Edwin Kwan: Microsoft is expanding access to cloud logging to all customers for free, with more becoming available in September, 2023. This came after they received strong criticisms as a result of the Storm-0558 breach on July 11th.

Ian Garrett: Thousands of companies are at risk from a recently discovered Citrix zero-day exploit that has already targeted a critical infrastructure organization in the United States. The vulnerability affects some devices that are widely used for secure application delivery and VPN connectivity.

Katy Craig: The White House has crafted a plan to beef up the nation’s cyber defenses called the Cybersecurity Implementation Plan, but now comes the tricky part: actually making it happen.

Marcel Brown: July 26th, 1963. Syncom 2, the world’s first geosynchronous satellite is launched. Syncom 1 was intended to be the first geosynchronous satellite, but an electronics failure rendered the satellite inoperable during the ascent to orbit.

From Sourced Network Productions in Washington DC, It’s 5:05. I’m Hillary Coover. Today is Thursday, July 27th, 2023. Here’s the full story behind today’s cybersecurity and open source headlines.

 

Edwin Kwan: Microsoft Makes Access to Cloud Logging Free After Criticisms from Storm-0558 Breach

This is Edwin Kwan from Sydney, Australia.

Microsoft is expanding access to cloud logging to all customers for free, with more becoming available in September, 2023. This came after they received strong criticisms as a result of the Storm-055 8 breach on July 11th.

Microsoft reported having quelled a cyber espionage campaign carried out by a group they had tracked as Storm-055 8. The attackers used forged authentication tokens to break into email accounts at US government agencies and other organizations.

Some of the organizations they reached out to couldn’t find any evidence of compromise in their logs. The reason? The organization was on an E3 license and the log types that contain the corroborating evidence was part of Microsoft’s enhanced logging, which was only available on the more expensive E5 and G5 plans.

This lead to criticisms from government officials, calling on every organization using a technology service like Microsoft 365, should have access to logging and other security data out of the box.

Resources
– Microsoft ‘Logging Tax’ Hinders Incident Response, Experts Warn

 

Ian Garrett: Cybersecurity Crisis: Citrix Vulnerability Exposes US Infrastructure

Ian Garrett: Thousands of companies are at risk from a recently discovered Citrix zero-day exploit that has already targeted a critical infrastructure organization in the United States. Last week, Citrix sounded the alarm about a critical related flaw, CVE-2023-3519, with the severity rating of 9.8 out of 10.

The vulnerability affects some devices that are widely used for secure application delivery and VPN connectivity.

Hey folks, this is Ian Garrett in Arlington, Virginia.

The zero-day allows remote attackers to run arbitrary code on the affected devices without authentication. Citrix confirmed that evidence suggests the flaw has already been exploited in the wild.

Days after Citrix’s warning, the US Cybersecurity and Infrastructure Security Agency disclosed that a US critical infrastructure organization fell victim to this exploit in June and reported it to the agency in July.

CISA revealed that hackers leveraged the flaw to drop a webshell on the organization’s NetScaler ADC appliance. This enabled the attackers to collect and exfiltrate sensitive data from the organization’s active directory, including user information, groups, applications, and network devices. Fortunately, the targeted appliance was isolated within the network, preventing the hackers from compromising the domain controller.

This incident highlights a broader risk. The Shadowserver Foundation, a nonprofit organization dedicated to internet security, discovered over 15,000 unpatched Citrix servers worldwide, putting thousands of organizations at risk of compromise.

Citrix has quickly released an update to patch the vulnerability, so organizations using Citrix should properly install the provided security updates. As always, zero-days like this serve as a good reminder to keep applications updated with the latest patches.

Resources
– Hackers exploit Citrix zero-day to target US critical infrastructure | TechCrunch

 

Katy Craig: Cyber Implementation Plan

The White House has crafted a plan to beef up the nation’s cyber defenses called the Cybersecurity Implementation Plan, but now comes the tricky part: actually making it happen.

This is Katy Craig in San Diego, California.

The plan divides its 27 objectives into 69 initiatives, each assigned to a different government agency. It’s a massive game of cyber tag, with the office of the National Cyber Director and the Cybersecurity and Infrastructure Security Agency taking the lead on most initiatives.

The challenges are real. The government expects agencies to work together like never before, even those not traditionally cyber-savvy. The State Department, surprisingly, is stepping up as a cyber leader too, taking charge of eight initiatives. They’ve got the international connections needed to boost global cyber capacity and secure IT networks.

The government wants 47 of these initiatives done by the end of fiscal year 2024- just over a year from now, which is not long in government time. The government knows this plan won’t be a walk in the park, especially with potential legal roadblocks ahead. Some folks are already pushing back on cybersecurity rules.

Still, despite the challenges, this strategy is a strong start.

This is Katy Craig. Stay safe out there.

Resources
– https://www.whitehouse.gov/wp-content/uploads/2023/07/National-Cybersecurity-Strategy-Implementation-Plan-WH.gov_.pdf

 

Marcel Brown: This Day, July 26, July 27 in Tech History

This is Marcel Brown, delivering some technology history for July 26th and 27th.

July 26th, 1963. Syncom 2, the world’s first geosynchronous satellite is launched. Syncom 1 was intended to be the first geosynchronous satellite, but an electronics failure rendered the satellite inoperable during the ascent to orbit.

July 27th, 1981. About two weeks before IBM begins shipping the first IBM PC, Microsoft buys the full rights to the operating system 86-DOS, formerly known as QDOS, or Quick and Dirty Operating System, from Seattle Computer Products for $50,000. Microsoft had previously paid $25,000 to SCP for a non-exclusive license in December of 1980 in order to begin porting the operating system to the IBM PC, which used the Intel 8088 processor. Microsoft renamed 86-DOS to MS-DOS and licensed it to IBM as PC-DOS. SCP would later sue Microsoft, claiming fraud because Microsoft did not reveal IBM as a licensee. The case was settled in SCP’s favor for $1 million, a fraction of the annual revenue Microsoft was receiving from MS-DOS and PC-DOS.

That’s your technology history for today. For more, tune in tomorrow and visit my website, thisdayintechhistory.com.

Resources
– http://thisdayintechhistory.com/07/26

Resources
– http://thisdayintechhistory.com/07/27

 

Hillary Coover

That’s our update for today, July 27th, 2023. I’m Hillary Coover. We’ll be back tomorrow at 5:05.