A selection of the top articles and videos from the last week on SecuritySenses.com. Don't forget to check back regularly for daily updates from around the globe.
If you like SecurityBuzz, why not forward it to some friends or share the online version?
The connected nature of business environments has increased the severity and frequency of cyberattacks in the insurance sector. Insurance companies face a greater threat than most industries because they deal with sensitive and valuable data stemming from numerous avenues. This has resulted in several high-profile cyberattacks on insurance providers over the past few years. A typical insurance organization faces an average of 113 targeted breach attempts every year, a third of which will be successful.
Since the Colonial Pipeline incident in May 2021, the word “ransomware” has been circulating in public opinion and even in recent remarks from President Biden and law enforcement, along with warnings about how this type of advanced cyberattack on companies and individuals should be avoided. But what exactly is ransomware? Why are we suddenly talking so much about it now? The Cybersecurity & Infrastructure Security Agency (CISA) defines ransomware as an ever-evolving form of malware designed to encrypt files on computer systems, rendering files and the critical infrastructure that rely on them unusable.
The risks that threaten your vendors and contractors threaten your company as well. Every additional party added to your supply chain expands the scope of your risk and creates more opportunities for your compliance program to fail. Some new suppliers may be reluctant to be fully transparent with you about their own risks and security measures. Nevertheless, it’s crucial that you work with your vendors to keep all potential threats at bay. Since your suppliers operate outside of your company’s control, a plan to mitigate their risk will look and operate differently than your own risk management program.
Wireshark is a free open source tool that analyzes network traffic in real-time for Windows, Mac, Unix, and Linux systems. It captures data packets passing through a network interface (such as Ethernet, LAN, or SDRs) and translates that data into valuable information for IT professionals and cybersecurity teams. Wireshark is a type of packet sniffer (also known as a network protocol analyzer, protocol analyzer, and network analyzer). Packet sniffers intercept network traffic to understand the activity being processed and harvest useful insights.
A software bug, system flaw, security gap—these are all terms you may have heard in the world of application security (AppSec). Yes, they all mean slightly different things, but the reality is each one can lead to a vulnerability—which translates into a weakness that can be exploited to compromise the security of an application. Once a cyber attacker finds an exploitable flaw (which, at this point, is an application vulnerability) and learns how to take advantage of it, this bad actor has the potential to bring about a serious breach. And this type of cybercrime, one focused on the exploitation of software vulnerabilities, has quickly become one of the most problematic threats in the digital world.
SOAR (Security Orchestration, Automation and Response) refers to the convergence of three distinct technology markets: security orchestration and automation, security incident response platforms (SIRP) and threat intelligence platforms (TIP). SOAR technologies enable organisations to collect and aggregate vast amounts of security data and alerts from a wide range of sources. This helps to build automated processes to respond to low-level security events and standardise threat detection and remediation procedures. The term was initially coined by the research firm Gartner, who have since outlined three core capabilities of SOAR technologies.
Our current global landscape is testing resiliency. As organizations continue to shift to a remote work business model, the rush to digitally transform has created new and heightened cyber risk concerns. Protecting these digital connections needs to stay top of mind for leaders looking to help their organizations adapt to these changes while continuing to innovate. In this blog, we will look to set the cyberscene and focus on a security first mindset. We will look at the biggest risks facing organizations today, and considerations for CISOs in adapting to the ever-changing landscape.
SIEM (pronounced like “sim” from “simulation”), which stands for Security Information and Event Management, was conceived of as primarily a log aggregation device. However, a SIEM’s primary capabilities are to provide threat detection, better enable incident investigation, and speed up your incident response time, while also giving you a unified, holistic view of your infrastructure. A SIEM is just one piece of the puzzle of securing and monitoring your network and systems – a puzzle that, according to Michael Oberlaender, is a 10-piece stack that, at first, can appear quite daunting.
Incidents of ransomware have been increasing and evolving steadily for years as financially motivated adversaries shift tactics when one is no longer profitable. Unfortunately, many organizations haven’t been able to adapt their security operations to keep up. Back in 2019, 60% of organizations told ESG that they experienced a ransomware attack that year, with 29% reporting that attacks happened at least on a weekly basis. The following year, Gartner stated that 27% of malware incidents reported in 2020 could be attributed to ransomware.
The shift to cloud-native has transformed the way organizations do business, keep up with the competition and meet the demands of customer expectations. From the infrastructure that maintains IT operations to the applications that supply customers with the ability to interact with their data, the velocity in which DevOps teams have to deliver these services has significantly increased, leaving little to no room for error. In order to properly manage infrastructure growth, tools like Terraform have helped organizations to create, change and improve infrastructure. However, as people, we are prone to error, which inevitably increases the risk that our organizations need to assume. At Styra, we believe that one of the best ways to mitigate risk is by creating declarative policies that empower your teams to decrease risk because they know what the policies are.
DevOps is one of the latest IT methodologies to be offered ‘as a Service’. With DevOps as a Service (DaaS), all tasks related to selecting, managing and maintaining DevOps tools and infrastructure, policies and processes are handled centrally, much of it automated, by a specialist team and provided – as a service – to all the development teams across the organization.
Note from the author: This write-up is meant to provide an overview on Pegasus, why you should be concerned, how Lookout can help protect you and what actions security admins should take. For additional information, please read our full technical report. Lookout Customers: If you believe your organization or one of your employees has been compromised by Pegasus, please reach out to our support team immediately. First uncovered by Lookout and Citizen Lab in 2016, the highly advanced mobile spyware Pegasus was recently confirmed to have been used on business executives, human rights activists, journalists, academics and government officials.
Microsoft Teams, and subsequently Microsoft, likely need no introduction. The popular collaboration tool launched in 2016, providing organizations with a powerful way to communicate and share information within the Microsoft ecosystem. Tools like Teams have only become more important post-COVID with teams being hybrid, decentralized, and distributed. Healthcare organizations specifically can benefit from Microsoft Teams as it’s an affordable platform that’s a no-brainer for organizations already leveraging Office 365 or other aspects of Microsoft’s services. In this post, we’ll cover how healthcare orgs can get started with Teams.
Data leaks can happen in many ways, and they’re surprisingly common. For example, a company might be hacked by cybercriminals; someone may lose their laptop with sensitive information; employee records could get lost during the relocation process. It doesn’t take much for sensitive information to get into the wrong hands. In fact, research has found that more than half of all data leakages come from human errors like typos and lost files.
Physical penetration tests are meant to simulate real-world scenarios to help assess the vulnerabilities and risks that could compromise a company’s physical security. Specialists often carry them out in this field who know how to access sensitive information, bypass controls, intercept network traffic and EM waves and more! Physical penetration testing is a vital part of any company’s security. This article will tell you what physical penetration tests are, why they’re important and how to do them.
Technology is always changing, and as it does, businesses are constantly adopting new technologies to streamline their business processes and improve deliveries of goods and services. With those new technologies, however, comes risk. Every new technology opens up a business to digital threats. Sometimes those threats come from the untested nature of leading-edge technology, and sometimes those threats are simply associated with the learning curve of users within an organization. Either way, the price tag is steep: according to Ponemon’s latest report, the average cost of a data breach is $3.86 million.
There are many important factors to consider when choosing a cloud provider for your cloud use cases. For organizations in heavily regulated industries, compliance with relevant regulations is one of the most important things to think about. Whether you’re planning for a single cloud workload or a hybrid multi-cloud setup, maintaining compliance for sensitive data in the cloud is imperative. The 14 Cloud Security Principles released by the National Cyber Security Center (NCSC) provides guidance to organizations in the UK when evaluating cloud providers. This article focuses on the main five security principles to consider from a compliance perspective to help your business choose a suitable cloud vendor.
UPnP (Universal Plug and Play) is a service that allows devices on the same local network to discover each other and automatically connect through standard networking protocols (such as TCP/IP HTTP, and DHCP). Some examples of UPnP devices are printers, gaming consoles, WiFi devices, IP cameras, routers, mobile devices, and Smart TVs. UPnP can also modify router settings to open ports into a firewall to facilitate the connection of devices outside of a network. This service reduces the complexity of networking devices by automatically forwarding router ports to new devices, removing the hassle of manual forwarding.
Last month we hosted a webinar dedicated to discussing the issue of codebase security. As trends like secrets and credential exfiltration continue to be of concern within systems like GitHub, threats, such as cryptojacking and supply side attacks, have become more of a problem. This makes understanding key aspects of codebase security very important. That’s why we pulled out 4 lessons from our recent session that developers and security engineers must know.
Key performance indicators (KPIs) are how organizations measure success. Supplier management KPIs assure that value is received for the money spent with suppliers and vendors while keeping one eye on cost savings. When evaluating your organization’s supply chain, you can review several areas, such as: Supplier management across the entire lifecycle can be difficult because of the sheer number of vendors and suppliers a corporate organization typically uses. KPIs will help drive effective and efficient supplier management by setting targets and establishing lead times.
The National Institute of Standards and Technology (NIST) is part of the US Department of Commerce and was founded in 1901. NIST was originally established to help the U.S. industry become more competitive with economic rivals and peers, such as the UK and Germany. NIST prioritizes developing measurements, metrics, and standards for technology used in different industries.
All of us take our personal security very seriously – after all, when was the last time you left your house without locking your front door? Sadly the same can’t be said for the care we take about our personal data – both our own, and that of other people. But personal data is an integral and unignorable fact of life, and we need to ensure we’re taking care of it in both our personal and professional lives. When it comes to business, it’s not just ‘best practices’ or ‘doing the right thing’ that means you need to make effort to secure personal data – the GDPR (which applies in both the UK and the EU) says you must. And we all know you need to do what the GDPR says, otherwise you’re in-line for severe fines and ruinous reputational damage.
SQL injection (SQLi) is one of the most common code-injection techniques used to get information from one’s database. Generally speaking, this is malicious code placing in one’s database via a page input, most often a registration form. SQL injection usually occurs when you ask a user for input, like their username/user ID, and instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your database. A hacker might get access to all the user names and passwords in a database, by simply inserting a small piece of SQL code, most commonly in the login form, but also any other types of forms available on the website – and even your website chatbot!
Security is a key element required by any enterprise technology for ensuring business success and growth as well as trust in their buyers. But where to start in setting up a security posture in your SAP environment? As a security specialist, you know your customers are usually only a click away from your services and products. Your clients might only notice technical deficiencies and will not get into detail about the security aspects of all the systems you use. In case of a data breach, however, this would be the first thing the Regulators would ask about.
With cyberattacks exploding around the world, it’s more important than ever for organizations to have a robust password policy. Hackers often gain access to corporate networks through legitimate user or admin credentials, leading to security incidents and compliance failures. In this article, we will explore how to create and maintain a strong and effective Active Directory password policy.
Supply chains are an essential part of today’s on-demand economy. However, they also expand your ecosystem, increasing the threat surface that you need to secure. While compliance assessments document vendor controls and enable you to manage third-party risk, responding to and completing them takes time. These delays can make your procurement team feel like you’re trying to disqualify their vendor. With SecurityScorecard Atlas, you can streamline the compliance validation documentation and verification process making it easier for everyone involved.
Many developers already know that in some ecosystems, open source dependencies might run their custom code from packages when they are being installed. While this capability can be used for both good and evil, today we’ll focus on a legit use case that, when misused, can escalate and be used to compromise your organization’s supply chain. If you haven’t guessed yet, I’m talking about downloading and linking external dependencies during the install process.
Bugs and flaws in software are common and unavoidable. In fact, about 84%[1] of software breaches happen at the application layer, which means organizations looking to build secure software must use at least a handful of application security (AppSec) scanning tools to test their code—from code commit to build to deployment. However, with so many assets waiting to be scanned, these AppSec testing (AST) tools produce massive amounts of vulnerability data, all with varying formats and naming conventions.
2020 was a tough year. As security leaders, we faced new challenges in protecting applications and users who were shifting rapidly off-premises and into the cloud, and our security teams’ workloads grew at an unprecedented rate. In 2021 and 2022, CISOs need to prioritize ensuring that we’re focused on the right things. With Blackhat and DefCon shaping up to be the first large, in-person cybersecurity event, it’s a great time to ask what threats are we facing now, and what do we expect to be coming at us in the next 18 to 24 months?