News

Lisa Plaggemier — Executive Director at National Cyber Security Alliance, a people-first leader, and a cyber satirist

No Password Required Podcast Episode 45 — Lisa Plaggemier

Lisa Plaggemier — Executive Director at National Cyber Security Alliance, a people-first leader, and a cyber satirist

Lisa Plaggemier is the Executive Director of the National Cybersecurity Alliance. Renowned for her people-first leadership style, Lisa’s passions for collaboration and humor drive transformative change for personal and corporate cybersecurity.

In this episode, Lisa joins Carlton Fields P.A.’s Jack Clabby and KnowBe4’s VP of Remote Publishing Teams Kayley Melton to discuss best practices for effective communication in the cybersecurity industry, sharing along the way Lisa’s journey from marketing executive to cybersecurity leadership. Lisa explains the story behind the creation of “Kubikle” – a cybersecurity-based comedy series that is a much-watch for fans of satire and technology. Lisa also unveils the NCA’s “Oh, Behave!” Report, which this year presents the results of a survey of over 6,000 people in the United States and internationally on their cybersecurity attitudes and behaviors. With wit and style, this report emphasizes the vital role that behavioral science plays in strengthening cybersecurity.

To start off the last episode of 2023, Jack and Kayley discuss an upcoming highlight in the cybersecurity calendar: the 2024 Sunshine Cyber Conference! Brace yourselves for this exciting event, featuring a roster of distinguished No Password alumni, including a session with our very own Kayley Melton and cybersecurity rock star Winn Schwartau.

Join the No Password Required team at the conference: https://cyberflorida.org/sunshine/

You can follow Lisa on LinkedIn here: https://www.linkedin.com/in/lisaplaggemier/

You can follow Lisa on Twitter here: @LisaPlaggemier

You can learn more about the National Cybersecurity Alliance, and download the Oh, Behave! report here: https://staysafeonline.org/

2024-01-30T14:32:22-05:00January 10, 2024|
Read More

CARE Lab 2024 Social Engineering Competition

The CARE Lab is hosting its 4th Social Engineering Competition virtually in April/May 2024!

SEC allows students to compete in a purely social engineering experience that is grounded in the social sciences. The competition offers a timely and unique platform for students to learn about social engineering in a hands-on, engaging, and ethical manner. The competition has a different theme each year to demonstrate the relevance of social engineering across various cybersecurity areas, and is open to high school, undergraduate, and graduate students.

This year’s theme, tax scams, is inspired by the IRS’ annual Dirty Dozen list of tax scams for 2023. According to IRS Commissioner Danny Werfel, scammers are “coming up with new ways all the time to try to steal information from taxpayers”. So, what exactly are these ways? Come find out how cybercriminals are using social engineering in employment and tax scams.

No technical experience is required. High school and college students (aged 14+) from all disciplinary backgrounds are welcome!

Details

Applications for the 2024 Social Engineering Competition are being accepted from NOW till Monday, February 19th, 2024 at 12pm ET

Orientation date (virtual): Saturday, March 23, time TBD (this is not optional – please hold this date on your calendar)

Competition dates (virtual, these are not optional – please hold these dates on your calendar):

Graduate Level: April 5, 6, 7, times TBD
Undergraduate: April 19, 20, 21, times TBD
High school Level: May 3, 4, 5, times TBD

Closing ceremonies (virtual): Wednesday, May 8, time TBD (this is not optional – please hold this date on your calendar)

Why a ‘pure’ social engineering competition?

There are MANY cybersecurity competitions already in existence (PicoCTF, PlaidCTF, CSAW, UCSB iCTF, US Cyber Challenge, Panoply, CPTC, CCDC, CyberPatriot, Cyber Academy, to name a few). While these are all excellent sources of hands-on training, they are primarily technical in nature and have specific focus areas, such as reverse engineering, hacking, cryptography, and exploitation. They do not emphasize the relevance of the human-socio-psychological aspects of cyberattacks and cybersecurity.

Given that the human factor is increasingly being exploited by cybercriminals, a pure SE competition grounded in the social sciences offers a timely and unique platform for students to learn about this topic in a hands-on, engaging, and ethical manner.

Who can participate?

This event is open to high school, undergraduate, and graduate students. Teams are required (solo entries are not permitted). Team sizes can range from 2-4 members. Members can be from different institutions (schools/colleges), but must be at the same educational level (ex: purely high school students).

When and how can we put our application in?

Click here to apply

*Registration deadline is Monday, February 19, 2024 at 12pm ET.

2024-01-04T09:59:15-05:00January 3, 2024|
Read More

Sunshine Cyber Conference

It’s back! Cyber Florida is pleased to announce the return of our popular annual conference, now called the Sunshine Cyber Conference! Save the date for 27-28 March 2024 at the newly renovated Tampa Convention Center!

Designed to be educational and affordable, Sunshine Cyber Conference offers valuable content for

  • Cybersecurity/IT practitioners
  • CISOs and CIOs
  • Non-technical managers and
    c-suite leaders
  • Educators, researchers, and students

from

  • Small and medium enterprises
  • Nonprofit organizations
  • State and local governments
  • Law enforcement
  • Educational institutions
Full agenda coming January 15!

REGISTRATION OPTIONS

Industry/Private-Sector $400
Government/Academia/Nonprofit/
Military/Veteran/Law Enforcement		 $200
CTF Only (includes meals, plenary speakers, and reception) $100
Students $50
REGISTER NOW VIA WHOVA.COM

Need to pay by invoice/check? Email us at outreach@cyberflorida.org.

KEYNOTE SPEAKERS

Winn Schwartau

Chief Visionary Officer & Founder, SAC Labs, a division of KnowBe4

Tamiko Fletcher

CISO and Chief of the IT Security Office at Kennedy Space Center

Bianca Lewis (BiaSciLab)

Founder and CEO of Girls Who Hack and Secure Open Vote

TRACKS + TOPICS

The Call for Sessions is now closed, and the team is reviewing submissions to announce speakers and sessions the week of January 15! In the meantime, these are the tracks and topic areas we hope to cover at this year’s event.

Cyber Practitioner

  • Open-source tools
  • Access management
  • Network monitoring
  • Cloud Security
  • Intelligence
  • Threat modeling
  • Vulnerability management
  • Penetration testing

Cyber for the C-Suite

  • Risk management
  • Compliance and governance
  • Cyber policy
  • Talent management
  • Prioritizing investments
  • Legal considerations
  • Incident response
  • Creating a cyber culture
  • Supply-chain risk management

Law Enforcement

  • Cybercrime investigation
  • Open source tools to facilitate investigations
  • How to access common apps legally
  • Seizing digital evidence
  • Cyber threat landscape
  • Cryptocurrency investigations
  • The dark web

Critical Infrastructure

Cybersecurity topics tailored for

  • Water and power utilities
  • Transportation/logistics
  • Healthcare
  • Finance
  • Emergency response
  • Defense Industrial Base
  • Manufacturing
  • Chemical manufacturing

Cyber Education (K-16)

  • Recruiting and retaining cyber educators
  • Educator professional development
  • Inclusive cyber ed
  • Leveraging industry
  • Beyond the classroom: camps, clinics, competitions, and more
  • Hands-on: practicums, internships, career shadowing, mentoring

Emerging Technologies

  • AI and Machine Learning
  • Quantum Cryptography
  • Biometrics
  • Internet of Things
  • Malware analysis
  • Blockchain
  • Botnets
  • Zero-day vulnerabilities
  • Cyberwarfare

HOTEL ACCOMMODATIONS

Conference Hotel: A courtesy block for guests of the Sunshine Cyber Conference is available at the Embassy Suites by Hilton Tampa Downtown Convention Center at a cost of $289 per night. This hotel has a walking bridge connected to the conference center.

Nearby Hotels: Click here for a list of other hotels located near the Tampa Convention Center.

BECOME A SPONSOR

n

Sponsor Registration Form

BECOME AN EXHIBITOR

REGISTER AS AN EXHIBITOR VIA WHOVA.COM

Need to pay by invoice/check? Email us at outreach@cyberflorida.org.

Standard Exhibitor Package $1,000

  • Full 10’ wide x 8’ deep booth
  • One 8’ high pipe and drape backdrop with 3’ high pipe and drape sides
  • One 6’ table, clothed and skirted; two chairs
  • Two conference exhibitor registrations (includes lunches and networking reception)
  • Company listing in the conference event program, app, and website
  • Opportunity to include giveaway item in the conference bag
  • Additional booth staff registrations will be honored at the 2024 government early-bird discount price
    per person, up to a maximum of four (4) total sales representatives per booth
  • List of registered attendees who agree to have their information shared with exhibitors
  • A discounted standard exhibitor package is available for $500 for academic institutions. Contact outreach@cyberflorida.org to redeem.

JUST ADDED: Double-Booth Exhibitor Package

  • Everything included in the Standard Exhbitor Package, but with a double-sized 20′ x 8′ booth.

Notes for Exhibitors

  • Exhibitors are responsible for ordering and paying for any services and/or equipment not listed above by working directly with the appropriate Tampa Convention Center vendor.
  • An exhibitor kit containing all vendor information and forms will be provided after payment is received.
  • Lead retrieval will be available for exhibitors to purchase once exhibitor participation is confirmed and paid for.
  • Booths will not be assigned until payment is received.
  • Exhibit booths will be assigned by Cyber Florida on a first-come, first-served basis.
  • Exhibitors interested in securing more than one booth space should
    contact buzykina@cyberflorida.org.

THANKS TO OUR SPONSORS

STATE PARTNER

2023-12-19T15:15:06-05:00December 19, 2023|
Read More

Jayson Street — Chief Adversarial Officer at Secure Yeti, a DEF CON Groups Global Ambassador, and a world-class awkward hugger

No Password Required Podcast Episode 44 — Jayson Street

Jayson Street, the dynamic Chief Adversarial Officer at Secure Yeti, has worn many masks throughout his life and career. He was once named a “World-Class Hacker” on the National Geographic series “Breakthrough Cyber-Terror,” but he prefers the simpler title of Hacker, Helper, and Human.

In this episode, Jayson joins Carlton Fields P.A.’s Jack Clabby and KnowBe4’s VP of Remote Publishing Teams Kayley Melton to talk about his journey of self-discovery that led him from being an award-winning janitor at McDonald’s to one of the world’s most infamous ethical hackers.

From his early childhood, Jayson has embraced hacking as a way of life, embodying the spirit of relentless exploration, innovation, and resilience. Like our favorite co-host Kayley, Jayson uncovered a new layer of his identity in his adulthood when he discovered that he is neurodivergent. He dives deep into how this new understanding altered his perception of himself, allowed him to embrace the various “masks” he wears throughout life, and discovered that his unique mind is actually his superpower. He also shares extraordinary stories of how he gained entry into some of the hardest-to-access cyber targets in the world.

To start off the show, Jack and Kayley talk about the celebrity that’s topping the Hacker Celebrity Hot List as the celeb whose name is used most by cybercriminals when creating online scams. Hint: he’s just Ken…

You can follow Allan on LinkedIn here: https://www.linkedin.com/in/jstreet/

You can follow Jayson on Twitter here: @jaysonstreet

You can learn more about Jayson here: https://jaysonestreet.com

You can learn more about Secure Yeti here: https://www.secureyeti.com/

2023-12-05T10:38:00-05:00December 11, 2023|
Read More

Sunny Myers on Breaking Barriers, Indigenous Empowerment, and Fostering Allyship

Listen

Sunny Myers on Breaking Barriers, Indigenous Empowerment, and Fostering Allyship

Sunny Myers is the Senior Inclusion and Diversity Global Leader for Palo Alto. In her multifaceted role and in her daily life, Sunny is a dedicated advocate for creating an environment where everyone feels a sense of belonging – whether navigating the dynamic cyber industry or encouraging others to express their authentic selves in everyday life.

In this episode, Sunny joins Tashya Denose and Pam Lindemoen to dive deep into the current landscape of representation and diversity within cybersecurity. Sunny, as a Native American woman, offers a unique and insightful perspective, sharing her personal experiences and insights on breaking barriers and fostering pathways for indigenous women in STEM careers.

But that’s not all – Sunny goes beyond her own experiences to shed light on the essence of true allyship. Listen closely as she emphasizes that genuine allyship requires a willingness to take risks, challenging our listeners to contemplate the depth of their commitment to fostering inclusivity.

Follow us on social media: @DoWeBelongPod

Connect with Sunny on LinkedIn: linkedin.com/in/sunny-myers

Resources mentioned:

– “Teeter totter” analogy – Dr. Mautra Staley Jones

– AISES | American Indian Science and Engineering Society

– Triangle Women in STEM | https://www.trianglewomeninstem.org/

– The Waymakers – Tara Jaye Frank

2023-11-28T11:55:40-05:00November 28, 2023|
Read More

New Program for Critical Infrastructure Cybersecurity

 

The Critical Infrastructure Protection Program

Cyber Florida at the University of South Florida, the state’s leading cybersecurity resource, is pleased to announce a new effort under the CyberSecureFlorida program: the Critical Infrastructure Protection (CIP) Program. Stemming from the success of the recently completed Critical Infrastructure Risk Assessment (CIRA) program funded by the Florida Legislature in 2022, the CIP program takes the next step to provide no-cost resources, tools, and guidance to Florida’s public and private critical infrastructure entities to help mitigate their cyberattack vulnerabilities.  

The CIP Program is intended to assist small and medium-sized enterprises and resource-constrained county and municipal government entities in implementing basic cybersecurity protocols and policies to achieve a fundamental cybersecurity posture. This comprehensive initiative is designed to fortify the cybersecurity resilience of public and private critical infrastructure across the state. 

In an era of increasing cyber threats, safeguarding critical infrastructure is paramount. The CyberSecureFlorida CIP program aims to empower organizations by providing high-quality cybersecurity resources, training, and support to defend against evolving cyber risks. Some of the new resources available include the following: 

  • A 20-question Entry-Level Assessment based on the most-reported weaknesses from the initial risk assessment program. The Entry-Level Assessment will help organizations immediately see how their cybersecurity protocols measure up in the high-risk areas. 
  • A Cybersecurity Incident Response Plan Template to help organizations think through and plan ahead for how to weather and recover from a cyber incident. 
  • A full, 156-question Risk Assessment that covers key cybersecurity protocols outlined in the NIST Cybersecurity Framework as well as ransomware readiness. Both this and the Entry-Level Assessment are provided by Idaho National Laboratory (INL) through a customized instance of their highly regarded Cyber Security Evaluation Tool (CSET)®. 

“CyberSecureFlorida: Critical Infrastructure Protection Program represents a significant step forward in our commitment to fortifying the cybersecurity defenses of government entities and critical infrastructure businesses,” said Bryan Langley, Lead Program Manager at Cyber Florida. “By fostering collaboration, offering targeted training, and leveraging the expertise of our cybersecurity professionals, we aim to elevate the cybersecurity resilience of these vital sectors,” he said. 

To learn more about the CyberSecureFlorida CIP program and how your organization can participate, please visit the program’s official webpage: https://cyberflorida.org/cipp. For inquiries, please contact the program lead, Bryan Langley at bjlangley@cyberflorida.org.  

2023-11-28T10:57:41-05:00November 20, 2023|
Read More

Kristin Demoranville — CEO and Founder of AnzenSage, defender of the food sector, and friend to primates

No Password Required Podcast Episode 43 — Kristin Demoranville

What is the role of cybersecurity in food safety? Kristin Demoranville, CEO and Founder of AnzenSage, is committed to shielding the food sector from potential cybersecurity threats and ensuring the resilience of the entire food supply chain. Her dedication is not just a professional pursuit; it’s a mission to prevent any compromise to public health. In this episode, Carlton Fields Cybersecurity Attorney Jack Clabby and No Password Required producer Rex Wilson speak with Kristin about everything from the deployment of autonomous tractors to the secure refrigeration of airport food, and Kristin sheds light on the other facets of daily life that are linked to the food supply chain. Kristen also shares how her love for wildlife led to her working with primates at the Louisville Zoo before making the transition into cybersecurity, and the value that podcasting has brought to her life. Kristen’s podcast, the Bites & Bytes Podcast, is her platform for discussing cybersecurity and food safety, and is recommended listening for fans of No Password Required. Bites & Bytes has fast become a medium for Kristin to share insights, connect with audiences, and explore the intersections of her diverse interests. Jack and Rex also delve into the intricacies of the Environmental Protection Agency’s recent decision not to include cybersecurity in water system audits, and the questions this may raise about the security of water utility infrastructure.

You can follow Kristin on LinkedIn here: https://www.linkedin.com/in/demoranvillekristin/

You can follow Kristin on Twitter here: @demokris

You can learn more about AnzenSage here: https://www.anzensage.com/

2023-11-16T12:09:32-05:00November 20, 2023|
Read More

Unauthenticated Remote Code Execution (RCE) Vulnerability Affecting NetScaler

I. Targeted Entities

  • NetScaler Users*

II. Introduction

This cyberattack has been targeting NetScaler application delivery controller (ADC) and NetScaler Gateway; tools that improve the delivery speed of applications to an end user and provides secure remote access to application and services, respectively. Threat actors exploited this vulnerabiltiy as a zero-day attack to drop a webshell. The webshell allowed the threat actors access to the victim’s active directory (AD) and collect and exfiltrate data.

III. Additional Background Information

In June 2023, threat actors exploited a public facing applications called NetScaler Application Delivery Controller and NeScaler Gateway. Threat actors implanted a webshell on the organization’s NetScaler ADC appliance, and then abused elevation controls to initilalize an exploit chain to a binary file to extract data.

The affected versions following this vulnerability are for Netscaler and Netscaler Gateway: 13.1 before 13.1-40.13. Intially, CVE-2023-3519 was CVE-2019-19781 that as discovered in December 2019 and it attracted signifcant attention due to its potential to be exploited for the same purpose as it is being seen (unauthneticated remote code execution). In the 2019-29781 CVE attackers would gain access through Citrix NetScaler server to exploit public facing applications such as Citrix ADC and gateway and we can see that happening in the 2023-3519 CVE as well.

According to NISTs’ CVSS Severity and Metrics the vulnerability has been rate the following:

Threat Actor Activity
Victim 1

As part of their initial exploit chain [T1190], the threat actors uploaded a TGZ file [T1105] containing a generic webshell [T1505.003], discovery script [TA0007], and setuid binary [T1548.001] on the ADC appliance and conducted SMB scanning on the subnet [T1046].

Threat Actor Activity
Victim 2

Threat actors uploaded a PHP webshell *logouttm.php* [T1036.005], likely as part of their initial exploit chain, to */netscaler/ns_gui/vpn/. Within an hour of installing the webshell, the actors implanted an Executable and Linkable Format (ELF) binary pykeygen that set user unique identifier (UID) to root and executed /bin/sh [T1059.004] via setuid and execve syscall.* [T1106]. Note: A third party also observed threat actors use an ELF binary (named pip4) to execute /bin/sh via syscall and change the UID to root. pip4 was located at /var/python/bin.

With root level access, the actors used hands-on-keyboard for discovery. They queried the AD via ldapsearch for users, groups, and computers. They collected the data in gzipped text files renamed 1.css and 2.css and placed the files in /netscaler/ns_gui/vpn/ for exfiltration.

After exfiltrating the files, the actors deleted them from the system [T1070.004] as well as some access logs, error logs, and authentication logs [T1070.002]. The victim organization detected the intrusion and mitigated the activity but did not identify signs of additional malicious activity.

For command and control (C2), the actors appeared to use compromised pfSense devices [T1584]; the victim observed communications with two pfSense IP addresses indicating the actor was using them for multi-hop proxying C2 traffic [T1090.003].

Updated vulnerabilities affecting Netscaler ADC and Netscaler Gateway:

As of October 23rd, Cyber Florida recived updates regarding vulnerabilities affecting Netscaler ADC and Netscaler Gateway. The vulnerabilities in mention: CVE-2023-4966 and CVE 2023-4967 both place high in the CVSS score for severity, and should be mitigated immediately. CVE-2023-4966, a sensitive information disclosure vulnerability, allows attackers to get access to large amounts of data in memory at the end of a buffer. Frequently seen within this attack vector are efforts to gain unauthetnicated access to previous session tokens that allow attackers impersonate authenticated users and their escalate priveleges. CVE 2023-4967, although less critical than the first observed vulnerability, is still a severe vulnerability that can lead to a Denial of Service (D.O.S) attack and cause great harm to a company.

As of October 23rd, updated effected versions of Netscaler ADC and Netscaler Gateway are the following:

  • Netscaler ADC and Netscaler Gateway 14.1 before 14.1-8.50
  • Netscaler ADC and Netscaler Gateway 13.1 before 13.1-49.15
  • Netscaler ADC and Netscaler Gateway 13.0 before 13.0-92.19

V. MITRE ATT&CK

  • T1190 – Exploit Public-Facing Applications
    Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network. The weakness in the system can be a software bug, a temporary glitch, or a misconfiguration. Adversaries exploited CVE-2023-3519 to implant a webshell on the organization’s NetScaler ADC appliance.
  • T1505.003 – Server Software Component: Web Shell
    Adversaries may backdoor web servers with web shells to establish persistent access to systems. The threat actors implanted a generic webshell on the organization’s NetScaler ADC appliance.
  • T1548.001 – Abuse Elevation Control Mechanism: Setuid and Setgid
    An adversary may abuse configurations where an application has the setuid or setgid bits set in order to get code running in a different (and possibly more privileged) user’s context. As part of their initial exploit chain, the threat actors uploaded a TGZ file contain a setuid binary on the ADC appliance
  • T1036.008 – Masquerading: Masquerade File Type
    Adversaries may masquerade malicious payloads as legitimate files through changes to the payload’s formatting, including the file’s signature, extension, and contents. Various file types have a typical standard format, including how they are encoded and organized. The threat actors exfiltrated data by uploading it as an image file to a web-accessible path.
  • T1018 – Remote System Discovery
    Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system. Functionality could exist within remote access tools to enable this, but utilities available on the operating system could also be used such as Ping or net view using Net.The threat actors queried the AD for computers. The threat actors attempted to execute a subnet-wide curl command to identify what was accessible from within the network as well as potential lateral movement targets. Network-segmentation controls prevented this activity.
  • T1016.001 – System Network Configuration Discovery: Internet Connection Discovery
    Adversaries may check for Internet connectivity on compromised systems. This may be performed during automated discovery and can be accomplished in numerous ways such as using Ping, tracert, and GET requests to websites.The threat actors attempted to verify outbound network connectivity with a ping command and executed host commands for a subnet-wide DNS lookup. Networksegmentation controls prevented this activity.
  • T1046 – Network Service Discovery
    Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation. Common methods to acquire this information include port and/or vulnerability scans using tools that are brought onto a system. The threat actors conducted SMB scanning on the organization’s subnet.
  • T1056.001 – Archive Collected Data: Archive via Utility
    Adversaries may use utilities to compress and/or encrypt collected data prior to exfiltration. Many utilities include functionalities to compress, encrypt, or otherwise package data into a format that is easier/more secure to transport.The threat actors encrypted discovery data collected via openssl in “tar ball.”
  • T1090.001 – Proxy: Internal Proxy
    Adversaries may use an internal proxy to direct command and control traffic between two or more systems in a compromised environment. Adversaries use internal proxies to manage command and control communications inside a compromised environment, to reduce the number of simultaneous outbound network connections, to provide resiliency in the face of connection loss, or to ride over existing trusted communications paths between infected systems to avoid suspicion.The actors likely used a PHP shell with proxying capability to attempt proxying SMB traffic to the DC (the traffic was blocked by a firewall and account restrictions).
  • T1531 – Account Access Removal
    Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users. Accounts may be deleted, locked, or manipulated (ex: changed credentials) to remove access to accounts. The threat actors deleted the authorization configuration file (/etc/auth.conf)—likely to prevent configured users from logging in remotely (e.g., CLI).

VI. Recommendations

  • Install the relevant updated versions as soon as possible.
  • Check for files newer than the last installation.
  • Quarantine or take offline potentially affected hosts.
  • Provision new account credentials.
  • Collect and review artifacts such as running processes/services, unusual authentications, and recent network connections.
  • Apply robust network-segmentation controls on NetScaler appliances, and other internet-facing devices.
  • Test and validate security controls to determine their performance against threat behaviors associeted with the MITRE ATT&CK in this advisory.

VII. IOCs (Indicators of Compromise)

IOC’s Affiliated with Citrix CVE-2023-3519 Exploitation

Cisa.gov

Third-party provide IP addresses afiliated with Citrix CVE-2023-3519

Cisa.gov

Third-party provided IOCs affiliated with Citrix CVE-2023-3519

Cisa.gov

Updated NetScaler ADC and NetScaler Gateway containing unathenticated buffer-related vulnerablities *10/23/2023*

Support.citrix.com

VIII. References

Threat actors exploiting Citrix CVE-2023-3519 to Implant Webshells – CISA. https://www.cisa.gov/sites/default/files/2023-07/aa23-201a_csa_threat_actors_exploiting_citrix-cve-2023-3519_to_implant_webshells.pdf

Enterprise Techniques. Mitre ATT&CK®. (n.d.). https://attack.mitre.org/versions/v13/techniques

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967. (2023, October 23). https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967

Rapid. (n.d.). CVE-2023-4966: Exploitation of Citrix NetScaler Information Disclosure Vulnerability. Rapid7. https://www.rapid7.com/blog/post/2023/10/25/etr-cve-2023-4966-exploitation-of-citrix-netscaler-information-disclosure-vulnerability/#:~:text=On%20October%2010%2C%202023%2C%20Citrix,the%20end%20of%20a%20buffer.

Threat Advisory created by The Cyber Florida Security Operations Center. Contributing Security Analysts: EJ Bulut, Nahyan Jamil, Alessandro Lovadina, Ben Price, Erika Delvalle, Ariana Manrique, Yousef Blassy

2023-11-14T14:41:05-05:00November 14, 2023|
Read More

Florida SUS Dominate 2023 DOE’s CyberForce Competition

Florida State University Institutions Dominate 2023 Department of Energy’s CyberForce Competition

In an extraordinary display of cybersecurity prowess, State University System of Florida teams dominated the 2023 Department of Energy (DOE) CyberForce Competition on November 4 in St. Charles, IL. Out of 95 participating teams, Florida’s top institutions claimed four of the top five positions, showcasing the state’s exceptional talent and commitment to cyber education.

The final top standings are as follows:

1st place: UCF – A Team With A Dream: Achieving a third consecutive win, this marks the fourth National Championship in CyberForce for the UCF team, adding to their victories in 2018, 2021, and 2022.

3rd place: UF – Darth Gator: Securing an impressive third position, the UF team showcased their exceptional cyber skills.

4th place: UCF – St. Dominic College: A nod to the Q Center’s original name, St. Dominic College for Women, this UCF team claimed the fourth spot, maintaining a tradition of excellence.

5th Place: USF CyberHerd: The USF team rounded off the top five, demonstrating their dedication to cybersecurity and contributing to Florida’s dominance in the competition.

The annual DOE CyberForce Competition attracted nearly 600 students from elite schools across the nation, emphasizing the high level of competition. Florida State Universities, particularly UCF, UF, and USF, proved their mettle by claiming four of the top five positions, solidifying their reputation as leaders in cybersecurity education.

During the all-day CyberForce Competition, the teams faced real-world cybersecurity issues surrounding distributed energy resources (DERs), including constraints like budget and ensuring uninterrupted power access. The ninth iteration of the competition emphasized not just technical knowledge but innovation, adaptability, and effective communication. Participants had to maintain the system, create defenses on tight budgets, and work with virtual users. A Team with a Dream from the University of Central Florida demonstrated excellence in handling challenges to their mini electric grid despite the scenario’s realistic constraints and cyber-attacks.

“I want to congratulate A Team with a Dream from the University of Central Florida on their success in the U.S. Department of Energy’s 2023 CyberForce Competition,” said Puesh M. Kumar, Director of CESER. “The competition focused on ensuring the cybersecurity of clean energy systems and the students did an exceptional job in executing the challenge. It’s vitally important that we continue to promote cyber workforce development to help us defend the energy sector of today, and tomorrow.”

Through this competition, DOE sought to inspire and strengthen the next generation of cybersecurity professionals. Given the high demand for such experts, the CyberForce Competition plays an important role in preparing students for the field’s real-world challenges and demands. For many participants, it’s a steppingstone towards a career in creating a more secure digital world.

See the full press release from the DOE Office of Cybersecurity. To learn more about the DOE CyberForce competition, go to https://cyberforce.energy.gov/cyberforce-competition/.

2023-11-14T09:58:57-05:00November 14, 2023|
Read More

Pathways Playbooks

2023-11-06T10:07:35-05:00November 6, 2023|
Read More

Hosted by the University of South Florida
4202 E. Fowler Avenue, ISA7020
Tampa, FL 33620
outreach@cyberflorida.org
813-974-2604

Office meetings by appointment only

CONTACT US

PRIVACY POLICY

Copyright 2024 The Florida Center for Cybersecurity. Information on this website is made available for general educational purposes only and should not be used in lieu of obtaining competent legal advice from a licensed attorney or cybersecurity professional with sufficient expertise necessary to address your specific needs. Use of this website does not create any special or fiduciary relationship between you and the Florida Center for Cybersecurity or the University of South Florida.