A quick Saturday digest of cybersecurity news articles from other sources.
CHANGES TO THE CISSP EXAM LENGTH COMING SOON
Beginning June 1, 2022, additional pretest items and time will be added to the CISSP exam for the Computerized Adaptive Testing (CAT) format.The current CISSP CAT exam contains 25 pretest (unscored) items. The addition of 25 more items will bring the total count to 50 pretest items. With these added items, the minimum and maximum number of items candidates will need to respond to during the exam will increase from 100-150 to 125-175. To allow for these additional items, the maximum exam administration time will increase from three to four hours.
By Bob Weiss
I just took the new CASP+ CAS-004 Exam on March 14. This exam is an unscored pass/fail exam. I passed. There were very many questions where the feeling was “when did we ever learn about this.” Read the full post here
The new normal of Cyber Security
Our world is not the same that it was 2 years ago – including cyberspace! In 2021, Ransomware attacks were up 105% over the previous year, impacting an estimated 86% of organizations. The average ransom demand for businesses with under 100 employees has surpassed $200,000! 50% of Small Businesses hit by Ransomware go out of business!
What worked in 2020 is no longer good enough! Register and join us to learn about the advanced threats that are crippling organizations of all sizes and get a fresh perspective on how these now common-place risks can be prevented.
Updated: Conti Ransomware
Original release date: March 9, 2022
CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the United States Secret Service (USSS) have re-released an advisory on Conti ransomware. Conti cyber threat actors remain active and reported Conti ransomware attacks against U.S. and international organizations have risen to more than 1,000.
CISA, the FBI, NSA, and the USSS encourage organizations to review AA21-265A: Conti Ransomware, which includes new indicators of compromise, for more information. See Shields Up and StopRansomware.gov for ways to respond against disruptive cyber activity.
The 10 best antivirus products you should consider for your business
Antivirus software protects your data against cybercriminals, ransomware and malware. Compare the best software now. [Bob comments: The top two products are McAfee and Kaspersky, and I can not recommend these products, although I was not involved in the research for this story.
Dirty Pipe Privilege Escalation Vulnerability in Linux
Original release date: March 10, 2022
CISA is aware of a privilege escalation vulnerability in Linux kernel versions 5.8 and later known as “Dirty Pipe” (CVE-2022-0847). A local attacker could exploit this vulnerability to take control of an affected system.
CISA encourages users and administrators to review (CVE-2022-0847) and update to Linux kernel versions 5.16.11, 5.15.25, and 5.10.102 or later.
Russian State-Sponsored Cyber Actors Access Network Misconfigured with Default MFA Protocols
Original release date: March 15, 2022
CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory that details how Russian state-sponsored cyber actors accessed a network with misconfigured default multifactor authentication (MFA) protocols. The actors then exploited a critical Windows Print Spooler vulnerability, “PrintNightmare” (CVE-2021-34527), to run arbitrary code with system privileges. The advisory provides observed tactics, techniques, and procedures, as well as indicators of compromise and mitigations to protect against this threat.
CISA encourages users and administrators to review AA22-074A: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. For general information on Russian state-sponsored malicious cyber activity, see cisa.gov/Russia. For more information on the threat of Russian state-sponsored malicious cyber actors to U.S. critical infrastructure, as well as additional mitigation recommendations, see AA22-011A: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure and cisa.gov/shields-up.
Updated: Kubernetes Hardening Guide
Original release date: March 15, 2022
The National Security Agency (NSA) and CISA have updated their joint Cybersecurity Technical Report (CTR): Kubernetes Hardening Guide, originally released in August 2021, based on valuable feedback and inputs from the cybersecurity community.
Kubernetes is an open-source system that automates deployment, scaling, and management of applications run in containers. A container is a runtime environment that contains a software package and its dependencies. Kubernetes is often hosted in a cloud environment. The CTR provides recommended configuration and hardening guidance for setting up and securing a Kubernetes cluster.
CISA encourages users and administrators to review the updated Kubernetes Hardening Guide—which includes additional detail and explanations—and apply the hardening measures and mitigations to manage associated risks.
[WordPress Security] Increase In Malware Sightings on GoDaddy Managed Hosting
Starting about four days ago we saw a sudden uptick in malware sightings on GoDaddy’s managed hosting platform. This includes the MediaTemple, tsoHost, 123Reg, Domain Factory, Heart Internet, and Host Europe Managed WordPress brands.
We have identified the infection’s indicators of compromise, reverse engineered them, have a theory on the underlying cause, and we have provided full details on the Wordfence blog on how to find out if you’ve been affected by this and how the malware works. . You can find the full details on the official Wordfence blog…
So you want to be a cyborg? Brain Computer Interfaces may be the future, but will they be secure?
I am ok with becoming a technologically enhanced human, a cyborg. Franky, this may be inevitable. These advances come with a new set of risks and many of the same old risks as well,
While cybersecurity is a touchstone for many businesses and individuals, neural security may be the future of privacy when it comes to technology. A new study from NCC Group goes into detail on Brain Computer Interfaces (BCIs), which could pose a significant threat to personal freedom. BCIs present a number of ethical, legal and existential questions about how to make assurances about systems that cannot be controlled, such as the human brain.
[Heads Up] FBI: Ransomware Gang Breached 52 U.S. Critical Infrastructure Orgs
The U.S. Federal Bureau of Investigation (FBI) says the Ragnar Locker ransomware gang has breached the networks of at least 52 organizations from multiple U.S. critical infrastructure sectors.
Bleeping computer reported this was revealed in a joint TLP:WHITE flash alert published last week in coordination with the Cybersecurity and Infrastructure Security Agency.
“As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors,” the federal law enforcement agency said.
“RagnarLocker ransomware actors work as part of a ransomware family, frequently changing obfuscation techniques to avoid detection and prevention.” The flash alert focuses on providing Indicators of Compromise (IOCs) organizations can use to detect and block Ragnar Locker ransomware attacks.
IOCs associated with Ragnar Locker activity include info on attack infrastructure, cryptocurrency addresses used to collect ransom demands, and email addresses used by the gang’s operators. Although the FBI first became aware of Ragnar Locker in April 2020, Ragnar Locker ransomware payloads were first observed in attacks months before, during late December 2019.
Ragnar Locker operators terminate remote management software (e.g., ConnectWise, Kaseya) used by managed service providers (MSPs) to manage clients’ systems remotely on compromised enterprise endpoints. This allows the threat actors to evade detection and make sure remotely logged-in admins do not interfere with or block the ransomware deployment process.
Request for info linked to Ragnar Locker attacks
The FBI asked admins and security professionals who detect Ragnar Locker activity to share any related information with their local FBI Cyber Squad. Useful info that would help identify the threat actors behind this ransomware gang includes copies of the ransom notes, ransom demands, malicious activity timelines, payload samples and more.
The FBI added that it doesn’t encourage paying Ragnar Locker ransoms since victims have no guarantee that paying will prevent leaks of stolen data or future attacks. Instead, ransom payments will further motivate the ransomware gang to target even more victims and incentivizes other cybercrime operations to join in and launch their own ransomware attacks.
However, the federal agency did recognize the damage inflicted to businesses by ransomware attacks, which may force executives to pay ransoms and protect shareholders, customers or employees. The FBI also shared mitigation measures to block such attacks and strongly urged victims to report such incidents to their local FBI field office.
Blog post with link to FBI PDF:
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com