CISA Releases SCuBA Hybrid Identity Solutions Architecture Guidance Document for Public Comment
CISA has released a draft Secure Cloud Business Applications (SCuBA) Hybrid Identity Solutions Architecture guidance document for public comment. The request for comment period is open until April 17, 2023. Comments may be submitted to CyberSharedServices@cisa.dhs.gov.
In accordance with Executive Order 14028, CISA’s SCuBA project aims to develop consistent, effective, modern, and manageable security that will help secure agency information assets stored within cloud operations. This guidance will help federal civilian departments and agencies securely and efficiently integrate their traditional on-premises enterprise networks with cloud-based solutions.
CISA encourages federal program and project managers involved in identity management interoperability and vulnerability mitigation to review and provide comment. Visit CISA’s SCuBA project page for more information and to review the guidance document.
Beware of Bank-Related Scams
In light of recent bank failures, CISA warns consumers to beware of potential scams requesting your money or sensitive personal information. Exercise caution in handling emails with bank-related subject lines, attachments, or links. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to any failed bank.
The Federal Deposit Insurance Corporation (FDIC), the “Receiver” of failed banks, would never contact you asking for personal details, such as bank account information, credit and debit card numbers, social security numbers, or passwords.
To avoid becoming victims of scams, consumers should review the following resources and take preventative measures:
CISA: Avoiding Social Engineering and Phishing Attacks
FDIC Consumer News: Beware, It’s a Scam!
FDIC Consumer News: Scammers Pretending to be the FDIC
FDIC: Failed Bank Information for Silicon Valley Bank, Santa Clara, CA
FDIC: Failed Bank Information for Signature Bank, New York, NY
CISA: Phishing Infographic
Consider reporting scams and fraud to the police and file a report with the Federal Trade Commission.
Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we’d welcome your feedback.
WaterISAC Releases Advisory for Microsoft DCOM Patch
The Water Information Sharing and Analysis Center (WaterISAC) has released an advisory, Potential for Mandatory Microsoft DCOM Patch to Disrupt SCADA. ICS/OT/SCADA engineers and operators should assess the use of the Distributed Component Object Model (DCOM) protocol in their industrial environments. According to WaterISAC, “failure to address could result in loss of critical communications between impacted ICS/OT/SCADA devices.”
CISA urges operators to review the WaterISAC advisory and apply recommended compensating controls. See Microsoft KB5004442—Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414) for more information.
Threat Actors Exploited Progress Telerik Vulnerability in U.S. Government IIS Server
Today, the CISA, Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server. This joint CSA provides IT infrastructure defenders with tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and methods to detect and protect against similar, successful CVE-2019-18935 exploitation.
As detailed in the advisory, CISA analysts determined that multiple cyber threat actors, including an Advanced Persistent Threat (APT) actor, exploited a .NET deserialization vulnerability in Progress Telerik user interface for ASP.NET AJAX. Exploitation of this vulnerability allowed malicious actors to successfully execute remote code on a federal civilian executive branch (FCEB) agency’s Microsoft Internet Information Services (IIS) web server. Actors were then able to upload malicious dynamic-link library (DLL) files (some masqueraded as portable network graphics [PNG] files) to the C:WindowsTemp directory.
CISA, FBI, and MS-ISAC encourage network defenders to review the Detection and Mitigations sections of this advisory, as well as refer to the accompanying Malware Analysis Report, MAR-10413062-1.v1 Telerik Vulnerability in U.S. Government IIS Server, to reference CISA’s analysis for the identified malicious files.
Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we’d welcome your feedback.
Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server
SUMMARY From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and authoring organizations identified the presence of indicators of compromise (IOCs) at a federal civilian executive branch (FCEB) agency. Analysts determined that multiple cyber threat actors, including an APT actor, were able to exploit a .NET deserialization vulnerability (CVE-2019-18935) in […]