A quick Saturday digest of cybersecurity news articles from other sources.
Collaboration Solves the Cyber Risk to Business Risk Challenge
[Bob’s comment: If you have taken a CISSP or other cybersecurity class from me, you already know that the CIS 20 Controls are my favorite cybersecurity framework. Here is a new set of tools for doing a risk assessment based on the 20 Controls.]
Over the past year, the Center for Internet Security (CIS) and Foresight Resilience Strategies (4RS) – a consulting group known for building tools that quantify information risk in financial terms – have worked together to solve this issue.
This collaboration has resulted in the CIS Controls Self Assessment Tool (CIS CSAT) Ransomware Business Impact Analysis tool. The tool helps organizations of all sizes conduct a rapid and inexpensive cyber risk self-assessment and present those findings in language that speaks to business executives.
4RS integrated the CIS Critical Security Controls (CIS Controls) v7.1 Implementation Group 1 (IG1) Safeguards, which are defined as essential cyber hygiene, into its risk models and simulations. They also integrated the CIS Community Defense Model (CDM) into the tool. The CDM found that IG1 provides mitigation against the top four attack patterns listed in the 2019 Verizon Data Breach Investigations Report (DBIR), including ransomware. More…
Elon Musk to Tesla workers: Come back to office full time or quit
He said they should work “a minimum of 40 hours” at the office or find another place to work. [ Bob says: We are keeping an eye open on this story and others (Apple) like it. I get the part where Tesla factory workers have to go to the factory to work, so Elon thinks the same rules should apply to office workers, but this is a false syllogism. Life ain’t fair.]
Microsoft sets multi-factor authentication as default for all Azure AD customers
The latest move will enable MFA as the default security setting even for older Azure accounts.
CISA Updates Advisory on Threat Actors Chaining Unpatched VMware Vulnerabilities
Original release date: June 2, 2022
CISA has updated Cybersecurity Advisory AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control, originally released May 18, 2022. The advisory has been updated to include additional indicators of compromise and detection signatures, as well as tactics, techniques, and procedures reported by trusted third parties.
CISA encourages organizations to review the latest update to AA22-138B and update impacted VMware products to the latest version or remove impacted versions from organizational networks.
CISA Releases Security Advisory on Illumina Local Run Manager
Original release date: June 2, 2022
CISA has released an Industrial Controls Systems Advisory (ICSA) detailing multiple vulnerabilities in Illumina Local Run Manager. Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at the operating system level. These vulnerabilities could impact settings, configurations, software, or data on the affected product and interact through the affected product with the connected network.
CISA encourages users and technicians to review ICS Advisory ICSA-22-153-02: Illumina Local Run Manager for technical details and mitigations and the Food and Drug Administration advisory statement for additional information.
How to Ensure Your Employees Don’t Become Hacking Victims
The first and easiest way hackers gain access to a company’s sensitive information is through their employees. That’s why the best way to ensure your company doesn’t become a hacking or ransomware statistic is to train your employees on how to spot and prevent intruders from gaining access to their information. While some companies find it difficult to get employee buy-in for new security procedures, doing so is critical to the safety of their internal networks. Let’s dig deeper into how you can ensure your workforce is ready. More…
Brian Krebs on Netflix
Looks like I will be in a new six-part @netflix documentary series, “Web of Make Believe: Death, Lies and the Internet.” I’m told the interview I sat for in 2019 is in the first episode, which is about swatting attacks. Season 1 airs June 15. netflix.com/title/81122462
Tech pros have low confidence in supply chain security
A new report from ISACA finds that 53% of respondents believe supply chain issues will stay the same or worsen over the next six months.
Crypto stealing campaign spread via fake cracked software
From Avast – includes TTPs and IOCs
Users who download cracked software risk sensitive personal data being stolen by hackers.
Are you interested in downloading free, cracked software? If so, you should know what you’re getting into.
When you accidentally download malicious cracked software, attackers can take everything you have on your PC, and you’ll end up without your sensitive personal data and even without the software that you were trying to download in the first place. This is precisely how the newly emerged FakeCrack campaign is doing its business, enticing users into downloading fake cracked software.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com