Tag Archive for: releases

NIST Releases Draft Zero-Trust Architecture Guide

/in


Agencies looking to adopt zero-trust security architecture can expect to see new guidance roll out throughout this summer.

The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) works with government agencies, industry organizations and academic institutions to create example solutions for pressing cybersecurity concerns, and in recent years turned its focus to zero trust, said NCCoE Security Engineer and Project Manager Alper Kerman during an RSA Conference panel.

Under its Implementing a Zero Trust Architecture project, NCCoE has been working to identify the core components of a zero-trust approach, as well as demonstrate different ways for achieving it, using commercially available technologies. The effort aims to show how a zero-trust architecture could work for different scenarios such as an employee or guest user trying to access online resources, or a contractor trying to access an on-premise resource, Kerman said.


Now in early June, NCCoE has released a draft guide, with more to follow.

“We want to be able to figure out what would be the minimum viable solution that would give us some level of zero-trust orchestration,” Kerman said.

There are three key aspects of a zero-trust architecture: enhanced identity governance (EIG), micro segmentation and software-defined perimeters, he said. Organizations may find it easier to focus more heavily on one or another, depending on their workflows, while still including elements of the other two, per NIST.

For the project, NCCoE is first demonstrating zero-trust example scenarios that focus on EIG techniques and is releasing preliminary drafts of its guidance on this method.

On June 3, NCCoE released a draft high-level overview document intended to help leadership consider their planning. NCCoE will be following up with two more detailed and technical guides, with those drafts slated for release in July and August.

WHAT’S ZERO TRUST AGAIN?

Zero trust isn’t a specific standard but rather “a set of principles used in designing and implementing and operating an infrastructure,” said NIST Computer Scientist…

Source…

General Motors Announces Data Breach; Zoom Releases Security Patch

/in


Data breaches are not a new occurrence, but if you feel as though they have become much larger in scale over the past couple of years, those feelings are not misguided. According to research conducted by AtlasVPN, around 5.9 billion records were affected by a data breach in 2021, a new record high.

In this week’s BlackCloak Thursday Threat Update, we’ll take a look at a data breach disclosed by General Motors and a security patch recently released by Zoom.

General Motors discloses data breach

What we know: General Motors announced it was the victim of a data breach, as the automotive manufacturer discovered malicious login activity between April 11 and April 29. While details are still unfolding, cybercriminals may have had access to the personal information of GM online and mobile application accounts, including users’ names, home and email addresses, phone numbers, and usernames. General Motors said in its data breach notification letter that cybercriminals were able to login through credentials they gathered from other data breaches not tied to the company.

Recommendation: In order to access an account, GM is requiring all users to reset their passwords. When you do, create a password that is long, complex and is completely unique from all of your other passwords. Since the incident occurred because of compromised credentials from other data breaches, now is a good time to reset the passwords for all of the services you use to ensure they are all completely unique. Be on the lookout for phishing scams as well. While they are commonly conducted via email, cybercriminals can also perform these scams through text messages and phone calls, practices known as “smishing” and “vishing,” respectively.

Zoom releases security patch for ‘zero click’ vulnerability

What we know: Zoom has released a security patch to address a vulnerability affecting Windows, macOS, iOS and Android users. A Google Project Zero security researcher discovered the vulnerability, which can give cybercriminals the ability to compromise a victim’s account through Zoom’s chat functionality without any user interaction. Should a cybercriminal exploit this flaw, they could force the targeted…

Source…

RIPTA releases note from hackers in ransomware attack – Turn to 10

/in



RIPTA releases note from hackers in ransomware attack  Turn to 10

Source…

Notorious Maze Ransomware Gang Closes Up Shop And Releases Decryption Keys

/in


Over the past three years the Maze crew ensnared scores of victims with its ransomware. Now, suddenly, Maze seems to have called it quits. They’ve released master decryption keys and destroyed the bulk of the malware’s code.

Curiously enough the announcement was made on the message boards at Bleeping Computer. They’re a popular and incredibly useful resource for those who are trying to recover from a ransomware infection.

The Maze announcement certainly has the potential to be helpful to the group’s victims. Having access to the master keys allows security researchers to develop decryptors that victims can use to recover their files for free.

In addition to Maze, keys for the Sekhmet and Egregor ransomware were also released. Egregor was launched by the group in September of 2020, a month before Maze operations were shut down. Sekhmet first appeared in the Spring of 2020.

However, as Christopher Boyd of Malwarebytes Labs reported, decryption tools for all three ransomware strains had already been released. Boyd notes that the inclusion of keys is more of an interesting part of the announcement than a breakthrough for those looking to get their files back.

A Question Of Timing

Last February French and Ukranian law enforcement officials made several arrests connected to Egregor. The arrests followed a period of unexpected downtime of Egregor servers, which some in underground forums believed was a sign that its infrastructure had been compromised by the authorities.

The farewell post makes sure to point out that the decision to shut down once and for all was not made because of the arrests.

The poster claims that this was a planned move and that the group has decided to “never return to this kind of activity.”

It sounds encouraging enough to hear an alleged spokesperson to say that a crew that’s responsible for scores of attacks that targeted law firms, municipalities, construction companies and pretty much any other entity with the ability to pay high-dollar ransoms.

That said, the Maze group already claimed it was riding off into the sunset once. This could turn out to be more of an “until we meet again” than a real…

Source…