Microsoft Defender for Cloud provides you with a Secure Score, which measures the configuration of the resources in your Azure subscription against the Azure Security Benchmark.
Defender for Cloud can also help you associate these various policies to compare your deployment and configuration.
This video provides a walk through of enabling Defender for Cloud for the first time and associating a compliance policy that is used to measure the security of the subscription.
Links:
Quick update on known exploited vulnerabilities catalog by CISA.
 |
| cisa-alerts.py |
32 vulnerabilities are added to the list (19 from Microsoft). All the details is available for download at CISA. Please refer to the previous post.
(If you notice there is a extra .2 at the catalog version, it is from CISA)
 |
| 2022.03.28.2 |
Links:
On Nov 3, 2021, the Cybersecurity and Infrastructure Security Agency (CISA), a branch of the U.S. Department of Homeland Security (DHS), released Binding Operational Directive (BOD) 22-01. It is tend to be high-level and high-impact, and unusually direct to mitigate a specific list of vulnerabilities in a strict time frame.
CISA BOD 22-01 has three lines specific to patching requirements:
Overall, this seems to follow patching guidance many commercial entities already use.This catalog is called Known Exploited Vulnerability (KEV) catalog and it is strongly recommends that everyone to review and monitor the catalog and remediate the listed vulnerabilities to strengthen their security and resilience posture.
CISA will update this catalog with additional exploited vulnerabilities as they become known, subject to CISA review and when they satisfy the following thresholds:
 |
| cisa-alerts.py |
The simple python script shows the top-n vendors and the top-n products found in the json file. It also can show the Kenna query string on CVE, with overdue and upcoming CVE.
Links:
In 2018, the Cybersecurity and Infrastructure Security Agency (CISA) established the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force as a public-private joint effort to build partnerships and enhance ICT supply chain resilience.
The Task Force is dedicated to identifying threats and developing solutions to enhance resilience by reducing the attack surface of critical infrastructure. This diverse group is poised perfectly to evaluate existing practices and elevate them to new heights by enhancing existing standards and frameworks with up-to-date practical advice.
The core of the task force is the working groups. These groups are created and disbanded as needed to address core areas of the cyber supply chain. Some of the working groups have been concentrating on areas like:
Every week, CISA is promoting resources, tools, and information, including those developed by the public-private ICT Supply Chain Risk Management (SCRM) Task Force.
Links:
CodExt is a (Python2-3 compatible) library that extends the native codecs library (namely for adding new custom encodings and character mappings), hence its name combining CODecs EXTension. It provides 120+ new codecs and also features a guessing mode for decoding multiple layers of encoding and CLI tools for convenience.
Links:
BruteShark is a Network Forensic Analysis Tool (NFAT) that performs deep processing and inspection of network traffic (mainly PCAP files). It includes: password extracting, building a network map, reconstruct TCP sessions, extract hashes of encrypted passwords and even convert them to a Hashcat format in order to perform an offline Brute Force attack.
The main goal of the project is to provide solution to security researchers and network administrators with the task of network traffic analysis while they try to identify weaknesses that can be used by a potential attacker to gain access to critical points on the network.
$ wget https://github.com/odedshimon/BruteShark/releases/latest/download/BruteSharkCli.zip
$ unzip BruteSharkCli.zip
$ mono BruteSharkCli/BruteSharkCli.exe
Links:
Cloudlist is a multi-cloud tool for getting Assets (Hostnames, IP Addresses) from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts.
Links:
Open Vulnerability and Assessment Language (OVAL)
An OVAL is a definition file that is designed for use by automated test tools to determine the patch state of a machine. It is developed by NIST.
CVRF is not designed as being a way to determine the patch state of a machine, but it can provide an alternative machine-reacable version of security advisories.
Common Vulnerability Reporting Framework (CVRF)
The goal of CVRF is to share information about security updates (security advisories) in an XML machine-readable format. It is developed by ICASI (and is integrated to FIRST in Jun 2021).
CVRF has been transitioned to the OASIS Common Security Advisory Framework (CSAF) Technical Committee.
The most common supported CVRF is v1.1 today.
What are the differences between OVAL and CVRF?
OVAL is a definition file that used by scanning tools to perform assessment, and CVRF is security advisories documents.
OVAL is available as a roll up definition file for OS version, such as Ubuntu Focal. It contains all the patch info since day 1.
CVRF document is usually provided by OS vendor at a regular basis. For example, Microsoft provides a monthly security advisories in CVRF format, and can be retrieved via API call with the parameter 2021-apr.
Think of OVAL is for security scanning (with OpenSCAP), and CVRF is just the security advisories (not for assessment) that used for communicating security information to customers.
Both are in XML format that machine-readable.
Vendor Supports
Most OS vendors support OVAL and provide OVAL download for free. For example, RedHat starts provide OVAL definition since 2006, and starts providing CVRF documents for all RedHat security advisories across all products since 2012.
So far, Microsoft only provide CVRF documents and an API call to access the documents based on the YYYY-mmm.
Links:
With the increase of Cyber conflict at the global level, we should expect increasing risks of cybersecurity attacks and incidents.
Be prepare to face the types of attacks like:
Be prepared for:
Mitigation and remediation:
WebAssembly (Wasm) is one of the most exciting and underestimated software technologies invented in recent times. It's a binary instruction format for a stack-based virtual machine that aims to execute at native speeds with a memory-safe and secure sandbox.
Wasm is portable, cross-platform, and language-agnostic—designed as a compilation target for languages. Though originally part of the open web platform, it has found use cases beyond the web. WebAssembly is now used in browsers, Node.js, Deno, Kubernetes, and IoT platforms.
Though initially designed for the web, WebAssembly proved to be an ideal format for writing platform and language-agnostic applications.
You may be aware of something similar in the container world—Docker containers.
People, including Docker co-founder Solomon Hykes, recognized the similarity and acknowledged that WebAssembly is even more efficient (than Docker) since it's fast, portable, and secure, running at native speeds. This means that you can use WebAssembly alongside containers as workloads on Kubernetes.
Another WebAssembly initiative known as WebAssembly System Interface (WASI) along with the Wasmtime project make this possible.
If WASM+WASI existed in 2008, we wouldn't have needed to created Docker. That's how important it is. Webassembly on the server is the future of computing. A standardized system interface was the missing link. Let's hope WASI is up to the task! twitter.com/linclark/statu…
20:39 PM - 27 Mar 2019
Lin Clark @linclark
WebAssembly on Kubernetes is relatively new, but it's already proving to be revolutionary. Wasm workloads can be extremely fast as they can execute faster than a container takes to start. The workloads are sandboxed and hence much more secure than containers; they are way smaller in size due to the binary format than containers.
If you want to learn more about WASI, check out the original announcement from Mozilla.
Links:
