- Cisco Releases Security Advisories for Multiple Products
- JCDC Cultivates Pre-Ransomware Notification Capability
- Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments
- CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management
Cisco Releases Security Advisories for Multiple Products
Cisco has released security advisories for vulnerabilities affecting multiple Cisco products.
A remote cyber threat actor could exploit these vulnerabilities to take control of an affected system.
If the following issues aren’t addressed then an attacker can halt the company’s services and exfiltrate confidential company data.
CISA encourages users and administrators to review the following advisories and apply the necessary updates:
- Cisco IOS XE Software Virtual Fragmentation Reassembly Denial of Service Vulnerability
- Cisco IOS XE Software IOx Application Hosting Environment Privilege Escalation Vulnerability
- Cisco IOS XE SD-WAN Software Command Injection Vulnerability
- Cisco IOS XE Software Fragmented Tunnel Protocol Packet Denial of Service Vulnerability
- Cisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Relay and Server Denial of Service Vulnerability
- Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability
- Cisco DNA Center Privilege Escalation Vulnerability
- Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches Secure Boot Bypass Vulnerability
- Cisco Access Point Software Association Request Denial of Service Vulnerability
Cisco Releases Security Advisories for Multiple Products:
Cisco IOS XE Software Virtual Fragmentation Reassembly Denial of Service Vulnerability:
Cisco IOS XE Software IOx Application Hosting Environment Privilege Escalation Vulnerability:
Cisco IOS XE SD-WAN Software Command Injection Vulnerability:
Cisco IOS XE Software Fragmented Tunnel Protocol Packet Denial of Service Vulnerability:
Cisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Relay and Server Denial of Service Vulnerability:
Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability:
Cisco DNA Center Privilege Escalation Vulnerability:
Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches Secure Boot Bypass Vulnerability:
Cisco Access Point Software Association Request Denial of Service Vulnerability:
JCDC Cultivates Pre-Ransomware Notification Capability
Associate Director of the Joint Cyber Defense Collaborative (JCDC) Clayton Romans highlighted recent successes of pre-ransomware notification and its impact in reducing harm from ransomware intrusions
With pre-ransomware notifications, organizations can receive early warning and potentially evict threat actors before they can encrypt and hold critical data and systems for ransom
Using this proactive cyber defense capability, CISA has notified more than 60 entities of early-stage ransomware intrusions since January 2023, including critical infrastructure organizations in the Energy, Healthcare and Public Health, Water and Wastewater Systems sectors, as well as the education community.
We suggest companies sign up for pre-ransomware notifications to help stop attacks before they occur.
JCDC Cultivates Pre-Ransomware Notification Capability:
Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organizations Stop Attacks Before Damage Occurs:
Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments
CISA released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments.
Attackers can potentially conduct malicious activity to the following Microsoft products.
Without the Untitled Goose Tool, companies using the following Microsoft tools will be vulnerable to crucial data and financial loss.
We suggest utilizing the Untitled Goose tool which enables users to:
- Export and review AAD sign-in and audit logs, M365 unified audit log (UAL), Azure activity logs, Microsoft Defender for IoT (internet of things) alerts, and Microsoft Defender for Endpoint (MDE) data for suspicious activity.
- Query, export, and investigate AAD, M365, and Azure configurations.
- Extract cloud artifacts from Microsoft’s AAD, Azure, and M365 environments without performing additional analytics.
- Perform time bounding of the UAL.
- Extract data within those time bounds.
- Collect and review data using similar time bounding capabilities for MDE data.
Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments:
The Untitled Goose Tool GitHub Repository:
Untitled Goose Tool Fact Sheet:
CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management
CISA and NSA has released information on the best practices to protect address threats regarding Identity and Access Management (IAM). It identifies mitigation areas most effective in reducing the impacts of these threats to IAM.
There has been an increase of attacks targeting credentials of companies or businesses. They can use stolen credentials to authenticate themselves and attain more privileges within their computer systems.
If the issue isn’t addressed, a company can suffer substantial damage to their availability of resources and financials.
We suggest applying CISA and NSA’s IAM best practices through deterrence, prevention, detection, damage limitation, and response.
Specially these areas:
• Identity Governance – policy-based centralized orchestration of user identity management and access control and helps support enterprise IT security and regulatory compliance
• Environmental Hardening – makes it harder for a bad actor to be successful in an attack
• Identity Federation and Single Sign-On – Identity federation across organizations addresses interoperability and partnership needs centrally. SSO allows centralized management of authentication and access thereby enabling better threat detection and response options
• Multi-Factor Authentication – uses more than one factor in the authentication process which makes it harder for a bad actor to gain access
• IAM Monitoring and Auditing – defines acceptable and expected behavior and then generates, collects, and analyzes logs to provide the best means to detect suspicious activity
CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management:
Identity and Access Management Recommended Best Practices Guide for Administrators: