A selection of the top articles and videos from the last week on SecuritySenses.com. Don't forget to check back regularly for daily updates from around the globe.
If you like SecurityBuzz, why not forward it to some friends or share the online version?
Proper implementation of a user and entity behavior analytics (UEBA) tool can solve lots of cybersecurity challenges by detecting well-hidden and slowly executed attacks, automating the analysis of alerts and logs, and speeding up incident investigation. It can even help you improve employee productivity. But implementing a UEBA solution also requires a lot of time and effort along with a clear understanding of how you are going to use it. In this article, we analyze what cybersecurity challenges you can address with the help of a UEBA solution. We also discuss how UEBA solutions work, why they are so popular, and what are the key advantages of deploying a UEBA tool and possible downsides of using them.
While organisations frequently focus their security strategy on external risks, the trend of company employees being targeted by threat actors to help provide access is on the rise. In this blog post, we explore the growing issue, outline some recent examples and provide some key steps to take in response.
Binary diffing, a technique for comparing binaries, can be a powerful tool to facilitate malware analysis and perform malware family attribution. This blog post describes how AT&T Alien Labs is leveraging binary diffing and code analysis to reduce reverse-engineering time and generate threat intelligence.
Discover what CIEM Security is and how easy it is to implement with Sysdig Secure for cloud. Over-permissioned accounts and roles is the most common cloud service misconfiguration security problem. Implementing least privilege is a crucial best practice to avoid or mitigate risks of data breaches and contain privilege escalation and lateral movement. In this article, we will: And finally, show how to use the new Sysdig Secure CIEM security feature to visualize usage of permissions across users, roles, and policies to strengthen your cloud security posture.
The number of data breaches has increased every year for more than a decade. Each incident costs companies time, money and resources to repair while inflicting often-irreparable damage to their brand reputation and customer loyalty. This reality only became more apparent during the recent pandemic as threat actors capitalized on the moment’s disruption and uncertainty to wreak havoc on our digital environments. In 2021, the number of data breaches is already on pace to reach a new record high. In some ways, the omnipresent fear of failure can feel paralyzing or, even more troubling, inevitable. As one particularly exasperated headline recently asked, “Are we waiting for everyone to get hacked?”
Scraper bots make up the worst of bad bot traffic for the travel industry, with sites witnessing over 90% of traffic attributed to fare scraping. Whilst this activity can be benign or even used for positive means, if uncontrolled it can impact top line revenue, bottom line profits and customer experience. In a recent webinar, Netacea’s Head of Threat Research, Matthew Gracey-McMinn, and Enterprise Sales Manager for Travel and Tourism, Graeme Harvey, were joined by Ann Cederhall, Travel Technology Specialist at LeapShift.
A successful breach can do serious damage to a business, costing a company millions of dollars in lost revenue, exposed intellectual property, downtime, reputation loss and fines. The right practices can help keep a company safe — but only if they know what threats to look for, and where their network is weakest. Cyber threat intelligence is the process through which companies identify weaknesses in their own networks. It’s essential in keeping modern networks safe from the growing threats posed by cybercriminals.
When used in the same sentence, the words “isolation” and “healthcare” conjure up images of masks, vaccines, and social distancing. However in this case, isolation and healthcare has nothing to do with your physical health and everything to do with protecting healthcare data. In this context, “isolation” of your cloud for data and network traffic provides the ability to secure Health Insurance Portability and Accountability Act (HIPAA) data without hindering the agility and flexibility of your enterprise. Too many organizations are missing out on the important cloud feature of isolation simply because their identity solution doesn’t include it.
Even though cloud computing isn’t all that new anymore, learning how to use it effectively can be overwhelming. It’s unfortunately very easy to make mistakes. We know the vast majority of cloud security failures are configuration mistakes of some kind or another, so developing the discipline of correct configuration — aided by properly implemented cloud security posture management (CSPM) and SaaS security posture management (SSPM) — is the best thing an organization can do to ensure that they use the cloud safely and securely. When further analyzing CSPM and SSPM, there are specific factors to consider to fully understand how to take advantage of each, especially when facing such configuration errors.
Managing security is not solely about products and technologies. As a security leader in your company, it is important to consider numerous other factors when you decide to set up a Security Operations Center. A few of the things include - an understanding of the business plan and requirement capability. It also includes the skill set of people who will be part of the Security Operations Center (SOC) for planning the individual and team responsibilities, budget, etc.
The coronavirus pandemic has accelerated the massive increase in using cloud computing services. As the world progresses through its online evolution, cloud computing services have become more of a necessity. However, along with businesses, cybercriminals have also seen this virtualization as a means of snagging more prey. The rapid increase in cloud computing services has made organizations face novel security challenges. One survey revealed that within the last 18 months alone, 79% of organizations experienced at least one cloud data breach. The most alarming fact is that 43% of organizations have reported cases of 10 or more breaches within that time frame.
While October is famous for National Cybersecurity Awareness Month, and we provide resources and recommendations for our customers, really every month should focus on this business-critical topic. Given the frequency of Ransomware attacks, all industries need to be increasingly vigilant. This includes many aspects of cybersecurity, such as user training, endpoint security, network security, vulnerability management, and detection and response to incidents.
Viruses are the hot topic of 2021. We’re not just talking about the COVID-19 virus. Computer viruses, identity theft, and threat actors are no longer just the subject of sci-fi films and crime shows, but a reality of running a business. More than ever, cybersecurity is top of mind for business leaders. Whether you are a Fortune-500 Company or just launching your first venture, no business is too big or too small to escape the realities of today’s cyber threats. In fact, according to the FBI’s Internet Crime Report, the cost of cybercrimes reached $2.7 billion in 2020 alone, and the cost of ransomware in 2021 has already surpassed last year’s record-breaking year.
As we wrap up Cybersecurity Awareness Month 2021, this week’s theme, Cybersecurity First, is all about making security a priority. To do this, many security operations teams are leaning into threat intelligence to understand specifically where and how to focus their efforts to better protect their organizations. In fact, the SANS 2021 Cyber Threat Intelligence (CTI) Survey found that organizations of all sizes and across all industries are adopting CTI programs, reflecting broad-based recognition of the benefits CTI programs can provide. This is quite an evolution from a handful of years ago when CTI was conducted on an ad-hoc basis.
The theme for the final week of Cybersecurity Awareness Month is “Cybersecurity First,” which could be the motto of many corporate security executives. Cybersecurity should be a high priority for anything technology related, but in truth it’s often an afterthought or even neglected entirely. Many business leaders and users still view security as a hindrance—rather than something that can coexist with productivity and innovation. For others, tight budgets and resources often get in the way of prioritizing security investments.
In 1970, the world experienced its first “cyber attack” – What first started as a harmless joke, paved the way for a new wave of criminality - cybercrime. Since then, attacks have become more sophisticated with the use of malware, ransomware, and phishing attacks, among many others. In fact, according to Security Magazine, today’s hackers attack computers with Internet access every 39 seconds on average. Cybersecurity companies have evolved over the years to stay ahead of the cybercrime industry, but in order for us to explore where the future of cybersecurity is headed, we must understand its origins. Let’s take a closer look at the evolution of cyberattacks and their respective cybersecurity solutions.
ISO/IEC 27001, commonly referred to as ISO 27001, is the most widely adopted international standard for managing data security and information security through an information security management system (ISMS). The standard was first published in 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO 27001:2013 is the latest revision to the standard. ISO 27001 certification improves your organization’s reputation, as partners and customers can feel confident that you are handling their information assets, like sensitive data, through appropriate protection methods.
Over seven years later, the Heartbleed vulnerability still offers important lessons in application security. Heartbleed is a serious vulnerability discovered in the openssl open source software component in April 2014. This article is a deep dive on Heartbleed and its broader implications for application security.
Technology has become an essential part of daily life. From the way we get around to the things we buy, computers are at the forefront of change. This is especially true for vehicles. Vehicle technology has evolved dramatically over recent decades. The latest iteration of vehicle remodelling in the automobile industry is heavily software-focused, from autonomous and connected vehicles to electric vehicles and car-sharing. Software powers the artificial intelligence that drives autonomous vehicles and provides the interface for connected vehicle communication. It also underpins the charging infrastructure of electric vehicles as well as the network that makes car-sharing and ride-hailing possible.
When developing business continuity plans, businesses should understand that they actually need two documents: an incident response plan and a disaster recovery plan. Having an incident response plan means your organization is prepared for possible information security incidents such as a data breach, a system outage, or a security breach. These risks can cause lasting financial and reputational damage, so an ability to respond quickly and skillfully can be crucial to your company’s bottom line.
The PCAOB published fresh guidance last week about how auditors should handle evidence supplied by others to help the auditor assess financial statements, important performance or valuation metrics, and, well, all the other stuff that can go into an audit report these days.
Companies around the world have experienced tremendous changes. For publicly traded companies, those changes can bring new considerations into the frame for your Sarbanes-Oxley risk assessment. Shifts in strategy plans and a new remote, paperless way of operations could require major updates in your SOX compliance program. In this post we’ll discuss Sarbanes-Oxley in detail and outline a step-by-step method to perform the SOX risk assessment effectively.
Following a series of headline-grabbing ransomware attacks that disrupted critical services in the US, FBI Director Christopher Wray likened the threat posed by ransomware to the September 11 terrorist attacks of 2001. According to Wray, recent attacks against one of the largest oil pipeline operators in the United States and a major meat processing operation may be just a harbinger of what is to come. “There are a lot of parallels, there’s a lot of importance, and a lot of focus by us on disruption and prevention,” Mr. Wray said in an interview with the Wall Street Journal. “There’s a shared responsibility, not just across government agencies but across the private sector and even the average American.”
Grooming is a method of establishing a connection with a person to perpetrate a crime against them. Grooming is becoming more common in fraud, both online as well as in interpersonal interactions. What’s more, scammers are getting more sophisticated in their techniques. There is a mistaken belief that scammers are forceful, arrogant, and therefore easy to spot, but many play a long game, carefully and patiently grooming the victim before asking for money. In some cases, they don’t even ask for money. Instead, they carefully orchestrate events, sometimes using other actors to get the victim to offer help. This is a frequent occurrence in romance scams, but there are others, too. Financial and clairvoyant scams can also include a component of grooming, and this grooming serves a different purpose for different scams. Sometimes, it is to stop the victim from reporting the scam, and other times, it may be to facilitate long-term cooperation and financial abuse.
A few hours ago, an npm package with more than 7 million weekly downloads was compromised. It appears an ATO (account takeover) occurred in which the author’s account was hijacked either due to a password leakage or a brute force attempt (GitHub discussion).
Almost everybody in this world uses the Internet. Some use it for work, some for education, some to stay connected with the world and their loved ones, some for shopping, and some use it to browse the world wide web in their leisure time. DNS Hijacking or DNS redirection attacks are a widespread security threat many DNS servers face in today’s modern digital world. But before explaining the DNS Hijacking attack and getting into its complexity, it is essential first to explore the world of Domain Names Systems (DNS).
‘Privacy by design’, or as it’s now known, ‘data protection by design and default’, refers to Article 25 of the UK GDPR. This principle makes it a legal obligation for controllers to implement organisational controls which ensure data protection issues are addressed at the design stage of any project. But what does the regulation mean when it refers to organisational controls? For project managers, marketing teams or product developers, the definition of organisational controls would vary, from anti-virus, to a retention schedule, to pen testing, or more.
But, as we explored in the first of this two-part series, there are limitations to using the out-of-the-box rules which form part of the technology. In this blog post, we explore how to customise rules, the rule development process and the role of Sigma.
With each passing year, our digital lives grow in size and complexity. We open new accounts and place more value on the ones we log into and use every day. The trend has led to a rise in digital estate plans – a handover that ensures your friends and family members can take over your most precious accounts after you’ve gone.
I realized early on that if I didn’t teach my kids how to identify and avoid likely attacks on their laptops and phones, that no one would. Nevertheless, when I see an opportunity for a “teachable security moment” I grab it, and last week this mobile phishes appeared on my phone. I captured a screen shot to share with my children and we played a little “spot the phish” game, where they would point out all the things that made this text suspicious. Here’s what they discovered.
Influencer marketing is set to be worth $13.8 billion by the end of 2021, rising from $9.7 billion since last year. With many people working from home during the pandemic, monetizing a social media following by creating sponsored posts for brands has become a popular side hustle. This can be seen by the rapid growth of emerging platforms, particularly TikTok which saw over 2 billion downloads in 2020 and a 45% increase in its use by influencers in 2021 to date.
During a ransomware attack, a victims vital internal processes are seized and encrypted, completely forcing their business offline. These crippling actions are only reversed if a ransom payment is made. Ransomware attacks are an escalating threat to global security and the Australian Government is taking a firm stance against it. With global ransomware damage costs predicted to reach $20 billion and increasing cyberattack complexity, this isn't a fight a single country can win alone. To maximize the efficacy of defense efforts, Australia has joined forces with 31 other countries to establish a unified international response to ransomware threats.
Detectify is driving the future of internet security with automation and crowdsourcing hacker research. It’s focused on helping companies detect anomalies in their web attack surface at scale, and creative automated hacks in the web app layer in time. While companies are just scratching the surface of understanding their Internet-facing architecture, hackers have been monitoring growing attack surfaces to find vulnerabilities in places where companies aren’t looking (or maybe not prioritizing) and reaping the rewards through bug bounty programs.
In today’s cloud-native, app-first and remote-first world, it has become a considerably more complicated task to verify the identity of a user or a service, and determine policies that say what they are and aren’t allowed to do. Yet, the first half of that problem, authentication, for the most part, is already solved because of standards like Security Assertion Markup Language (SAML), OAuth and Secure Production Identity Framework for Everyone (SPIFFE). These standards help organizations verify that a user or machine is who they say they are. But the second part of the problem, authorization — deciding what users or machines can or can’t do within the system after they’re authenticated — is a different story.
The General Data Protection Regulation (GDPR) is designed to protect the personal data of EU residents by regulating how that information is collected, stored, processed and destroyed. The data security and privacy law applies to all organizations that collect the personal data of European Union citizens, regardless of location. The penalties for noncompliance with GDPR requirements are stiff. Many organizations are struggling with how to comply with GDPR. In this article, you will find 10 steps that will help your business achieve, maintain and prove compliance with GDPR requirements.
In December 2020, I wrote the article Serialization and deserialization in Java: explaining the Java deserialize vulnerability about the problems Java has with its custom serialization implementation. The serialization framework is so deeply embedded inside Java that knowing how dangerous some implementation can be is important. Insecure deserialization can lead to arbitrary code executions if a gadget chain is created from your classpath classes. Recently, Java 17 — the new LTS version — was released. But how do the new features impact this problem, and can we prevent deserialization vulnerabilities better using these features?
There’s a shift in the world of DevOps. It is no longer enough to create applications and just launch them into the cloud. In a world where entire businesses can exist online, securing your digital assets is as important as creating them. This is where DevSecOps comes in. It is the natural progression of DevOps — with security being a focus as much as the process of creating and launching applications. DevSecOps is a methodology that involves integrating security into the application development life cycle. The pipeline is created with security practices pre-baked into the build, test, and deployment processes.
Every day healthcare providers must undertake the nerve-racking task of complying with an increasing number of healthcare regulations. According to one report, the healthcare industry spends nearly $39 billion every year on the administrative burdens of regulatory compliance. Today healthcare organizations must comply with more than 600 regulatory requirements. The regulations that concern healthcare encompass numerous occupational sectors, ranging from pharmacies and insurance companies to cloud service providers.
