Computer Safety & News

Based on recent successful cloud based security compromises, CISA has issued guidance in the bulletin below on detecting potential past attacks & better defending against future attacks

Attackers Exploit Poor Cyber Hygiene to Compromise Cloud Security Environments | CISA

Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services | CISA

CISA is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors used a variety of tactics and techniques, including phishing and brute force logins, to attempt to exploit weaknesses in cloud security practices.  In response, CISA has released Analysis Report AR21-013A: Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services which provides technical details and indicators of compromise to help detect and respond to potential attacks.  CISA encourages users and administrators to review AR21-013A and apply the recommendations to strengthen cloud environment configurations.

Microsoft has released important “Patch Tuesday” monthly security updates. These should applied promptly as some of these vulnerabilities have potential to be actively exploited in-the-wild later:

https://isc.sans.edu/forums/diary/Microsoft+January+2021+Patch+Tuesday/26978/

https://blog.talosintelligence.com/2021/01/microsoft-patch-tuesday-for-jan-2021.html

https://www.thezdi.com/blog/2021/1/12/the-january-2021-security-update-review

https://us-cert.cisa.gov/ncas/current-activity/2021/01/12/microsoft-releases-january-2021-security-updates

https://patchtuesdaydashboard.com/

https://portal.msrc.microsoft.com/en-us/security-guidance/summary

For January 2021, Microsoft released patches for 83 CVEs covering Microsoft Windows, Edge (EdgeHTML-based), ChakraCore, Office and Microsoft Office Services and Web Apps, Visual Studio, Microsoft Malware Protection Engine, .NET Core, ASP .NET, and Azure. Seven of these CVEs were submitted through the ZDI program. Of these 83 CVEs, 10 are listed as Critical and 73 are listed as Important in severity. According to Microsoft, one bug is publicly known, and one other bug is known to be actively exploited at the time of release.

CISA continues to track the major breach where the SolarWinds Orion security suite was compromised & downloaded & installed by numerous GOVT & corporate entities.  This new Emergency Directive 21-01 bulletin provides additional guidance for IT & business leaders.

CISA Updates Emergency Directive 21-01 Supplemental Guidance and Activity Alert on SolarWinds Orion Compromise | CISA

cyber.dhs.gov – Emergency Directive 21-01

CISA has released Emergency Directive (ED) 21-01 Supplemental Guidance version 3: Mitigate SolarWinds Orion Code Compromise, providing guidance that supersedes Required Action 4 of ED 21-01 and Supplemental Guidance versions 1 and 2.

• • Federal agencies without evidence of adversary follow-on activity on their networks that accept the risk of running SolarWinds Orion in their enterprises should rebuild or upgrade, in compliance with hardening steps outlined in the Supplemental Guidance, to at least SolarWinds Orion Platform version 2020.2.1 HF2. The National Security Agency (NSA) examined this version and verified it eliminates the previously identified malicious code. This version also includes updates to fix un-related vulnerabilities, including vulnerabilities that SolarWinds has publicly disclosed.
  • Federal agencies with evidence of follow-on threat actor activity on their networks should keep their affected versions disconnected, conduct forensic analysis, and consult with CISA before rebuilding or reimaging affected platforms and host operating systems.

CISA has also updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17, 2020. This update includes new information on initial access vectors, updated mitigation recommendations, and new indicators of compromise (IOCs).

Although the Emergency Directive only applies to Federal Civilian Executive Branch agencies, CISA encourages state and local governments, critical infrastructure entities, and other private sector organizations to review CISA Emergency Directive 21-01 – Supplemental Guidance v.3 for recommendations on operating the SolarWinds Orion Platform. Review the following resources for additional information on the SolarWinds Orion compromise.

• • • CISA Emergency Directive 21-01: Mitigate SolarWinds Orion Code Compromise
    • CISA Activity Alert AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
    • CISA webpage on the SolarWinds Orion Supply Chain Compromise

The IIL blogs recently shares an article related to 7 key trends for Virtual Learning during 2021.

Virtual Learning in 2021: The 7 Trends to Look out for

Digital learning took the spotlight in 2020, as schools, corporations, and organizations of all types abruptly moved to remote learning and working. With hope for rosier days ahead, what does 2021 hold for learning and development (L&D) professionals and online training? These 7 notable trends may influence our lives as L&D pros, learners, and employees:

1. Virtual learning continues to gain traction
2. Agile Project Management is hot
3. Adopting Agile and Scrum approaches in learning and development
4. Hiring managers are turning their gaze inward
5. Turn to upskilling & reskilling current employees
6. Increased demand for training focused on power skills (critical thinking, communication, creativity, emotional intelligence, and adaptability)
7. Peer / learner-generated content

Legacy & out-dated TLS and SSL protocols can be “open doors” on the network for hackers, as they are more easily compromised than current standards like TLS 1.3.  The NSA provides excellent guidance & awareness for mitigating these risks.

NSA Releases Guidance on Eliminating Obsolete TLS Protocol Configurations | CISA

ELIMINATING_OBSOLETE_TLS_UOO197443-20.PDF (defense.gov)

The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet on eliminating obsolete Transport Layer Security (TLS) configurations. The information sheet identifies strategies to detect obsolete cipher suites and key exchange mechanisms, discusses recommended TLS configurations, and provides remediation recommendations for organizations using obsolete TLS configurations.

Many predictions for what lies ahead in 2021 from IT security perspective are surfacing.  eWEEK shares highly in-depth & excellent analysis

Predictions 2021: IT Security and Personal Data Privacy – eWEEK

1. Ransomware payments will go underground
2. Universities will lean more on cyber-savvy students to secure their networks
3. The biggest threat to personal privacy will be health-care information.
4. CISOs will rely on automation to offset impacts of the pandemic.
5. The corporate network as we know it will disappear.
6. Account takeover will lead CISOs to implement a zero-trust model for email.
7. Gen Z will close the cyber skills gap in 2021.
8. 5G will open the floodgates in 2021
9. The Top Three Security Threats in 2021:

(a) Botnets pose the single largest security threat in 2021
(b) more ransom-based attacks in 2021
(c) Health-care related attacks

10. The mere thought of federal regulations will drive self-governance across the developer landscape.
11. More passwordless security on the way.
12. More data breaches coming involving health-care data.

All users should be extra cautious with stimulus checks, vaccine, news alerts, and all other COVID related emails, websites, etc.  Very high levels of fraud, identity theft, phishing attacks, etc. are underway.

Confronting Heightened Cybersecurity Threats Amid COVID-19 | CISA

Did you know that Americans’ private health data is estimated to be worth up to 20 times the value of financial data on the Dark Web?   This makes the Health and Public Health (HPH) Sector a primary target for cybercriminals. When an HPH Sector entity is affected by a cyber event, the public may lose its ability to engage with or receive health services, putting lives at risk.  The COVID-19 pandemic has raised the stakes, increasing cyber risk in the HPH Sector in proportion to the increased pace of activity amid widespread transition to remote work environments.

The protection of the corporate network we enjoy in the office but now work in a more de-centralized security environment where “work from home” home users must be protected much more so than just the average home user.  Some excellent 2021 protective guidelines are found in following link:

Protecting Home Office and Enterprise in 2021 (sans.edu)

Because of COVID, 2020 saw a major shift from working at the “office” to working at home which led to shift the attacks to the user @home. Everything points that 2020 was a year for ransomware and COVID-19 themed campaigns. Without exceptions, phishing emails have been the most prolific initial attack vector targeting organizations and home users.

Every year there are prediction on what we should expect in the coming year and what to watch for. Instead, what can be done to secure the enterprise?

• • Implement multi-factor authentication
  • Extending security to a remote force
  • Review cloud security policies
  • Better protection for IoT
  • Must ensure backups are secure and cannot be reached to prevent attackers from finding and delete them
  • Equally important – regularly test backups to ensure the data can be recovered
  • Use and share Threat Intel to track suspicious activity [1][2]
  • Better network analytics and log collection [3][4][5]
  • Monitor host and network activity [3][4][5]
  • Better detection and prevention against phishing email attacks [10]
  • Review and test employees against security awareness program [11]
  • Apply system security update as soon as appropriate
  • Keep antivirus software current

Adobe Flash is Dead: Here’s What That Means (howtogeek.com)

Support for Adobe Flash officially ended on December 31, 2020, effectively killing off the platform. The now-discontinued web plugin will be remembered for its golden era of animated internet memes and the endless security problems that eventually led to its demise.  Let’s take a look back at Flash, what’s next, and how to enjoy the old content in 2021 and beyond.

Flash is no longer available to download since December 31, 2020, and Adobe starts blocking Flash content from running altogether on January 12, 2021. The company recommends that you uninstall Flash entirely as a matter of security. There will be no more updates to Flash, nor will you be able to download old versions directly from Adobe.

This also means that versions of Flash bundled with browsers like Google Chrome will be retired. The change is unlikely to affect your daily browsing habits since the vast majority of websites have stopped using Flash in favor of modern browser technologies.

The Consumer Electronics Show, one of the largest trade shows in the world, has been cancelled as an in-person event. Instead of the show taking over Las Vegas from January 6 to 9, 2021, CES 2021 will be all-digital

CES 2021 – The Global Stage for Innovation

CES – The Most Influential Tech Event in the World – CES 2021

CES® 2021 will digitally convene businesses, thought leaders, policymakers, media and the broader tech community to launch products, build brands and form partnerships. Hear from technology innovators, see the latest product launches, and engage with global brands and startups from around the world.