ITCSecurityMaster

MITRE ATLAS (Adversarial Landscape for Artificial-Intelligence Systems):

✔️ includes adversary and for machine learning (ML) systems.

✔️ is based on real-world observations from red teams, cyber security working groups and academic research.

✔️ is modeled after the MITRE ATT&CK

Examples of specific attacks:

📌Model Evasion – attacker identifies query to perform to get a desired outcome after observing output of the ML system for certain types of input (inference stage)

📌Functional Extraction – obtaining model functionally through iterative querying (inference stage)

📌Model Poisoning – attacker can “reprogram” the ML system to perform a new undesired task or have a new undesired output (train phase)

📌Model Inversion – attacker recovers the features used to train the model (inference stage)

https://atlas.mitre.org/

&CK

MITRE | ATLAS™

adopted for - ISO/IEC/IEEE FDIS 32675:2022

📌full life cycle of systems, products, and services (conception, , , utilization, support, and retirement).

📌involvement of stakeholders

📌ultimate goal of achieving customer satisfaction.

The guidelines can be used for:

✏️ by an organisation

✏️ by a project

✏️ by an acquirer or supplier

Interested to gain more knowledge and hands-on experience in 🎯 cyber security?

🚩Join the IT&C Security Master (ism.ase.ro) 🚩

Tailored labs taking place mainly during weekends!

🚀 Registration beween 22-26 July 2022

https://admitere.ase.ro/masterat_2022/index.asp

Admitere A.S.E. Bucuresti | Admitere 2022 Pagina de Admitere a Academiei de Studii Economice din Bucuresti. Admitere licenta, admitere masterat, admitere doctorat. Informatii complete despre admitere.

Want to start your journey in cybersecurity?

IT&C Security Master ( ism.ase.ro) provides a solid basis for your cybersecurity journey, including:
-
-
- Secure application development
- solution implementation and security
- design and

Registration opens - 22-26 July 2022!

https://admitere.ase.ro/masterat_2022/index.asp

Admitere A.S.E. Bucuresti | Admitere 2022 Pagina de Admitere a Academiei de Studii Economice din Bucuresti. Admitere licenta, admitere masterat, admitere doctorat. Informatii complete despre admitere.

Registration opens soon for IT&C Security Master - 22-26 July 2022!

Admitere A.S.E. Bucuresti | Admitere 2022 Pagina de Admitere a Academiei de Studii Economice din Bucuresti. Admitere licenta, admitere masterat, admitere doctorat. Informatii complete despre admitere.

Increased targeting of



Frequent use of Linux as the basis for cloud services, hosts, and container-based infrastructure, attackers have increasingly targeted Linux environments with sophisticated and , with emphasis on and .

📌 Examples:

✏️ ransomware - that was used against petrochemical distribution network

✏️ - was originally a Windows-based version that expanded into the Linux world



📌 tools used:

✏️ CobaltStrike is becoming more prevalent because it is the most mature and formalized [ ] infrastructure



More details about OS security in the course of the IT&C Security Master

Linux Malware on the Rise Ransomware, cryptojacking, and a cracked version of the penetration-testing tool Cobalt Strike have increasingly targeted Linux in multicloud infrastructure, report states.

exploited by

Steps of the attack:

1) commonly use vanilla images along with commands to start the

2) adds users

3) of the newly created user

4) obtain the public IP address of the host

5) download a file from the attacker’s server

6) install a that grants

manoeuvres are changed constantly – such as:

- encoded the script in base64 five times;

- creating a new cron job that will initiate every 55 minutes through log_rotate.bin

Cryptomining Attack Exploits Docker API Misconfiguration Since 2019 Campaign exploits misconfigured Docker APIs to gain network entry and ultimately sets up a backdoor on compromised hosts to mine cryptocurrency.

’s new IoT cybersecurity guidelines

After months of workshops and gathering input from all relevant stakeholders, the following have been published:

📌 SP 800-213 – requirements when starting to use an device from an IoT device and its manufacturer and/or third parties

📌 SP 800-213A - the updated catalogue of:

📝 device cybersecurity capabilities (i.e., features and functions needed from a device to support )

📝 non-technical supporting capabilities (i.e., actions and support needed from device manufacturers and other supporting entities to support security controls)

📌Don’t forget about the related publications: NISTIR 8259, NISTIR 8259A, NISTIR 8259B

Convergent Evolution: SP 800-213, the Federal Profile, and the IoT Cybersecurity Catalog NIST has been engaged for several years in developing guidance for Internet of Things (IoT) cybersecurity.

Released: MITRE ATT&CK v10

- New data sources

- New techniques

- Technique changes

- Mobile and enterprise updates

- Cross-domain mappings of Enterprise techniques to ICS Matrix

https://medium.com/mitre-attack/introducing-attack-v10-7743870b37e3

Introducing ATT&CK v10: More Objects, Parity and Features Detailing the content and feature updates just released in ATT&CK v10

( Alliance) - publication
Aims to provide processes and controls needed to ensure the privacy and security of cloud-based telehealth patient information.
Includes , and guidelines for the below data use phases:
1. : Data is generated, acquired, or modified.
2. : Data is committed to a storage repository.
3. : Data is processed, viewed, or used in any other sort of activity.
4. : Data or information is made accessible to others.
5. : Data is placed in long-term storage, per data retention guidelines and legal obligations.
6. : Data is no longer required and made inaccessible.

Telehealth Risk Management | CSA This paper focuses on having the processes and controls in place necessary to ensure the privacy and security of telehealth patient information in the cloud with respect to the HIPAA privacy rule and the GDPR. Maintaining the sanctity and integrity of healthcare data is of paramount importance not

targets poorly protected or Windows containers

Siloscape - is capable of:
👉compromising a single
👉escaping and then moving laterally
👉end goal - accessing an entire

📌Step 1: Obtain capability inside a Windows container using a known
📌Step 2: Executes Siloscape by impersonating CExecSvc.exe to obtain trusted user rights (SeTcbPrivilege)
📌Step 3: Check privileges in order to escape the container – i.e. to create new Kubernetes deployments
📌Step 4: connects to the Tor network to commence the command and control phase

Siloscape Malware Reportedly Targeting Windows Containers Researchers believe that a malware variant that specifically targets poorly protected or misconfigured Windows containers has been uncovered for the first time,

: : Best Practices for Preventing from Ransomware include:

📌 implementing robust between IT and OT networks;

📌 regularly testing manual ; and

📌 ensuring that are implemented, regularly tested, and isolated from network connections



Read the entire list of best practices here: 👉

DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks | CISA This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques.