back to article MITRE admits 'nation state' attackers touched its NERVE R&D operation

In a cautionary tale that no one is immune from attack, the security org MITRE has admitted that it got pwned. The non-profit reported that its R&D research center – the Networked Experimentation, Research, and Virtualization Environment (NERVE) – was penetrated using zero-day flaws in an Ivanti virtual private network. MITRE …

  1. Mike 137 Silver badge

    Mitre's call to action

    In response to the attack Charles Clancy, Chief Technology Officer of MITRE stated:

    "First, we need to advance secure by design principles. Hardware and software needs to be secure right out of the box.

    Second, we need to operationalize secure supply chains by taking advantage of the software bill of materials ecosystem to understand the threats in our upstream software systems.

    Third, we should deploy zero trust architectures, not just multi-factor authentication, but also micro-segmentation of our networks.

    Fourth, we need to adopt adversary engagement as a routine part of cyber defense. It can provide not only detection, but also deterrence to our adversaries. Adversaries are advancing new threats and new techniques"

    IMO the first three are absolutely essential and long overdue basics for infosec given the current threat landscape. The fourth I'm not so sure about, depending on what it means in practice. If it means maintaining up to the minute intelligence, that's also basic and long overdue, but 'engagement' has me a bit worried if it implies active counterattack (as some folks do seem keen on).

  2. Anonymous Coward
    Facepalm

    Cisco's non-adaptive non-security and non-defense software

    the miscreants controlling it have been targeting a flaw (CVE-2023-20269) in the remote access VPN feature of Cisco's Adaptive Security Appliance and Firepower Threat Defense software.

    Cisco ASA 5500-X Series with FirePOWER Services is a firewall appliance that delivers integrated threat defense across the entire attack continuum.”

    Who knew that these security appliances would be suspectable to the same vulnerabilities as the non-protected networks.

  3. Michael Wojcik Silver badge

    PuTTY keys

    In case any PuTTY users aren't sure whether they have affected private keys: PuTTY stores key pairs in its own .ppk files, which are plain text (the keys themselves are Base64, and possibly encrypted). The first line of the file gives the key algorithm, including where appropriate key size.

    The affected keys will say "ecdsa-sha2-nistp521" for the algorithm. Other key types are not affected, to the best of my knowledge (and I read the original advisory; the problem is specifically with ECDSA keys longer than 512 bits).

    Note that some people may be using PuTTY keys without using PuTTY as an ssh client; for example, git on Windows can use PuTTY keys via pageant.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like