Body
This KB article will be constantly updated with links and documents that pertain to the education and development of SUNY Cobleskill's security program and awareness of threats from known vulnerabilities, attacks, IOCs, and other information that should be worthy of being posted here.
______________________________________________________________
CISA has developed and published a factsheet, Free Tools for Cloud Environments, to help businesses transitioning into a cloud environment identify proper tools and techniques necessary for the protection of critical assets and data security. Free Tools for Cloud Environments provides network defenders and incident response/analysts open-source tools, methods, and guidance for identifying, mitigating, and detecting cyber threats, known vulnerabilities, and anomalies while operating a cloud or hybrid environment.
Cloud service platforms and cloud service providers (CSPs) have developed built-in security capabilities for organizations to enhance security capabilities while operating in cloud environments. Organizations are encouraged to use the built-in security features from CSPs and to take advantage of free CISA- and partner-developed tools/applications to fill security gaps and complement existing security features. Publicly available PowerShell tools exist to all network defenders for investigation and aid of an organization’s security posture, including:
https://www.cisa.gov/resources-tools/resources/free-tools-cloud-environments
https://www.cisa.gov/news-events/alerts/2023/07/17/cisa-develops-factsheet-free-tools-cloud-environments
______________________________________________________________
Today, the National Security Agency (NSA) and CISA published 5G Network Slicing: Security Considerations for Design, Deployment, and Maintenance. This guidance—created by the Enduring Security Framework (ESF), a public-private cross-sector working group led by the NSA and CISA—presents recommendations to address some identified threats to 5G standalone network slicing, and provides industry recognized practices for the design, deployment, operation, and maintenance of a hardened 5G standalone network slice(s). This guidance builds upon the 2022 ESF guidance Potential Threats to 5G Network Slicing.
CISA encourages 5G providers, integrators, and network operators to review this guidance and implement the recommended actions. For additional 5G guidance, visit CISA.gov/5G-library.
https://www.cisa.gov/news-events/alerts/2023/07/17/nsa-cisa-release-guidance-security-considerations-5g-network-slicing
______________________________________________________________
Student Tracker for CU User Manual.pdf uploaded
This is not an action item for information security unless you are acting on behalf of your Registrar’s office and/or you are managing your campus response to the NSC issue. However, at a minimum, we should all familiarize ourselves with this information as it will likely impact aspects of every campus response to the NSC incident.
Attached is a copy of the template for submitting and receiving StudentTracker data for colleges and universities. This document has been sent to your Registrar’s office or to whoever is your NSC designated contact person. Page 25 gives you the file layout for submitting the request and page 20 shows the response file details.
______________________________________________________________
Today, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet on the effort to revise the National Cyber Incident Response Plan (NCIRP). Through the Joint Cyber Defense Collaborative (JCDC), CISA will work to ensure that the updated NCIRP addresses significant changes in policy and cyber operations since the initial NCIRP was released.
First published in 2016, the NCIRP was developed in accordance with Presidential Policy Directive 41 (PPD-41) on U.S. Cyber Incident Coordination and describes how federal government, private sector, and state, local, tribal, territorial (SLTT) government entities will organize to manage, respond to, and mitigate the consequences of significant cyber incidents.
NCIRP 2024 will address changes to the cyber threat landscape and in the nation’s cyber defense ecosystem by incorporating principles grounded in four main areas:
- Unification
- Shared Responsibility
- Learning from the Past
- Keeping Pace with Evolutions in Cybersecurity
CISA encourages all organizations to read the fact sheet and visit CISA's NCIRP webpage to learn about this long-term effort and stay updated on the development of the NCIRP 2024.
https://www.cisa.gov/resources-tools/resources/national-cyber-incident-response-plan-ncirp
______________________________________________________________
Today, the Cybersecurity Infrastructure and Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide, Phishing Guidance: Stopping the Attack Cycle at Phase One. The joint guide outlines phishing techniques malicious actors commonly use and provides guidance for both network defenders and software manufacturers to reduce the impact of phishing techniques used in obtaining credentials and deploying malware.
CISA and its partners encourage network defenders and software manufacturers to implement the recommendations in the guide to reduce the frequency and impact of phishing incidents. For more information, see CISA’s Malware, Phishing, and Ransomware and Security-by-Design and -Default webpages.
https://www.cisa.gov/resources-tools/resources/phishing-guidance-stopping-attack-cycle-phase-one
https://www.cisa.gov/securebydesign
______________________________________________________________
We should all take a look at the following document as it addresses a fairly common attack vector that has the potential to significantly impact your systems and services.
This is a great “how to” evaluate document. It also includes a wealth of examples within the document as well as a resource list at the end.
https://www.cisa.gov/sites/default/files/2023-09/TLP%20CLEAR%20-DDOS%20Mitigations%20Guidance_508c.pdf
______________________________________________________________
My thanks to Igor Gorelik from Downstate for bringing this up. This is were things are moving, we need to hold all our vendors accountable:
https://blackkite.com/blog/final-rule-sec-to-require-companies-to-report-breaches-in-4-days/
Technically, the clock doesn’t start ticking on the four-day window for reporting until companies have determined a breach is material. It will be interesting to see how this plays out.
______________________________________________________________
Everyone is at risk from Ransomware, its just the nature of the modern computing environment. The Federal CISA, FBI and NSA have joined together to issue an update to their ransomware guide that was originally released in 2020. Below are links to documents that everyone in IT should read:
Full Guide
https://www.cisa.gov/resources-tools/resources/stopransomware-guide
Summary and Guidance (includes links to additional resources)
https://www.cisa.gov/stopransomware/ransomware-guide
NOTE: The SUNY Cyber Incident Notification Procedure (Found on SOC Home Page)includes submission of an online form which is shared with the FBI, DHS, NYS DHS, NYS ITS CIRT, and NYS Police through the NYS Cyber Fusion Cell. This ensures the broadest dissemination possible to organizations that must be notified. In the event you have any questions please contact the CISO.
______________________________________________________________
List of MOVEit victims continues to grow
Hi,
I’ve finally found a relatively up-to-date list of companies affected by this World-wide attack.
Here’s a link (as of July 25th):
https://konbriefing.com/en-topics/cyber-attacks-moveit-victim-list.html
______________________________________________________________
NYSIC CAU Weekly Cyber Digest (June 30, 2023 – July 27, 2023)
27JUL2023_Weekly_Digest.pdf
______________________________________________________________
The Australian Signals Directorate's Australian Cyber Security Centre (ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) are releasing a joint Cybersecurity Advisory (CSA), Preventing Web Application Access Control Abuse (weblink below), to warn vendors, designers, developers, and end-user organizations of web applications about insecure direct object reference (IDOR) vulnerabilities. These vulnerabilities are frequently exploited by malicious actors in data breach incidents and have resulted in the compromise of personal, financial, and health information of millions of users and consumers.
Joint Cybersecurity Advisory: hxxps://www.cisa[.]gov/news-events/cybersecurity-advisories/aa23-208a
ACSC, CISA, and NSA strongly encourage vendors, designers, developers, and end-user organizations to review the CSA, Preventing Web Application Access Control Abuse, for best practices, recommendations, and mitigations to reduce the prevalence of IDOR vulnerabilities and ensure web applications are secure-by-design and -default (weblink below).
CISA Publication: hxxps://www.cisa[.]gov/resources-tools/resources/secure-by-design-and-default
-------------------------------------------------------------------------------
11/30/2023
https://www.cisa.gov/news-events/directives/bod-22-01-reducing-significant-risk-known-exploited-vulnerabilities
------------------------------------------------------------------------------
12/16/2023
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/
------------------------------------------------------------------------------
12/07/20023
https://www.scmagazine.com/news/multistage-payload-attacks-it-team-impersonations-up-as-ai-adopted-at-large
--------------------------------------------------------------------------------
12/08/2023
useful cybersecurity articles
National Cybersecurity Strategy: (This is shaping the course of cyber security in the US)
https://healthitsecurity.com/news/white-house-issues-national-cybersecurity-strategy-implementation-plan
https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf
-----------------------------------------------------------------------------
Some additional reading on the cyber front.
SolarWinds Critical RCE:
https://www.darkreading.com/vulnerabilities-threats/critical-solarwinds-rce-bugs-enable-unauthorized-network-takeover
Secure Remote Access concerns: (This aligns with NYS concerns)
https://www.cyberdefensemagazine.com/secure-remote-access-is-not-a-one-size-fits-all-vision
-------------------------------------------------------------------------------
12/11/2023
CISA Announces Launch of Logging Made Easy
CISA has announced the launch of a new version of Logging Made Easy (LME) a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. CISA’s version reimagines technology developed by the United Kingdom’s National Cyber Security Centre (NCSC), making it available to a wider audience.
https://github.com/cisagov/LME
-------------------------------------------------------------------------------
12/13/2023
SUNY / NYS Forum
Your membership entitles you to attend all NYS Forum meetings and events as well as an unlimited number of your IT Staff. Any additional colleagues/employees can create account profiles on the site by clicking Join the Forum! from the Quick Links menu at nysforum.org. Any accounts you added during your application will receive a separate welcome message.
Please review The NYS Forum’s various work groups under Work Groups on our website. You are encouraged to participate in one or more of these work groups as your direct influence can assist us in steering the course of our programming. Feel free to contact our Program Director Christine Costopoulos to learn about any workgroup chair openings or Calls for Presenters. You are welcome to attend any work group meetings while determining which the best fit is for you and your organization.
Our workgroups include:
Each workgroup has a listserv and community forum which you may join by clicking on Join a Workgroup from the Quick Links menu. If you have any questions or need further clarification about your membership, please feel free to call me or reply to this message. We look forward to your participation.
------------------------------------------------------------------------------------
03/26/2024
Included attachments that offer guidance towards ransomware
---------------------------------------------------------------------------------------
09/23/2024
The following link leads to the cybersecurity onedrive that contains an attachment of 2023 Q3 report of threats
https://livecobleskill-my.sharepoint.com/:b:/g/personal/itscybersecurity_cobleskill_edu/EatBgPMBFBROk4cDLgZYaAEBG2LJaRNb6_xF8L3YXIbGMw?e=LISf42
----------------------------------------------------------------------------------------
09/24/2024
The following link leads to the cybersecurity onedrive that contains attachments of Guidelines for Secure AI System Development
https://livecobleskill-my.sharepoint.com/:b:/g/personal/itscybersecurity_cobleskill_edu/EXC2NLi3W4xOjam9AMTkimYBNpnk_zNwHYYWj6VCW9kCsw?e=KAjQz1
https://livecobleskill-my.sharepoint.com/:b:/g/personal/itscybersecurity_cobleskill_edu/EbvoKYejJIpMkod5dEzNgucBLDAmhxo0tHAAaUpvDwPRjA?e=aqtJt8
--------------------------------------------------------------------------------------------
10/11/2024
The following link leads to the cybersecurity onedrive that contains an attachment regarding Open Source Software and the risks in the health sector
https://livecobleskill-my.sharepoint.com/:b:/g/personal/itscybersecurity_cobleskill_edu/EdAINgakLjJBggMyP7SsTBYBk9lsXEr1NPPBOkVb-r9OKw?e=wE0AhB