Author: Chase Snyder, Sr. PMM, Xage Security
May 2024 was fully loaded with cybersecurity news, with the White House signing a National Security Memorandum (technically in the closing hours of April) focused on cybersecurity of critical infrastructure. The disclosure of TunnelVision, a major vulnerability affecting potentially every VPN made waves, and then created controversy as experts disputed the level of risk, and whether it should even be designated a vulnerability at all. Ransomware did what it does, which is to be in the news constantly! And the RSA event, one of the biggest cybersecurity gatherings of the year, hosted over 40,000 people in San Francisco, with a flood of companies announcing AI driven capabilities.
Let’s dive in!
TunnelVision (CVE-2024-3661) Impact on VPN Security
If you weren’t already trying to replace your VPN, you should start now. A 22-year-old option in the DHCP protocol has been revealed as a potential attack path for adversaries to reroute traffic so that it is not encrypted by almost any VPN. Here’s what you need to know.
New White House National Security Memo on Critical Infrastructure Cybersecurity
The White House is focusing more and more on cybersecurity for critical infrastructure. This comes in the wake of numerous disclosures of nation state adversaries such as Volt Typhoon living off the land in U.S. government and critical infrastructure systems. Xage Cofounder Roman Arutyunov is quoted in this article on the new memo.
Cybersecurity’s Embrace of Generative AI in Full Force at RSA
The letters “AI” were on pretty much every booth at RSA, but the number of actual product announcements wasn’t quite as high. The challenge of actually building and launching something of value in the AI space is daunting! Nonetheless, Database Trends & Applications published a great piece about Xage’s own Xena AI Copilot, which helps security teams identify and respond to risky behavior in their own environments.
Ransomware Is Well Understood And Predictable: Here’s How To Stop It
Ransomware continues to drain the coffers of organizations in every industry, with Healthcare being especially hard hit. The narrative often skews toward advanced adversary techniques, but the majority of ransomware attacks run a well-understood and predictable playbook that can be thwarted with basic security techniques such as MFA for remote access and automated password rotation. Security Magazine published our CEO’s thoughts on common ransomware tactics and how to stop them. (P.S. Join the FREE SANS Ransomware Summit coming up on May 31)
Rockwell Warns Customers to Disconnect Industrial Control Systems from The Public Internet
CISA issued an alert following an announcement from Rockwell Automation encouraging users to disconnect ICS devices from the public-facing internet to “reduce exposure to unauthorized and malicious cyber activity” due to “heightened geopolitical tensions and adversarial activity globally.”
Norway Wants You To Ditch Your VPN
The country of Norway officially joined the growing list of European countries recommending that all businesses abandon SSL-based VPNs in favor of the more secure IPSec protocols.
European Cyber Regulations: NIS2 and NCSC CAF Are Driving Change
The EU’s Network and Information Security Directive (NIS2) regulations are driving a sense of urgency for a broad swath of organizations, including Operators of Essential Services (OES) and digital service providers. The deadline for adhering to these regulations falls in October of this year, leaving only five more months for these organizations to make major updates to their cybersecurity posture. Xage solutions support alignment with many of the NIS2 and NCSC CAF requirements, which you can read more about here.
EPA: Cyberattacks on Water Utilities on The Rise
The Environmental Protection Agency issued a warning that cyberattacks against America’s drinking water systems are on the rise. The EPA urges water utility companies to enact basic cyber hygiene measures to prevent, detect, respond to, and recover from cyberattacks.