Brian Krebs has an interesting story of a smart ID card reader with a malware-infested Windows driver, and US government employees who inadvertently buy and use them.
But by all accounts, the potential attack surface here is enormous, as many federal employees clearly will purchase these readers from a myriad of online vendors when the need arises. Saicoo’s product listings, for example, are replete with comments from customers who self-state that they work at a federal agency (and several who reported problems installing drivers).
It was discovered that logrotate incorrectly handled the state file. A
local attacker could possibly use this issue to keep a lock on the state
file and cause logrotate to stop working, leading to a denial of service.
Max Justicz discovered that dpkg incorrectly handled unpacking certain
source packages. If a user or an automated system were tricked into
unpacking a specially crafted source package, a remote attacker could
modify files outside the target unpack directory, leading to a denial of
service or potentially gaining access to the system.
Financial services giant Mastercard has announced the launch of a new attack simulation and assessment platform designed to help businesses and governments enhance their cybersecurity operational resilience. Cyber Front, enabled by a strategic minority investment in cybersecurity vendor Picus Security, reveals organizations’ security gaps and provides real-time mitigation insights so they can improve upon cybersecurity investments with continuous validation, Mastercard stated. The launch comes as Mastercard continues to invest in cybersecurity and risk management capabilities.
Cyber Front leverages more than 3,500 real-world threat scenarios
In a press release, Mastercard said that Cyber Front, built as an always-on platform, supports customers in strengthening digital ecosystems by validating the effectiveness of their cybersecurity controls to prevent and detect threats, leveraging a continuously updated library of more than 3,500 real-world threat scenarios. Its ultimate goal is to aid businesses in understanding if their systems are effective and identifying areas of exposure to ensure greater protection in both the immediate and long term, it continued.
One of the main objectives of the bad guys is to escalate to privileged account access wherever possible. The more unfettered access they can gain to administrative, superuser and infrastructure accounts, the freer rein they have to tap into sensitive data stores, tamper with critical systems, quietly gain carte blanche to do whatever they’d care to with a victim organization’s IT infrastructure and to do it all without being detected.
As a result, organizations recognize that they need to take special care with the way that they manage and grant access to the most powerful privileged accounts in their environments. This is accomplished with privileged access management (PAM) tooling. PAM is used to manage privileged credentials, delegate access to them, track privileged sessions to monitor for abuse and report on usage patterns for both the risk team and auditors and generally control the elevation of commands.
Against the backdrop of horrific reports from Russia’s Ukraine invasion, an encouraging story emerged earlier this month when unidentified Ukrainians remotely disabled tractors worth $5 million that Russian soldiers in the occupied city of Melitopol stole from Agrotek-Invest, an authorized John Deere dealer. The soldiers stole 27 pieces of farm machinery and shipped them primarily to Chechnya, 700 miles away, only to discover they had been rendered inoperable due to a “kill switch.”
