CyberSecure Specialist

15 Sep

CISA Releases Continuous Diagnostics and Mitigation Program: Identity, Credential, and Access Management (ICAM) Reference Architecture

Attacks, Insights, Malware

Today, CISA released the Continuous Diagnostics and Mitigation Program: Identity, Credential, and Access Management (ICAM) Reference Architecture to help federal civilian departments and agencies integrate their identity and access management (IDAM) capabilities into their ICAM architectures. Prior to this release, there was no singular, authoritative, and recognized reference for architecting an ICAM capability across an enterprise.  This publication provides: a description of the federal ICAM practice area, including how ICAM services and components implement ICAM use…

Read More
14 Sep

Read it right! How to spot scams on Reddit

Information

As the world’s 18th most visited website and 7th most frequented social network, it’s no surprise that Reddit also holds great allure for cybercriminals. Besides an endless number of legitimate subreddits, cute alien pictures as well as annual April Fool’s day events, Redditors may also encounter various kinds of fakery on the site, including scams that are after their data and money. In this blogpost, we’ll look at a few common types of fraud that you…

Read More
14 Sep

A Second Major British Police Force Suffers a Cyberattack in Less Than a Month

Data Breaches, Information, News

Personal details of thousands of police officers and staff from Greater Manchester Police have been hacked from a company that makes identity cards, the second such cyberattack to affect a major British police force in less than a month. Details on identity badges and warrant cards, including names, photos and identity numbers or police collar numbers, were stolen in the ransomware attack, Greater Manchester Police said Thursday. The third-party supplier was not identified. The force…

Read More
13 Sep

Tech Industry Leaders Endorse Regulating Artificial Intelligence at Rare Summit in Washington

Information, News

The nation’s biggest technology executives on Wednesday loosely endorsed the idea of government regulations for artificial intelligence at an unusual closed-door meeting in the U.S. Senate. But there is little consensus on what regulation would look like, and the political path for legislation is difficult. Senate Majority Leader Chuck Schumer, who organized the private forum on Capitol Hill as part of a push to legislate artificial intelligence, said he asked everyone in the room —…

Read More
13 Sep

FBI Hacker Dropped Stolen Airbus Data on 9/11

Data Breaches, Information, Insights

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “USDoD” had infiltrated the FBI‘s vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying InfraGard members and by seizing the cybercrime forum where the data was being sold. But on Sept. 11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus, while…

Read More
13 Sep

CISA Adds Three Known Vulnerabilities to Catalog

Attacks, Insights, Malware

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-35674 Android Framework Privilege Escalation Vulnerability CVE-2023-20269 Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability CVE-2023-4863 Google Chrome Heap-Based Buffer Overflow Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added…

Read More
12 Sep

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Information, Insights

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do. On Sept. 7, researchers at Citizen Lab warned they were seeing active exploitation of a “zero-click,” zero-day flaw to install spyware on iOS devices without any interaction from the victim.…

Read More
12 Sep

Zero Day Summer: Microsoft Warns of Fresh New Software Exploits

Information, News

Microsoft’s struggles with zero-day exploits rolled into a new month with a fresh warning that two new Windows vulnerabilities are being targeted by malware attacks in the wild. As part of its scheduled batch of Patch Tuesday security fixes, Redmond’s security response team flagged the two zero-days — CVE-2023-36761 and CVE-2023-36802 — in the “exploitation detected” category and urged Windows sysadmins to urgently apply available fixes. The most serious of the two bugs is described…

Read More
12 Sep

CISA Releases its Open Source Software Security Roadmap

Attacks, Insights, Malware

Today, CISA released an Open Source Software Security Roadmap to lay out—in alignment with the National Cybersecurity Strategy and the CISA Cybersecurity Strategic Plan—how we will partner with federal agencies, open source software (OSS) consumers, and the OSS community, to secure OSS infrastructure. To that end, the roadmap details four key goals: Establish CISA’s role in supporting the security of OSS, Understand the prevalence of key open source dependencies, Reduce risks to the federal government,…

Read More