Les Bell
Blog entry by Les Bell
Welcome to today's daily briefing on security news relevant to our CISSP (and other) courses. Links within stories may lead to further details in the course notes of some of our courses, and will only be accessible if you are enrolled in the corresponding course - this is a shallow ploy to encourage ongoing study. However, each item ends with a link to the original source.
News Stories
CISA Releases Analysis of Critical Infrastructure Sectors
The US Cybersecurity & Infrastructure Security Agency has released an analysis and infographic summarising 121 risk and vulnerability assessments (RVA's) conducted across multiple critical infrastructure sectors in fiscal year 2022 (FY22).
The analysis provides a sample attack path, based loosely on 11 of the MITRE ATT&CK framework's 14 tactics, which threat actors could leverage to compromise an organization using weaknesses identified in the RVA's. It discusses the possible techniques used to achieve each tactic, from Initial Access through Execution, Persistence, Privilege Escalation, Defense Evasion and others to Lateral Movement, Collection, Command and Control and, finally, Exfiltration.
The infographic highlights the most successful techniques for each tactic that the RVA's documented, displayed as a pie chart with the size of each slice proportional to that technique's success rate.
While the RVA's, and consequently the analysis and infographic, are specific to critical infrastructure, they nonetheless provide useful awareness information for enterprises more generally.
CISA, CISA Releases Analysis of FY22 Risk and Vulnerability Assessments, cybersecurity advisory, 26 July 2023. Available online at https://www.cisa.gov/news-events/alerts/2023/07/26/cisa-releases-analysis-fy22-risk-and-vulnerability-assessments.
CISA Vulnerability Summary
Speaking of CISA, the agency has released its summary of new vulnerabilities recorded in the NIST National Vulnerability Database (NVD) for the week of 17 July.
CISA, Vulnerability Summary for the Week of July 17, 2023, bulletin, 24 July 2023. Available online at https://www.cisa.gov/news-events/bulletins/sb23-205.
These news brief blog articles are collected at https://www.lesbell.com.au/blog/index.php?courseid=1. If you would prefer an RSS feed for your reader, the feed can be found at https://www.lesbell.com.au/rss/file.php/1/dd977d83ae51998b0b79799c822ac0a1/blog/user/3/rss.xml.
Copyright to linked articles is held by their individual authors or publishers. Our commentary is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License and is labeled TLP:CLEAR.