Setting up the root account on Kali 2020

Starting with Kali 2020.1, there is no longer a superuser account and the default user is now a standard, non-privileged user.  In Kali Linux 2020.1, both the default username and password are “kali

 

If you would like to use root instead of the none superuser account kali, here are the instructions to do so:

Issue command “sudo su”

<Enter the password for kali user account>

Issue command “passwd root”

<Enter new password and retype that password>

At this point you can log-off and re log-in or you can just switch the user and log in as root.

 

Let me know if this helped you.

 

Kali 2020.1 Default Username & Password – kali kali

Starting with Kali 2020.1, there is no longer a superuser account and the default user is now a standard, non-privileged user. Until now, users have logged on to the system with the user “root” and the password “toor”. In Kali Linux 2020.1, both the default user and password will be “kali

 

username: kali

password: kali

kali linux invalid password root toor for version 2020.1

 

If you would like to use root instead here are the instructions to do so:

Issue command “sudo su”

<Enter the password for kali user account>

Issue command “passwd root”

<Enter new password and retype that password>

At this point you can log-off and re log-in or you can just switch the user and log in as root.

 

Let me know if this helped you.

 

 

Intel Active Management Technology Multiple Vulnerabilities (INTEL-SA-00241)

Vulnerability: Intel Active Management Technology Multiple Vulnerabilities (INTEL-SA-00241)

Severity: High

Location: 623/TCP & 16992/TCP

Summary: Multiple potential security vulnerabilities in Intel Active Management Technology (Intel AMT) may allow escalation of privilege, information disclosure, and/or denial of service.
Vulnerability Detection Result

Installed version: 11.8.55.3510
Fixed version: 11.8.70
Installation
path / port:      /

Solution type: VendorFix  – Upgrade to version 11.8.70, 11.11.70, 11.22.70, 12.0.45 or later.

Affected Software/OS: Intel Active Management Technology 11.0 to 11.8.65, 11.10 to 11.11.65, 11.20 to 11.22.65 and 12.0 to 12.0.35.

Vulnerability Insight:

Intel Active Management Technology is prone to multiple vulnerabilities:

– Cross site scripting may allow a privileged user to potentially enable escalation of privilege via network access (CVE-2019-11132)

– Insufficient input validation may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access (CVE-2019-11088)

– Logic issue may allow an unauthenticated user to potentially enable escalation of privilege via network access (CVE-2019-11131)

– Insufficient input validation may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access (CVE-2019-0131)

– Insufficient input validation may allow an unauthenticated user to potentially enable information disclosure via network access (CVE-2019-0166)

– Insufficient input validation may allow an unauthenticated user to potentially enable information disclosure via physical access (CVE-2019-11100)

Vulnerability Detection Method:

Checks if a vulnerable version is present on the target host.

Details: Intel Active Management Technology Multiple Vulnerabilities (INTEL-SA-00241) (OID: 1.3.6.1.4.1.25623.1.0.143286)

Version used: 2020-01-07T08:25:23+0000

References

CVE: CVE-2019-11132, CVE-2019-11088, CVE-2019-11131, CVE-2019-0131, CVE-2019-0166, CVE-2019-11100
CERT: CB-K19/0978, DFN-CERT-2019-2375
Other: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html

Cybersecurity Maturity Model Certification (CMMC) Levels

The CMMC model has five defined levels, each with a set of supporting practices and processes, illustrated in Figure 2.  Practices range from Level 1 (basic cyber hygiene) and to Level 5 (advance/progressive).  In parallel, processes range from being performed at Level 1, to being documented at Level 2, to being optimized across the organization at Level 5.  To meet a specific CMMC level, an organization must meet the practices and processes within that level and below.

Each of the levels is described in more detail below.

Level 1

CMMC Level 1 focuses on basic cyber hygiene and consists of the safeguarding requirements specified in 48 CFR 52.204-21.  The Level 1 practices establish a foundation for the higher levels of the model and must be completed by all certified organizations. Not every domain within CMMC has Level 1 practices. At both this level and Level 2, organizations may be provided with FCI. FCI is information not intended for public release. It is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government. FCI does not include information provided by the Government to the public. While practices are expected to be performed, process maturity is not addressed at CMMC Level 1, and therefore, a CMMC Level 1 organization may have limited or inconsistent cybersecurity maturity processes.

Level 2

CMMC Level 2 focuses on intermediate cyber hygiene, creating a maturity-based progression for organizations to step from Level 1 to 3.  This more advanced set of practices gives the organization greater ability to both protect and sustain their assets against more cyber threats compared to Level 1.  CMMC Level 2 also introduces the process maturity dimension of the model. At CMMC Level 2, an organization is expected to establish and document standard operating procedures, policies, and strategic plans to guide the implementation of their cybersecurity program.

Level 3 

An organization assessed at CMMC Level 3 will have demonstrated good cyber hygiene and effective implementation of controls that meet the security requirements of NIST SP 800-171 Rev 1. Organizations that require access to CUI and/or generate CUI should achieve CMMC Level 3.  CMMC Level 3 indicates a basic ability to protect and sustain an organization’s assets and CUI; however, at CMMC Level 3, organizations will have challenges defending against advanced persistent threats (APTs).  Note that organizations subject to DFARS clause 252.204-7012 will have to meet additional requirements such as incident reporting.  For process maturity, a CMMC Level 3 organization is expected to adequately resource activities and review adherence to policy and procedures, demonstrating management of practice implementation.

Level 4

At CMMC Level 4, an organization has a substantial and proactive cybersecurity program.  The organization has the capability to adapt their protection and sustainment activities to address the changing tactics, techniques, and procedures (TTPs) in use by APTs. For process maturity, a CMMC Level 4 organization is expected to review and document activities for effectiveness and inform high-level management of any issues.

Level 5

At CMMC Level 5, an organization has an advanced or progressive cybersecurity program with a demonstrated ability to optimize their cybersecurity capabilities.  The organization has the capability to optimize their cybersecurity capabilities in an effort to repel APTs. For process maturity, a CMMC Level 5 organization is expected to ensure that process implementation has been standardized across the organization.

Understanding Cybersecurity Maturity Model Certification (CMMC)

By: Kellep Charles and Adrian Williams

So, if you haven’t heard or if you are not familiar with the cybersecurity maturity model certification (CMMC), don’t worry about it, we are here to explain it all to you.

The CMMC is a certification procedure developed by the Department of Defense (DoD) to certify contractors have the controls to protect sensitive data including Federal Contract Information and Controlled Unclassified Information (CUI).  The CMMC Model is based on the best-practices of different cybersecurity standards including NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933 and others into one cohesive standard for cybersecurity.  The Domains have seventeen (17) sections listed below:

  1. Access Control
  2. Asset Management
  3. Audit and Accountability
  4. Awareness and Training
  5. Configuration Management
  6. Identification and Authentication
  7. Incident Response
  8. Maintenance
  9. Media Protection
  10. Personnel Security
  11. Physical Security
  12. Recovery
  13. Risk Management
  14. Security Assessment
  15. Situational Awareness
  16. Systems and Communications Protection
  17. System and Information Integrity

The CMMC contains five levels ranging from basic hygiene controls to state-of-the-art controls, but unlike NIST 800-171, the CMMC will not contain a self-assessment component. Every organization that plans to conduct business with the Department of Defense will be required to undergo an audit by an authorized auditing entity before bidding on a contract or subcontracting to a prime.

The CMMC is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity practices and processes are in place to ensure basic cyber hygiene as well as protect controlled unclassified information (CUI) that resides in the Department’s industry partners’ networks.  CUI is information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls.

Version 1.0 of the CMMC framework will be available in January 2020 to support training requirements. In June 2020, the industry should begin to see the CMMC requirements as part of Requests for Information.  The initial implementation of the CMMC will only be within the DoD, but we predict this will be expanded to the Federal sector at some point as well.

So, how can we obtain the CMMC for our organization?

As stated, there is no self-certification.  Your organization will coordinate directly with an accredited and independent third-party commercial certification organization to request and schedule a CMMC assessment. Your company will specify the level of the certification requested based on your company’s specific business requirements. Your company will be awarded certification at the appropriate CMMC level upon demonstrating the appropriate maturity in capabilities and organizational maturity to the satisfaction of the assessor and certifier.  Once your certification has been obtained, the level will be made public, however, details regarding specific findings will not be publically available. The DoD will only see your certification level.

Why is it important?

Existing measures have failed the U.S., just take a look at the Chinese J-31 aircraft as a prime example, which is very similar to the American F-35 Joint Strike Fighter.  The question is not whether U.S. adversaries have become better innovators, as compared to becoming better thieves.  The NIST 800-171 relies on organizations to self-assess their posture and then report their compliance.  Self-assessments cannot be truly trusted, thus a new approach is needed.

In addition, compliance does not mean you are secure and will never equal that.  Compliance requires only achieving a level of implementation and making sure items are in place.  For example, putting a lock on a door may satisfy a compliance requirement, but the type of lock and the type of door that affects how safe and secure the item being protected can actually be safeguarded.  To address these shortcomings, as well as protect the information, CUI and national security the CMMC is a welcome and needed mechanism.

September Is Insider Threat Awareness Month

“Detect, Deter, Mitigate.”

That’s the theme of a new government program designating September as Insider Threat Awareness month. With it, SecurityOrb.com joins our colleagues in government, industry, and education to promote awareness of this critical threat to the nation and your organization.  Beginning next week, we will be making weekly posts on our social media pages on this topic to help us all stay vigilant in our security awareness and in protecting the data entrusted to us.

Anyone can wittingly or unwittingly become an insider threat, and all organizations are vulnerable. Insider incidents damage national security, risk lives and cause the loss of classified information and profit.  They can also result in trade secret theft, fraud, and sabotage that can significantly damage an organization’s business and reputation.

Look for the first of our weekly messages this September.