Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label FEMA. Show all posts
Internet
Citrix Bleed Cloud Cyber Security Data Leak Email FEMA Internet

Massive Breach Allows Hackers to Steal Employee Data from the US Federal Agencies


An incident at the Federal Emergency Management Agency allowed threat actors to steal employee data from the US Customs and Border Protection and the disaster management office. The breach has allegedly triggered the removal of dozens of Federal Emergency Management Agency technology employees.

Citrix bug leads to breach

The incident occurred on June 22, when threat actors infiltrated Citrix virtual desktop infrastructure inside FEMA via stolen login details. The data was stolen from Region 6 servers, according to NextGov. The DHS security staff were informed of the incident on July 7. A week later, an unknown hacker used a high-level access account and tried to deploy virtual networking software to retrieve details. Mitigation began on July 16. 

In September, further mitigation actions were taken, including reframing FEMA Zscaler policies and restricting access to a few websites. According to Nextgov, an internal FEMA email was found that instructed all employees to change their passwords, but no other details about the incidents were mentioned in the email. 

About FEMA firings

The FEMA employee layoffs happened on August 29, after a routine inspection of the agency’s infrastructure, which revealed a flaw that “allowed the threat actor to breach FEMA’s network and threaten the entire department and the nation as a whole,” according to the Department of Homeland Security (DHS). 

The firing announcement came from DHS, which also hit FEMA’s top cybersecurity and technology officers. According to DHS, FEMA’s IT staff “resisted any efforts to fix the problem” and “lied” about the significance of flaws. “Failures included: an agency-wide lack of multi-factor authentication, use of prohibited legacy protocols, failing to fix known and critical vulnerabilities, and inadequate operational visibility,” DHS said at the time.

Lack of effort: DHS

FEMA’s IT employees “resisted any efforts to fix the problem,” avoided scheduled inspections and “lied” to officials about the scope of the cyber vulnerabilities, DHS said when Noem first announced the staff terminations last month. “Failures included: an agency-wide lack of multi-factor authentication, use of prohibited legacy protocols, failing to fix known and critical vulnerabilities, and inadequate operational visibility,” DHS also said.

About the Citrix bug

Citrix sells software that employees use for remote access of workplace apps. The flaw, named CitrixBleed 2.0, in the past has allowed threat actors to escape two-factor authentication measures. “Bleed” is a tactic that makes susceptible devices give out memory content, allowing threat actors to place pieces of data and assemble login credentials for infiltrating devices.

Read more »
Vulnerabilities and Exploits
DHS EAS FEMA Vulnerabilities and Exploits

Emergency Alert System Bugs Can Help Actors Distribute Fraud Messages

 


The U.S Department of Homeland Security (DHS) has issued a warning of critical vulnerability in the Emergency Alert System (EAS) encoding/decoding devices. If not fixed, the bugs will allow threat actors to send out fraud emergency alerts on cable networks, TV, and radio. 

The advisory came on August 1 from DHS' Federal Emergency Alert Agency (FEMA). Cybersecurity experts Ken Pyle found out about the vulnerabilities. 

FEMA said the EAS national test in 2021 was very similar to regular monthly tests typically originated by state authorities. 

During the test, radios and televisions across the country interrupted normal programming to play the EAS test message in English or Spanish. 

"The EAS national test in 2021 was very similar to regular monthly tests typically originated by state authorities. During the test, radios and televisions across the country interrupted normal programming to play the EAS test message in English or Spanish," reports FEMA.

EAS is a U.S. national public warning system that allows state authorities to send out information in less than 10 minutes if there's an emergency. These warnings can interrupt TV and radio to show emergency alert information. 

Information about the bugs has not been disclosed to prevent threat actors from exploiting them, but we can expect the details publicly soon as a proof-of-concept at the DEF CON conference going to take place in Las Vegas next week. 

Basically, the flaws are public knowledge and will be shown to a large audience in the following weeks. 

To control the vulnerability, users are advised to update the EAS devices to the latest software versions, use a firewall to secure them, and keep an eye on audit and review logs for signs of any suspicious access (unauthorised). 

"The testing process is designed to evaluate the effectiveness of the IPAWS Open Platform for Emergency Networks and assess the operational readiness of the infrastructure for distribution of a national message and determine whether technological improvements are needed," reports FEMA.


Read more »
Subscribe to: Posts (Atom)