security professionals a reasonably inexpensive certificate among other security certificates to be compliant with Department of Defense standard 8570.

 

Photo by Richard Termine Photography

Filed Under: News Tagged With: CAC, CEH, Citizenfour, cybersecurity, DoD, DoD 8570, EC-Council, Hacking, InfoSec, InfoSec Institute, Jack Koziol, Jay Bavisi, Security, Wolfking Awesomefox, XSS, XSS attack, XSSposed

For EC-Council, Mum’s the word

July 25, 2018 By William Knowles

Ninja Hacker

By William Knowles @c4i
Senior Editor
InfoSec News
March 12, 2013

We have been following the compromise, Web defacement, and subsequent silence of EC-Council for a couple of weeks now. On February 22nd the Albuquerque, NM-based EC-Council Web site was broken into and defaced three separate times.  If you hold a certification from EC-Council your confidential information is rumored to have been stolen during this period.

After the EC-Council administrators wrested back control of their site the first time, a known password was used to deface the Web site again. The second defacement showed the mail from Edward Snowden’s Yokota Air Base email address requesting an exam code, along with a copy of his U.S. Passport and a letter signed by John A. Niescier, an Information Security Officer with the Department of Defense Special Representative, Japan.

All told, the website was compromised three times in a single week.

Conspiracy rumors abound about who attacked the EC-Council Web site. Foreign training companies, Secret Squirrels, The Chinese, The Russians, Non-state actors were all considered possible suspects. However, the folks at r000t’s blag did some digging and their conclusions provide pretty damning evidence identifying the likely culprit.

Since the attack, EC-Council has kept a very low profile, InfoSec News has reached out several times to Founder Jay Bavisi for a comment, but the attempts have fallen on deaf ears. Now nearly three weeks later, the EC-Council finally commented on the attack.

InfoSec News asked Mark Bernheimer, Former CNN correspondent and founder of MediaWorks Resource Group, a media training and consulting firm, for his insight into what the EC-Council should be doing.

“If there’s even an appearance that a Web site has been hacked, particularly a security company’s site, the only way to manage the crisis is to address the issue candidly and immediately.”

“Once a website has been hacked, and user data potentially compromised, it is too late to change that reality. The company can only manage the crisis through a careful, responsive public relations strategy. Ignoring inquiries isn’t the ideal approach.”

“A data breach –or even the perception of a data breach– demands an immediate, proactive PR strategy on the part of the victimized company. Get all the bad news out immediately, rather than encouraging rumor and speculation. This is the approach Target undertook after it suffered its own breach late last year.”

Brian Klug via Compfight

Filed Under: News Tagged With: CEH, Citizenfour, Cyber Crime, cybersecurity, DFIR, DoD, EC-Council, Edward Snowden, Espionage, FBI, Hacker, Hacking, InfoSec, Jay Bavisi, NSA, OPSEC, OSINT, Public Relations, SnowdenWatch, Wolfking Awesomefox

Primary Sidebar

Latest Tweets from InfoSec News

Tweets by @InfoSecNews_

Popular Tags

3G CEH China Citizenfour Code Talkers Connected Cars Crypto Cryptography Cyber Crime Cybercrime cybersecurity Data Breach DDoS DoD EC-Council Edward Snowden Encryption Espionage FBI FISMA Google Google Glass Hacker Hackers Hacking InfoSec InfoSecNews Jay Bavisi Malware NSA OPSEC Passwords PCI PII Security SSN SyScan360 Tesla TSLA USMC Wolfking Awesomefox WWII XSS XSS attack XSSposed

Upcoming Events

  1. CypherCon 4.0 (2019)

    April 11 - April 12
  2. FinTech Exchange 2019

    May 9
  3. DerbyCon 9.0 – Training and Conference

    September 18 - September 20

View All Events

Archives

  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • August 2018
  • July 2018

Copyright © 2019 · InfoSec News · Log in