A quick Saturday digest of cybersecurity news articles from other sources.
The Space Force Turns One
The newest branch of the U.S. armed services pitches its tent on a vast battlefield.
6 space missions to look forward to in 2021
From Martian rover landings to the launch of Hubble’s “successor,” here are some of the most exciting space missions pegged for next year.
The Contact Form 7 File Upload Vulnerability
Wordpress users – update this plugin now!
Contact Form 7, arguably the most widely used WordPress plugin, released a security patch for an unrestricted file upload vulnerability in all versions 5.3.1 and lower. The WordPress plugin directory lists 5+ million sites using Contact Form 7, but we estimate that it has at least 10 million installations.
One of the important features of Contact Form 7 is the ability to allow file uploads as a part of a form submission. While uploaded filenames are sanitized during the upload process, reviewing the patch indicates that an attacker could potentially bypass some of Contact Form 7’s filename sanitization protections when uploading files by adding control characters or invisible separators.
If you are using Contact Form 7 without the file upload functionality, your site is not vulnerable to attackers looking to exploit this vulnerability. However, we still recommend an immediate update to ensure your site is protected. Full article on Wordfence blog…
Recent SolarWinds MFA Bypass Attack Pushes the Limits
Excellent, long-time, tech reporter Dan Goodin reported in Ars Technica that the recent SolarWinds’ supply chain attack involved hackers bypassing a popular multi-factor authentication (MFA) solution.
CISA Releases CISA Insights and Creates Webpage on Ongoing APT Cyber Activity
Original release date: December 23, 2020
CISA is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat (APT) actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly used authentication mechanisms. If left unchecked, this threat actor has the resources, patience, and expertise to resist eviction from compromised networks and continue to hold affected organizations at risk.
In response to this threat, CISA has issued CISA Insights: What Every Leader Needs to Know About the Ongoing APT Cyber Activity. This CISA Insights provides information to leaders on the known risk to organizations and actions that they can take to prioritize measures to identify and address these threats.
CISA has also created a new Supply Chain Compromise webpage to consolidate the many resources—including Emergency Directive (ED) 21-01 and Activity Alert AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations—that we have released on this compromise. CISA will update the webpage to include partner resources that are of value to the cyber community.
To read the latest CISA Insights, visit CISA.gov/insights. For more information on the SolarWinds Orion software compromise, visit CISA.gov/supply-chain-compromise.
How can and should governments respond to and better protect themselves from serious cyberattacks from hostile nations?
The attackers who exploited a security flaw in SolarWinds’ Orion network monitoring software to breach government agencies and large companies were almost certainly acting on behalf of a nation-state. While most official sources have not yet named the country behind the breaches, many have pointed the finger at Russia, specifically at a group known as APT29, or Cozy Bear, part of Russia’s SVR foreign intelligence service. More…
Cybersecurity pros: Are humans really the weakest link?
Some experts argue that users might actually be the most vital link when it comes to certain types of cyberattacks.
Share
DEC
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com