Jeremy Dallman

https://lnkd.in/ePufpVtQ "The guidelines emphasize a range of steps, including understanding the dependencies of AI vendors that operators might be working with and inventorying AI use cases. They also encourage critical infrastructure owners to create procedures for reporting AI security risks and continually testing AI systems for vulnerabilities." Cybersecurity and Infrastructure Security Agency #AI #ArtificialIntelligence #Cybersecurity

1

Cloaked and covert... "Investigations into more recent operations in 2023 following fixes from the vendors involved in the investigation have corroborated Mandiant's initial observations that the actor operates in a sophisticated, cautious, and evasive nature. Mandiant has observed that UNC3886 employed several layers of organized persistence for redundancy to maintain access to compromised environments over time. Persistence mechanisms encompassed network devices, hypervisors, and virtual machines, ensuring alternative channels remain available even if the primary layer is detected and eliminated. This blog post discusses UNC3886's intrusion path and subsequent actions that were performed in the environments after compromising the guest virtual machines to achieve access to the critical systems, including: The use of publicly available rootkits for long-term persistence Deployment of malware that leveraged trusted third-party services for command and control (C2 or C&C) Subverting access and collecting credentials with Secure Shell (SSH) backdoors Extracting credentials from TACACS+ authentication using custom malware"

2

The countdown is on! 🕒 Heading to the Cybersecurity and Privacy Professionals Conference on May 1–3 in Minneapolis. Ready to dive into dynamic discussions with industry leaders and peers about safeguarding higher education institutions. Don't let this opportunity pass – register now!  https://lnkd.in/dT9Fq8Jq #CybersecPrivacy24

68

5 Comments

With an increase in consumer banking done online post-pandemic, and the current geopolitical situation, it’s important for the Public and Private sectors to share threat intelligence to stop bad actors and Secure the Internet.

5

With vulnerabilities being exploited faster than ever, staying ahead of threats has become crucial. That’s where Horizon3.ai's Rapid Response service steps in! It's designed to alert you when your organization is at risk, allowing you to swiftly tackle N-day and zero-day vulnerabilities. Want to see how it works? Visit our site to learn how we can help you find, fix, and verify vulnerabilities before they're exploited — or come see the team at #RSAC2024 booth 4505 N!

1

Had an incredible experience today supporting the ITDRC team at a CISA/FEMA/DoHS preparedness workshop in Denver. If you're interested in joining me and volunteering your expertise during times of crisis, check out https://lnkd.in/dYVhMReM. By leveraging your IT experience and joining a team of skilled professionals, you can make a dramatic immediate difference for hundreds or thousands of people during a crisis by getting communities reconnected and providing first responders with the critical infrastructure needed to support their missions. There are many roles available from networking to logistics, planning and coordination, so even if you can't deploy on site for a disaster, there are still ways to help. And the more volunteers there are, the more flexible we can be in our response. In terms of what you can expect to get out of it, satisfaction from helping your fellow citizens, hands-on exposure to a variety of current comms technologies, experience operating in crisis modes, and exposure to a wide range of corporate, NGO and governmental agencies are all likely outcomes. So if you're looking for a way to make a difference during a crisis, please reach out to me or sign up directly at https://lnkd.in/dYVhMReM. Let's work together to provide our biggest impact when our communities need us the most. #volunteer #IT #disasterresponse #communityimpact #ITDRC

21

3 Comments

Excellent work here. The indictment offers good insight into the LockBit operation from law enforcement's perspective. https://lnkd.in/gy9AcPFW

35

Overcoming Common Data Security Challenges: By Claude Mandy, Chief Evangelist at Symmetry Systems Organizations depend on data to operate. From day-to-day operations to strategic decisions, data is what keeps an organization ticking. As digital transformation […] The post Overcoming Common Data Security Challenges appeared first on Cyber Defense Magazine. https://lnkd.in/g-f533Ka

1

1 Comment

💡 Do I need to report PKI maturity level? Reporting your PKI maturity level isn’t just a checkbox! 🛠️ While not mandated by the PKI Consortium, documenting your PKI maturity level can: 📈 Highlight your current PKI status to stakeholders 🚀 Pinpoint key areas for improvement 📊 Track progress over time effectively Depending on your organization's needs, regulatory requirements, or improvement goals, reporting might be essential. Learn more about PKI Maturity Model: https://pkic.org/pkimm/ #pki #pkimm #pkic #maturity #improvement #assessment #benchmark #guidance PKI Consortium Paul van Brouwershaven Leigh Bailey

9

1 Comment

Yet another report from Forescout Research - Vedere Labs. This time we looked into exploited vulnerabilities, the catalogues available and the impacted devices! Have a read. https://lnkd.in/griGMznV

17

The Digital Forensic Research Lab (DFRLab) at the Atlantic Council released a report last week that shows a correlation between funding for maintainers and better security practices in open-source projects. (link to original report in comments) The report found that open-source projects with funding have better security practices in place. This may not come as a surprise to some and the authors: Sara Ann Brackett, John Speed Meyers, and Stewart Scott state "This study presents prima facie evidence of a positive effect of general open source software funding on open source software security.” The report's statistical and quantitative evidence suggests that more funding positively correlates with better compliance with several, though not all, security practices. It also found that a greater number of unique sources of open-source funding for a given project correspond to a project with better security practices. Lauren Hanford, VP of Product at Tidelift, discusses the findings and muses on the next phase of questions to ask. #opensource #security #funding

6

3 Comments

API keys are essential to connect applications, services, or data lakes together. Yet, they can also be a security risk. Imagine Alice sets up an API key to give her team or a vendor access to sensitive data—many times these keys are long-lived and often shared across different workloads. If the group uses federation, actions taken by Alice or others occur using a shared credential/role in the environment. This means logs would only show the credential conducting that activity, which again, gets shared with others who have access to the role. Alice's coworker, Bob, has their legitimate cloud credentials compromised. The threat actor uses Bob's credentials to federate into a shared credential/role in the environment. The threat actor exploits native features/functions of the cloud to appear as Bob, thereby blending their activity in to avoid detection. Most security teams today won't spot Bob's impersonator fast enough or at all. Trying to make sense of cloud logs is a real challenge, especially when it's happening in real-time. It can take hours or even days to piece together what happened. And by then, detection and response are delayed and the damage might already be done. What can you do? Security teams can start by keeping a detailed record of all identities, keys, tokens, certificates, and credentials they've provisioned and used, services accounts they have access to, what roles they assume. Then, security teams can set up what's considered "normal" access and behavior. Once the team understands “normal” behavior, they can develop rules and alerts from logs to try to detect and respond to access and behavioral anomalies. At Permiso, we have developed an identity-centric approach to cloud threat detection and response. Our solution can help security teams detect and respond to access and behavioral anomalies in the environments faster and with greater confidence from having the full session access and activity. Want to learn more? DM me or visit https://lnkd.in/gC4DUJ9j to learn about our approach to solving the challenge of detecting and responding to threats in and across IaaS, SaaS, CI-CD, IDP environments.

11

Coalfire (a respected QSAC) has published this excellent white paper on how HUMAN's Client-side Defense solution for PCI DSS 4.0, addresses requirements 6.4.3 and 11.6.1. Lean more about the "easy button" for protecting card holder data from third-party and nth party scripts. #payment #PCI #browsersecurity #cybersecurity #riskandcompliance #riskmanagement #compliance #ecommerce #retail https://lnkd.in/ehcbP-qN

18

For my students who are looking to get into penetration testing. Here is a maritime-related capture of the flag.

2

1 Comment

The collapse of support for the National Vulnerability Database has been a major risk for all of 2024. For all but the very largest organizations, it has been an unsolvable problem - private sector cannot reproduce the ongoing analysis provided by the teams supporting the National Vulnerability Database. Months ago, when the NVD turned critical, I recommended that all defense contractors add an item to their Plan of Action to track the temporary deficiency and risk. Remember that the NVD serves as a source for most of our vulnerability scanning engines. It can also be manually queried by cybersecurity teams to find vulnerabilities that are not scannable, such as firmware vulnerabilities, evaluating risk from proposed new software and systems, and systems that don't support credentialed scans. For example, our Kieri Compliance program includes a task to scan the weekly bulletins from the NVD to identify vulnerabilities in software and hardware that cannot be detected by system agents. Hopefully this update by Chris Hughes means we are on track for resolution in the next few months. But we should keep tracking it actively until the program is stable, and caught up, on new vulnerabilities, for several months. #CMMC Kieri Solutions - Authorized C3PAO

13

Cyber-Informed Engineering is the most important development in OT security since the term “OT security” was coined in 2005. This webinar is designed to introduce Cyber-Informed Engineering as a program and methodology. ➡️ https://lnkd.in/gmFBwc7Y I highly recommend if you joining if you work in OT security

46

1 Comment

There's a new cyberespionage campaign targeting government agencies in EMEA and Asia by a group called SneakyChef. They use lures that are scanned documents related to government affairs. This campaign uses a wider range of targets and infection techniques than previous ones. Stay vigilant and educate your colleagues about these threats! #cybersecurity #APT #governmentthreats https://lnkd.in/dM9qz5EM

18