Tag Archive for: publishes

CISA publishes plan for remote monitoring tools after nation-state, ransomware exploitation

/in


A collaboration between the U.S.’s cybersecurity defense agency and private companies published its first plan to address security issues with remote monitoring and management (RMM) tools on Wednesday.

RMM software is typically used by the IT departments of most large organizations around the world as a way to get remote access to a computer to help with software installations or other services needed by employees.

In recent years hackers have increasingly exploited these tools – particularly in government networks – as an easy way to circumvent security systems and establish longstanding access to victim networks. In January, for example, the U.S. Cybersecurity and Infrastructure Agency (CISA) and the National Security Agency said at least two federal civilian agencies were exploited by cybercriminals as part of a refund scam campaign perpetrated through the use of RMM software.

In an announcement Wednesday, CISA said it worked with industry partners as part of the Joint Cyber Defense Collaborative (JCDC) to create a “clear roadmap to advance security and resilience of the RMM ecosystem.”

Eric Goldstein, CISA executive assistant director for cybersecurity, said the organization worked with other U.S. agencies as well as RMM companies to develop a plan focusing on four main tasks: vulnerability information sharing, industry coordination, end-user education and advisory amplification.

“The collaboration established to develop this plan has already achieved several accomplishments for RMM stakeholders and ecosystem,” Goldstein said in a statement. “As the JCDC leads the execution of this plan, we are confident that this public-private collaboration in the RMM ecosystem will further reduce risk to our nation’s critical infrastructure.”

RMM software allows hackers to establish local user access without the need for higher administrative privileges, “effectively bypassing common software controls and risk management assumptions,” CISA and the NSA said in their January announcement.

The agencies warned that threat actors could sell access to an exploited victim to government-backed hacking groups – noting that both cybercriminals and nation-states use RMM…

Source…

Cyber engineering, computer science team publishes a paper and presents research on popular app vulnerabilities

/in


Hacking a safety app netted a Louisiana Tech University Computer Science graduate student a publishing credit, a trip to Hawaii, and the opportunity to present the research at an international conference.

Louisiana Tech Cyber Engineering alumnus and current MS Computer Science and CyberCorps ®: Scholarship for Service student Jonah Fitzgerald (‘22), along with fellow Cyber Engineering program alumni Thomas Mason (‘22) and Brian Mulhair (‘22), discovered a vulnerability in the Louisiana Department of Health COVID Defense contact tracing app that allows hackers to attack neighboring devices.

As seniors researching a paper assignment for Dr. William Bradley Glisson’s Computer Science 448/543, Cyber Engineering 404 “Reverse Engineering” class, the team discovered the symptoms history share feature of the app could be modified to send a malicious link via email, WIFI, and nearby share systems. The team was able to demonstrate two attacks using the link: They were able to harvest credentials by redirecting users to a fake page resembling the My.LA.Gov page and installing an Android app on the target phone to access all the information in that phone.

With additional guidance from Glisson, the team improved their results, presented the research to Glisson’s Cybersecurity Information Technology Exploration Research Group, and submitted the paper to the conference.

Fitzgerald then had the opportunity to travel to Ka’anapali Beach on the island of Maui to present the team’s findings at the 56th Hawaii International Conference on System Sciences “Internet and the Digital Economy” track and “Cybercrime” mini-track.

“I wanted to get involved with this research because I felt I could make a meaningful contribution to improving mobile app security and fighting the COVID-19 pandemic,” Fitzgerald said. “I feel that my Tech education in cyber engineering prepared me for success in solving these types of problems by rapidly learning new concepts like reverse engineering and tackling tough challenges in cybersecurity and computer science.”

Fitzgerald, who is continuing his graduate education with Louisiana Tech and is a member of the Louisiana Tech Research…

Source…

NSA Publishes Internet Protocol Version 6 (IPv6) Security Guidance

/in


The National Security Agency (NSA) published guidance today to help Department of Defense (DoD) and other system administrators identify and mitigate security issues associated with a transition to Internet Protocol version 6 (IPv6).

IPv6 Security Guidance” highlights how several security issues can surface in networks that are new to IPv6, or in early phases of the IPv6 transition. Networks new to IPv6 lack maturity in IPv6 configurations and tools, and dual-stacked networks, which run on IPv4 and IPv6 simultaneously, have an increased attack surface.

“The Department of Defense will incrementally transition from IPv4 to IPv6 over the next few years and many DoD networks will be dual-stacked,” said Neal Ziring, NSA Cybersecurity Technical Director. “It’s important that DoD system admins use this guidance to identify and mitigate potential security issues as they roll out IPv6 support in their networks.”

Read the full report here.

Read more at NSA

Source…

AV-Comparatives Publishes Latest Enterprise IT Security Test

/in


Servers stacked on top of each other and in the background, blurred recognizable, hands working on them

AV-Comparatives Business Security Test August-September 2022 – Factsheet

Graph shows interim results of the Business Security Test August-September 2022 – Factsheet for 18 products

AV-Comparatives Business Security Test August-September 2022 – Factsheet

Logo AV-Comparatives

Logo AV-Comparatives

Leading antivirus testing lab publishes the test results of the ongoing Enterprise Main Test Series for August and September 2022

Ransomware and phishing are currently the biggest cyber security threats to enterprises. This makes choosing the right endpoint protection software even more important.”

— Peter Stelzhammer, co-founder AV-Comparatives

INNSBRUCK, TYROL, AUSTRIA, October 17, 2022 /EINPresswire.com/ — Independent ISO-certified security software evaluation lab AV-Comparatives has released the latest test results from its Business Main-Test Series, which evaluates a range of antivirus products in enterprise environments. The published factsheet includes results from the ongoing Enterprise Main-Test Series, which includes Real-World Protection and Malware Protection tests for August and September 2022.

In business environments, it is common for products to be configured by the system administrator according to the vendors’ guides. For the Enterprise Main-Test Series, AV-Comparatives has invited all vendors to configure their respective products towards an enterprise-oriented environment. The applied settings are then used across all Enterprise Tests over the year. AV-Comparatives has listed all relevant deviations from default settings.

The following products were tested (at the time of testing with the currently available version) on Windows 10 64-bit systems:

Acronis Cyber Protect Cloud with Advanced Security Pack; Avast Ultimate Business Security; Bitdefender GravityZone Elite; Cisco Secure Endpoint Essentials; CrowdStrike Falcon Pro; Cybereason Enterprise; Elastic Security; ESET PROTECT Entry with ESET PROTECT Cloud; G Data Endpoint Protection Business; K7 On-Premises Enterprise Security Advanced; Kaspersky Endpoint Security for Business Select with KSC; Malwarebytes EDR; Microsoft Defender Antivirus with Microsoft Endpoint Manager; Sophos Intercept X Advanced; Trellix FireEye Endpoint Security; VIPRE Endpoint Protection…

Source…