Nebulon time jumps ransomware recovery through smart-infra hack

Read Time:32 Second

Nebulon has launched TimeJump, a ransomware recovery tool designed to restore a system in minutes after a breach. TimeJump is designed to reduce the time taken by enterprises and service providers to respond to a ransomware attack, bringing critical application infrastructure back online in minutes.

Founded in San Francisco in 2018 by four ex-HPE executives, Nebulon offers a cloud-hosted control plane for managing enterprise infrastructure called Nebulon ON.

Conventional ranswomware recovery techniques, including those provided by 3-tier and hyper-converged infrastructure (HCI) vendors, typically involve taking snapshots of customer data and using them for recovery.

To read this article in full, please click here

Read More

A Detailed Look at the Conti Ransomware Gang

Read Time:18 Second

Based on two years of leaked messages, 60,000 in all:

The Conti ransomware gang runs like any number of businesses around the world. It has multiple departments, from HR and administrators to coders and researchers. It has policies on how its hackers should process their code, and shares best practices to keep the group’s members hidden from law enforcement.

Read More

USN-5313-2: OpenJDK 11 regression

Read Time:2 Minute, 12 Second

USN-5313-1 fixed vulnerabilities and added features in OpenJDK.
Unfortunately, that update introduced a regression in OpenJDK 11 that
could impact interoperability with some popular HTTP/2 servers making
it unable to connect to said servers. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that OpenJDK incorrectly handled deserialization filters.
An attacker could possibly use this issue to insert, delete or obtain
sensitive information. (CVE-2022-21248)

It was discovered that OpenJDK incorrectly read uncompressed TIFF files.
An attacker could possibly use this issue to cause a denial of service via
a specially crafted TIFF file. (CVE-2022-21277)

Jonni Passki discovered that OpenJDK incorrectly verified access
restrictions when performing URI resolution. An attacker could possibly
use this issue to obtain sensitive information. (CVE-2022-21282)

It was discovered that OpenJDK incorrectly handled certain regular
expressions in the Pattern class implementation. An attacker could
possibly use this issue to cause a denial of service. (CVE-2022-21283)

It was discovered that OpenJDK incorrectly handled specially crafted Java
class files. An attacker could possibly use this issue to cause a denial
of service. (CVE-2022-21291)

Markus Loewe discovered that OpenJDK incorrectly validated attributes
during object deserialization. An attacker could possibly use this issue
to cause a denial of service. (CVE-2022-21293, CVE-2022-21294)

Dan Rabe discovered that OpenJDK incorrectly verified access permissions
in the JAXP component. An attacker could possibly use this to specially
craft an XML file to obtain sensitive information. (CVE-2022-21296)

It was discovered that OpenJDK incorrectly handled XML entities. An
attacker could use this to specially craft an XML file that, when parsed,
would possibly cause a denial of service. (CVE-2022-21299)

Zhiqiang Zang discovered that OpenJDK incorrectly handled array indexes.
An attacker could possibly use this issue to obtain sensitive information.
(CVE-2022-21305)

It was discovered that OpenJDK incorrectly read very long attributes
values in JAR file manifests. An attacker could possibly use this to
specially craft JAR file to cause a denial of service. (CVE-2022-21340)

It was discovered that OpenJDK incorrectly validated input from serialized
streams. An attacker cold possibly use this issue to bypass sandbox
restrictions. (CVE-2022-21341)

Fabian Meumertzheim discovered that OpenJDK incorrectly handled certain
specially crafted BMP or TIFF files. An attacker could possibly use this
to cause a denial of service. (CVE-2022-21360, CVE-2022-21366)

It was discovered that an integer overflow could be triggered in OpenJDK
BMPImageReader class implementation. An attacker could possibly use this
to specially craft a BMP file to cause a denial of service.
(CVE-2022-21365)

Read More

Healthcare focus:  Need for resilience

Read Time:3 Minute, 58 Second

Data breaches are still on the rise in healthcare2021 accumulated 686 healthcare data breaches of 500 or more records in 2021, resulting in 45M exposed or stolen healthcare records.  2022 is off to a poor start with over 3.7M healthcare records compromised as of 3/2/2022.[1]

Healthcare organizations face a landscape that is increasingly riddled with complexities, threats, and a multitude of attack vectors.  The pandemic take a toll on hospitals and ransomware attacks increased significantly. Nevertheless, healthcare organizations must continue to provide patient care through various avenues that necessitate emerging and advanced digital solutions, like edge computing.  With that, comes cybersecurity risk.  This can be challenging for even the most mature organizations, but there are many healthcare organizations that are still lagging behind and do not have the fundamentals of cybersecurity in place. 

Cybersecurity frameworks for the healthcare industry

Frameworks are becoming increasingly more important to build that foundation, to measure improvements, and to drive results.  Frameworks allow for a defensible and rational approach to managing your cybersecurity risks and complying with regulatory requirements.    Many regulations purposely strike a balance between specificity and flexibility to allow organizations latitude in applying the requirements based upon their size, complexity, and risk assessment. 

Established frameworks are adopted across industries, some are industry-specific, but all continue to evolve as cybersecurity risks evolve.  Most recently we have seen the newly updated ISO 27002 standard published last month, the DoD has come out with CMMC 2.0 (NIST 800-171r2), and the National Institute of Standards and Technology (NIST) regularly publishes new and updated standards. 

The need for a vertical-specific framework

Adoption of a particular framework can vary from industry to industry.  One such framework is the HITRUST CSF that has been heavily adopted in the healthcare industry.  The HITRUST CSF was established to provide prescription and consistency in the application of security and privacy controls for healthcare organizations. It provides for the protection of health data by creating a single framework that harmonizes various, related compliance requirements and industry standards.  While HITRUST is no longer focused on only the healthcare industry, the adoption of the HITRUST CSF can help organizations in healthcare lay the foundation and continuously improve their cybersecurity posture and address existing and emerging threats. 

The HITRUST CSF is valuable to healthcare organizations for the reasons mentioned above….it provides a defensible approach to compliance with HIPAA, it is prescriptive in control implementation, and is continually updated based upon the threats and risks the healthcare industry faces.   The healthcare industry not only has to demonstrate cybersecurity risk management to regulators, but to business partners and clients as well.  HITRUST offers certification for this purpose. 

HITRUST has added two new assessments to provide organizations options. The assessment formerly known as the HITRUST CSF Validated Assessment could be daunting for some organizations to take on.  Given this, HITRUST published in early 2022 what is called the Implemented, 1-Year (i1) Assessment.   This assessment allows organizations to take a streamlined and a crawl, walk, run approach to assurance and certification. 

The i1 Assessment is based upon a static set of 219 controls with substantial coverage for NIST SP 171 revision 2, The HIPAA Security Rule, and the AICPA Availability Trust Services Principle, evaluating the maturity of control implementation.  This is an attractive assessment for organizations that need to demonstrate a moderate level of assurance and are willing to go through the assessment and certification process on an annual basis.  It is also a good stepping stone to higher levels of assurance.   

This does not replace the former HITRUST CSF Validated Assessment, which is now called the Risk-Based, 2 Year (r2) Assessment.  The r2 Assessment’s requirements are risk-based, where the number of controls are dependent on scoping factors and will vary from organization to organization.  The evaluation of the controls is very rigorous, analyzes policy, process, implemented, measured, and managed maturity, and demonstrates high assurance. 

Also new in 2022 is the Basic, Current-state (“bC”) Assessment, which is a self-assessment focused on  good security hygiene controls and is suitable for quick and low assurance requirements.  There is coverage for NISTIR 7621: Small Business Information Security Fundamentals. 

The bC, i1, and r2 provides various assurance options to meet organizational, partner, and client needs, and continues to reduce efforts in responding to third-party requests to demonstrate a sound, security posture. 

A balance of risk and transforming the delivery of patient care necessitate adopting a framework that is sustainable and continually updated, especially as healthcare organizations invest in cybersecurity strategies like securing the edge. 

[1] U.S Department of Health and Human Services Office of Civil Rights Breach Portal:  Notice to the Secretary of HHS Breach of Unsecured Protected Health Information

Read More