A quick Saturday digest of cybersecurity news articles from other sources.
AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs
Original release date: July 19, 2021
This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9, and MITRE D3FEND™ framework, version 0.9.2-BETA-3. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques and the D3FEND framework for referenced defensive tactics and techniques.
The National Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China state-sponsored malicious cyber activity is a major threat to U.S. and Allied cyberspace assets. Chinese state-sponsored cyber actors aggressively target U.S. and allied political, economic, military, educational, and critical infrastructure (CI) personnel and organizations to steal sensitive data, critical and emerging key technologies, intellectual property, and personally identifiable information (PII). Some target sectors include managed service providers, semiconductor companies, the Defense Industrial Base (DIB), universities, and medical institutions. These cyber operations support China’s long-term economic and military development objectives.
This Joint Cybersecurity Advisory (CSA) provides information on tactics, techniques, and procedures (TTPs) used by Chinese state-sponsored cyber actors. This advisory builds on previous NSA, CISA, and FBI reporting to inform federal, state, local, tribal, and territorial (SLTT) government, CI, DIB, and private industry organizations about notable trends and persistent TTPs through collaborative, proactive, and retrospective analysis.
To increase the defensive posture of their critical networks and reduce the risk of Chinese malicious cyber activity, NSA, CISA, and FBI urge government, CI, DIB, and private industry organizations to apply the recommendations listed in the Mitigations section of this advisory and in Appendix A: Chinese State-sponsored Cyber Actors’ Observed Procedures. Note: NSA, CISA, and FBI encourage organization leaders to review CISA Joint Insights: Chinese Malicious Cyber Activity: Threat Overview for Leaders for information on this threat to their organization.
Click here for a PDF version of this report.
AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department
07/19/2021 07:00 AM EDT
U.S. Government Releases Indictment and Several Advisories Detailing Chinese Cyber Threat Activity
07/19/2021 07:23 AM EDT
Pandemic redux: No, your workers aren’t coming back to the office
Have you seen the latest coronavirus Delta variant numbers? That rise in cases means one thing for sure: Your employees aren’t returning to their cubicles anytime soon.
Email now and forever
Sometimes a story forces itself on me. First, I read a New York Times piece that raised a question: Could Gen Z free the world from email?. (The answer is no.) Then, I had a friend of a friend ask me if they could just replace email with Slack. The answer this time: Hell no. More…
The best email client for Linux, Windows and macOS isn’t Outlook
In businesses and homes, email is still a necessity for communication. But which email client is the best to use? You might be surprised to find out that it’s not Microsoft Outlook.
Ransomware attackers are growing bolder and using new extortion methods
IT and OT environments are increasing targets and threat actors are using Dark Web forums to launch cybercrimes, according to Accenture’s 2021 Cyber Threat Intelligence report.
Microsoft Linux is not what you thought (or hoped) it would be
Microsoft Linux has arrived, but it’s not what you imagined. Jack Wallen shares his take on this new arrival called CBL-Mariner and even shows you how to build it.
Malware Targeting Pulse Secure Devices
Original release date: July 21, 2021
As part of CISA’s ongoing response to Pulse Secure compromises, CISA has analyzed 13 malware samples related to exploited Pulse Secure devices. CISA encourages users and administrators to review the following 13 malware analysis reports (MARs) for threat actor techniques, tactics, and procedures (TTPs) and indicators of compromise (IOCs) and to review CISA’s Alert Exploitation of Pulse Connect Secure Vulnerabilities for more information.
Windows “HiveNightmare” bug could expose system files to non-admin users
An attacker who exploits this flaw could use system privileges to install programs, view or delete data, and create accounts with full user rights.
2021 CWE Top 25 Most Dangerous Software Weaknesses
Original release date: July 21, 2021
The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability Database (NVD) to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.
How DuckDuckGo makes money selling search, not privacy
Commentary: DuckDuckGo is small by Google’s standards, but the company is proving it’s very possible to make a lot of money with just a bit more privacy.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com