DARPA Seeks Proposals for Automating Conversion of C to Rust; DNS Poisoning Attack; AWS Using Neural Network to Identify Malicious Domains

Interesting tool, and something that should work quite well. I just hope it doesn't add new vulnerabilities. Remember that memory safety is important, but not the only source of vulnerabilities.

Johannes Ullrich

It's exciting to see an initiative to accelerate code migration tools, in this case C to Rust, but memory safe code doesn't alleviate the need to use secure coding practices. Additionally, careful consideration has to be considered to making a language conversion, not only for compatibility and stability but also growing the needed expertise and tooling to support the new language, to support both new projects and updating of the converted code. Even with improved translation tools, the code produced by these tools will need to be analyzed and modern security practices will likely need to be added.

Lee Neely

DARPA is in the business of taking on high risk projects that advance science. While their success rate is low, when they succeed, they really succeed - just look at today's modern Internet. That said, there is a lot, and I mean a lot of C/C++ code out there, much of which is in embedded systems. I suspect that C/C++ is not going away in my lifetime Ð see COBOL.

Curtis Dukes

There are not a lot of examples of this type of MitM DNS poisoning being exploited. The best defense is DNSSEC. We always say that you should never trust the network, but how many of us are following through and enable DNSSEC? Maybe DNSSEC will get an overdue boost due to attacks like this and its increased usability in e-mail safety. Check with your registrar. Many made enabling DNSSEC dead simple.

Johannes Ullrich

StormBamboo, aka Evasive Panda or StormCloud, were taking advantage of automated software updates that still used HTTP vs HTTPS and didn't validate the update packages, resulting in an unattended install of the malicious packages such as the macOS threat MacMa (CDDS) or Reloadext Chrome extension. Mitigate the risks by ingesting the IOCs and implementing the detection rules provided by Volexity.

Lee Neely

Detecting malicious domains is a classic application for machine learning. Note that there are roughly 500k new domains a day. 180k represents a significant portion of all new domains.

Johannes Ullrich

The data from Mithra can be used by AWS security services such as GuardDuty to proactively protect your AWS services. Make sure you're taking advantage of AWS security tools to give yourself every advantage.

Lee Neely

Rockwell Automation has released fixes to address a high severity chassis restrictions bypass vulnerability in certain Logix programmable logic controllers (PLCs). Updates are available for most affected PLCs; users of those for which a fix is not available are urged to upgrade to supported versions. The US Cybersecurity and Infrastructure Security Agency (CISA) has published an ICS advisory. The flaw was detected by researchers at Claroty's Team 82.

Lee Neely

The attack requires network access, which in today's environment is the new normal. Organizations should look to first limit remote access (e.g., a simple firewall can be highly effective); and second, only use secure remote access (i.e., VPN) to the OT network. While you're at it you should review your physical and personnel security processes to minimize potential insider threat attacks.

Curtis Dukes

OneBlood expects to have systems back online in the next few days and with the impending arrival of tropical storm Debby in Florida, is calling for volunteers to sign up to donate platelets soon to meet anticipated demands. Healthcare remains squarely in the cross-hairs of threat actors, meaning anyone in the business needs to not only go through their business resumption plans, but also make implementing, and verifying cyber security protections a priority.

Lee Neely

While the attack was specific to the healthcare sector, every critical sector should revisit their supply chains and run tabletop exercises looking for weaknesses. It should be a regular part of board discussions to add supplier diversity into the business. Lacking that, guardrails should be put in place to limit the effects of a supply chain disruption.

Curtis Dukes

There is not a lot of time for this type of recovery. If you find yourself in a similar situation, report to law enforcement immediately. In this case, the authorities in Timor Leste were able to arrest a total of seven suspects and recover an additional $2M, beyond the initial $39M recovered. Make sure your users, particularly those involved in authorizing payments, have heightened awareness of BEC scams. One successful scam can outweigh the cost of technical countermeasures, and associated training designed to reduce the likelihood of a successful scam.

Lee Neely

Given that the funds transfer didn't happen until four days later, speaks to some process being in place to verify the transaction. Executive teams can use this near-miss as an example to review their own financial transaction process and make changes as needed.

Curtis Dukes

OFBiz is an open-source java-based framework for creating ERP systems. CVE-2024-38856 doesn't have a CVSS score yet, but is a weakness in unauthenticated processes, and can be used to execute arbitrary code, it's a good idea to start the update process, particularly as your ERP system owner is going to want you to do full regression testing before they'll let you update production.

Lee Neely

If you have systems running the 5.19 or 6.2 Linux kernel, you'll need to update. For better or for worse, your Enterprise or long-term-support Linux distributions are running older kernel versions. Check with your users running leading edge projects/versions who typically don't run these "older" versions, to verify they've already updated.

Lee Neely

It appears a configuration change impacted Microsoft's CDN service, which was rolled back about 90 minutes after the impact was discovered. Make sure that you're using all the HA tricks offered by your cloud service providers to mitigate risks of any service failures. Do a deep dive on what you can fail away from, don't assume you can just "turn off" services and that you understand what the potential blast radius of services are. For example, having east/west separation doesn't help for a common service across the country.

Lee Neely