Cybersecurity Saturday

From the cybersecurity policy front,

  • Cybersecurity Dive reported on December 13,
    • “The Senate confirmed Harry Coker Jr. as national cyber director Tuesday, ending a 10-month absence of a permanent leader in the role.
    • “The Navy veteran and executive director of the National Security Agency from 2017 to 2019, will lead the Office of the National Cyber Director and its team of about 100 employees after the Senate confirmed his nomination by a 59-40 vote.
    • “Coker joins the White House at a critical time, with the onus now on him to implement the national cybersecurity strategy that aims to shift the responsibility for security to technology manufacturers and vendors instead of customers.”
  • Bank Info Security explains,
    • “In a Friday advisory, CISA said it had performed the assessment in January at the request of a “large organization deploying on-premise software” that the agency did not identify.
    • “The risk and vulnerability assessment is a two-week penetration test of an entire organization. The first week is spent on external testing, and the second week focuses on assessing the internal network. The CISA team identified default credentials for multiple web interfaces and used default printer credentials while penetration testing. Other internal assessment testing found several other weaknesses.
    • “Based on its findings, the agency recommends healthcare and public health sector organizations ensure measures such as enhancing their internal environments to mitigate follow-on activity after initial access, using phishing-resistant multifactor authentication for all administrative access, and segregating networks. It also recommends verifying the implementation of those hardening measures, including changing, removing or deactivating all default credentials.
    • “CISA said its recommendations can apply to all critical infrastructure organizations as well as to software manufacturers.
    • “The agency said that as part of its assessment, its team had conducted web application, phishing, penetration, database and wireless assessments.”

From the cybersecurity vulnerability and breaches front,

  • Cybersecurity Dive reports,
    • “U.S. authorities warn that threat actors linked to the Russian Foreign Intelligence Service (SVR) are exploiting a critical vulnerability in JetBrains TeamCity software as part of a worldwide effort that could lead to extensive supply chain attacks.
    • “The FBI, National Security Agency, Cybersecurity and Infrastructure Security Agency, along with U.K. and Polish authorities, said Nobelium/Midnight Blizzard — a threat group linked to the 2020 Sunburst attacks against SolarWinds — has been targeting hundreds of unpatched TeamCity servers across the globe, which are widely used for software development. 
    • “The hackers have not yet launched supply chain attacks, but have used their initial access to escalate privileges, move laterally within systems and install malicious backdoors in preparation for larger attacks, authorities said.”
  • and
    • “CitrixBleed isn’t going away: Security experts struggle to control critical vulnerability. While officials echo urgent mitigation steps to contain the zero-day vulnerability, high-profile organizations continue to bear the impact.”
  • CISA added a known exploited vulnerability to its catalog on December 11.

From the ransomware front, Bleeping Computer’s Week in Ransomware is back this week.

From the cybersecurity defenses front,

  • CISA offers insights from its intensive risk assessment project discussed above under cybersecurity policy.
    • Here are the headlines:
      • “Use phishing-resistant multi-factor authentication (MFA) for all administrative access.
      • “Verify the implementation of appropriate hardening measures, and change, remove, or deactivate all default credentials.
      • “Implement network segregation controls.”
  • ISACA offers five things for various professionals to put on their 2024 to-do lists. Here are the five things for cybersecurity and privacy professionals. Check them out.
  • Security Boulevard discusses the next great line of defense, security as a code (SaC).
    • “Security as Code (SaC) is the practice of building and integrating security into tools and workflows by identifying places where security checks, tests, and gates may be included.”