- The latest guidelines from the?US Cybersecurity and Infrastructure Security Agency (CISA)?insist that federal agencies must identify and remove software products linked to foreign adversaries. The campaign homes in on software emanating from firms in countries seen as a national security danger.
- The listed types of software include network management and data services, which, despite being vital to federal operations, also have the potential to be backdoors for surveillance and data theft.
- Such software vulnerabilities in federal systems allow any stranger to have a free pass and thus engage in espionage. This would compromise the sensitive data the government holds, and thus, national and infrastructure security will be compromised.
- CISA assessed this as a?high risk due to foreign entities’ impact on critical infrastructure?and the wide range of uses within many federal departments.
- These federal agencies are encouraged to assess their current software inventory for the products developed by foreign entities listed in CISA.
- Any such products should be removed immediately and replaced, followed by a full audit of the network to ascertain that no remaining vulnerability exists.
- Other software solutions from reputable vendors that meet the latest domestic security standards are recommended to be used by CISA.
- German authorities?arrested a suspect cybercriminal with participation in many assaults on critical infrastructures, following the search of his residence.
- The person, exploiting the vulnerabilities of the systems of public utilities, has caused great harm.
- This statement came after thorough investigations by the?Federal Cyber Protection Agency of Germany.
- Interruptions in infrastructure:?The majority of the subjects of the attack were public utilities with the main aim of causing temporary shutdowns and disorder, affecting public services.
- Data Breach:?The personal data of thousands of citizens was compromised, bringing about huge concerns about privacy and security.
- Increased Alertness:?The cases have led to beefed-up cyber security even in all other sectors that are prone to similar attacks.
- Enhanced Security Protocols:?Organizations should enhance their cybersecurity defenses in areas that have previously been established as weaknesses.
- Regular System Audit:?A systematic audit of IT systems to identify and recognize possible loopholes in security and get rid of them.
- Public awareness:?Create awareness among the stakeholders and the public about the necessity of adopting security best practices.
A vulnerability has been found in the Windows Print Spooler service which is under attack by the notorious?Russian cyber-espionage group APT28 (Fancy Bear). The vulnerability is active in the wild and has been used to compromise several high-profile targets across the globe actively. Microsoft has identified this vulnerability and released security updates that would help reduce the associated risk of exploitation.
- System Compromise:?The exploit provides APT28 with unauthorized admin privileges, thereby allowing them to install malware, view, change, or delete data, and create new accounts with full user rights.
- Data Breach:?The confidential data of the affected organizations, including the military and government, are at risk of being breached and manipulated.
- Operational disruption:?Systems and services that are organizationally important may not be available, hence leading to operational and security breaches within the organization.
- All organizations using Windows systems for the Print Spooler service should immediately install provided patches by Microsoft.
- Increase the level of monitoring in system and network activities for earlier detections of any form of compromise.
- Conduct a review of system accesses and privileges and a security audit to ensure no unauthorized change was made during the vulnerability period.
