CISA, NSA Issue New IAM Best Practice Guidelines

From securityintelligence.com

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released a new 31-page document outlining best practices for identity and access management (IAM) administrators.

As the industry increasingly moves towards cloud and hybrid computing environments, managing the complexities of digital identities can be challenging. Nonetheless, the importance of IAM cannot be overstated in today’s world, where data security is more critical than ever. Meanwhile, IAM itself can be a source of vulnerability if not implemented and managed effectively.

Read more…

New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids

From thehackernews.com

A new strain of malicious software that’s engineered to penetrate and disrupt critical systems in industrial environments has been unearthed.

Google-owned threat intelligence firm Mandiant dubbed the malware COSMICENERGY, adding it was uploaded to a public malware scanning utility in December 2021 by a submitter in Russia. There is no evidence that it has been put to use in the wild.

“The malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 (IEC-104) devices, such as remote terminal units (RTUs), that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia,” the company said.

COSMICENERGY is the latest addition to specialized malware like Stuxnet, Havex, Triton, IRONGATE, BlackEnergy2, Industroyer, and PIPEDREAM, which are capable of sabotaging critical systems and wreaking havoc.

Read more…

Zyxel Issues Critical Security Patches for Firewall and VPN Products

From thehackernews.com

Zyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be abused by remote attackers to achieve code execution.

Both the flaws – CVE-2023-33009 and CVE-2023-33010 – are buffer overflow vulnerabilities and are rated 9.8 out of 10 on the CVSS scoring system.

A brief description of the two issues is below –

  • CVE-2023-33009 – A buffer overflow vulnerability in the notification function that could enable an unauthenticated attacker to cause a denial-of-service (DoS) condition and remote code execution.
  • CVE-2023-33010 – A buffer overflow vulnerability in the ID processing function that could enable an unauthenticated attacker to cause a denial-of-service (DoS) condition and remote code execution.

Read more…

Microsoft 365 phishing attacks use encrypted RPMSG messages

From bleepingcomputer.com

Attackers are now using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways.

RPMSG files (also known as restricted permission message files) are encrypted email message attachments created using Microsoft’s Rights Management Services (RMS) and offer an extra layer of protection to sensitive info by restricting access to authorized recipients.

Read more…

Using DFIR Techniques To Recover From Infrastructure Outages

From isc.sans.edu

Recently, I was involved in a network outage caused by a defective pfSense firewall appliance. Due to storage issues (with the onboard flash), the firewall did not boot anymore. This can be quickly solved from a hardware point of view because this firewall model has a slot to install an M2-compatible flash device and boot from it. But, there was a problem with the configuration. The last backup they had was pretty old, and they made a lot of changes. No debate about the fact that a robust backup process should have been implemented. Let’s focus on the challenge of recovering the last configuration from the firewall. Challenge accepted!

First, I booted the firewall on an emergency USB stick and serial console access. First tip: always keep your console cables and emergency boot devices in a safe place. Once on the firewall, I tried to access the last configuration (stored as a big XML file) without luck. It was impossible to mount the corrupted filesystem. Because the file system was too big, it was impossible to take an image and store it on a USB key. Let’s dump it through the network! I manually configured a NIC to connect to a server and used our best friend: netcat!

Read more…

Microsoft rains more machine learning on Azure cloud

From theregister.com

Microsoft made sure to include Azure in the AI-fest that was the Build 2023 developer conference this week.

As enterprises consider experimenting with or deploying generative AI, they may well look to public clouds and similar scalable compute and storage infrastructure to run things like large-language models (LLMs).

Microsoft, armed with ChatGPT, GPT-4, and other OpenAI systems, has for months been shoving AI capabilities into every nook and cranny of its empire. Azure is no different – the OpenAI Service is an example – and after its Build conference, Redmond’s public cloud now has even more claimed offers.

High on the list is an expanded partnership with Nvidia, which itself is rushing to establish itself as the indispensable AI technology provider, from GPU accelerators to software. This week alone the chipmaker unveiled a host of partnerships, such as with Dell at Dell Technologies World and supercomputer makers at ISC23.

Read more…

Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances

From thehackernews.com

Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company’s Email Security Gateway (ESG) appliances.

The zero-day is being tracked as CVE-2023-2868 and has been described as a remote code injection vulnerability affecting versions 5.1.3.001 through 9.2.0.006.

The California-headquartered firm said the issue is rooted in a component that screens the attachments of incoming emails.

“The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives),” according to an advisory from the NIST’s national vulnerability database.

Read more…