Netizen Blog and News

The Netizen team sharing expertise, insights and useful information in cybersecurity, compliance, and software assurance.

recent posts

about

  • Deepening the Integration of C-SCRM in CMMC 2.0

    Deepening the Integration of C-SCRM in CMMC 2.0

    The cybersecurity supply chain risk management (C-SCRM) framework plays a pivotal role in ensuring that contractors within the Defense Industrial Base (DIB) are effectively addressing the risks posed by their interconnected supply chains. As noted in the National Institute of Standards and Technology’s (NIST) SP 800-161r1, C-SCRM ensures that organizations can identify, assess, and mitigate cybersecurity risks that arise from suppliers, their products, services, and the supply chain itself. The integration of C-SCRM within the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) 2.0 is critical for securing the flow of sensitive data, particularly when dealing with Controlled Unclassified Information (CUI) and Federal Contract Information (FCI).

    Key Aspects of C-SCRM in CMMC 2.0

    Cybersecurity Risk Across the Supply Chain

    C-SCRM ensures that enterprises account for the risks that could arise from external entities such as suppliers, third-party contractors, or vendors. These risks are not just limited to malicious activities or cyberattacks but also include vulnerabilities resulting from poor manufacturing, insecure development practices, or lack of transparency within the supply chain itself. For example, compromised or vulnerable products from suppliers can provide attack vectors into larger enterprise systems. Within CMMC 2.0, this focus is reflected by the updated controls and practices that require organizations to vet suppliers more rigorously and ensure that they meet baseline security standards before integrating products or services

    Incorporating C-SCRM practices means assessing the supply chain continuously, ensuring that each third-party vendor, developer, or integrator is complying with relevant cybersecurity controls. A well-managed supply chain protects against the risks posed by supply chain threats such as software vulnerabilities (e.g., software dependencies from smaller vendors or COTS components) and risks arising from external service providers. CMMC 2.0’s structured approach highlights how organizations must prioritize securing their supply chains, especially when working with contractors that handle CUI or FCI.

    Comprehensive Supply Chain Assurance


    Under CMMC 2.0, contractors at Level 2 and 3 must demonstrate robust mechanisms for securing their supply chain. This includes implementing proper risk assessments, establishing stringent access controls, and maintaining effective vulnerability management practices to ensure products and services are secure throughout their lifecycle. This assurance is particularly important for high-risk government contracts involving sensitive or classified information.

    The new version of CMMC also integrates continuous monitoring of supply chain vulnerabilities—ensuring that contractors are consistently reviewing their relationships with suppliers to assess risk and remedy vulnerabilities. The idea of continuous vigilance ties in directly with Zero Trust Architecture (ZTA) principles, which emphasize never implicitly trusting any party or product, even if they come from trusted vendors or suppliers. Zero Trust demands that contractors authenticate every connection to their systems and verify it, regardless of where it originates within the supply chain.

    Alignment with NIST’s Cybersecurity Framework and Best Practices

    C-SCRM under CMMC 2.0 is deeply aligned with NIST SP 800-161r1, which provides detailed guidance on managing cybersecurity risks within the supply chain. According to NIST, effective C-SCRM practices are comprehensive, covering everything from the acquisition of products to their eventual disposal. This involves performing risk assessments that evaluate the security posture of every entity within the supply chain, identifying weaknesses and mitigating potential threats. For contractors under CMMC 2.0, this means assessing cybersecurity risks at every stage—from initial product sourcing to the decommissioning of a vendor’s services.

    Integrating Risk Management Activities


    CMMC 2.0’s inclusion of C-SCRM brings a strong emphasis on integrating risk management activities into the overall cybersecurity posture of an organization. The model encourages businesses to adopt comprehensive risk management strategies, specifically targeted at addressing cyber risks arising from suppliers and external parties. For example, the updated framework requires that contractors not only assess risks from external parties but also assess internal practices related to the design, development, and deployment of products that interact with external systems. This is particularly important for organizations engaged in software development or those relying heavily on cloud service providers (CSPs) and managed security service providers (MSSPs).

    The C-SCRM framework requires companies to have robust incident response plans in place that also cover the response to supply chain-related breaches. These plans must be coordinated with suppliers and contractors, ensuring that if an incident arises within the supply chain, it can be swiftly identified, communicated, and addressed. The introduction of self-assessments at lower levels of CMMC 2.0 simplifies this process for SMBs, but even smaller contractors must demonstrate the ability to recognize and respond to emerging risks within the supply chain.

    Supply Chain Resilience and NIST’s Guidelines

    A major concern within C-SCRM is ensuring that the supply chain remains resilient in the face of a cybersecurity breach. According to NIST’s guidelines, resilience is a key component in mitigating supply chain risks, emphasizing the importance of systems that can withstand cyberattacks and recover quickly. CMMC 2.0 reflects this by encouraging contractors to adopt practices that enhance the resilience of both their systems and the entire supply chain. This includes not only securing systems and software but also ensuring that third-party vendors maintain a strong security posture.

    Furthermore, CMMC 2.0 aligns well with NIST’s risk exposure framework, encouraging contractors to continually assess and adjust their security measures to adapt to changing cyber threat landscapes. These assessments enable organizations to focus on scalability and maintainability within their supply chains, ensuring that they can continue operating without disruption while addressing evolving threats.

    C-SCRM as a Pillar of CMMC 2.0 Compliance

    The C-SCRM approach integrated into CMMC 2.0 brings a proactive, structured method for managing risks throughout the supply chain, ultimately securing the flow of sensitive defense data. By focusing on thorough vetting of suppliers, rigorous risk assessments, and continuous monitoring, CMMC 2.0 enables contractors to better manage the complexities of modern, interconnected supply chains.

    With growing concerns over supply chain attacks and vulnerabilities within third-party products, C-SCRM under CMMC 2.0 is not just a compliance obligation; it’s a critical component of any organization’s cybersecurity strategy. By integrating strong C-SCRM practices into their operations, businesses within the DIB can bolster their defenses, maintain compliance with DoD requirements, and ultimately contribute to the broader effort to secure the defense ecosystem.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Questions or concerns? Feel free to reach out to us any time –

    https://www.netizen.net/contact

  • Should Your SMB Adopt Zero Trust for CMMC 2.0 Compliance? Here’s What You Need to Know

    Should Your SMB Adopt Zero Trust for CMMC 2.0 Compliance? Here’s What You Need to Know

    The transition from Cybersecurity Maturity Model Certification (CMMC) 1.0 to 2.0 marks a significant evolution in how the Department of Defense (DoD) addresses cybersecurity within the Defense Industrial Base (DIB). With the new framework set to take effect on December 16, 2024, CMMC 2.0 simplifies compliance while maintaining robust protection for sensitive information. At the core of this transition is the growing alignment with Zero Trust Architecture (ZTA), a model that reflects a fundamental shift in cybersecurity strategy. For small and medium-sized businesses (SMBs), the question arises: should you adopt Zero Trust now to meet CMMC 2.0’s requirements?

    The Essence of CMMC 2.0

    CMMC 2.0 consolidates the original five maturity levels into three tiers, focusing on foundational, advanced, and expert cybersecurity practices. This streamlined approach reduces the complexity of compliance for small- and medium-sized businesses (SMBs), while ensuring contractors implement strong security measures based on the sensitivity of the data they handle. For example, Level 1 emphasizes basic cybersecurity practices for protecting Federal Contract Information (FCI), while Levels 2 and 3 address more stringent requirements for safeguarding Controlled Unclassified Information (CUI).

    What stands out in this new framework is its flexibility. The introduction of self-assessments for lower-risk contracts and a phased rollout of certification requirements make it feasible for SMBs to adapt without excessive financial strain. However, this flexibility doesn’t equate to leniency; the DoD’s approach emphasizes accountability and measurable security practices, particularly as contractors scale up to higher levels.

    Why Zero Trust Matters

    Zero Trust Architecture (ZTA) plays a pivotal role in bridging the compliance goals of CMMC 2.0 with the realities of modern cybersecurity threats. The underlying principle of ZTA—“never trust, always verify”—is designed to eliminate implicit trust in network environments. This model treats every user, device, and application as a potential threat until verified, providing layers of defense against sophisticated cyberattacks.

    The shift from CMMC 1.0 to 2.0 mirrors this philosophy. By streamlining the framework, the DoD has emphasized proactive security over reactive measures. At higher levels, the alignment with NIST SP 800-171 and SP 800-172 incorporates Zero Trust concepts such as least-privilege access, continuous monitoring, and secure data-sharing protocols. These practices align seamlessly with CMMC’s goals of protecting critical DoD data across its supply chain.

    CMMC 2.0’s Emphasis on Data and Identity

    One of the largest overlaps in concept between CMMC 2.0 and ZTA is the emphasis on identity management and data-centric security. Under the new framework, contractors must demonstrate robust access controls to ensure that only authorized users can interact with sensitive data. This requirement echoes Zero Trust’s principle of strict access control, where multifactor authentication and role-based access systems are paramount.

    For SMBs, this presents both a challenge and an opportunity. While implementing such controls can appear daunting, tools and services tailored for ZTA can simplify this process. Managed security service providers (MSSPs) and automated compliance platforms, for instance, offer scalable solutions that reduce the burden of managing these controls internally.

    Additionally, CMMC 2.0’s reliance on continuous monitoring and incident detection aligns perfectly with Zero Trust’s focus on real-time threat identification. These requirements ensure that contractors remain vigilant, not just during audits but throughout the entire lifecycle of their operations.

    So Should You Switch to Zero Trust?

    For many businesses, especially those navigating the complexities of CMMC 2.0, adopting Zero Trust Architecture (ZTA) might feel like a daunting prospect. However, with the advancement of threat actors and increasing reliance on interconnected systems, Zero Trust is rapidly becoming a necessity rather than an option. But is it the right move for your organization?

    The Case for SMBs

    SMBs might wonder if the shift to Zero Trust is worth the investment, given budget and resource constraints. However, with CMMC 2.0 emphasizing clear compliance requirements and scalable solutions, Zero Trust becomes a strategic decision. For example:

    1. CMMC 2.0 Integration: Adopting Zero Trust helps SMBs meet the stricter access control requirements of Levels 2 and 3 by implementing least-privilege principles and multifactor authentication.
    2. Cost-Effective Security: While implementing Zero Trust may involve upfront investment, it eliminates inefficiencies found in outdated security models, reducing long-term costs related to breach recovery or non-compliance penalties.
    3. Simplified Management: Many modern Zero Trust solutions are cloud-native and designed with scalability in mind. This is particularly beneficial for SMBs, which can leverage managed services to adopt Zero Trust without the need for extensive in-house expertise.

    Challenges and Considerations

    Switching to Zero Trust isn’t without its challenges. Organizations must assess their current infrastructure and determine how to phase in Zero Trust principles without disrupting operations. Key considerations include:

    • Legacy Systems: Older IT systems may not integrate seamlessly with Zero Trust frameworks, requiring upgrades or replacements.
    • Cultural Resistance: Transitioning to a “trust nothing” model can be a cultural shift for organizations accustomed to traditional perimeter-based security.
    • Implementation Complexity: Zero Trust requires granular visibility into user behavior, devices, and applications, which can be resource-intensive without proper tools.

    The Strategic Advantage

    Despite these challenges, Zero Trust is an investment in resilience, one that will definitely pay off. For organizations aiming to achieve CMMC 2.0 compliance, it provides a forward-thinking approach that not only satisfies regulatory requirements but also enhances overall security posture. The flexibility of modern Zero Trust solutions ensures that businesses can start small—such as implementing multifactor authentication and identity verification—and expand as needed.

    The question isn’t just whether you should switch to Zero Trust, but whether your business can afford not to. In an era where breaches are inevitable, Zero Trust serves as both a proactive defense mechanism and a pathway to meeting the increasingly rigorous cybersecurity standards of frameworks like CMMC 2.0. By adopting this model, organizations position themselves not only for compliance but also for long-term success in an evolving threat landscape.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Questions or concerns? Feel free to reach out to us any time –

    https://www.netizen.net/contact

  • 400 GB of Bank Data Stolen: What We Know About the Finastra Breach

    400 GB of Bank Data Stolen: What We Know About the Finastra Breach

    Finastra, a major financial technology provider serving some of the largest banks globally, is investigating an alleged data breach involving its internal file transfer platform. The incident, first reported on November 7, 2024, involves a cybercriminal claiming to have exfiltrated over 400 gigabytes of sensitive customer data, which has since been put up for sale on a dark web forum.

    Scope of the Breach

    The company detected unusual activity in its secure file transfer protocol (SFTP) platform and promptly notified its customers. While Finastra has stated that the breach did not impact customer operations or involve malware deployment, the intruder reportedly accessed and extracted sensitive data. Screenshots posted on the dark web show directory listings of files associated with major banking clients, raising concerns about the potential exposure of financial transaction data.

    Investigation and Response

    Finastra confirmed that the incident stemmed from compromised credentials and has been working closely with affected clients to understand the breach’s impact. The company has since replaced the compromised platform with an alternative secure file-sharing system and has been sharing Indicators of Compromise (IOCs) with customers’ security teams.

    Finastra’s CISO is actively engaging with client security teams to provide updates on the eDiscovery process, which aims to identify affected customers and assess the full scope of the breach. Not all customers use the affected platform, and Finastra is prioritizing accuracy and transparency as it communicates findings.

    Potential 400gb of Stolen Data

    The alleged attacker, using the alias “abyss0,” began selling the stolen data on the BreachForums platform. Initial sales attempts date back to October 31, with more explicit mentions of Finastra and its clients surfacing in early November. Interested buyers have been directed to communicate via Telegram, though details about the exact nature of the stolen data remain unclear.

    The October 31st post from user abyss0, image via ke-la.com

    Brian Krebs reported that the threat actor “abyss0” initially listed the stolen Finastra data for $20,000 in late October, later dropping the price to $10,000 by early November. An active cybercriminal, they had previously advertised databases from dozens of other breaches over the past six months. The timeline of this breach indicates that the attacker may have accessed Finastra’s systems well before the suspicious activity detected by the company on November 7.

    As of now, abyss0 has since vanished. Their Telegram account was suspended or deleted, and their BreachForums profile, along with all related sales threads, disappeared shortly afterward.

    Moving Forward

    Finastra could face legal challenges from clients whose data was compromised in the breach. Financial institutions impacted by this incident may seek damages for any regulatory fines, reputational harm, or operational disruptions they experience as a result. Additionally, class-action lawsuits from end customers of affected banks could emerge if personal financial data is confirmed to have been part of the stolen information.

    Restoring trust will be a critical priority for Finastra moving forward. While the company has taken steps to address the immediate aftermath, including replacing the compromised platform and communicating proactively with clients, it must go further to reassure its customers.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Questions or concerns? Feel free to reach out to us any time –

    https://www.netizen.net/contact

  • DOJ Reportedly Pressures Google to Divest Chrome Browser Amid Antitrust Push

    DOJ Reportedly Pressures Google to Divest Chrome Browser Amid Antitrust Push

    The U.S. Department of Justice (DOJ) is reportedly pressing for Google to sell off its Chrome browser, claiming the company’s practices have entrenched its monopoly in search and online advertising. Bloomberg reports that this move stems from a broader DOJ effort to implement structural remedies after Judge Amit Mehta ruled in August that Google had violated antitrust laws by dominating search and search text ads. The DOJ’s proposal, expected to be presented to Judge Mehta, may also target other aspects of Google’s operations, including its Android platform and artificial intelligence initiatives.

    Chrome’s Market Power and Role in Google’s Ecosystem

    With a commanding 61% share of the U.S. browser market, Chrome is integral to Google’s success. Its tight integration with Google’s search and advertising platforms has made it the world’s most-used browser. If forced to sell, experts estimate Chrome could be valued at $20 billion. However, the divestment raises questions about its viability as an independent entity. Critics worry that separating Chrome from Google could diminish its capabilities and force users to depend on less robust alternatives like Microsoft Edge or Apple Safari.

    Broader Implications of Antitrust Action

    This potential divestment represents a significant move in the Biden administration’s broader push to rein in Big Tech. By embedding its search engine into Chrome and Android, Google has created a powerful ecosystem that regulators say suppresses competition. Breaking up Chrome could set a precedent, potentially leading to similar actions against other tech giants accused of monopolistic behavior.

    Industry Reactions

    The DOJ’s proposal has ignited a debate among experts. Proponents see structural remedies like divestment as a necessary step to restore competition in the tech sector. Others, however, caution that standalone browsers may struggle financially. Mozilla’s Firefox, for instance, relies on financial backing from Google to survive, highlighting the challenges Chrome might face on its own.

    Some critics also suggest that splitting Chrome off could inadvertently benefit browsers like Safari and Edge, further consolidating power within Apple and Microsoft rather than diversifying the browser market.

    Privacy Concerns

    A central criticism of Chrome is its role in Google’s data-driven ecosystem. The browser collects extensive user data—including browsing history, location, and site interactions—to fuel Google’s advertising dominance. This tight integration has raised alarm among privacy advocates, who argue that Chrome’s dominance gives Google unchecked access to sensitive user information.

    If Chrome operates independently, it could present an opportunity to shift towards a more privacy-conscious model, similar to the direction taken by Mozilla’s Firefox. Enhanced features, such as stricter third-party cookie blocking, anonymized browsing, and user-controlled data permissions, could make an independent Chrome more appealing to privacy-focused users and organizations. However, questions remain about whether Chrome can sustain its development without revenue from Google’s ad network, which may deter significant investments in privacy innovation.

    What Comes Next?

    Google has vowed to appeal the DOJ’s broader antitrust case, ensuring the legal battle will continue for months, if not years. While no timeline for the proposed divestment has been confirmed, the DOJ’s actions suggest increased scrutiny of Google’s operations, with a focus on fostering competition in the tech industry.

    For consumers and industry stakeholders, the stakes are high. The resolution of this case could reshape the digital landscape, influencing not only browser competition but also the broader ecosystem of search, advertising, and mobile operating systems.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Questions or concerns? Feel free to reach out to us any time –

    https://www.netizen.net/contact

  • Netizen: Monday Security Brief (11/18/2024)

    Netizen: Monday Security Brief (11/18/2024)

    Today’s Topics:

    • Zero-Day Vulnerabilities in Palo Alto Networks Firewalls Demand Immediate Action
    • Critical WordPress Plugin Vulnerability Exposes Millions of Websites
    • How can Netizen help?

    Zero-Day Vulnerabilities in Palo Alto Networks Firewalls Demand Immediate Action

    Palo Alto Networks has confirmed that a critical zero-day vulnerability in its PAN-OS firewall management interface is being actively exploited in targeted attacks. The issue, initially flagged in early November, has now been classified under two separate CVEs: CVE-2024-0012, an authentication bypass vulnerability (CVSS 9.3), and CVE-2024-9474, a privilege escalation flaw (CVSS 6.9). These vulnerabilities can potentially be chained to achieve remote code execution on exposed management interfaces.

    The exploitation, tracked under the name “Lunar Peek,” was identified on interfaces exposed to the internet. Palo Alto Networks strongly recommends restricting access to the firewall management interface to trusted IPs, as doing so can significantly reduce the attack surface. The vulnerabilities do not impact Prisma Access and Cloud NGFW products. Updates for patches and prevention signatures are expected soon.

    Separately, three additional vulnerabilities in Palo Alto’s Expedition platform (CVE-2024-9463, CVE-2024-9465, and another SQL injection flaw) have also been exploited in the wild, highlighting a broader need for vigilant monitoring and adherence to best practices, such as disabling internet-facing management interfaces.

    Forensic evidence so far includes indications of webshell payloads in attacks, pointing to the severity of potential exploits if these vulnerabilities are left unaddressed. Administrators are urged to monitor for suspicious activities such as unexpected configuration changes or unauthorized user accounts.

    To read more about this article, click here.

    Critical WordPress Plugin Vulnerability Exposes Millions of Websites

    A severe authentication bypass vulnerability has been uncovered in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress. This flaw, tracked as CVE-2024-10924 with a critical CVSS score of 9.8, poses a significant threat to over 4 million websites using the plugin. If exploited, it could allow attackers to gain full administrative access remotely.

    The issue arises from improper error handling in the check_login_and_get_user function, particularly affecting the two-factor authentication feature in plugin versions 9.0.0 through 9.1.1.1. This oversight permits unauthenticated attackers to log in as any user, including site administrators, effectively bypassing security measures.

    The vulnerability’s nature makes it highly exploitable at scale. According to István Márton, a security researcher at Wordfence, the flaw is “scriptable,” enabling automated mass exploitation against WordPress websites.

    Following its responsible disclosure on November 6, 2024, the plugin maintainers released a patch in version 9.1.2 within a week. Due to the severity, WordPress collaborated with the plugin developers to force-update all affected installations, ensuring maximum protection even before public disclosure.

    Users are urged to confirm their plugin is updated to the latest version and audit their site access logs for potential unauthorized activity.

    Successful exploitation could allow threat actors to:

    • Gain unauthorized administrative access.
    • Hijack affected websites.
    • Execute additional malicious activities, such as phishing campaigns or malware distribution.

    This disclosure follows another critical issue reported by Wordfence in the WPLMS Learning Management System theme for WordPress, tracked as CVE-2024-10470 (CVSS score: 9.8). The vulnerability affects versions prior to 4.963 and enables attackers to:

    • Read and delete arbitrary files due to insufficient validation of file paths and permission checks.
    • Access sensitive files such as wp-config.php, forcing the website into a setup state. This state allows attackers to connect the site to a malicious database, potentially leading to a complete takeover.

    Users of the WPLMS theme are advised to upgrade to the latest version and implement strict access controls. Regular monitoring and secure backup practices are also essential to mitigate risks.

    To read more about this article, click here.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

  • Greynoise, AI, Zero-Days: AI’s Rapid Advancement in the Field of IDR

    Greynoise, AI, Zero-Days: AI’s Rapid Advancement in the Field of IDR

    GreyNoise Intelligence has recently identified two critical zero-day vulnerabilities in IoT-connected live-streaming cameras, highlighting the need for enhanced cybersecurity measures and proactive detection capabilities in widely deployed devices. These vulnerabilities demonstrate the growing risks posed by IoT devices in sensitive settings, such as healthcare facilities, industrial plants, government operations, and religious institutions. This article will outline the nature of these security flaws, their potential impact across sectors, and the role of AI in uncovering these threats.

    Background: GreyNoise’s AI-Driven Threat Detection

    GreyNoise, a cybersecurity firm with a reputation for advanced threat intelligence, uses an extensive network of sensors to track malicious internet traffic and distinguish it from benign activity. This network enables the detection of emerging threats by analyzing patterns that might otherwise go unnoticed by conventional security measures. In this case, GreyNoise’s AI-driven tools flagged unusual activity targeting specific live-streaming PTZ (pan-tilt-zoom) cameras. The flagged traffic led to the discovery of two previously unknown vulnerabilities, underscoring the effectiveness of AI in early detection.

    Vulnerabilities Identified: CVE-2024-8956 and CVE-2024-8957

    GreyNoise’s findings include two zero-day vulnerabilities in PTZ cameras, which are often used in settings that require high privacy and operational reliability. Affected models include devices equipped with NewTek’s Network Device Interface (NDI) technology, primarily using firmware versions below 6.3.40. These cameras are made by brands such as PTZOptics, Multicam Systems SAS, and SMTAV Corporation, all of which employ the HiSilicon Hi3516A V600 system-on-chip platform.

    CVE-2024-8956 (Insufficient Authentication, CVSS Score: 9.1)

    The first vulnerability, CVE-2024-8956, exposes devices to unauthorized access due to inadequate authentication protocols. This flaw allows attackers to access usernames, MD5-hashed passwords, and other sensitive configuration data. Given the outdated and insecure nature of MD5 hashing, attackers could potentially crack these credentials, enabling them to take over the device and access private video feeds.

    CVE-2024-8957 (OS Command Injection, CVSS Score: 7.2)

    The second vulnerability, CVE-2024-8957, is an OS command injection flaw that allows attackers to execute arbitrary commands on the cameras. If combined with CVE-2024-8956, this flaw can enable total device control, allowing attackers to view, alter, or disable video streams. Attackers may also use compromised devices for Distributed Denial-of-Service (DDoS) attacks or other malicious purposes.

    Sector-Specific Risks

    The wide-ranging use of PTZ cameras in sensitive environments makes these vulnerabilities especially concerning:

    • Industrial Operations: Many manufacturing plants use PTZ cameras for quality control and equipment monitoring. Unauthorized access could allow attackers to surveil operations or disrupt critical monitoring.
    • Healthcare and Telehealth: In medical settings, these cameras may enable telehealth and surgical streaming. A breach could expose patient data, violate privacy regulations, and disrupt essential services.
    • Government and Judicial Settings: Government facilities, including courtrooms, rely on secure video streams for both transparency and security. A vulnerability in these environments could compromise sensitive proceedings or disrupt government operations.
    • Religious Institutions: Streaming cameras are often used in houses of worship to broadcast services. Unpatched vulnerabilities could allow attackers to disrupt live streams or monitor services.

    AI’s Role in Early Detection and Mitigation

    GreyNoise’s AI-driven tools played a critical role in identifying these vulnerabilities before they were widely exploited. By analyzing global traffic patterns, GreyNoise’s system flagged the exploit attempt as an anomaly. This proactive approach allowed researchers to isolate and investigate the vulnerabilities, leading to their disclosure and the timely development of solutions.

    Responsible Disclosure and Next Steps

    Following the discovery, GreyNoise collaborated with VulnCheck to disclose these vulnerabilities responsibly to the affected vendors. This collaboration provided manufacturers with the information needed to address the flaws before they could be exploited on a broader scale. Responsible disclosure is crucial in ensuring that security gaps are addressed swiftly, protecting users from potential exploitation.

    The Future of AI in IDR

    GreyNoise’s application of AI in incident detection and response (IDR) offers a strong case for using machine learning in managing and mitigating cybersecurity threats, especially in high-stakes settings that involve real-time data and sensitive environments. Here’s why you might see AI more heavily adopted in the IDR field:

    How AI Improves IDR

    The scale at which AI operates allows organizations to analyze vast amounts of data almost instantaneously, scanning for deviations that would take human analysts far longer to identify. AI in IDR is essential in IoT contexts, where the network size and device count often make manual monitoring inefficient. By leveraging AI, GreyNoise was able to sort through internet traffic at a global scale to identify malicious activity targeting live-streaming cameras without requiring manual oversight for each device. Once flagged, the system allowed for the vulnerabilities to be investigated and responsibly disclosed.

    Proactive vs. Reactive Cybersecurity

    The traditional approach to incident response often involves responding to detected breaches, which can already compromise sensitive data or operations. In contrast, AI’s real-time capabilities enable a proactive approach, where anomalous patterns are flagged before vulnerabilities are exploited at scale. GreyNoise’s detection of CVE-2024-8956 and CVE-2024-8957 illustrates how AI can offer organizations lead time to patch or isolate vulnerabilities. This proactive stance is crucial for settings such as industrial sites, healthcare facilities, and government agencies, where IoT vulnerabilities could lead to privacy breaches, service disruptions, or even physical security risks.

    AI as the Future of IDR

    The use of AI by GreyNoise demonstrates how machine learning and behavioral analytics will continue to reshape IDR. As AI becomes more integrated into cybersecurity, we can expect faster threat detection, more accurate identification of potential attacks, and a proactive approach to securing IoT networks and other critical infrastructure. These capabilities are essential in a world where the number and complexity of IoT-connected devices are only increasing. By enabling faster, data-driven responses to cyber threats, AI not only improves the security of individual devices but also contributes to broader network resilience and reliability across sectors.

    How Organizations Can Safeguard IoT Devices

    Organizations relying on IoT devices like PTZ cameras can take several steps to improve security:

    • Patch Management: Regularly update firmware and software for IoT devices. Contact vendors to confirm whether devices are affected by known vulnerabilities and apply patches promptly.
    • Network Segmentation: Isolate IoT devices on separate networks to prevent unauthorized access to sensitive systems if a device is compromised.
    • Enhanced Authentication: Implement strong, multi-factor authentication for all IoT devices, avoiding outdated or insecure methods like MD5 hashing.
    • Traffic Monitoring and AI Detection: Leverage AI-driven security tools to monitor network traffic and detect unusual activity, potentially flagging vulnerabilities before they become widespread.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Questions or concerns? Feel free to reach out to us any time –

    https://www.netizen.net/contact

  • Modern Phishing Explained: Types, Tactics, and How to Avoid Scams in 2024

    Modern Phishing Explained: Types, Tactics, and How to Avoid Scams in 2024

    Phishing is a type of social engineering attack where cybercriminals manipulate individuals into revealing sensitive information like passwords, financial details, and personal data. Originally, phishing attacks were often crude attempts to impersonate trusted entities, but in recent years, phishing tactics have evolved significantly. Phishers today utilize a blend of technical sophistication and psychological tricks—such as trust, urgency, and curiosity—to exploit people across various communication channels, including email, text messages (smishing), phone calls (vishing), and even cloned websites.

    In 2024, phishing attacks have become more advanced and nuanced. Traditional email phishing now includes highly targeted “spear-phishing” attacks, where attackers craft personalized messages based on extensive research into their victims. Other phishing types, such as “clone phishing,” replicate legitimate emails from a trusted sender, but with malicious links or attachments replacing the original content. Attackers are increasingly leveraging new channels and technologies, making it more challenging to spot these scams.

    Modern phishing tactics now also harness emerging technologies to outsmart conventional defenses. Artificial intelligence and machine learning allow attackers to personalize their scams more convincingly, making them harder to detect. Meanwhile, new tactics such as browser-in-the-browser attacks simulate legitimate login pop-ups, and deepfake-based vishing uses synthetic audio to impersonate familiar voices. These advanced methods make it critical for individuals and organizations to stay vigilant, recognize the varied forms of phishing, and adopt proactive security measures to protect their information in a complex digital landscape.

    Classic Types of Phishing Attacks

    Email Phishing

    In email phishing, attackers send large volumes of emails designed to appear from a legitimate source, such as a bank, online retailer, or known business. The emails often use persuasive language and an official tone, incorporating fake company logos and familiar branding to enhance credibility. These emails typically contain links to fraudulent websites where users are asked to “verify” information or “log in” to their accounts, unknowingly handing over credentials to the attacker. Additionally, some emails contain malicious attachments that deploy malware if downloaded, compromising the device and potentially exposing the user’s personal information.

    Spear Phishing

    Spear phishing is a refined form of phishing that targets specific individuals or organizations. Unlike generic phishing emails, spear phishing attempts are tailored, often incorporating personal details, such as the recipient’s name, job title, or company information, making the email appear authentic. For example, an attacker might impersonate a coworker or client with a message related to a recent project or business matter. This method leverages the sense of familiarity to increase trust and coax the target into sharing sensitive information or taking an action, like approving a fake invoice. High-profile spear phishing attacks have caused substantial financial and reputational damage in recent years, demonstrating the risks associated with personalized scams.

    Smishing (SMS Phishing)

    Smishing involves sending deceptive messages via text (SMS) rather than email. These messages often pose as alerts from banks, delivery services, or government agencies, directing recipients to click on a link or respond with personal information. Common tactics include urgent requests to resolve “account issues” or to verify identity to avoid service suspension. Smishing can be particularly effective because individuals tend to trust SMS communications, especially if they appear from a reputable source, and may not scrutinize URLs or links as carefully as they would in an email.

    Vishing (Voice Phishing)

    Vishing uses voice calls to deceive victims. Attackers may impersonate bank officials, tech support, or even government agents, creating a sense of urgency or authority to prompt quick compliance. Common schemes involve telling the victim that their account is compromised or that they owe overdue payments, pressuring them to provide account details, PIN numbers, or payment information. Some vishing calls even use automated messages to appear more official, instructing recipients to “press a number” to connect with a “representative,” further enhancing the perception of legitimacy.

    Clone Phishing

    In clone phishing, attackers duplicate a legitimate email that the victim previously received, such as a message from a colleague or business partner, and modify it to include malicious links or attachments. By keeping the original email content intact, clone phishing exploits the user’s existing trust, making the victim more likely to engage with the malicious content. This type of attack can be challenging to detect since the email appears almost identical to an authentic message, relying on the user’s familiarity with the content to mask the scam.

    What does Modern Phishing Look Like?

    Phishing tactics have evolved rapidly in 2024, with several modern techniques increasingly leveraging advanced technologies like artificial intelligence. Below are some new and updated phishing strategies that can help you build a more comprehensive guide on phishing defense.

    AI-Driven Phishing

    The use of AI has enabled cybercriminals to craft more convincing and personalized phishing messages. With AI, attackers can generate targeted content that mimics real communications, such as impersonating co-workers or company executives in emails and instant messages. AI tools also allow attackers to automate these scams on a large scale, adapting messaging for different industries and roles, making their deceptions even harder to detect.

    Deepfake Phishing

    Deepfake technology is being used in “vishing” or voice phishing to impersonate high-level executives’ voices over the phone. Cybercriminals use deepfake audio or video to deceive employees, requesting transfers of funds or sensitive information under the guise of urgency. This tactic takes social engineering to a new level by exploiting trusted voices and has been particularly impactful in corporate environments where quick decision-making is expected.

    Adversary-in-the-Middle (AiTM) Attacks

    Adversary-in-the-Middle (AiTM) phishing has become more prominent. In these attacks, criminals intercept the communication between a user and a legitimate website by placing themselves in the middle, allowing them to capture login credentials and bypass multi-factor authentication (MFA) protections. This technique has grown due to the high value of credentials in cyberattacks on corporate accounts.

    Browser-in-the-Browser (BiTB) Phishing

    BiTB attacks mimic legitimate login pages within an apparent pop-up browser window, making it look like the user is logging in securely. Attackers design these windows to capture login credentials for popular services (e.g., Google or Microsoft accounts) and steal personal information. As these windows mimic native login pop-ups, they can deceive even security-conscious users.

    QR Code Phishing

    QR code phishing has also seen a rise in 2024, as many people use them in daily interactions. Attackers send phishing emails or messages with malicious QR codes that redirect users to spoofed sites or automatically initiate harmful actions on a user’s device when scanned. This method can bypass certain email security filters, making it particularly effective in email and SMS phishing.

    Phishing-as-a-Service (PhaaS)

    Phishing-as-a-Service platforms now allow criminals to rent the tools and infrastructure needed for phishing attacks, providing templates, hosting, and other resources that streamline attack execution. This has lowered the barrier for entry into phishing scams, enabling even less skilled criminals to execute sophisticated attacks and contributing to the overall rise in phishing incidents. This is a common trend in the modern threat actor environment, and has been seen before with the inception of RaaS.

      Exploiting Human Nature

      Phishing attacks exploit human psychology and technical vulnerabilities, often combining the two for greater impact.

      Urgency and Fear

      Phishing messages frequently use urgent language to create anxiety and prompt immediate action. Attackers might threaten account suspensions, fines, or missed opportunities, pushing victims to act without careful thought. This sense of urgency is designed to bypass rational decision-making, increasing the likelihood that users will click on a link or provide sensitive information.

      Spoofed Email Addresses and URLs

      Cybercriminals often make slight alterations to email addresses or website URLs to appear legitimate. For example, they may replace a lowercase “l” with a capital “I” or subtly alter a domain name, such as using “paypa1.com” instead of “paypal.com.” These small changes are difficult to detect at a glance, making it easy for users to fall for the scam. Paying close attention to the sender’s email address and checking URLs for slight inconsistencies can help identify these traps.

      Fake Login Pages

      Fake login pages mimic the design of legitimate websites to trick users into entering their credentials. Attackers create pages that look nearly identical to real websites, including logo placement, color schemes, and layout. When victims enter their usernames and passwords, this information is captured by the attackers. Always double-check the website URL before entering login details, ensuring it matches the official site and is secured with HTTPS.

      Malicious Attachments

      Malware-laden attachments are often disguised as harmless files, such as PDFs or Word documents. Once opened, they can install malicious software on the victim’s device, enabling attackers to access files, monitor keystrokes, or even control the device remotely. Avoid downloading or opening attachments from unknown sources, and utilize antivirus software to detect and block potential threats.

      Impersonation of Trusted Sources

      Attackers frequently impersonate individuals or brands familiar to the victim, such as a colleague, manager, or popular service provider. By adopting a trusted persona, attackers gain credibility and exploit the victim’s natural inclination to trust the source. For instance, an email might appear from “IT Support” with a message stating that the user’s password needs resetting, which could lead to a phishing link if the victim complies.

      Protecting Against Phishing Attacks

      Verify the Source

      Before clicking on links or responding to messages, verify the sender’s identity. For emails, closely inspect the email address and domain. For texts or calls, contact the organization directly using official contact information. Simple verification steps can prevent many phishing attempts from succeeding.

      Be Cautious with Links and Attachments

      Always scrutinize links before clicking, hovering over them to see if the URL looks legitimate. Be cautious of shortened links, as they may obscure the destination website. Attachments, even from familiar contacts, should be handled with caution—especially if they arrive unexpectedly.

      Use Multi-Factor Authentication (MFA)

      MFA adds an extra layer of security by requiring a secondary verification method, like a text message code, fingerprint, or app-based approval. Even if attackers obtain login credentials, MFA significantly reduces their chances of accessing accounts.

      Keep Software Updated

      Regular updates ensure that software vulnerabilities are patched, reducing the risk of malware and other exploits. Updates often address security flaws that phishing attackers could exploit.

      Engage in Phishing Awareness Training

      Ongoing training programs can improve employees’ ability to detect and respond to phishing. Simulated phishing exercises allow users to practice spotting red flags in a controlled environment, boosting awareness and readiness.

      How Can Netizen Help?

      Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

      We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

      Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

      Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

      Questions or concerns? Feel free to reach out to us any time –

      https://www.netizen.net/contact

    1. November 2024 Patch Tuesday: 88 Vulnerabilities, Two Zero-Days

      November 2024 Patch Tuesday: 88 Vulnerabilities, Two Zero-Days

      Microsoft’s November 2024 Patch Tuesday addresses a total of 88 vulnerabilities and includes one advisory, marking a slight reduction in volume from October. This month’s patch cycle fixes four critical vulnerabilities and resolves two zero-days, with one zero-day disclosed alongside a proof of concept (PoC). PoCs have been developed for two additional vulnerabilities, though they have not yet been actively exploited.

      The vulnerabilities addressed in this month’s updates include:

      • 28 Elevation of Privilege (EoP) vulnerabilities
      • 43 Remote Code Execution (RCE) vulnerabilities
      • 6 Information Disclosure vulnerabilities
      • 26 Denial of Service (DoS) vulnerabilities
      • 7 Security Feature Bypass vulnerabilities
      • 7 Spoofing vulnerabilities

      These totals exclude three Edge-related vulnerabilities, which were patched earlier on October 3rd. For non-security updates, administrators can review cumulative updates for Windows 11 (KB5044284 and KB5044285) and Windows 10 (KB5044273).

      Zero-Day Vulnerabilities

      Two zero-days were resolved this month, one of which was actively exploited. Details of these zero-day vulnerabilities are as follows:

      CVE-2024-43451 | NTLM Hash Disclosure Spoofing Vulnerability

      Affects: NTLM Authentication in Microsoft Windows This vulnerability stems from improper handling of NTLM hashes, specifically NTLMv2, allowing attackers to obtain hash values via a maliciously crafted file. Attackers can exploit this by deceiving users into minimal interaction, such as right-clicking or opening the file, which then exposes NTLMv2 hashes without full file execution. This vulnerability, rated at a CVSS score of 6.5, is particularly impactful in environments using MSHTML and EdgeHTML platforms, and is effectively exploited in phishing attacks.

      CVE-2024-49039 | Windows Task Scheduler Elevation of Privilege Vulnerability

      Affects: Windows Task Scheduler This vulnerability allows attackers to bypass authentication mechanisms in the Windows Task Scheduler under certain conditions, enabling privilege escalation. Classified under CWE-287, it affects systems where the Task Scheduler service is widely used for automation. Attackers leveraging this flaw can elevate privileges from low-level user accounts, granting them access to typically restricted Remote Procedure Call (RPC) functions. The vulnerability holds a high CVSS score of 8.8, reflecting its significant threat level.

      Other Critical Vulnerabilities

      CVE-2024-49019 | Active Directory Certificate Services Elevation of Privilege Vulnerability

      Affects: Active Directory Certificate Services (AD CS) This vulnerability impacts systems with version 1 certificate templates where overly broad ‘Enroll’ permissions are combined with certificates set to “Supplied in the request.” Attackers exploiting this flaw can manipulate certificate requests to gain domain administrator privileges, significantly endangering systems utilizing Active Directory. This vulnerability holds a CVSS score of 7.8, signaling a high risk in enterprise environments with complex certificate configurations.

      CVE-2024-49040 | Microsoft Exchange Server Spoofing Vulnerability

      Affects: Microsoft Exchange Server This flaw permits attackers to manipulate the P2 FROM header in email, allowing for sender spoofing. Exploitation could enable phishing attacks by deceiving users into downloading malicious content or revealing sensitive data. Rated at a CVSS score of 7.5, the vulnerability poses a substantial risk to organizations dependent on Exchange for communications, especially in high-stakes industries such as finance and healthcare.

      Vendor Updates: Adobe, Cisco, Apple, and More

      Adobe: Multiple products were updated, including:

      • Adobe Acrobat and Reader: Addressed four vulnerabilities, two of which are critical RCE flaws.
      • Adobe Photoshop: Fixed memory corruption issues that could lead to RCE.

      Cisco: Notable updates include patches for:

      • ASA and FTD: A DoS vulnerability (CVE-2024-20481) in Remote Access VPN service, part of a brute-force campaign targeting VPN services across multiple vendors.

      Apple: Addressed 70+ vulnerabilities in iOS 18 and macOS Sequoia 15, focusing on issues ranging from information disclosure to heap corruption.

      Best Practice for Users

      To protect systems against this month’s vulnerabilities, it’s advised that users apply the November 2024 Patch Tuesday updates immediately. Prioritizing patches for critical flaws, especially the actively exploited zero-days, will help prevent potential exploitation. For more details, consult Microsoft’s security release documentation or contact IT support teams to ensure robust protection across networks.

      How Can Netizen Help?

      Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

      We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

      Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

      Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

      Questions or concerns? Feel free to reach out to us any time –

      https://www.netizen.net/contact

    2. Netizen: Monday Security Brief (11/11/2024)

      Netizen: Monday Security Brief (11/11/2024)

      Today’s Topics:

      • Vendor Security Failures: Amazon’s Employee Data Exposed in MOVEit Attack Fallout
      • Halliburton Faces $35 Million Loss After Major Ransomware Attack
      • How can Netizen help?

      Vendor Security Failures: Amazon’s Employee Data Exposed in MOVEit Attack Fallout

      Amazon has confirmed a breach of its employee data following a leak connected to the MOVEit Transfer vulnerability exploited in May 2023. This breach, which affected various companies, saw the threat actor, known as “Nam3L3ss,” release Amazon employee information on a hacking forum. The leaked data included employee names, email addresses, building locations, and other contact details, but Amazon noted that more sensitive information—such as Social Security numbers and financial data—was not compromised.

      The breach originated not from Amazon’s internal systems but from a third-party property management vendor that had access to limited Amazon employee information. According to Amazon spokesperson Adam Montgomery, the compromised data was restricted to employee contact information, and Amazon’s systems remain secure. This situation underscores the risks associated with third-party vendors, as organizations often rely on external service providers for specialized tasks, such as property management, which can introduce vulnerabilities if not properly secured.

      The MOVEit vulnerability exploited by the Clop ransomware gang has had far-reaching consequences, impacting over 25 other companies, including major corporations like Lenovo, McDonald’s, and HSBC. Clop targeted the MOVEit Transfer platform, a widely used secure file transfer solution in enterprise settings, exploiting a zero-day flaw over the Memorial Day weekend in 2023. Nam3L3ss, who is reportedly involved in these leaks, claimed to have harvested extensive amounts of data from internet-exposed resources and ransomware leak sites. This trove now includes data from organizations beyond Amazon, demonstrating the extensive impact of the MOVEit breach and the interconnected risks across supply chains.

      Nam3L3ss reportedly gathered data from a variety of sources, including databases exposed on the internet, such as those on AWS and Azure. The scale of this breach highlights the need for organizations to monitor third-party cybersecurity practices and secure vendor relationships, especially as ransomware actors increasingly target third-party vulnerabilities to gain access to sensitive data.

      Third-party risk management, particularly for SMBs with limited resources, requires careful vendor assessment and monitoring to mitigate similar risks.

      To read more about this article, click here.

      Halliburton Faces $35 Million Loss After Major Ransomware Attack

      In August 2024, Halliburton, a leading energy services company, disclosed a significant ransomware attack that ultimately cost the company $35 million. As a major player in oil and gas services, Halliburton operates globally across 70 countries and employs roughly 48,000 individuals. After detecting the breach, Halliburton took immediate action to secure its systems, shutting down parts of its IT infrastructure, which temporarily disrupted some customer connections and affected revenue.

      An SEC filing in August confirmed the breach’s details and clarified that an unauthorized third party had accessed sensitive company systems. Shortly afterward, it was revealed that the RansomHub ransomware group was responsible for the attack, having successfully stolen data from Halliburton’s network. The company has not disclosed exactly what information was compromised, but it remains under investigation.

      Despite the disruption, Halliburton reported a $0.02 per share impact on third-quarter earnings, largely attributed to lost revenue from both the cyber incident and unrelated weather events in the Gulf of Mexico. CEO Jeff Miller stated that these incidents would not significantly impact Halliburton’s overall financial health or expectations for the year, suggesting that revenue growth and shareholder returns are expected to continue as planned into the fourth quarter.

      Future financial implications could arise if sensitive client data is leaked or sold. Such scenarios might expose Halliburton to further costs due to potential lawsuits and compliance liabilities related to data privacy.

      To read more about this article, click here.

      How Can Netizen Help?

      Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

      We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

      Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

      Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    3. CMMC 2.0 Final Rule: What Small and Medium-Sized DoD Contractors Need to Know

      CMMC 2.0 Final Rule: What Small and Medium-Sized DoD Contractors Need to Know

      The Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) 2.0 final rule, set to go into effect on December 16, 2024, aims to secure the defense supply chain against cybersecurity threats by setting clear cybersecurity requirements for contractors. For small and medium-sized businesses (SMBs) that work with the DoD, these changes present both challenges and opportunities. Here’s a detailed look at what SMBs should know about the updated CMMC 2.0 framework and how they can navigate its requirements effectively.

      CMMC 2.0: What’s New?

      CMMC 2.0 is a streamlined version of the original model, which initially had five cybersecurity maturity levels. The revised model now has three levels, each tailored to different levels of cybersecurity risk:

      1. Level 1 (Foundational): This level is for companies handling Federal Contract Information (FCI). Contractors at this level must implement 17 basic cybersecurity practices and conduct annual self-assessments.
      2. Level 2 (Advanced): Designed for companies dealing with Controlled Unclassified Information (CUI), Level 2 aligns with NIST SP 800-171 requirements, which include 110 security practices. Contractors will need to undergo a triennial third-party assessment for critical contracts, while self-assessments are allowed for non-critical contracts.
      3. Level 3 (Expert): This top level focuses on protecting CUI from advanced persistent threats (APTs) and requires over 100 advanced cybersecurity practices from NIST SP 800-172. Contractors handling the most sensitive information will need a triennial government-led assessment.

      How CMMC 2.0 Benefits SMBs

      The updated CMMC 2.0 model simplifies the compliance landscape for SMBs. The three-level structure and reduced need for third-party assessments allow many small and medium-sized contractors to manage compliance more feasibly. By emphasizing self-assessments for less critical contracts, the DoD has removed significant financial and logistical barriers for SMBs. Additionally, the rule’s clear guidelines help SMBs understand the specific cybersecurity practices needed at each level, reducing uncertainty and compliance costs.

      Phased Implementation: Allowing SMBs Time to Adapt

      CMMC 2.0 includes a phased rollout plan, beginning with the rule’s effective date on December 16, 2024. Over the following years, the DoD will gradually enforce CMMC requirements across different contract types. For SMBs, this staggered approach offers more time to prepare for compliance, particularly for contractors that may need to meet Level 2 or Level 3 standards in the future.

      For example:

      • Phase 1 (Starting December 16, 2024): All contractors must meet self-assessment requirements for any new DoD contracts, emphasizing basic cybersecurity practices.
      • Phase 2: Contractors must begin obtaining CMMC certifications for contracts involving sensitive information within the first year.
      • Phase 3 and Phase 4 will follow, with comprehensive CMMC requirements for all contracts, including government-led assessments for contractors handling high-risk data.

      CMMC Compliance and Eligibility for DoD Contracts

      A key aspect of CMMC 2.0 is that contractors must meet the appropriate cybersecurity level requirements as a condition for DoD contract eligibility. For SMBs, this means that failure to achieve or maintain CMMC compliance could result in the loss of existing contracts or the inability to bid on new ones. As a result, it’s crucial for SMBs to begin assessing their current cybersecurity practices and working towards compliance now, before the DoD’s requirements become fully enforced.

      Reducing the Compliance Burden for SMBs

      CMMC 2.0 aims to alleviate the compliance burden on SMBs in several ways:

      • Self-Assessments for Level 1 and Some Level 2 Contracts: By allowing self-assessments for contracts at Level 1 and non-critical Level 2, CMMC 2.0 reduces the need for costly third-party audits. This is especially beneficial for SMBs that handle low-risk data and may not have the resources for extensive third-party certifications.
      • Annual Affirmations: Contractors must annually affirm their compliance, which holds senior executives accountable for maintaining cybersecurity standards without requiring repeated assessments.
      • Plan of Action and Milestones (POA&M): SMBs that are not fully compliant at the time of assessment can still participate in DoD contracts by submitting a POA&M. This plan outlines specific steps, deadlines, and resources needed to achieve full compliance. While this option provides flexibility, companies should complete these milestones within a reasonable timeframe (often 180 days) to ensure future eligibility.

      Key Considerations for SMBs to Achieve CMMC Compliance

      To meet CMMC 2.0 requirements effectively, SMBs should focus on the following:

      1. Prioritize Data Protection: SMBs should categorize their data to identify what qualifies as FCI or CUI and implement protections accordingly. This assessment will help them determine the necessary level of CMMC compliance.
      2. Prepare for Self-Assessments: For Level 1 and some Level 2 contracts, SMBs should conduct thorough self-assessments to confirm compliance with basic NIST SP 800-171 practices. Maintaining accurate records and documentation will be crucial for any future DoD audits.
      3. Invest in Cybersecurity Training: Building a security-conscious workforce is essential. Training employees on cybersecurity practices, such as secure password management and recognizing phishing attempts, can improve compliance without substantial costs.
      4. Leverage IT and Cybersecurity Partnerships: For SMBs with limited in-house resources, partnering with managed security service providers (MSSPs) or cybersecurity consultants can simplify the process of implementing the required cybersecurity practices and managing self-assessments.
      5. Use POA&Ms When Necessary: If a small business isn’t fully compliant by the time of assessment, submitting a POA&M will allow them to continue bidding on less sensitive contracts. This roadmap can provide a temporary solution as they work towards full compliance.

      Importance of Compliance Beyond DoD Contracts

      Even if an SMB isn’t currently bidding on DoD contracts, achieving CMMC compliance can provide a competitive edge. The framework serves as a comprehensive standard for cybersecurity, and obtaining CMMC certification can increase trust among other potential clients, partners, and stakeholders who prioritize data security. Additionally, it prepares SMBs to compete for DoD contracts in the future as they scale their operations.

      MSPs, CSPs, and the CMMC 2.0 Final Rule

      The final rule outlines specific considerations for managed service providers (MSPs) and cloud service providers (CSPs) that work with contractors:

      • MSPs: For SMBs that rely on MSPs for outsourced IT services, it’s important to verify the MSP’s cybersecurity practices, especially if they handle CUI. However, MSPs are not required to get certified unless they store, process, or transmit CUI.
      • CSPs: Cloud providers that manage SPD are no longer required to have FedRAMP moderate authorization; however, CSPs handling CUI must obtain a shared responsibility matrix to help contractors verify compliance.

      Preparing for CMMC 2.0 Compliance: A Strategic Approach for SMBs

      With the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) 2.0 updates, small- and medium-sized businesses (SMBs) in the Defense Industrial Base (DIB) must now implement new standards to protect sensitive federal information. The streamlined CMMC 2.0 framework simplifies compliance requirements but still mandates a strategic approach, especially for SMBs that need to balance cybersecurity with budget constraints.

      For SMBs, preparing for CMMC 2.0 compliance should involve integrating cybersecurity into the business’s core strategy rather than treating it as an isolated objective. Establishing a clear roadmap for compliance that considers your company’s resources, needs, and goals will ensure a smooth transition and minimize potential disruptions. Steps in this roadmap should include understanding CMMC levels, evaluating necessary controls, and setting up regular self-assessments.

      How Netizen Can Support Your CMMC Compliance Journey

      Netizen provides SMBs with essential tools and expert guidance to align with CMMC 2.0 requirements efficiently:

      • CISO-as-a-Service: Netizen’s flagship service gives SMBs access to executive-level cybersecurity expertise without the need to hire full-time staff. This service ensures that SMBs can develop a strategic cybersecurity plan that meets CMMC standards while staying within budget constraints.
      • Compliance Support and Vulnerability Assessments: Netizen offers comprehensive compliance solutions, including vulnerability assessments and penetration testing, to identify and address potential weaknesses in your IT infrastructure. These services help SMBs not only meet regulatory standards but also strengthen their overall cybersecurity posture.
      • Automated Continuous Assessments: Netizen’s automated assessment tool continuously scans systems, websites, applications, and networks, identifying potential issues and providing real-time insights through an intuitive dashboard. This tool enables SMBs to maintain ongoing compliance, make informed risk management decisions, and address vulnerabilities before they escalate.

      A Trusted Partner for Cybersecurity

      As an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company, Netizen holds certifications that demonstrate a strong commitment to cybersecurity and quality. Recognized as a Service-Disabled Veteran-Owned Small Business by the U.S. Department of Labor, Netizen is dedicated to supporting and hiring military veterans, bringing a mission-focused approach to cybersecurity.

      By leveraging Netizen’s comprehensive services, SMBs can confidently work toward achieving CMMC 2.0 compliance, reducing cybersecurity risks and positioning themselves for long-term success within the DIB. For further guidance or to discuss your specific needs, reach out to us today-

      https://www.netizen.net/contact