Gary Warner

Vintage OSINT tool : How it started - How its going https://lnkd.in/eFEdSdtU

19

12 Comments

With an increase in consumer banking done online post-pandemic, and the current geopolitical situation, it’s important for the Public and Private sectors to share threat intelligence to stop bad actors and Secure the Internet.

5

New Post: #CISA and @FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory #Traversal Vulnerabilities - https://lnkd.in/dAir6seU CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities 05/02/2024 02:00 PM EDT Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating Directory Traversal Vulnerabilities in Software. This Alert was crafted in response to recent well-publicized threat actor campaigns that exploited directory traversal vulnerabilities in software (e.g., CVE-2024-1708, CVE-2024-20345) to compromise users of the software—impacting critical infrastructure sectors, including the Healthcare and Public Health Sector. Additionally, this Alert highlights the prevalence, and continued threat actor exploitation of, directory traversal defects. Currently, CISA has listed 55 directory traversal vulnerabilities in our Known Exploited Vulnerabilities (KEV) catalog. Approaches to avoid directory traversal vulnerabilities are known, yet threat actors continue to exploit these vulnerabilities which have impacted the operation of critical services, including hospital and school operations. CISA and the FBI urge software manufacturer executives to require their organizations to conduct formal testing to determine their products’ susceptibility to directory traversal vulnerabilities. For more information on recommended principles and best practices to achieve this goal, visit CISA’s Secure by Design page. To catch up on the publications in this series, visit Secure by Design Alerts. Robert Williams#News247WorldPress

1

If you are following along on the CUI program home game, you know that the CUI program was created to apply a consistent set of requirements across the entire Executive Branch of the federal government which define what is sensitive, unclassified information and how that information should be safeguarded and disseminated. These requirements are defined in 32 CFR 2002, which was published in 2016. When the United States Department of Defense first created DoDI 5200.48 back in 2016 (DoDI 5200.48 defines DoD's implementation of the CUI program), 32 CFR 2002 was pretty new and, understandably, the early version of 5200.48 had some inconsistencies. DoD released an updated version of DoDI 5200.48 about a year and a half ago, and it addressed some of those inconsistencies. DoD recently released an updated policy memo which makes some additional changes to 5200.48. https://lnkd.in/gmsySBBq Those changes have, unfortunately, created a bit of added confusion about when CUI can be disseminated to authorized holders, and especially when: a) the disseminator is a government contractor; and b) the authorized holders are not US persons. The CMMC Information Institute put together the flowchart, below, to try to help walk government contractors through when CUI can be disseminated to someone who is not a US person (or, really, anytime). Hopefully it is helpful!

56

14 Comments

Recent shifts within The NIST NVD operations have raised alarms among researchers and practitioners. ⚠️ These changes have led to delays in vulnerability analysis and a noticeable decline in enriching CVEs with critical data such as CPEs, CVSS scores, CWEs, and references. This creates significant hurdles for organizations striving to effectively identify and prioritize vulnerabilities. 💡 Meet DeviceTotal, a transformative solution reshaping this vulnerable pyramid. Our AI-powered technology propels vulnerability management into a new era, offering substantial enhancements in accuracy, speed, and automation. 🚀 DeviceTotal sources security information directly from vendors, ensuring data is updated well before it reaches the NVD. This proactive approach empowers organizations with timely insights, enabling swift and informed actions to mitigate threats. 💪 On top of that, DeviceTotal provides actionable insights for every threat, offering precise indications for available updates, mitigation options, workarounds, End-of-Life alerts, and more.  And the best part? No agents, no installations—just swift value delivered directly to your organization. Don't let your vulnerability management strategy crumble—elevate it with DeviceTotal. Experience the difference today. #VulnerabilityManagement #CyberSecurity #DeviceTotal #cybersecurity #infosecurity #riskmanagement #vulnerabilitymanagement #nationalsecurity (cartoon copyright by XKCD.com)

24

#DFIR Tip of the Day: Leveraging the SAM Hive for User Account Analysis Security Account Manager (SAM) Hive is a critical Windows registry hive that stores user account information. How to Leverage the SAM Hive: 1. Locate the SAM Hive: The SAM hive is located at `C:\Windows\System32\config\SAM`. 2. Extract Data: Use forensic tools like `RegRipper` to extract and parse the SAM hive. 3. Analyze User Accounts: Review the list of user accounts, including account creation dates, last login times, and password change dates. Benefits for Forensic Analysis: - User Activity Insight: Gain insights into user activity and account usage patterns, helping to identify unauthorized access or dormant accounts. - Account History: Track historical data such as password changes and account lockouts to detect potential security incidents. - Privilege Escalation Detection: Identify accounts with elevated privileges or newly created administrative accounts that could indicate a compromise.

2

One of the reasons I'm excited about attending the @IPTC Photo-Metadata Conference this year is that I'm really looking forward to hearing a presentation by Neal Krawetz. Neal will be presenting a live demo of research he has gathered over the past year of how the C2PA tools (for provenance and authenticity) still have some holes in their processes. I am all about supporting missions around trust and authenticity in media - but I want to make sure I can see how to get from point A to point Z with transparency, independent governance of data and without it turning into something like digital rights management (DRM) which could lead to silos or channels of content that would only promote or allow only certain publishers to get certificates and be their own verified sources of trust. I keep wanting to use a 'right to repair' your own equipment metaphor, but what I really mean is that I want the 'right to update my own metadata' without having to go through a complex trust and authenticity system that could be hacked anyway but at the same time become the voice of authority.

1

Intelligence Community Emphasizes Enhanced Counterintelligence Measures In response to increasing global threats, the House Permanent Select Committee on Intelligence has passed the Intelligence Authorization Act for Fiscal Year 2024. This legislation is designed to bolster the United States' counterintelligence capabilities against foreign threats from countries like China, Russia, and Iran. The Act aims to enhance intelligence collection across all domains—air, land, sea, space, and cyber—ensuring that the Intelligence Community can effectively address emerging challenges. Significant emphasis is placed on adopting cutting-edge technologies and securing classified systems from insider threats. This legislation also highlights the importance of collaboration between the Intelligence Community, private sector, academia, and international allies to leverage advanced technologies and research. Such cooperation is critical in staying ahead of the evolving threats posed by nation-state adversaries and transnational criminal organizations​. At RiskMind, we understand the importance of integrating advanced technologies and global cooperation to address sophisticated threats. Our expertise in intelligence and risk management ensures comprehensive solutions for our clients, providing critical insights and proactive measures to safeguard their interests. #Intelligence #NationalSecurity #RiskManagement #AdvancedTechnology #GlobalCooperation

4

For those wanting to wait for #CMMC to be perfect before it is adopted, remember that: a) it will never be perfect from everyone’s perspective; and, b) our adversaries are happy that you’re continuing to kick the cyber implementation can down the road. It’s time to get off the cybersecurity sidelines, before your business, or even our nation, is permantely sidelined. #cyber #cyberab #dod #cmmc2 #nist #nist800171

35

2 Comments

In this video, we dive into the complexities of implementing NIST special publication 800-53 in a government organization. The redundancy of federal government entities struggle with reciprocity. We delve into the challenges of implementing NIST Special Publication 800-53 within a single organization and the complexities of replicating this process across different department How Compliance Scorecard dealt with redundancy when working across different government entities and leveraged our Governance as a Service SaaS platform can help. As MSP/IT professionals, we need to understand how these frameworks create operations across various government departments and entities. Heather Noggle and I have some words of wisdom #GovernmentOperations #NIST853 #FedRAMP #EfficiencyMatters #StreamliningProcesses #GovernmentCompliance #ITSecurity #Cybersecurity #DigitalTransformation #GovernmentWorkflow

22

1 Comment

New from Jen Easterly, Director, Cybersecurity and Infrastructure Security Agency, addressing this year's Cyber Storm exercise. I'm grateful some our Gate 15 team and orgs we support were able to participate in this significant national exercise. "Cyber threat actors continue to infiltrate critical #infrastructure networks with increased sophistication, persistence, and malicious intent. While some actors remain financially motivated, others such as nation-state actors aligned with the People’s Republic of #China, aim to compromise U.S. critical infrastructure networks to potentially disrupt critical services in the event of a geopolitical conflict. Organizations need to be prepared to respond and remain resilient in the face of these challenging threats, and exercises, such as #CyberStorm, serve as a critical tool to enhance preparedness. A few weeks ago, approximately one hundred exercise planners convened at CISA headquarters for the ninth iteration of the national cyber exercise, Cyber Storm. The planners, representing private industry, federal, state, and international government partners, managed an exercise that spanned across the globe to simulate a coordinated #cyberattack targeting critical infrastructure. What sets Cyber Storm apart from other cyber exercises is the depth and breadth of the exercise. We hosted over 2,200 participants from 300 organizations from more than 80 private sector companies, 35 federal departments and agencies, 11 states, and nine partner countries… Cyber Storm gave the participants an opportunity to exercise organizational response plans and capabilities, foster relationships with counterparts, and improve organizational and national cyber readiness and resilience. Participating organizations worked directly with CISA and coordinating bodies such as Sector Risk Management Agencies and Information Sharing and Analysis Centers to understand roles and capabilities during a cyberattack…" https://lnkd.in/emBig_j3 #cybersecurity #gate15 #cisa #preparedness #resilience

1

Join us on Wednesday, May 29th at 8:30 AM to discover how CERT Ukraine and CISA work together to combat cyber threats! Limited tickets available - act fast! Link in bio for more details and to get tickets. #CERTUkraine #CISA #CyberDefense #Collaboration #CyberSecurity.

7

"Stay secure with examroom.ai." 🔒 New Updates on National Security Agency (NSA) The National Security Agency (NSA) has recently released an essential update concerning the Commercial National Security Algorithm (CNSA) Suite 2.0, focusing on quantum-resistant cryptographic algorithms and their implementation within National Security System (NSS). 🚀 Highlights from the Update: 1. Introduction of quantum-resistant algorithms to combat potential quantum computer threats. 2. Detailed transition plans for systems currently using older cryptographic standards CNSA 1.0. 3. Strategic insights into the future of digital security within the national and defense industrial base. 📖 Read the full article to understand how these developments might impact your work and the broader cybersecurity landscape - https://lnkd.in/g4qGi42p

7

💭 #DFIR Thoughts It is a generalized misunderstanding that the column names and descriptions of a report generated by a digital forensics tool are the last word on what an artifact is or what it means. This erroneous assumption is so pervasive that it can be seen even within our organizations and labs. Using a tool that has been blessed as tested and verified does no mean that proper interpretation of the data and/or report is not needed anymore. It also does not absolve the expert from doing their own testing when an artifact is of key importance to a case. It definitely requires that managers stop outsourcing their responsibility to the validation team and really take into account the expertise of the examiners under their care. Even more importantly it should underscore how the best report is not the one that is more favorable to the theory of the case but the one that reflects the data accurately. Tool reports are not the data. The data is the data. Validate everything that matters. Tools can: 🔵 Parse data incompletely. 🔵 Parse data completely but present in a way that could be misinterpreted (which is what happens when new data has to fit in a predefined tool schema that does not provide for a way to indicate possible nuance.) 🔵 Wholly miss relevant data. 🔵 Present the data correctly in a way that is easy to understand even to non-experts. 🔵 Be erroneous. The tool has been wrong in the past and it will be again in the future. Does that mean tools are invalidated or useless? By all means, NO! Tool output is not the end of an examination but the start. Tool makers (I am one BTW) strive to make true sense of the data but at the end of the day "it is not the tool that does the exam but the examiner", the person behind the keyboard (thanks to DFIR Training (Brett Shavers) for the quote.) If you want to delve more into the topic check out SANS Digital Forensics and Incident Response paper titled Six Steps to Mobile Validation here: https://lnkd.in/ehQTkDs9 #DigitalForensics #MobileForensics #DataValidation #YouAreTheTool

91

5 Comments

🚨 BREAKING: Significant Triumph in the Battle Against Cybercrime! 🚨 In a world where cyber threats are escalating, the recent unmaking of Russian hacker Dmitry Khoroshev in Germany marks a critical milestone. Khoroshev, also known by aliases such as "Sandworm Team," "Voodoo Bear," and "Iridium Parnas," was indicted for engaging in sophisticated cyberattacks against heavyweight entities including the NSA, FBI, and Microsoft. His affiliation with the notorious APT28 or Fancy Bear, tied to the GRU, reveals the complex overlay of state-sponsored cyber operations. Having seen firsthand the disruptive aftermath of cyberattacks during my tenure in the FBI, the necessity of multinational collaboration becomes ever so clear. This indictment was made possible through the concerted efforts of Germany's BKA, the FBI, and Microsoft's Digital Crimes Unit. 🔍 The alarming capability of hackers, exhibited in attacks ranging from the 2015 Ukrainian power grid disruption to interference in political arenas, underscores an urgent need for heightened cyber defenses. It's a stark reminder of the pervasive threat cyberattacks pose, not just to particular nations, but globally. 💡 Now, here's a thought - If a single point of failure, such as the detection through a VPS, can lead to the identity of a high-profile cybercriminal, how robust are current traceability mechanisms in our systems? I'd love to hear from you: ▪️ How effective do you think international law enforcement collaboration is in curbing cybercrime? ▪️ What measures do you see as vital in maintaining one step ahead of such malicious entities? With cyber warfare on the rise, let's come together to strategize not only defense but proactive measures that safeguard our global digital landscape. #Cybersecurity #APT28 #Cybercrime #DigitalSecurity #InfoSec #Technology #Collaboration #LawEnforcement #FBI #Microsoft #NSA 💬 Please share your thoughts and experiences, and remember, every share or like helps raise awareness and strengthens our collective defense!

16

2 Comments

Update on the #CMMC timeline!  During the April The Cyber AB Town hall, Matthew Travis pointed out that CFR 48, the procurement side of the rule, was returned to the DoD and not accepted for release for public comment. The rule was originally expected out for public comment in March 2024; however since it was returned to the DoD on Apr 8 the timeline is unclear. Matt speculated that it could be a simple clerical error that could be quickly addressed enabling the rule to be released for public comment in May 2024. Public comments for CFR 32, the CMMC Program rule, are being adjudicated by the DoD. CFR 32 is still expected to be released in fall of 2024. This rule establishes the CMMC Program and authorizes assessments to begin. Therefore, it is likely that assessments can begin prior to being mandated in contracts. This will give the DoD additional fuel for including CMMC in more contracts once CFR 48 is finalized since organization will have plenty of time to get ready. Will your organization be ready for an CMMC assessment in time to beat the rush to ensure you can bid on contracts when CFR 48 is finalized?

31

3 Comments

Are videos critical to your #OSINT investigations, but you don’t have a reliable tool to download them? 🤔 The Video Download extension of Silo for Research gives you quick access to a reliable downloader to capture videos in an instant. 📸

10