A selection of the top articles and videos from the last week on SecuritySenses.com. Don't forget to check back regularly for daily updates from around the globe.
If you like SecurityBuzz, why not forward it to some friends or share the online version?
Protecting sensitive data with multi-factor authentication (MFA) has become a requirement for cyber insurance policies. Recent attacks (SolarWinds, Colonial Pipeline, Kaseya) and mandates like the White House’s Executive Order to implement MFA in 180 days or less, are proving that identity and password-related vulnerabilities are a top security threat, and one where you can lose a lot of money. The Colonial Pipeline hack is one example of many where a credential found in the dark web was used to get remote access to a network. No MFA was implemented.
In the second half of 2021 the AT&T Managed Threat Detection and Response (MTDR) security operations center (SOC) observed an increasing number of attacks against vulnerable Exchange servers. A number of these attacks were attempting to leverage proxyshell vulnerability to gain access to customer’s networks. In one particular instance, a coordinated effort between the SOC analysts, Threat Hunters and the Incident Response team from AT&T Cybersecurity Consulting allowed AT&T Cybersecurity to quickly identify and mitigate the threat before real damage was done.
Cloud Access Security Brokers (CASB), also known as Cloud Security Gateways, were created to address the increasing cloud security problems facing organizations as cloud and application usage increased over the last decade. Many of the trends that made CASB a requirement have been amplified significantly by the COVID-19 pandemic (including the increase to over 70% of workers working remotely, up from around 33% before the pandemic), which, along with an increase in threats and attacks (with 90% of companies reporting an increase in cyber attacks during COVID) forces organizations to improve cloud security.
Amid all the seemingly unending stories about successful ransomware attacks – even my hometown of Middletown, N.J. is among the most recent to fall victim – there are reasons to feel optimistic. Just in the past several weeks, the internet community united to compile a list of vulnerabilities most commonly used by ransomware attackers to gain initial access. The U.S. Department of Justice indicted two alleged members of the notorious REvil ransomware gang, on the heels of a White House-led summit of more than 30 countries to address the threat, while the BlackMatter ring said it was closing up shop following pressure from law enforcement.
This year’s Cybersecurity Awareness Month has come to an end and, with every passing year, cyberthreats are increasing in number and complexity. Reactive solutions are no longer enough to confront cyberattacks. Organizations must implement proactive strategies to secure their IT assets.
Establishing positive vendor relationships is crucial to running a successful business. Nonetheless, vendor management has several moving parts, and you have a lot of things to keep track of. This includes who your third parties are, the services they offer, which internal policies apply to them, and what sensitive data they have access to. Without a strong foundation of vendor management best practices, vendor risks could manifest into failures that could affect business continuity. This post outlines the best practices for implementing vendor relationship management and will enlighten you on all the factors you need to consider when managing vendors.
A data breach isn’t just a concern for cybersecurity officers anymore. Entailing costly remediation activities and reputational damage, a data breach becomes a complex financial issue for the whole business. Reducing the risk of a data breach can save your company millions of dollars in addition to saving your reputation and client loyalty. The best way to reduce the cost of a possible data breach is to learn about how breaches happen. In this article, we answer the question What is the average cost of a data breach? We also consider cost-forming factors, cover the most common types of data breaches, and give some tips for protecting your organization from a data breach.
The shift to the cloud has greatly accelerated during the past year, and with that shift most cybersecurity incidents now involve cloud infrastructure. According to the 2021 Verizon Data Breach Investigations Report, 73% of cybersecurity incidents involved cloud assets — a 27% increase from last year. The 2021 IBM Security X-Force Cloud Threat Landscape Report also found there are 30,000 cloud accounts potentially for sale on dark web marketplaces. As cloud shift continues and hybrid cloud environments become more common, adopting cloud-native security technologies is critical for transforming security operations.
In a previous blog I reviewed the foundational use case for a TIP, which is threat intelligence management—the practice of aggregating, analyzing, enriching and de-duplicating internal and external threat data in order to understand threats to your environment and share that data with a range of systems and users. However, one of the unique benefits of the ThreatQ Platform and where organizations are deriving additional business value, is that it also allows you to address other use cases. I’ve written before about the defense engineering use case. Here, I’ll talk about four more use cases including alert triage, incident response, threat hunting and vulnerability management.
The new threats in software development are not only related to the specific company itself. The whole software supply chain is a target for attackers and it is really important to make sure that we put all our effort into securing each link because if one fails, everything will be affected. Supply chain activities include each step of the transformation of raw materials, components, and resources into a completed product, and its delivery to the end customer. Each step could be a complex process itself and cause a security incident.
Microsoft Office 365 (also known as Microsoft 365 or Office 365) is a cloud-based service that enables online collaboration and real-time data sharing via Microsoft solutions such as SharePoint, MS Teams, and OneDrive. Microsoft Office 365 brings together familiar Microsoft Office desktop applications together with business-class email, shared calendars, instant messaging, video conferencing, and file sharing, making it an integral part for many in times of pandemic. In fact, a large portion of Microsoft’s success in 2020 is thanks to MS Teams which attracted over 95 million new users, being one of the fastest-growing apps during the pandemic.
If every vulnerability seems to be equally critical, engineers would get overwhelmed and probably waste time on the wrong issues. This is why it’s important for developer security tools to provide clear and simple prioritization functionality. As you’ve likely noticed, Snyk Code provides a Priority Score on the top right corner of the overview panel. When hovering over it, an explanation is shown how the priority score was calculated. And for speedy prioritization, you can sort by Priority Score in the top right corner. But a Priority Score is more than just a number. In this article, I want to introduce you into the thinking process behind the score as well as give you some practical tips on how to use it optimally.
Operating in hybrid environments can get really tricky at times. As more and more organizations are moving their sensitive data to the public cloud, the need to keep this data secure and private has increased significantly over time. While handling their valuable datasets within their respective environments, companies need to ensure utmost data security and compliance to meet the regulations set by various governments. They cannot afford to make the smallest mistake that can jeopardize data privacy and cause dire repercussions. Provided below are some of the best practices to implement for ensuring data security in hybrid environments.
Strong, reliable internal controls are an indispensable element of risk management. Properly functioning controls help to identify risks that could cause suffering, damage, harm, or other losses to your organization. To implement those controls, organizations typically use a control framework to guide their efforts. A critical part of that exercise, in turn, is control mapping — where executives identify the controls they have in place already, and connect those controls to the various risks that might harm their organization or to whatever regulatory obligations the business has.
While business partnerships require trust, security requires verification. In a world where business relies on data security, vendor risk management is mission-critical to financial success. Organizations rely on vendor security assessment questionnaires as part of their due diligence processes. However, manual questionnaire processes are burdensome and time-consuming, so many organizations are turning to automation to reduce operational costs. Security questionnaire automation best practices can help streamline processes for more efficient risk management.
Extended detection and response (XDR) has transpired into a market description that, in my not so humble opinion, proves to be as troublesome as the phrases “next gen” or “machine learning” were from 2016 to 2020. I’ll quote myself from a popular blog post from my time at Gartner: Naming aside, the one thing that all InfoSec commentators agree on is that XDR is an evolution of the endpoint-centric approach pioneered by legacy security vendors.
In this hyperconnected world, where 70% of users continue to work remotely, sharing data in real-time with partners and customers leveraging the flexibility of the cloud is a fundamental aspect for the daily operations of businesses worldwide. In this scenario, the risk of misconfigurations exposing sensitive data continues to be a serious (and frequent) concern. The incidents that have occurred so far are maybe helping to raise awareness, however, that’s not enough, as new organizations in many different sectors are joining this unwelcome list on a regular basis. The shared responsibility model is hard to digest and too many companies are learning this concept the hard way, failing to implement basic security recommendations.
As the world increasingly moves to a digital format, cybersecurity is becoming more important than ever. It’s especially significant since, according to a recent survey by Sophos, 51% of businesses in America experienced a ransomware attack in 2020. That’s a staggering number of security vulnerabilities that truly shouldn’t exist in the modern day and age. Yet, it’s relatively understandable.
Have you ever taken a personal device to work and connected it to the work network? Maybe you connected to the Wi-Fi with a mobile device. Perhaps you brought in a personal laptop and plugged into an open port to connect to the internet. These may seem like harmless activities, and some companies even allow non-corporate devices on their guest network as a way to enable visitors to operate in their environment. In shared office environments, open networks are seen as business enablers. However, this communal networking approach is a security nightmare.
Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week let’s zoom in on cybersecurity mesh, which brings a twist to the existing security architecture with a distributed approach.
82% of professionals believe that software supply chain security should be given a degree of priority, with only 7% stating that it is not a priority at all. This is one of the key findings from us Pulse survey of 298 senior technology executives from companies in North America, Europe, Africa, and Asia.
A keylogger is a type of spyware that monitors and records user keystrokes. They allow cybercriminals to read anything a victim is typing into their keyboard, including private data like passwords, account numbers, and credit card numbers. Some forms of keyloggers can do more than steal keyboard strokes. They can read data copied to the clipboard and take screenshots of the user's screen - on PCs, Macs, iPhones, and Android devices. Keyloggers are not always the sole threat in cyberattacks. They're often just a single component of a multi-variable cyberattack sequence like a botnet attack, ransomware attack, or cryptocurrency mining attack.
We hear a lot about the consequences of practicing poor security. And for a while, this was rightfully so. When the importance of cybersecurity was still emerging, many people didn’t understand what could happen if they weren’t following proper security procedures.
At Rezilion, we eliminate friction in the DevSecOps process by identifying which vulnerabilities pose an actual risk to an organization. This dynamic approach allows us to filter out unloaded vulnerabilities and reduce the workload of the security and development teams. Because we need to analyze the process we also need to understand its runtime environment (native, c#, java, python, etc.) and based on its runtime, analyze it differently. This blog post will summarize Rezilion’s approach to analyze Python runtime using Rezilion Validate. The Problem
No matter how careful you are with your data storage and data protection measures, the risk of data loss is always there. You need to be sure that your company is prepared in the event of cyber attacks or system failures. Hence the need for data backup is so important; a company must have a copy of lost data for swift disaster recovery after a crisis. Too many organizations, however, overlook the possibility that their data backups might also fail.
In a blog post published in February 2021, Microsoft noted that web shell attacks had been steadily increasing since mid-2020. There were 140,000 monthly web shell attacks from August 2020 to January 2021, more than twice the average from 2020. The increasing prevalence of these attacks has a simple reason: web shell attacks are easy to author and launch. So, what are web shell attacks? Why should organizations be more aware of them? And most importantly, how can they protect themselves from these types of advanced cyber attacks?
Outpost24 today announced the acquisition of Specops Software, a leading provider of password management and user authentication solution, as well as securing another SEK 50 million funding from Swedbank Robur and Alcur Fonder.
Dependency confusion attacks are a form of open source supply chain security attacks in which an attacker exploits how package managers install dependencies. In a prior post, we explored how to detect and prevent dependency confusion attacks on npm to maintain supply chain security. In this article, we will present an extension of the dependency confusion problem utilizing npm’s package aliasing capabilities. This package aliasing capability, as provided and instructed by the npm command-line application, is a user-only way to install a package under a different alias. Per npm’s own documentation, refer to the following as an example.
According to the National Vulnerability Database (NVD), the number of new security vulnerabilities increases steadily over the past few years. Image source: NVD The consistent rise in the number of security vulnerabilities along with headline-catching exploits like the SolarWind supply chain attack earlier this year has organizations doubling down on vulnerability management programs to ensure that they are not exposed to malicious attacks. As known vulnerabilities are closely tracked by malicious players looking for their next big exploit, it’s crucial that software organizations work to stay one step ahead of the hackers, with a vulnerability management process that can detect and remediate the security vulnerabilities in their systems.
For a concept that represents absence, zero trust is absolutely everywhere. Companies that have explored how to embark upon zero-trust projects encounter daunting challenges and lose sight of the outcomes a zero-trust approach intends to achieve. Effective zero-trust projects aim to replace implicit trust with explicit, continuously adaptive trust across users, devices, networks, applications, and data to increase confidence across the business.
The pandemic accelerated a trend that was already gaining increased traction: the preference for shopping online. The last eighteen months have brought a surge to the eCommerce industry, with consumers of all ages learning how to order items online. Competition has never been fiercer for online retailers, which means it’s not just quality products and customer service that companies must focus on. Ensuring that customers stay safe from cyber criminals while completing online transactions is of utmost importance in today’s environment.
It takes a crowd to secure the attack surface. Detectify collaborates with the Crowdsource ethical hacker community to power a fully automated external attack surface management solution. This is a guest blog post from Crowdsource hacker Luke “hakluke” Stephens on why he believes crowdsourced security is now a necessity.
It can take just minutes, if not seconds, for an advanced threat to compromise a company's endpoint devices (laptops, mobile devices, and the like). Legacy security tools that were once adored and worshipped by many no longer cut it. These tools require manual triage and responses that are not only too slow for fast-moving and increasingly sophisticated cyber threats, but they also generate a huge volume of indicators that burden the already overstretched cyber security teams. Needless to say, an overburdened team is an underperforming team.
Over the last few years, the term DevOps and DevSecOps (which stand for Developer Operations and Developer Security Operations respectively) have become synonymous with companies trying to become more agile and less monolithic.
Office 365 is central to your business needs and business continuity. However, it exposes a large (maybe even the largest) risk surface in your organisation. It is, therefore, crucial to secure it enough to mitigate this ever-present and continuous risk but keep it open enough to ensure as fluid a business as possible. Getting this balance right is difficult, and it can be hard to know where to start. Adopting a common security standard can be a great place. After that, it is a matter of adjusting the standard to suit your needs and rolling it quickly and effectively. Through this series of articles, we will explore some basic PowerShell commands for Office 365 security. First, let us begin from scratch.
Elasticsearch is a popular open source search engine. Because of its real-time speeds and robust API, it’s a popular choice among developers that need to add full-text search capabilities in their projects. Aside from being generally popular, it’s also the engine we’re currently moving our Snyk reports functionality for issues! And once we have everything tuned in issues, we’ll start using Elasticsearch in other reporting areas. While Elasticsearch is powerful, it can also seem complicated at first (unless you have a background in search engines). But since I’ve just recently learned a lot about this tool while implementing it at Snyk, I thought I’d pass some knowledge on to you, developer to developer!