A selection of the top articles and videos from the last week on SecuritySenses.com. Don't forget to check back regularly for daily updates from around the globe.
If you like SecurityBuzz, why not forward it to some friends or share the online version?
Static application security testing (or SAST) used to be a term coined by the security team, to help developers test their code early in the software development life cycle (SDLC). Unlike dynamic testing, it does not require a working application, which allows developers to identify security vulnerabilities while they code, so they can spot them as soon as they appear and fix them when it's easiest and fastest to do so. This cuts down their future workload by decreasing the backlog of issues they'll have to address later.
Security compliance management is the process of monitoring and assessing systems, devices, and networks to ensure they comply with regulatory requirements, as well as industry and local cybersecurity standards. Staying on top of compliance isn’t always easy, especially for highly regulated industries and sectors. Regulations and standards change often, as do threats and vulnerabilities. Organizations often have to respond quickly to remain in compliance. This can be difficult in organizations with large, complex infrastructures or teams that are spread out over various platforms or geographic areas, but the stakes are high.
Ransomware has become an annual event for many organizations, costing them millions in lost productivity and revenue. While there have been some notable successes in fighting off this threat, the industry as a whole must continue strengthening its resolve in order to safeguard against future attacks. Part of this can come down to recognizing the role that users and employees play in fighting off these attacks and providing them with info and tools they need to help reduce risks. The recent ransomware attack against Accenture is yet another illustration of the notion that, big or small, no one is safe.
A long time ago (in the early 2000s), I was playing games online. One of my accounts was compromised – the password was changed, and multiple “high-priced” items I had earned were “traded” without my knowledge, to the account of another player. One could easily blame my simple password at that time when there were no rules around password strength. Regardless of the reason, what happened was one of the earliest versions of an account takeover (ATO) attack. Thankfully, the points I earned were merely “Points” with no value to the real world, and of course, cryptocurrency didn’t exist back then.
To defend against rapidly evolving cyber threats, businesses need to continually adapt and innovate. This means that red and blue teams must work together on an ongoing basis to maximise their individual and collective impact.
Modern organizations rely heavily on software and systems. Secure coding standards are significant, as they give some assurance that software installed on the organization’s system is protected from security flaws. These security standards, when used correctly, can avoid, identify, and remove loopholes that might jeopardize software integrity. Furthermore, whether developing software for portable gadgets, desktop systems, or servers, secure coding is critical for modern software development.
It’s been a great year so far for the Open Policy Agent (OPA) project and community. OPA achieved graduated status in the Cloud Native Computing Foundation (CNCF) in February and is quickly nearing 100 million downloads! With all this growth, we were excited to see the results of the second annual Open Policy Agent user survey. As I mentioned in my post on the Open Policy Agent blog, we survey the community to help better steer the project's long-term roadmap in the right direction. This year’s survey told us a lot about adoption, the community’s goals and areas that they’d like to see grow.
Are you putting your organization at risk with outdated security strategies? Embrace next-gen AppSec to reduce security risks without impeding DevOps. Application development practices continue to evolve, enabling development teams to deliver applications at a pace never before thought possible. At the same time, cyber-criminals have developed new levels of attack strategies and intensified their focus, making it more important than ever to scrutinize applications for security vulnerabilities.
In our recent blog, Who Do You Trust? OAuth Client Application Trends, we took a look at which OAuth applications were being trusted in a large dataset of anonymized Netskope customers, as well as raised some ideas of how to evaluate the risk involved based on the scopes requested and the number of users involved. One of the looming questions that underlies assessing your application risk is: How does one identify applications? How do you know which application is which? Who is the owner/developer? as well as a host of other related questions such as which platform, version, or what is the release history and bugs associated with the application.
Taking a proactive approach to threat hunting in cybersecurity is crucial, especially today when attacks are more stealthy and more complex than ever. What this means is that the olden ways of cybersecurity relying on time-consuming manual workflows are slowly becoming obsolete, and cybersecurity teams must be supported by active learning intelligence in their threat hunting processes.
Every day, organizations around the world use due diligence questionnaires (DDQs) to evaluate potential business partnerships and gain a better understanding of the way various third-party vendors conduct day-to-day operations. These questionnaires help organizations investigate potential business ventures or partnerships to confirm they are making a good investment before entering into an agreement with a third-party.
To better understand your security posture, your security team needs visibility into your environment and infrastructure. But to achieve more granular visibility, they also need an effective and efficient way to collect data from company endpoints. Deploying an agent provides your security team with an efficient way to collect endpoint data in a scalable manner. It also better positions your organization to implement use cases such as security monitoring, IT health monitoring, performance monitoring, threat hunting, and compliance. Choosing an agent that leverages osquery — such as Devo Endpoint Agent — is even more effective.
To thrive in today’s cybersecurity landscape, learning the art of defence is essential, and layering this approach with Att&ck framework techniques has become a necessity. It means your organization needs to have a cybersecurity team to ensure that every aspect of your infrastructure is secured through processes, technical controls, and people.
According to a recent CNBC report, Google has seen a rise in posts flagged for racism or abuse on its message boards. This has caused the company to ask its employees to take a more active role in moderating internal message boards. That’s one way to handle content moderation. But, it also takes an employee’s time and attention away from higher-value tasks. Many companies address instances of internal harassment through training and stronger HR policies. And, while this approach is helpful, remote work has increased our use of channels like Slack, expanding the domains where HR policies must be applied.
What are the limits of online privacy and law enforcement? Can we clearly define them, or is this a vague and blurred area of debate? The fact is that as technology advances, the real and the virtual worlds are increasingly converging. Actions (or inactions) in the cyberspace introduce risks and threats for people, especially the most vulnerable ones, i.e. children and elders. Criminals have moved their operations in the cyber realm, becoming more sophisticated and advanced as well as transforming technology into adversarial weapons.
Cybersecurity is a business issue, not just a technology issue, and it is no longer deemed as a luxurious investment but rather a necessary one. It’s been a long time coming, but companies are finally coming to terms with the seriousness of cyber threats. Cyber attacks are growing in complexity, and their unpredictable nature stimulated by the evolution of technology has prompted companies to significantly boost their cybersecurity budget. But still, in the midst of economic turmoil and instability caused by the persistent COVID-19 pandemic, many companies have been forced to cut back on any unnecessary investments. This means CISOs will have to be very persuasive in order to successfully justify their cybersecurity budget.
At the center of any digital transformation effort lies an inevitable collision between speed and security. On the left, DevOps wants to write code and push new products to innovate and stay competitive. On the right, Security teams want to ensure applications are secure and unexploitable so that their organization stays safe. DevOps wants to keep moving. Security is seen as a bottleneck to progress. When this happens, progress stalls, trust erodes and nobody wins.
Defense contractors across the U.S. are moving to update their cybersecurity programs to meet or exceed Cybersecurity Maturity Model Certification (CMMC) requirements launched in 2020 by the Department of Defense (DoD) to provide greater protection of Controlled Unclassified Information (CUI). The effort required for CMMC Level 3 Certification will be significant for many of the small to midsized firms who have limited information technology and cybersecurity personnel and resources.
The speed at which security operations are processed and data is consumed is moving at a dazzling pace. This is why flexibility, customizability, and user-friendliness are deemed as core pillars of next-gen security solutions. And it is exactly what Cloud SOAR’s Open Integration Framework is all about. Security professionals want to be able to customize, integrate, and control their operations with maximum freedom involved, which is why incorporating a SOAR platform that is based on an open-source principle is of the utmost importance.
Today’s complex cyber threats leave no room for mediocrity. Security analysts must know who is attacking them, how the attacker gained access, what methods they used to infiltrate your systems, and what their next move might be. However, modern cyber threats leave no recognizable patterns in their behavior, making threat anticipation harder than ever. To boost their threat hunting capabilities, SOC teams must implement advanced technologies and strategic techniques. And when it comes to solutions and techniques that bring next-gen value to security teams, SOAR and MITRE ATT&CK is the winning combination.
In May, President Biden issued an executive order designed to improve cybersecurity in the federal government and, by extension, the nation. Recently, details have started to come out about what this much-needed effort will involve. The latest development is a memorandum from the Office of Management and Budget that focuses on data log collection and analysis.
Scalable, cloud-native solutions like Azure Sentinel help security teams streamline security operations in cloud environments. In this first of a two-part blog series, we explore the challenges businesses face when detecting and responding to cyber threats and attacks, and how these challenges can be addressed by leveraging Microsoft Azure Sentinel.
Back in May 1998, as a member of the hacker think tank, L0pht, I testified under my hacker name, Weld Pond, in front of a U.S. Senate committee investigating government cybersecurity. It was a novel event. Hackers, testifying under their hacker names, telling the U.S. government how the world of cybersecurity really was from those down in the computer underground trenches. Many in the security community know of the famous L0pht Senate testimony, but very few know that one of the L0pht members testified on Capitol Hill 5 years later. That member was me.
The Digital Operations Resilience Act (DORA) is the European Union’s attempt to streamline the third-party risk management process across financial institutions. A draft of DORA was published by the European Commission on 24 September 2020. Without this act, there isn't an objective Information and Communication Technology (ICT) risk management standard in Europe. To achieve some semblance of unification, various national regulatory initiatives have been attempted, but this has only further fragmented the financial sector's approach to cybersecurity.
No organization is impervious to cyberattacks. But what separates resilient businesses from data breach victims is superior risk management. Resilience is achieved through the meticulous calculation of all potential risks and the application of necessary control measures to mitigate them. In this post, we present a 4-step framework for a reliable risk management plan.
In today’s fast-paced cyber threat landscape, it is not a question of IF but WHEN an organization is going to get breached. And in order to prepare in a preemptive manner, organizations should strive to minimize their attackers’ dwell time as much as possible. This is why metrics such as MTTR (Mean time to respond) and MTTD (Mean time to detect) have grown to be highly relevant in the cybersecurity industry.
As cyber threats and data breaches proliferate, organizations need a better way to protect their sensitive data. One specific need: effective and efficient data security models. A security model includes procedures to validate security policies and to implement vital business processes and workflows in your security program. A security model also specifies the data structures and techniques required to enforce security policies. Several such security models are now available, including the Bell-LaPadula Model, the Biba Model, the Clark Wilson Model, and the Harrison-Ruzzo-Ullman Model.
The SASE journey requires reliable partners with truly integrated platform capabilities, not vendors wielding smoke-and-mirrors-style marketing proclaiming “SASE” in giant headlines. But clarity is critical, and both SASE and the more-recently-coined security service edge (SSE) terminology, can be a little confusing. Let’s examine what distinguishes SASE from SSE, and why both concepts are so fundamental to building cloud-centric security and networking architectures of the future.
Banking has changed. In the past, financial institutions outsourced their technology. They had large consulting firms creating, managing, and maintaining their back-end systems. Although banks would have knowledge of the systems in place, they wouldn’t be running them on a day-to-day basis. That was the consultants’ responsibility. Recent years have seen a significant shift in the financial sector. Engineering has been brought in house, and financial institutions have transformed into technology companies with large product portfolios. Instead of outsourcing everything, banks now employ thousands of engineers who are developing a wide range of applications that are morphing into full-fledged product lines.
Whether it’s because we’ve watched one too many sci-fi movies, or we’re just plain scared of the potential of AI, automation, and machine learning, many suggest that the dawn of automation is going to make humans obsolete in security operations. While there are new security technologies on the horizon, such as SOAR, that are offering all sorts of next-gen capabilities in the form of self-learning progressive automation, the unequivocal reality is that humans are going to remain the ones holding the wheel in security operations. SOAR, as a particularly young technology that is only now making its strides in the cybersecurity world, is often misunderstood due to its revolutionary capabilities. And it’s about time that comes to an end.
Every year, 2%-5% of the global GDP, or US$800 billion-US$2 trillion is being laundered across the globe. That’s almost equivalent to the GDP of Canada (1,643.40 billion USD in 2020) or Italy ($1,886.45 USD in 2020). Neither the record-breaking heat, nor the intense floods experienced around the world this summer seem to have stopped financial criminals from inventing new ways to hide illegal sources of their income.
Third parties are a necessary part of your enterprise. They are your vendors, your suppliers, your contractors, and your partners. Without them, you can’t do business. Third parties provide cloud services, store sensitive data, and provide other important services. Unfortunately, third parties are also a major source of cyber risk. Cybercriminals often target third-party providers to target their clients’ data and networks, such as the notorious SolarWinds breach at the end of 2020. To move your business forward and propel growth, you need to be able to trust your third parties and their security posture.
HIPAA compliance law, the Health Insurance Portability and Accountability Act in long form, is one of the compliance standards the public and private healthcare companies need to address for building and maintaining public trust in telemedicine. During the COVID-19 pandemic, telemedicine has been the solution to withstand the excess influx to hospitals and health centers, avoiding unnecessary exposure of patients. Behind these healthcare services, there’s a good chance we find cloud-native applications running in Kubernetes or some managed-Kubernetes service in the cloud, right?
Detectify is on a mission to drive the future of Internet security with automated and crowdsourced web solutions. API security and hacking is a pretty hot topic today and we invite 3 experts to join us for the latest Detectify Hacker School Reboot to present lightning talks on their experience and interests in hacking APIs. Detectify recently announced that we are researching, breaking and securing APIs.
Cyber attacks come in many forms, but they almost always share one trait in common: they are carried out over the network. Although there are exceptions, the network is usually the entry point that attackers use to launch whichever exploits, data thefts, or other intrusions they aim to impose upon a business.