At a glance.
- NSA and CISA release a list of the ten most common misconfigurations.
- Identity and access management guidelines from CISA and NSA.
- The Predator Files.
- Adventures in catphishing: “LoveGPT.”
- Arietis Health data breach demonstrates third-party risk.
- Cyber aid to Ukraine from Estonia.
- Cyber cooperation between Russia and North Korea.
- Hacktivist auxiliaries hit Australia.
- Hacktivists and hacktivist auxiliaries scorn the application of international humanitarian law.
- The direction of Russian cyber operations.
NSA and CISA release a list of the ten most common misconfigurations.
The US Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) released a list of the ten most common and troublesome misconfigurations: "1. Default configurations of software and applications 2. Improper separation of user/administrator privilege 3. Insufficient internal network monitoring 4. Lack of network segmentation 5. Poor patch management 6. Bypass of system access controls 7. Weak or misconfigured multifactor authentication (MFA) methods 8. Insufficient access control lists (ACLs) on network shares and services 9. Poor credential hygiene 10. Unrestricted code execution." The report includes an extensive account of the consequences of each misconfiguration, and also guidance on how to configure systems so as to avoid them.
Identity and access management guidelines from CISA and NSA.
The US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance on addressing challenges related to identity and access management, Nextgov reports. The guidance focuses on “technology gaps that limit the adoption and secure employment of multifactor authentication (MFA) and single sign-on (SSO) technologies within organizations.”
The agencies offer the following recommendations for organizations to address the tradeoff between SSO functionality and complexity:
- “Research into the development of a secure-by-default, easy to use, SSO system to address these gaps in the market. For example: Relying Party vendors could provide security configuration recommendations and their impact. Additionally, management of lifetime tokens such as ID token, Access Token, and Refresh Token should come with a reasonable secure default value which prevents abuse scenarios.
- “IAM Vendors can aid in the detection of insecure implementations of identity federation protocols and work with the ecosystem to build awareness around these issues as well as improve the adoption of more secure uses of standards.”
For more on these IAM guidelines, see CyberWire Pro.
The Predator Files.
NSO Group's Pegasus intercept tool has attracted the most public attention, but one of its competitors in the spyware market, Predator, may have seen even wider and potentially more disturbing distribution. The EIC (European Investigative Collaborations, a journalistic consortium) reports that "European companies have been funding and selling cyber-surveillance tools to dictators for more than a decade with the passive complicity of many European governments. The preliminary peak of surveillance excesses was most recently reached by the Intellexa Alliance - an association of several European companies through which Predator software was supplied to authoritarian states. Activists, journalists and academics have been targeted, as have European and U.S. officials."