Tag Archive for: reinforces

US government reinforces ICBC hack link to Citrix Bleed

/in


The possibility that this was the case was first raised by security researcher and commentator Kevin Beaumont via social media website Mastodon on Thursday 9 November. Beaumont had posted evidence drawn from Shodan revealing that ICBC was running a Citrix NetScaler appliance that was not patched against CVE-2023-4966.

According to the Wall Street Journal, which was first to report the latest development having reviewed the note, the Treasury told the industry that it was yet to fully establish that CVE-2023-4966, an information disclosure vulnerability, and a second bug tracked as CVE-2023-4967, a denial-of-service vulnerability, were the access vectors used by LockBit’s operatives. However, the authorities appear to be confident that this will be confirmed imminently.

In the wake of last week’s attack, according to Reuters, the disruption to ICBC’s ability to do business was so extensive that employees were forced to move to proprietary webmail services, while the brokerage was also left temporarily indebted to investment bank BNY Mellon to the tune of $9bn.

Separately, an individual purporting to represent the interests of the LockBit cartel told the news agency that ICBC has paid a ransom. The veracity of this claim has not been verified.

Should I worry about Citrix Bleed?

Commonly known as Citrix Bleed, zero-day exploitation of CVE-2023-4966 has been dated to the beginning of August, and it was added to CISA’s Known Exploited Vulnerabilities (KEV) catalogue on 18 October, eight days after Citrix issued an update to patch it.

Mandiant researchers explained that when successfully exploited, an attacker can use CVE-2023-4966 to hijack existing authenticated sessions and bypass authentication measures, and worse still, these sessions can persist even if the Citrix patch has been deployed.

Its analysts have also observed session hijacking in which session data was stolen before the patch was deployed, and thereafter used by an attacker.

Authenticated session hijacking is a problem because it can lead to attackers gaining wider downstream access based on the permissions that identity or session had been given.

They can then steal additional credentials and start moving…

Source…

Biden’s National Security Strategy Reinforces Tech Decoupling and Increased Regulatory Focus

/in


November 18, 2022

Originally published in The Hill

Click for PDF

The recently released National Security Strategy sets forth the Biden administration’s approach to a changing world at an inflection point providing a roadmap for the administration and for Congress. The administration’s national security priorities largely echo those of past administrations, but they diverge with their focus on a “modern industrial and innovation strategy” that promises deep use of industrial and economic tools to create a bulwark against autocracies like Russia and China. The resulting message is clear: The administration’s national security goals are inherently tied to, and will necessarily impact, a broad swath of American companies.

Five areas of the strategy stand-out for their potential impact on companies.

First, increased investment scrutiny will ensure the Committee on Foreign Investment in the United States (CFIUS), with its expansive authority to review foreign investments, continues to be a prominent national security tool. The strategy also contemplates new outbound investment restrictions, which have been gaining congressional momentum as well. Should “reverse-CFIUS” come into effect, companies will need to transform their outbound investment strategies, planning for increased investment timelines, heightened scrutiny for investments in certain sectors and in certain countries, and potentially restrictions on certain outbound investments deemed to pose national security risk. Further, increased export controls will require companies to reinforce compliance programs and reevaluate offshoring operations. As the Commerce Department’s recent semiconductor restrictions demonstrate, new regulations can quickly reverberate across an industry, in some cases having a material impact.

Second, foreign policy and domestic policy lines blur with the focus on making strategic public investments in strategic sectors and supply chains, especially critical and emerging technologies. New laws, including the CHIPS and Science Act and the Inflation Reduction Act, illustrate the administration’s commitment — and congressional support —…

Source…

OpenDNS reinforces cloud security with ties to Check Point, ZeroFOX, others

/in

OpenDNS has developed a partner API that lets security vendors connect their technologies to the OpenDNS cloud for enforcement, effectively extending protection to any device no matter where it connects to the Internet.

OpenDNS CEO David Ulevitch

OpenDNS CEO David Ulevitch

The first two such partners are Check Point and ZeroFOX, and the company will announce another dozen or so partners over the next few months, says OpenDNS CEO David Ulevitch.

+ Also on Network World: How the cloud is changing the security game +

To read this article in full or to leave a comment, please click here

Network World Tim Greene

Google reinforces Android’s security against malware – Generation NT (US)

/in

Google reinforces Android's security against malware
Generation NT (US)
As the world's most widely used mobile platform, deployed on more than 250 million devices, it is hardly surprising that Android is targeted by malware. Google is taking the required precautions to make Android Market safer. The phenomenal growth of

and more »

“android security” – read more