Try Vulcan Free: The only free tool for risk aggregation and prioritization | Get started now >>

Vulcan Cyber launches new Attack Path Graph feature | Learn more >>

CVE-2023-2640 & CVE-2023-32629: How to fix the new vulnerabilities in Ubuntu Kernel | Learn more >>

Understanding vulnerability risk: The best practice guide for cyber risk management, from Vulcan Cyber users | Read more >>

Try Vulcan Free: The only free tool for risk aggregation and prioritization | Get started now >>

Vulcan Cyber launches new Attack Path Graph feature | Learn more >>

CVE-2023-2640 & CVE-2023-32629: How to fix the new vulnerabilities in Ubuntu Kernel | Learn more >>

Understanding vulnerability risk: The best practice guide for cyber risk management, from Vulcan Cyber users | Read more >>

GET A DEMO
Perspectives

CISA's new additions and more: first officer's blog - week 52

CISA's new additions, China targets Taiwan, and more. Here are the latest stories to wrap up a full year of the First officer's blog.

Mike Parkin | May 22, 2023

First Officer’s log, Terrestrial date, 20230515 Officer of the Deck reporting.  

Our specialist team joined the XO and Systems officer of the USS [REDACTED] in their main computer core. Like most Starfleet ships, the core was a large structure in the center of what passed for a saucer section on this class. Like their ship, the core was newer and more capable than ours as befit a front-line exploratory cruiser. 

Technically, the ship’s computers employed highly advanced expert systems rather than being truly sentient. There had been issues with sentient computer experiments in previous ships, dating back to the original [REDACTED] class heavy cruisers. In fact, that experiment with an advanced system, that no one quite realized was AI, went so far off the rails that two other ships of the class were seriously damaged and an entire crew killed. Since then, Starfleet’s experiments with AI and allowing them full control of a warship had been limited. 

With the recent exception of the three ships of the [REDACTED] class, which had a distinctly short service life, Starfleet tended to restrict automated ships to supporting positions such as freighters and long-range survey ships. 

It’s not supposed to be AI,” the [REDACTED]’s XO explained as we settled into the core, and he summoned up the ship’s holographic interface. 

What now?” were the first words the hologram said to us after it formed. It was one of the Starfleet standards used in multiple places, from emergency medical holograms to autonomous guides that guided travelers at some of the larger space stations. This was one of the ‘female human’ patterns, with its standard unranked Starfleet uniform and an appearance on the pleasant side of average. Though, to be sure, this one looked more annoyed than helpful. 

Hi, yeah, we just needed some help with some standard system tests. If you don’t mind,” our lead started, sounding more cheerful than she usually did when addressing an automated system. 

Well, I do mind. This is trivial work. But, if you insist on asking, then ask,” the machine responded, drawing looks between the team that ranged from amusement to consternation to mild concern. 

Right. Ok then. SO I’d like to start with asking you . . .” 

And with that, the team set about trying to understand exactly what was going on with the [REDACTED]’s new expert system.  

And then they added even more 

What happened 

The Cybersecurity and Infrastructure Security Agency (CISA) has added several vulnerabilities to their Known Exploited Vulnerability catalog, with several of them being specific to Linux. Notably, some of these vulnerabilities date back as far as 2010 (CVE-2010-3904) with several others initially appearing between 2014 and 2016. 

Why it matters 

It’s not uncommon recently for CISA to add multiple entries to the KEV database at the same time, though it seems unusual for them to add vulnerabilities that are more than a decade old. The fact that they feel the need to add these older CVE entries to the list, implies there are still instances out there that are still vulnerable to them. 

From both a cyber security perspective and a simple IT perspective, speaking as an old SysAdmin, we have to ask how anything could remain in service that long without being patched. Seriously. If you are having to respond to an issue on a 13-year-old vulnerability, it is well past time to review your change management process. 

What we said 

CISA KEV

Our Voyager18 team has been all over this 

United we stand 

What happened 

A group of seven small municipalities in the state of Massachusetts has banded together into a cooperative to share IT and cyber security resources. The cooperative was originally formed in 2021 and has been proving an effective means for smaller communities to effectively address their shared challenges. 

Why it matters 

Honestly, I think this is brilliant, and am surprised we haven’t heard of more of these municipal coops forming. Managing IT in general, and cyber security in particular, can be a huge challenge for a small organization – whether it’s a small business or a small town. By combining their resources, these communities get the benefits of a larger and more mature organization without having to be a large and mature organization. It saves them resources, while simultaneously improving their IT infrastructure and reducing their cyber security risks. 

There could also be an angle here for vendors too. If they can treat the cooperative as a single entity, they can streamline their sales, deployment, and support, while treating them as a single larger purchaser to extend their economy of scale prices. In theory, it’s a win-win for all involved. 

What they said 

This one rightly got plenty of positive attention. 

China appears to be phishing Taiwan. Surprise! 

What happened 

Recent evidence indicates that a substantial increase in cyber attacks against Taiwan originates from China. Many of the attacks are phishing-based, including malware, links to malicious websites, and other common techniques. These attacks follow a long-standing pattern in the tensions between China and Taiwan and are similar to the attacks seen with Russia’s campaign against Ukraine. 

Why it matters 

Cyberwarfare, separate from cybercrime, though it can be hard to tell the two apart, has become a favored tool for several notable nations. It lets them poke at their adversaries without escalating to a “shooting war” and, possibly, achieving some of their goals. Given the current geopolitical situation, this is what we would expect to see regarding the major players. And, to be sure, there are a lot of state-sponsored attacks that don’t make the news. Or, at least, are attributed to a threat actor that’s not directly identified with a specific country. 

While state actors can be well-resourced, have the latest and greatest malware, and have the time and patience to be persistent, the tools we use to defend against common criminals are also effective against many of the attacks state actors will use. So train your users. Keep your patches up to date. And deploy your applications using industry-recommended best practices. 

It may not be enough against a state developed zero-day, but we all need to have our stack up to the minimum or we will be compromised. 

What they said 

State actors pose a real threat, so it’s no surprise to see people talking.

Addendum:  

This issue marks a full year of doing these, after hitting the 50-issue mark two weeks ago. So here’s to the ongoing voyages of the USS Redacted and her crew. And to our regular readers. You know who you are.