Tag Archive for: collaboration

Emirates News Agency – DEWA discusses collaboration with SAP SE

/in


DUBAI, 15th October, 2022 (WAM) — Dubai Electricity and Water Authority (DEWA) has discussed means of collaboration with SAP SE.

This came during a meeting between Saeed Mohammed Al Tayer, MD&CEO of DEWA, and Christian Klein, CEO and member of the Executive Board of SAP-SE.

The meeting was attended by a number of DEWA senior executives and officers.

During the meeting, Al Tayer emphasised the importance of exchanging global best practices and experiences between the two sides. Bilateral areas of cooperation include innovation, digital transformation, the Internet of Things, Big Data analysis, and cloud computing, among others.

Al Tayer commended the strategic partnership between DEWA and SAP, which began in 2009 when DEWA implemented the SAP Wave 1 Enterprise Resource Planning (ERP) system to measure, integrate and automate all DEWA’s operations to provide the highest level of service to its customers, employees, and partners.

Relations between the two organisations later expanded to include the Data Hub for Integrated Solutions (Moro). Since 2018, Moro has been the authorised provider of the SAP-Hana platform for enterprise cloud services. This year, Moro has been certified by SAP as a partner of RISE. It is the first local provider to be certified in the UAE to provide secure and cloud-based SAP services. SAP also supported Moro’s green data centre, the largest solar-powered centre in the Middle East and Africa region that is designed to obtain a Tier-III certificate from the Uptime Institute, at the Mohammed bin Rashid Al Maktoum Solar Park in Dubai.

Last February, DEWA announced a partnership between Moro, a subsidiary of Digital DEWA, the digital arm of DEWA, and SAP. The initiative allows government and private entities to unlock new efficiencies with intelligent automation across their mission-critical processes, which will be hosted from state-of-the-art Moro Hub’s data centres, complying with data residency and cyber security requirements of the UAE.

Moro Hub is a world-class data hub providing solutions and innovative business services, offering a unique range…

Source…

New research collaboration leverages edge computing to meet defence and security challenges

/in


Professor David Lie (ECE) is collaborating with researchers from across Canada to develop edge computing solutions to address defence and security challenges.

The project — A Platform for Secure and Dependable Hierarchical Edge Processing on 5G — has received $1.5 million in funding over three years from Canada’s Department of National Defence (DND).

Edge computing refers to the processing of data near its originating source, not in distant servers. The project proposes a hierarchy of data centres that provides computation and storage at the peripheries, shifting from a country level all the way down to a neighbourhood level. The strategy aims to mitigate the high latency of cloud-based applications caused by limited internet bandwidth.

“Imagine you’re trying to run an intelligent transportation system, where vehicles are sending and receiving large amounts of data to the cloud in real time,” says Lie. “Today, the cloud’s architecture means there’s some distance between the servers and the vehicles. Even at the speed of an electron, there are processing delays, and that makes a difference when you’re dealing with a moving vehicle. Edge computing can reduce those delays.”

As part of its Innovation for Defence Excellence and Security (IDEaS) Program, DND is supporting the creation of ‘micro-nets’ — self-organized multidisciplinary teams of at least three eligible organizations/institutions who carry out interdisciplinary research on aspects of a science and technology challenge of common interest.

In addition to Lie, the team includes Professor Eyal de Lara, Chair of U of T’s Department of Computer Science, as well as Professor Oana Balmau of the School of Computer Science at McGill University, Professor Julien Gascon-Samson of the Software and IT Engineering Department at ÉTS Montréal / University of Québec, and Professor Aastha Mehta of the Department of Computer Science at the University of British Columbia.

Together, they will design a new platform based on localized data centres situated near the field of use. The idea is that these centres would better deliver reliable, predictable and secure performance for future high-performance…

Source…

Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite

/in


Actions for ZCS administrators to take today to mitigate malicious cyber activity:
• Patch all systems and prioritize patching known exploited vulnerabilities.
• Deploy detection signatures and hunt for indicators of compromise (IOCs).
• If ZCS was compromised, remediate malicious activity.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are publishing this joint Cybersecurity Advisory (CSA) in response to active exploitation of multiple Common Vulnerabilities and Exposures (CVEs) against Zimbra Collaboration Suite (ZCS), an enterprise cloud-hosted collaboration software and email platform. CVEs currently being exploited against ZCS include: 

  • CVE-2022-24682 
  • CVE-2022-27924 
  • CVE-2022-27925 chained with CVE-2022-37042 
  • CVE-2022-30333

Cyber threat actors may be targeting unpatched ZCS instances in both government and private sector networks. CISA and the MS-ISAC strongly urge users and administrators to apply the guidance in the Recommendations section of this CSA to help secure their organization’s systems against malicious cyber activity. CISA and the MS-ISAC encourage organizations who did not immediately update their ZCS instances upon patch release, or whose ZCS instances were exposed to the internet, to assume compromise and hunt for malicious activity using the third-party detection signatures in the Detection Methods section of this CSA. Organizations that detect potential compromise should apply the steps in the Incident Response section of this CSA.

Download the PDF version of this report: pdf, 355 kb

CVE-2022-27924

CVE-2022-27924 is a high-severity vulnerability enabling an unauthenticated malicious actor to inject arbitrary memcache commands into a targeted ZCS instance and cause an overwrite of arbitrary cached entries. The actor can then steal ZCS email account credentials in cleartext form without any user interaction. With valid email account credentials in an organization not enforcing multifactor authentication (MFA), a malicious actor can use spear phishing, social engineering, and business email compromise (BEC) attacks against the compromised organization. Additionally, malicious actors could use the valid account credentials to open webshells and maintain persistent access.

On March 11, 2022, researchers from SonarSource announced the discovery of this ZCS vulnerability. Zimbra issued fixes for releases 8.8.15 and 9.0 on May 10, 2022. In June 2022, SonarSource publicly released proof-of-concept (POC) exploits for this vulnerability.[1][2] Based on evidence of active exploitation, CISA added this vulnerability to the Known Exploited Vulnerabilities Catalog on August 4, 2022. Due to the POC and ease of exploitation, CISA and the MS-ISAC expect to see widespread exploitation of unpatched ZCS instances in government and private networks.

CVE-2022-27925 and CVE-2022-37042

CVE-2022-27925 is a high severity vulnerability in ZCS releases 8.8.15 and 9.0 that have mboximport functionality to receive a ZIP archive and extract files from it. An authenticated user has the ability to upload arbitrary files to the system thereby leading to directory traversal.[3] On August 10, 2022, researchers from Volexity reported widespread exploitation—against over 1,000 ZCS instances—of CVE-2022-27925 in conjunction with CVE-2022-37042.[4] CISA added both CVEs to the Known Exploited Vulnerabilities Catalog on August 11, 2022. 

CVE-2022-37042 is an authentication bypass vulnerability that affects ZCS releases 8.8.15 and 9.0. CVE-2022-37042 could allow an unauthenticated malicious actor access to a vulnerable ZCS instance. According to Zimbra, CVE-2022-37042 is found in the MailboxImportServlet function.[5][6] Zimbra issued fixes in late July 2022.

CVE-2022-30333

CVE-2022-30333 is a high-severity directory traversal vulnerability in RARLAB UnRAR on Linux and UNIX allowing a malicious actor to write to files during an extract (unpack) operation. A malicious actor can exploit CVE-2022-30333 against a ZCS server by sending an email with a malicious RAR file. Upon email receipt, the ZCS server would automatically extract the RAR file to check for spam or malware.[7] Any ZCS instance with unrar installed is vulnerable to CVE-2022-30333.

Researchers from SonarSource shared details about this vulnerability in June 2022.[8] Zimbra made configuration changes to use the 7zip program instead of unrar.[9] CISA added CVE-2022-3033 to the Known Exploited Vulnerabilities Catalog on August 9, 2022. Based on industry reporting, a malicious cyber actor is selling a cross-site scripting (XSS) exploit kit for the ZCS vulnerability to CVE 2022 30333. A Metasploit module is also available that creates a RAR file that can be emailed to a ZCS server to exploit CVE-2022-30333.[10]

CVE-2022-24682

CVE-2022-24682 is a medium-severity vulnerability that impacts ZCS webmail clients running releases before 8.8.15 patch 30 (update 1), which contain a cross-site scripting (XSS) vulnerability allowing malicious actors to steal session cookie files. Researchers from Volexity shared this vulnerability on February 3, 2022[11], and Zimbra issued a fix on February 4, 2022.[12] CISA added this vulnerability to the Known Exploited Vulnerabilities Catalog on February 25, 2022. 

DETECTION METHODS

Note: CISA and the MS-ISAC will update this section with additional IOCs and signatures as further information becomes available. 
CISA recommends administrators, especially at organizations that did not immediately update their ZCS instances upon patch release, to hunt for malicious activity using the following third-party detection signatures:

  • Hunt for IOCs including:
    • 207.148.76[.]235 – a Cobalt Strike command and control (C2) domain
  • Deploy third-party YARA rules to detect malicious activity:

CISA and the MS-ISAC recommend organizations upgrade to the latest ZCS releases as noted on Zimbra Security – News & Alerts and Zimbra Security Advisories.

See Volexity’s Mass Exploitation of (Un)authenticated Zimbra RCE: CVE-2022-27925 for mitigation steps.

Additionally, CISA and the MS-ISAC recommend organizations apply the following best practices to reduce risk of compromise:

  • Maintain and test an incident response plan.
  • Ensure your organization has a vulnerability management program in place and that it prioritizes patch management and vulnerability scanning of known exploited vulnerabilities. Note: CISA’s Cyber Hygiene Services (CyHy) are free to all state, local, tribal, and territorial (SLTT) organizations, as well as public and private sector critical infrastructure organizations: cisa.gov/cyber-hygiene-services
  • Properly configure and secure internet-facing network devices.
    • Do not expose management interfaces to the internet.
    • Disable unused or unnecessary network ports and protocols.
    • Disable/remove unused network services and devices.
  • Adopt zero-trust principles and architecture, including:
    • Micro-segmenting networks and functions to limit or block lateral movements.
    • Enforcing phishing-resistant multifactor authentication (MFA) for all users and VPN connections.
    • Restricting access to trusted devices and users on the networks.

INCIDENT RESPONSE

If an organization’s system has been compromised by active or recently active threat actors in their environment, CISA and the MS-ISAC recommend the following initial steps:

  1. Collect and review artifacts, such as running processes/services, unusual authentications, and recent network connections.
  2. Quarantine or take offline potentially affected hosts.
  3. Reimage compromised hosts.
  4. Provision new account credentials.
  5. Report the compromise to CISA via CISA’s 24/7 Operations Center ([email protected] or 888-282-0870). SLTT government entities can also report to the MS-ISAC ([email protected] or 866-787-4722).

See the joint CSA from the cybersecurity authorities of Australia, Canada, New Zealand, the United Kingdom, and the United States on Technical Approaches to Uncovering and Remediating Malicious Activity for additional guidance on hunting or investigating a network, and for common mistakes in incident handling. CISA and the MS-ISAC also encourage government network administrators to see CISA’s Federal Government Cybersecurity Incident and Vulnerability Response Playbooks. Although tailored to federal civilian branch agencies, these playbooks provide operational procedures for planning and conducting cybersecurity incident and vulnerability response activities and detail steps for both incident and vulnerability response. 

ACKNOWLEDGEMENTS

CISA and the MS-ISAC would like to thank Volexity and Secureworks for their contributions to this advisory.

DISCLAIMER

The information in this report is being provided “as is” for informational purposes only. CISA and the MS-ISAC do not provide any warranties of any kind regarding this information. CISA and the MS-ISAC do not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring.

Source…

AWS grows collaboration with PA Consulting

/in


An expanded collaboration has been announced between PA Consulting and AWS. The multi-year agreement will see the advisory firm help drive innovation and new industry solutions in the cloud.

A subsidiary of internet giant Amazon, Amazon Web Services (AWS) provides on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered pay-as-you-go basis. The platform enables clients to grow businesses through alignment with its sales, marketing, funding, capture, and proposal teams.

Rahul Gupta, Partner and Cloud Executive Sponsor at PA Consulting, commented, “Our strategic agreement with AWS fundamentally accelerates our cloud services business and solutions.  We are committed to helping our clients find digital, cloud based solutions to drive growth, and this SA cements that goal. We are excited to work with AWS as we build out new cloud-based solutions for clients across a number of key industries.”

AWS grows collaboration with PA Consulting

PA will now collaborate with AWS to build market-specific solutions for a number of key industries. These include cyber security for financial services companies, advanced health care solutions for local authorities, and real time analytics on shopping behaviours for bricks and mortar retailers.

Vittorio Sanvito, Director of Partner Development in EMEA at AWS, remarked, “This agreement is recognition that many organisations recognise the benefits of implementing  cloud services and the next generation of digital growth will come from partners that can combine these services with deep sector knowledge. We are delighted to strengthen our collaboration with PA Consulting, which encapsulates a robust services platform with experienced cloud experts who can help companies with their migration journey to AWS.”

The agreement continues a sustained partnership between PA and AWS. The consulting firm has been a key delivery partner for the platform for some time now, helping deploy it across clients in multiple sectors. For example, PA was even named winner of the Most Valuable Amazon Connect Deployment prize at the 2021 AWS Global Public Sector Partner Awards. The award has recognised PA’s work for launching the Wellbeing Automated Call Service…

Source…