CVE-2022-20696

Read Time:41 Second

A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload.

Read More

IT/OT Convergence: Now Is the Time to Act

Read Time:3 Minute, 36 Second

Presidential advisory committee provides recommendations to improve critical infrastructure security.

Critical infrastructure in the U.S. faces a significantly heightened threat landscape. The importance of securing information technology (IT) and operational technology (OT) systems and their convergence has become a national security imperative. Successful OT attacks can impact human safety and damage physical equipment, taking offline for extended periods of time the critical processes that OT equipment supports.

Compromises of critical infrastructure IT, ICS and OT are happening with increasing frequency globally. Recent high-profile examples include:

Ukraine electric grid (2015, 2016)
Colonial Pipeline (2021)
Oldsmar, Florida water treatment plant (2021)

According to the Gartner® report “Predicts 2022: Cyber Physical Systems Security – Critical Infrastructure in Focus”, published in 11/17/21, “Attacks on organizations in critical infrastructure sectors have increased dramatically, from less than 10 in 2013 to almost 400 in 2020 – a 3,900% change.”

In light of this reality, the President’s National Security Telecommunications Advisory Committee (NSTAC) was tasked with developing a report to examine the key challenges of securing converged OT systems against threats that emerge from IT network connections and to identify emerging approaches to increase OT resiliency to these threats. I had the privilege of serving as the Chair for the NSTAC subcommittee that developed the report.

The NSTAC received more than 30 briefings from subject-matter experts, including government entities and policymakers; critical infrastructure owners and operators of converged IT/OT environments and original equipment manufacturers; and cloud service providers, integrators and cybersecurity vendors.

IT/OT cybersecurity has not been prioritized

The resulting report found that, as a nation, we have not yet prioritized securing these interconnected systems. This is despite the fact that IT/OT convergence is not new, and that we have the technology and knowledge to protect these systems.

Briefers noted that many organizations lack complete visibility into their OT environments, including IT/OT interconnections and supply chain dependencies. In addition, OT and IT personnel often operate in silos, negatively impacting coordination on security. And further exacerbating the challenge, requests for proposals and procurement vehicles for OT systems acquisitions in both the public and private sectors rarely include cybersecurity requirements.

Government has an opportunity to lead

The report includes 15 recommendations, which can help improve the security of converged IT/OT systems in both the public and private sectors. Among these, the report identified three recommendations, which can be implemented by President Biden to immediately improve the cybersecurity posture of OT systems that are owned and operated by the U.S. government, and to serve as a model for protecting privately owned critical infrastructure:

First, the Cybersecurity and Infrastructure Security Agency (CISA) should issue a Binding Operational Directive requiring executive civilian branch departments and agencies to maintain a real-time continuous inventory of all OT devices, software, systems and assets within their area of responsibility, including an understanding of any interconnectivity to other systems. Once federal agencies clearly understand the vast interconnected nature of their OT devices and infrastructure, they can then make risk-informed decisions about how to prioritize their IT, OT, and cybersecurity resources.

Second, CISA should develop guidance for procurement language for OT products and services and require the inclusion of risk-informed cybersecurity capabilities for products and services that support converged IT/OT environments, including for supply chain risk management. CISA should then work with the General Services Administration to require the inclusion of risk-informed cybersecurity capabilities in procurement vehicles for the federal government.

Finally, the National Security Council, CISA, and the Office of the National Cybersecurity Director should prioritize the development and implementation of interoperable, technology-neutral and vendor-agnostic information-sharing mechanisms to enable the real time sharing of sensitive collective-defense information between authorized stakeholders involved with securing the critical infrastructure of the U.S.

The cybersecurity threats to critical infrastructure are real. And yet, we are not helpless. We have the knowledge and capabilities necessary to materially improve our security posture. What we have lacked is the determination to put this knowledge and technology to use. It is time we started meeting IT/OT convergence with the sense of urgency it requires. Implementing the recommendations of the NSTAC report will help improve government and critical infrastructure IT/OT security, and will have significant positive downstream effects on the private sector.

Read More

5 Things About Doxing You Should Know

Read Time:4 Minute, 20 Second

Have you ever said something you wish you could take back? Maybe it was a comment muttered in the heat of the moment that hurt someone’s feelings. Or maybe you just had a night out full of silly antics that you wouldn’t want your boss or grandma to see.  

These are completely normal occurrences that happen all the time. We’re human! We make mistakes and letting loose every now and again is good for us. When these scenarios happen in person, we’re able to apologize or explain ourselves; however, the social media age complicates things. High-def cameras and video recorders are in everyone’s pocket, meaning that in-person slip-ups or lapses in judgement can come back to haunt you in a cyberscheme known as doxing. 

Doxing can be harmful to one’s reputation and can cost someone their job, their friends, or their privacy. Here are five things you should know about doxing, plus some tips on how to prevent it from happening to you. 

1. Doxing Defined

The term doxing originated from the phrase “dropping documents/docs.” It refers to a situation where an enemy or a rival seeks to tarnish the reputation of someone else by releasing documents (aka dropping docs) about them. These documents often contain personally identifiable information (PII) –  like full names, birthdates, addresses, employment details, financial information, phone numbers, email addresses – and private correspondences or embarrassing videos or photos. The doxer – or the person dropping the documents – will publish these private details online, whether that’s on a forum, on social media, or a blog. 

Doxing is considered cyberbullying because it is a form of online harassment. The doxer often does so with the intent of drumming up widespread hate about the victim and having the release of these private details negatively affect the victim’s life, such as getting them fired from their job or breaking up a relationship. 

2. Doxing Can Happen to Anyone

Doxing happens most frequently to public figures, such as celebrities, politicians, streamers, and journalists. It is also a prevalent practice in the hacking community, where hackers reveal the identities of the real people behind forum usernames. However, anyone is susceptible to having their PII or sensitive photos or videos widely released on the internet for the sake of reputation sabotage. All it takes is for one scorned partner, a disgruntled coworker, or a disagreement to set a doxer on a warpath.  

3. Doxing Isn’t Always Illegal

When the saboteur doesn’t have to dig into your past via the dark web or through hacking a personal device, doxing isn’t illegal. It’s malicious and can be emotionally damaging, but there is no law stopping a doxer from publishing the private details of someone else. Doxing crosses the line into a crime when it is accompanied by threats.  

So, if a doxer didn’t hack a personal device or buy the PII off the dark web, where did they find these details? Oftentimes, people incriminate themselves with their social media footprint. What seems like ancient history in your social media timeline is again front and center after just a few minutes of scrolling. 

4. Ways to Prevent Doxing From Happening to You

Check out these tips that can lessen the chances of doxing happening to you: 

Don’t goad people online. Doxing can happen to anyone. Sometimes the doxer is someone you know in real life, but other times it’s a stranger with whom you may or may not have crossed paths with online. One great rule of thumb is to not make enemies online. For example, if there’s an argument happening in the comments of an online video, do not engage with it. You’re not going to change a keyboard warrior’s mind with a clever comeback. You’ll likely only agitate them. 
Don’t overshare. Remember, you can’t take back what you post online! Think long and hard before you hit publish on any social media post or comment. Never post online when you’re angry. You’ll likely say something that you’ll regret later.  
Delete old accounts. Periodically taking stock of all your online accounts and deactivating the ones you no longer use limits the number of opportunities a doxer has to lift your PII, such as your address, banking details, or contact information. Not every site prioritizes security as much as we’d all hope, so it’s best to create online accounts with trustworthy organizations. 

5. Services That Can Give You Peace of Mind

In addition to the above tips, McAfee can help you fill in the gaps in your defense. McAfee Total Protection is an all-in-one privacy and identity protection service that includes all the tools you need to secure your PII and help you recover if identity theft occurs after a doxing incident. Personal Data Cleanup scans 40 risky data broker sites for your information. If you appear on any of those sites, McAfee will help you remove it to keep your PII out of a doxer’s hands. 

The post 5 Things About Doxing You Should Know appeared first on McAfee Blog.

Read More