cybersecurity

US CISA urges to address vulnerable Ivanti appliance

The Cybersecurity and Infrastructure Security Agency (CISA) have urged federal agencies to either remove or upgrade an outdated Ivanti appliance that has been exploited in recent attacks.

Ivanti updated its advisory, warning that a ‘limited number of customers’ had been breached due to the vulnerability CVE-2024-8190, which was disclosed earlier in the week. The flaw affects Ivanti’s Cloud Service Appliance (CSA), a tool used for secure internet communication and managing devices connected to central consoles. Exploitation of this bug, which the CISA confirmed, allows hackers to gain access to the affected device.

CISA has mandated that all federal civilian agencies remove the appliance or upgrade to version 5.0 by October 4. Ivanti advised customers to check for any new or modified administrative users, which could indicate exploitation of the bug, and to monitor security alerts with specific tools.

This advisory came just one day after another Ivanti vulnerability raised concerns. The company, which faced significant scrutiny after a series of high-profile nation-state attacks exploited its products earlier this year, has committed to a security overhaul.

Microsoft proposes shift in cybersecurity by eliminating kernel-level access

Microsoft is developing an alternative platform for cybersecurity companies that currently rely on deep access to its operating system’s kernel layer, following a global IT crisis caused by a faulty CrowdStrike update. In response to customer and partner demand, Microsoft announced plans to design a ‘new platform capability’ that would allow security vendors to operate without needing kernel-level access, which is the most critical layer of the OS.

This initiative aims to improve system reliability while maintaining strong security. The shift will require significant changes not only for Microsoft but also for external cybersecurity firms that use kernel access to detect threats. Microsoft explained that newer versions of Windows provide more ways for cybersecurity vendors to offer services outside of the kernel layer. However, some in the security industry believe kernel access is still essential for innovation and advanced threat detection.

Sophos’ Chief Research Officer, Simon Reed, emphasised that kernel access is vital for security products, describing it as fundamental to both Sophos’ offerings and Windows endpoint security in general. ESET echoed this sentiment, supporting changes to the Windows ecosystem as long as they do not weaken security or limit cybersecurity solution options. Both companies argue that restricting kernel access would hinder innovation and the detection of future threats.

The debate over kernel access is unlikely to result in major changes soon, as security companies fear it could give Microsoft’s own security products an unfair advantage. Given Microsoft’s antitrust history, this issue could end up in court, with government officials from the US and Europe closely monitoring developments.

PROTECTA Pilipinas launched to strengthen Philippines’ telecom infrastructure security

PLDT and CICC have launched a major initiative called PROTECTA Pilipinas to enhance the security and resilience of the Philippines’ telecommunications infrastructure. This public-private partnership brings together key players in the telecom sector, including PLDT, Smart Communications, and the CICC, along with other stakeholders like the Philippine Chamber of Telecommunication Operators, CitizenWatch Philippines, Infrawatch PH, and others.

The primary goal of this alliance is to implement comprehensive protection measures that address cybersecurity and physical infrastructure security. The initiative focuses on enhancing network resilience through redundancy and disaster recovery plans while bolstering cybersecurity protocols to protect against digital threats. On the physical side, PROTECTA Pilipinas aims to tackle issues such as equipment theft and vandalism and will establish monitoring systems to assess the health and performance of telecom facilities regularly.

PLDT and CICC focus on timely reporting and legal protections as part of PROTECTA Pilipinas. The alliance will develop mechanisms for reporting suspicious activities and advocate for legal measures to protect telecom infrastructure from vandalism and theft. Additionally, they will collaborate with government bodies to align on policies and regulations, creating a robust framework to secure critical telecom assets and promote best practices across the Philippines.

Malta launches public consultation to establish legal protections for ethical hackers

The Government of Malta has initiated a public consultation to establish a comprehensive legal framework for ethical hackers, also known as security researchers, who identify and disclose vulnerabilities in ICT systems to bolster cybersecurity. That initiative aims to clearly define the role of ethical hackers, ensuring that their activities are regulated and protected by law, enabling them to operate within a transparent and legitimate framework.

In addition, the Government of Malta has proposed that ICT system owners, especially those managing critical infrastructure, implement Coordinated Vulnerability Disclosure Policies (CVDP) to handle better the detection and resolution of security flaws identified by ethical hackers. Overseen by the Directorate for Critical Infrastructure Protection (CIPD), this policy comes in response to an incident where four computer science students were arrested after discovering a vulnerability in the FreeHour app.

Despite acting in good faith, the students faced legal consequences, highlighting the urgent need for clearer protections and legal guidance for ethical hackers. The proposed framework aims to formalise the process, encouraging cooperation between public and private entities and ensuring that cybersecurity research is conducted safely and responsibly.

Open to public input until 7 October 2024, the consultation is expected to lead to legislative reforms that distinguish ethical hacking from illegal activities, providing much-needed clarity for those working to enhance cybersecurity.

SITA launches advanced NAC solution for enhanced airport security

SITA has introduced its new cybersecurity solution, SITA Managed NAC (Network Access Control), designed to enhance airport and airline digital infrastructure security. That innovative solution addresses the increasing threats to digital networks in complex environments like airports, providing essential protection for critical communication systems.

SITA Managed NAC offers advanced security features for Local Area Network (LAN) and Wireless LAN communications. Specifically, it incorporates additional layers of identification checks and network segmentation, which ensure compliance with industry standards while safeguarding passenger systems and operational efficiency.

Furthermore, the solution provides granular control over network access, including detailed logging capabilities and the ability to quarantine non-compliant devices. As a result, it supports airports and airlines in meeting stringent cybersecurity recommendations from authorities such as the US Transportation Security Agency (TSA) and the Airports Council International (ACI).

Moreover, SITA Managed NAC integrates seamlessly with the existing SITA Campus Network product, leveraging Cisco’s Identity Services Engine (ISE) platform to enforce identity-based access controls and policies. Adopting a Zero Trust security model, the solution continuously authenticates and authorises access requests, significantly reducing the risk of unauthorised access and potential breaches.

EARDIP to transform digital access and integration across Eastern Africa

Eastern Africa Regional Digital Integration Project (EARDIP) is poised to transform the digital landscape across Eastern Africa by enhancing connectivity and accessibility. The initiative aims to bridge the digital divide by expanding high-speed internet and modern communication systems to rural and underserved areas.

By lowering the cost of internet access, particularly in landlocked countries where prices are higher, EARDIP will make digital services more affordable and accessible. This expansion is crucial for ensuring more people can participate in the digital economy and improving access to essential services such as e-commerce, online education, and telemedicine.

Eastern Africa Regional Digital Integration Project (EARDIP) also focuses on creating a unified digital framework to strengthen regional integration and enhance cybersecurity. The project will establish a comprehensive digital network and harmonise ICT regulations to facilitate smoother cross-border communication and trade. Additionally, it will implement a regional cybersecurity framework to protect digital infrastructure and users from threats.

By developing interoperable payment systems and supporting legal frameworks for remote transactions, EARDIP aims to make cross-border trade more efficient and cost-effective. These efforts will promote a more cohesive regional market, drive economic growth, and position Eastern Africa as a competitive player in the global digital economy.

USDA faces mounting criticism over cybersecurity vulnerabilities in the food and agriculture sector

Experts warn that the potential for disaster in the food and agriculture sector is immense. The US Department of Agriculture (USDA) is tasked with preventing such crises by securing the sector’s infrastructure from physical and cyber threats. However, in today’s increasingly digital world, the USDA is alarmingly unprepared to fulfil this role, according to policymakers, independent experts, and even the department’s reports to Congress.

That crucial responsibility is handled by a small, underfunded office within the USDA, which is already stretched thin with other duties. The department’s leadership rarely highlights the serious cyber threats facing the food and agriculture industry. This industry contributed over 5% to the US economy and provided about 10% of the nation’s jobs last year. Despite these pressing risks, it remains uncertain whether the department has made meaningful progress in addressing them.

While other agencies that protect critical infrastructure have been proactive in confronting cyber threats, the USDA needs to be faster to act, even as industry stakeholders become increasingly anxious about their digital vulnerabilities. The food and agriculture sector has largely remained under the radar regarding cybersecurity, with hackers focusing on more profitable targets for now. But this reprieve is unlikely to last indefinitely. The 2021 ransomware attack on meat-processing giant JBS, which forced the closure of plants across the country and threatened to disrupt beef prices, served as a wake-up call about the sector’s vulnerabilities.

Over the past decade, the cyber risks to food and agriculture have escalated as automation has become more widespread across the industry. Technology has become deeply embedded in modern agriculture, from tractors guided by GPS and cloud-connected devices controlling planting patterns to drones (some manufactured in China) surveying and spraying crops and automated systems managing livestock feeding. That integration extends through the entire supply chain, from food processors to distributors, making it more vulnerable to cyberattacks.

However, these technological advancements were adopted mainly before the rise in cyber threats to critical infrastructure, leading to serious concerns about the security of the US food supply. Cyberattacks on the food system could manifest in various ways, and one of the most severe concerns involves manipulating food safety data, either by concealing a food-borne illness or by falsely creating evidence of one.

Why does this matter?

The USDA still needs to provide interviews. However, a spokesperson emphasised that the department remains ‘committed to enhancing our cyber capabilities, promoting cyber awareness across the sector, and raising the industry’s cyber profile, despite the limited funding allocated by Congress for this purpose.’

The department also stays engaged with the sector through biweekly email updates, periodic meetings with industry leaders, and organised threat briefings. Additionally, when pro-Russian hacktivists targeted the sector earlier this year, Detlefsen noted that USDA quickly brought in him and his colleagues to discuss the situation. According to Scott Algeier, executive director of the Food and Agriculture ISAC, the USDA is ‘doing well’ in its role as a policy coordinator, collaborator, and convener’ while allowing the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to handle the technical aspects of cybersecurity.

Microsoft to host cybersecurity summit after major IT outage

Microsoft plans to host a cybersecurity summit in September following a global IT outage caused by a flawed update from CrowdStrike in July. The outage disrupted nearly 8.5 million Windows devices and had widespread impacts across sectors, including airlines, banks, and healthcare. In response, Microsoft’s summit, scheduled for 10 September at its Redmond, Washington headquarters, will focus on strengthening cybersecurity systems and include discussions with government representatives and industry stakeholders.

The July outage highlighted the risks of relying on single-vendor cybersecurity solutions, as many organisations struggled to manage the disruption. CrowdStrike, the company at the centre of the incident, faces multiple legal challenges, including a lawsuit from shareholders alleging that the company failed to test its software, leading to the massive disruption properly. Delta Air Lines, one of the companies severely affected, has also initiated legal action, citing at least $500 million in losses due to flight cancellations.

CrowdStrike’s market value has dropped by approximately $9 billion since the outage, and the company is under intense scrutiny as it prepares to report its second-quarter financial results. The upcoming summit is seen as a critical step in addressing the vulnerabilities exposed by the incident and fostering a more resilient cybersecurity ecosystem.

Google and CSIRO team up to strengthen Australian cybersecurity

Google and Australia’s national science agency, CSIRO, are teaming up to develop digital tools to detect and fix software vulnerabilities for critical infrastructure operators automatically. The initiative comes in response to a substantial increase in cyberattacks that have targeted essential sectors such as hospitals, defence bodies, and energy suppliers.

The collaboration will focus on creating software tailored to Australia’s regulatory environment. Google will contribute its existing open-source vulnerability database and AI services, while CSIRO will apply its research expertise to enhance the project’s outcomes. The goal is to provide customised cybersecurity solutions that align with local laws and promote greater compliance and trust.

The partnership is part of Google’s commitment to invest A$1 billion in Australia over five years, a pledge made in 2021 amidst Australia’s efforts to enforce stricter regulations on global tech companies. The collaboration is seen as a critical step in bolstering the country’s defences against cyber threats.

Why does this matter?

The Australian government has recently imposed stricter requirements on critical infrastructure operators to report and prevent cyberattacks following a series of breaches that compromised the personal data of millions of Australians. The tools developed through this partnership aim to mitigate such risks and ensure the security of essential services.

The findings from this research will be made publicly available, ensuring that critical infrastructure operators can easily access the information and improve their cybersecurity measures.

Call for US investigation of TP-Link amid cybersecurity fears

Two US lawmakers have called on the Biden administration to investigate Chinese company TP-Link Technology Co. over concerns that its WiFi routers could pose a national security risk. The request was made in a letter to the Commerce Department, highlighting the potential for cyber attacks using vulnerabilities in TP-Link firmware. The company, a global leader in WiFi router sales, has not yet responded to the inquiry.

Concerns were raised after reports surfaced that TP-Link routers were exploited in cyber attacks targeting government officials in Europe. The lawmakers expressed fears that similar attacks could be carried out against the US infrastructure. They have urged the Commerce Department to assess the threat posed by Chinese-affiliated routers, particularly TP-Link’s, given its market dominance.

TP-Link, founded in China in 1996, has been linked to cybersecurity concerns before. Last year, the US Cybersecurity and Infrastructure Agency flagged vulnerabilities in the company’s routers that could be used for remote attacks. Around the same time, a Chinese state-sponsored hacking group was found to have targeted European officials using malicious implants in TP-Link routers.

The Commerce Department has the authority to impose bans or restrictions on technology transactions with companies from nations considered adversarial to US interests, including China. The investigation could lead to new measures aimed at preventing potential security risks from Chinese-made equipment in critical US infrastructure.