InfoSec

U.S. Army Cyber Command releases the DoD Identity Awareness and Protection Management Guide

August 1, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
August 1, 2019

U.S. Army Cyber Command has posted the DoD Identity Awareness and Protection Management Guide for easy downloading.

The Identity Awareness, Protection, and Management (IAPM) Guide is a comprehensive resource to help you protect your privacy and secure your identity data online.

The IAPM Guide is divided into two-page chapters detailing key privacy considerations on the most popular online services, mobile apps, and consumer devices available in the market today. Each chapter provides you with tools, recommendations, and step-by-step guides to implement settings that maximize your security. The guide is updated twice a year, in March and September.

While some of the chapters in the IAPM Guide deal with technical issues, they do not require a technical background to follow.

The US Department of Defense creates this guide as a public service and hopes this guide will help readers keep their identities private and secure.

Riviera Beach Florida City Council Agrees to Pay Cybercriminals Nearly $600K Malware Ransom

June 20, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
June 20, 2019

Riviera Beach Florida just became the newest member of a club no city or local government hopes to join. Taking only a few minutes and by a unanimous vote of 5-0 on Monday night the board authorized Riviera Beach’s insurer to pay 65 bitcoins valued at approximately $592K USD. Paying off a malware ransom that has crippled all of the city’s information technology infrastructure since May 29th after someone in the police department clicked on a malicious email.

But unlike the 2000 action flick Proof of Life, there’s no guarantee paying the ransom will unlock the affected computer network and all the encrypted files, and while its 2019, Its not likely Cyber-Insurance companies have former 22nd SAS and 75th Ranger Battalion types running around the world with machine guns blazing for a successful hostage rescue of a malware-infected network.

The council held a special meeting earlier in June to authorize $941,000 for 310 new desktop and 90 laptop computers and other hardware. Much of the existing hardware was a half-dozen-years old and vulnerable to another malware attack, so it was time to replace it anyway, Riviera Beach Councilwoman Julie Botel said.

In a 2016 survey, CIO’s for local governments across the country said more than a third of them were using outdated technology, making them more vulnerable to attacks. Riviera Beach will also spend an additional $25,000 coming out of their budget, to cover its insurance policy deductible.

With rising deficits and pension obligations, its understandable how a city like Riviera Beach or Baltimore Maryland can be compromised so easily when there isn’t the budget to hire a full-time information security professional and institute security awareness training for topics like not clicking on shit or scanning random QR codes.

Chad Loder, Founder & CEO of security awareness training firm Habitu8 posted on Twitter recently.

I’m astounded that some companies still purchase the cheapest security awareness training content “to save money”, but will put 2,000 employees each through an hour of terrible training.

You’re not saving money – you’re wasting it.

Chad Loder (@chadloder) – 19 Jun 2019

Cities across the United States and around the world will now have to decide, what is cheaper? hiring a full-time security professional, a part-time person, a managed service provider, or just paying the ransom and hope the files recover completely. However, hope is not a strategy.

With additional reporting from The Palm Beach Post

NSA Cybersecurity Advisory: Patch Remote Desktop Services on Legacy Versions of Windows

June 5, 2019 By William Knowles

FORT MEADE, Md., June 4, 2019 —

The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats. Recent warnings by Microsoft stressed the importance of installing patches to address a protocol vulnerability in older versions of Windows. Microsoft has warned that this flaw is potentially “wormable,” meaning it could spread without user interaction across the internet. We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.

CVE-2019-0708, dubbed “BlueKeep,” is a vulnerability in the Remote Desktop (RDP) protocol. It is present in Windows 7, Windows XP, Server 2003 and 2008, and although Microsoft has issued a patch, potentially millions of machines are still vulnerable.

This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability. For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation code is widely available for this vulnerability. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.

NSA urges everyone to invest the time and resources to know your network and run supported operating systems with the latest patches. Please refer to our advisory for additional information. This is critical not just for NSA’s protection of National Security Systems but for all networks. In order to increase resilience against this threat while large networks patch and upgrade, there are additional measures that can be taken:

Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection.
Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.
Disable remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.

The Weather Channel compromised by Malware Attack Trevor

April 19, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
April 19, 2019

The Weather Channel’s normally quiet morning broadcast was suspended for a brief time on Thursday after what it said was a “malicious software attack on the network.”

America’s Morning Headquarters – “AMHQ” the Weather Channel’s morning show, was unable to air at 6 a.m. The Weather Channel showed “Heavy Rescue: 401” until 7:39 a.m. when “AMHQ” was back on the air.

“We experienced issues with this morning’s live broadcast following a malicious software attack on the network,” the Weather Channel said in a statement. “We were able to restore live programming quickly through backup mechanisms. Federal law enforcement is actively investigating the issue. We apologize for any inconvenience to viewers as we work to resolve the matter.”

pic.twitter.com/ovSgrgHxXY

— The Weather Channel (@weatherchannel) April 18, 2019

“The Weather Channel, sadly, has been the victim of a malicious software attack today,” said The Weather Channel anchor Jim Cantore. “Yes, and it has affected our ability to bring you your weather information,” added anchor Stephanie Abrams. “So we just wanted to say thank you again for your patience and we want to get right to today’s severe weather.”

The Weather Channel tweeted “We are experiencing technical difficulties with our live broadcast. We apologize for any inconvenience while we resolve this issue. We appreciate your patience.” — The Weather Channel (@weatherchannel) April 18, 2019

It’s too early to know if this was a targeted attack and what the vector was to upload malware to The Weather Channel. It could have been as simple as phishing the Weather Channel employees with a salacious email like “Reed Timmer and Ginger Zee vacation photos” but it was obvious The Weather Channel had learned inexpensive lessons about making regular backups and keeping copies offline to prevent future compromises like the $300 million ransomware attack on the Maersk Group.

Citrix compromised by international cybercriminals

March 11, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
March 11, 2019

Late last week, Citrix announced in a statement by Chief Security and Information Officer, Stan Black that they were hit by hackers in attacks that potentially exposed terabytes of customer data and potentially internal Citrix corporate secrets.

“On March 6, 2019, the FBI contacted Citrix to advise they had reason to believe that international cybercriminals gained access to the internal Citrix network.”

“Citrix has taken action to contain this incident. We commenced a forensic investigation; engaged a leading cybersecurity firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI.”

“Citrix is moving as quickly as possible, with the understanding that these investigations are complex, dynamic and require time to conduct properly. In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information.”

“While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded business documents. The specific documents that may have been accessed, however, are currently unknown. At this time, there is no indication that the security of any Citrix product or service was compromised.”