At a glance.
- NSA and CISA release a list of the ten most common misconfigurations.
- Identity and access management guidelines from CISA and NSA.
- The Predator Files. Double-tapping ransomware.
- Exim mail servers exposed to attack.
- North Korea's Lazarus Group targets Spanish aerospace firm.
- EvilProxy phishes for executives.
- Typosquatting to deliver a rootkit.
- BADBOX puts malware into the device supply chain.
NSA and CISA release a list of the ten most common misconfigurations.
The US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) released a list of the ten most common and troublesome misconfigurations: "1. Default configurations of software and applications 2. Improper separation of user/administrator privilege 3. Insufficient internal network monitoring 4. Lack of network segmentation 5. Poor patch management 6. Bypass of system access controls 7. Weak or misconfigured multifactor authentication (MFA) methods 8. Insufficient access control lists (ACLs) on network shares and services 9. Poor credential hygiene 10. Unrestricted code execution." The report includes an extensive account of the consequences of each misconfiguration, and also guidance on how to configure systems so as to avoid them.
Identity and access management guidelines from CISA and NSA.
CISA and NSA have also released guidance on addressing challenges related to identity and access management, Nextgov reports. The guidance focuses on “technology gaps that limit the adoption and secure employment of multifactor authentication (MFA) and single sign-on (SSO) technologies within organizations.”
The agencies offer the following recommendations for organizations to address the tradeoff between SSO functionality and complexity:
- “Research into the development of a secure-by-default, easy to use, SSO system to address these gaps in the market. For example: Relying Party vendors could provide security configuration recommendations and their impact. Additionally, management of lifetime tokens such as ID token, Access Token, and Refresh Token should come with a reasonable secure default value which prevents abuse scenarios.
- “IAM Vendors can aid in the detection of insecure implementations of identity federation protocols and work with the ecosystem to build awareness around these issues as well as improve the adoption of more secure uses of standards.”
For more on these IAM guidelines, see CyberWire Pro.