ICS Cybersecurity Year in Review; GAO: Critical Infrastructure Cyber Framework; Hackers Actively Scanning for Microsoft Exchange Server Vulnerability; US Collegiate CTF Competition with Large Scholarships and Direct Connection to Jobs Announced at RSA

In an extraordinary keynote address at RSA 2020 yesterday, Rob Lee provided an authoritative review of the attacks and status of defenses in ICS security. His full (50 minute) keynote is on YouTube (see url below). The data are fascinating and provocative. One interesting insight: the vendors of ICS systems (OEMs) are failing to make basic security fixes, resulting in 91% of ICS systems having "common hardware issues beyond the asset owners' purview."

Read more in

According to a report from the Government Accountability Office (GAO), federal agencies that have the lead in protecting critical infrastructure sectors (sector specific agencies, or SSAs) have for the most part not taken adequate steps to ensure that the sectors they oversee have adopted the National Institute of Standards and Security's (NIST's) Framework for Improving Critical Infrastructure Cybersecurity. There are nine SSAs overseeing 16 critical infrastructure sectors. Two SSAs have developed strategies for determining framework adoption in their designated sectors; two others have taken steps toward developing methods. Most of the SSAs have encouraged their sectors to adopt the framework. GAO recommends that NIST develop time frames for completing initiatives, and that the SSAs gather and report in improvements made from framework adoption.

Read more in

Attackers are scanning for systems that have not been patched against the Microsoft Exchange Server remote code execution vulnerability that was fixed in Microsoft's February Patch Tuesday release.

Read more in

College students who hope to qualify for internships and jobs in cybersecurity are now eligible for the Cyber FastTrack Capture the Flag (CTF) leading to $2.2 million in scholarships (including several SANS classes and GIAC certifications) and direct internships and jobs with employers seeking top talent. Open to all college students in the U.S. Deadline to register March 22. Actual competition March 26-27.

More information: https://cyber-fasttrack.org

A flaw in Wi-Fi chips from Cypress Semiconductor and Broadcom could be exploited to decrypt data sent over Wi-Fi networks. The affected chips are used in a range of devices, including iPhones, iPads, Amazon Echos and Kindles, Android devices, and certain Wi-Fi routers. The vulnerability, dubbed Kr00k lies in the way the chips manage network interruptions: devices could be forced to use encryption keys that are simply a string of zeroes. Most manufacturers have developed fixes for the issue, but it is not known how widely they have been applied.

Read more in

US federal prosecutors dropped 11 narcotics cases against after crucial evidence was lost in a ransomware attack on a Florida police department's network. The Stuart police department experienced a ransomware attack in April 2019. Some data were recovered, but evidence in the cases was lost. Other jurisdictions around the country have also reported losing evidence in ransomware attacks.

Read more in

The Gadsden Independent School District in Las Cruces, New Mexico has been hit with ransomware for the second time in seven months. The district reported that its internet and communications systems were offline. It is not clear if the most recent infection is new or a recurrence of the July attack.

Read more in

French cloud services provider Bretagne Telecom was hit with a ransomware attack in early January 2020. The company did not pay a ransom and was able to restore its systems from backups. Bretagne Telecom's CEO said the attackers exploited a Citrix vulnerability for which a patch was not yet available. The attackers did steal some data from Bretagne Telecom, which they uploaded to a website.

Read more in

Google's latest update for the Chrome browser includes fixes for three security issues, one of which is already being actively exploited. All three flaws have been rated high severity. Chrome 80.0.3987.122 is available for Windows, macOS, and Linux.

Read more in

A recently disclosed flaw in some Zyxel Network Attached Storage (NAS) products has been found to also affect certain Zyxel firewall products. Zyxel became aware of the vulnerability several weeks ago after a security expert discovered that an exploit for the vulnerability was being sold on a cybercrime forum.

Read more in

Telecommunications companies in Australia will have to actively obtain approval from customers before porting a mobile phone number to a new provider. The Australian Communications and Media Authority (ACMA) said the process will require multi-factor authentication, but did not provide additional details. The Australian Communications Consumer Action Network (ACCAN) wants the ACMA to require "highly secure" methods of authentication.

Read more in

On Tuesday, February 25, Mozilla announced that "Firefox began the rollout of encrypted DNS over HTTPS (DoH) by default for US-based users." Firefox users outside the US can enable DoH by choice in their Network Settings. While Cloudflare is the default encrypted-DNS service in Firefox, users can manually switch to NextDNS or another service of their choice.

Read more in

Facial recognition software company Clearview AI has disclosed that someone gained unauthorized access to its client list, which includes law enforcement agencies. Clearview did not share details of the breach, although the company did say that its servers were not breached. Clearview has made headlines recently for scraping billions of images from social media.

Read more in