A selection of the top articles and videos from the last week on SecuritySenses.com. Don't forget to check back regularly for daily updates from around the globe.
If you like SecurityBuzz, why not forward it to some friends or share the online version?
If there is one positive we can take from the last sixteen months, it is businesses embracing a more flexible working culture for their employees. Fundamental changes to the traditional nine-to-five working day means that many companies, in part, have already successfully transformed some of their operations to meet the demands of a new hybrid working world that is now very much the norm.
The adoption of zero trust is about to change dramatically. In May, the Biden administration announced its cybersecurity Executive Order (EO), stressing the urgency of modernized access and cybersecurity defenses. Consequently, many enterprises can no longer ignore the necessity of investing in zero trust architectures. Despite 2,600 cybersecurity vendors all claiming the term of zero trust it’s important that technology leaders, including CIOs, don’t get swept into the marketing frenzy of term dominance, instead focusing on the principles of a zero trust strategy evident in modern access solutions.
With millions of apps being released every day and ever-changing feature additions, it is more important than ever for enterprises to focus on security to prevent data breaches. According to Checkpoint, in 2020, 97 per cent of enterprises were confronted with mobile threats employing a variety of attack vectors. What is Mobile Security Testing Guide (MSTG)? The MSTG is a comprehensive manual for mobile app security testing. It is based on security testing and reverse engineering for iOS and Android mobile security testers. This guide is all about setting standards for OS security testing. It comes with many of the following features.
Reversing binaries is an essential skill if you want to pursue a career as exploit developer, reverse engineer or programming. The GNU Project debugger is a widely used debugger for debugging C and C++ applications on UNIX systems. A debugger is a developer's best friend to figure out software bugs and issues. This tutorial intends to be beneficial to all developers who want to create reliable and fault-free software. A debugger executes several programs and allows the programmer to manage them and analyze variables if they cause issues.
Every business has a set of rules and regulations that it must uphold. To maintain compliance, businesses must adhere to the regulations and laws specific to their industry. The problem is, these regulations are constantly changing, and failure to stay up-to-date can lead to serious financial strains and damage to company reputation. Let’s explore how effective compliance management can ensure the continuity and security of your organization.
Windows 11 is the most secure Windows version to date. Microsoft's new operating system is now available, after learning several lessons from its predecessor. The Redmond company states that the widespread use of hybrid and remote work environments during the pandemic opened the door to a host of threats, with Windows vulnerabilities exploited by hackers, such as the incidents with Specter and Meltdown. In this new release, Microsoft has implemented a series of requirements that the system and functionalities must be enabled in order to reduce the chances of exploits and cyberattacks, ranging from hardware to booting the device.
While threat actors continue to vary attack methods, these 10 essential cyber security controls can significantly improve your security posture, therefore making it harder for cyber criminals to compromise your network and increasing your opportunities for cyber insurance coverage. Validated by our seasoned cyber security experts based on frontline expertise and with a thorough review of the expanded questionnaires now requested by most cyber insurance carriers, key takeaways for each of the controls are presented here.
Operating an effective SOC requires overcoming a wide range of challenges. Often, security teams have too many disparate tools to manage, too many alerts to make sense of, and too many data sources that prevent the team from achieving full visibility. All these hurdles can make it difficult for your SOC analysts to identify and quickly respond to suspicious behavior and indicators of compromise.
In recent years, with the rapid rise of cloud computing, the virtualization of applications and infrastructure has been replacing traditional in-house deployments of applications and services. It’s currently more cost-effective for organizations to rent hardware resources from companies like Microsoft, Amazon, and Google and spin up virtual instances of servers with the exact hardware profiles required to run their services. But security in the cloud is just as vital as security in traditional on-premise environments. Just like in physical servers, system hardening is an excellent way to help minimize security vulnerabilities in the cloud.
In order to maintain the integrity of a Windows file system, File Integrity Monitoring is applied to ensure no unauthorized changes are made to files, folders or configuration settings.
Within the FIM technology market, there are choices to be made. Agent-based or agentless is the most common choice, but even then there are both SIEM and ‘pure-play’ FIM, solutions to choose between.
Looking back at the past year, there have been some downright spooky trends facing cyber security professionals. Ransomware attacks have skyrocketed, impacting organizations from healthcare to critical infrastructure to the suppliers of MSP suppliers and everyone in between. APT crews and criminal gangs have taken advantage of the pandemic that pushed everyone to remote work, making 2020/2021 the year that bad cybersecurity preparedness came home to roost. But beyond the headlines, one significant threat has continued unabated, and in many ways, it is far scarier than the risk of foreign hackers because it is coming from inside your organization.
In a previous blog post, we showed how type manipulation (or type confusion) can be used to escape template sandboxes, leading to cross-site scripting (XSS) or code injection vulnerabilities. One of the main goals for this research was to explore (in the JavaScript ecosystem) how and if it is possible to bypass some security fixes or input validations with a type confusion attack (i.e by providing an unexpected input type).
A few months ago, the largest U.S. pipeline operator, Colonial Pipeline, was forced to halt operations for nearly a week due to a ransomware attack. While it ultimately didn’t stop consumers from buying gasoline, the incident forced the company to pay $4.4 million in ransom payment and illustrated just how vulnerable energy organizations are to cyberattacks. Europe is in the midst of a major energy crisis, so it isn’t hard to imagine the already strained supply chain collapsing as a result of similar incidents.
Burnout happens when job demands such as workload, time-pressure, and difficult clients are high as well as when job resources including quality leadership, autonomy and decision authority, recognition, and strong relationships are lacking. The field of cybersecurity is particularly difficult, but that doesn’t mean burnout is inevitable, and it doesn’t mean you can’t recover after experiencing burnout. There are some daily practices that you can take to help you avoid burnout while keeping your performance and productivity high.
Last time, I discussed the four basic types of managed service providers (MSPs) with which organizations commonly partner. Those categories help to determine the types of services offered by MSPs. In general, MSPs provide five primary services to customers.
Artificial intelligence (AI) is reinventing the trajectory of cybersecurity and fighting with a double-edged sword. If harnessed correctly, AI can automatically generate alerts for emerging threats, detect new types of malware, and protect sensitive data. While it has advanced us into a plethora of new technologies -- think Siri, facial recognition, and Google’s search engine -- it has also probed us with significant threats from cybercriminals. Put in the wrong hands, AI allows hackers to automate breach attempts and scale their attacks to be even more sophisticated and frequent than before.
Defending against loader-type malware is crucial to avoid a potential ransomware incident, given the fact that is the foothold of the attack kill-chain related to ransomware tactics, techniques and procedures (TTPs). Two of the most recent malware loaders to emerge are SquirrelWaffle and MirrorBlast. While SquirrelWaffle delivers Cobalt Strike payloads to victims, MirrorBlast uses novel techniques to gather intelligence and drop malicious payloads onto devices. In this blog post, we outline the TTPs of these new types of malware, the risks they pose and the steps organisations should take to mitigate them.
Malware analysis is a fundamental factor in the improvement of the incident detection and resolution systems of any company. The Sysdig Security Research team is going to cover how this Shellbot malware works and how to detect it. Shellbot malware is still widespread. We recorded numerous incidents despite this being a relatively old and known attack that is also available on open Github repositories. When the malware is successfully deployed on a targeted system, it may be used for different purposes according to the instructions received from its related IRC server.
It seems that we might be getting to the tipping point in the corporate world where most organizations and businesses recognize they’re exposed to an increasing amount of cybersecurity risk. And with bad guys devoting a large portion of their strategy to targeting employees, the need for effectively training employees is intensifying. But before you begin to evaluate or build a program you need to first define and cement what it is you are looking to accomplish with your program. So with the goal of preparing employees to protect themselves and their organization from cybersecurity threats, let’s dive into some areas you can evaluate to determine how powerful your security awareness program can be.
The common theme across ransomware, insider threats, and data theft is the exfiltration of data. While threat research labs usually publish the process steps of ransomware encryption, keys, and disk clean-up, the parts about accessing the data and exfiltration are often left out. Also, one security solution does not solve the problem itself, making partner integrations vital to the success of security solution stacks. Using the perspective of access and security posture, data protection and policy controls, threat protection, and analytics we can analyze these four pertinent security issues.
Today, many organizations look at information security and governance as a baker would icing on a cake. Something you apply at the very end, mostly to make it look better and add a bit of flavor. It isn’t a structural component or key ingredient, its simply there to cover up the raw product. As can be expected, icing cannot save a cake that’s missing key ingredients like sugar, or eggs. Likewise, if a business doesn’t integrate security into operations from the beginning there is only so much that can be done to implement necessary controls.
In this blog post, ProcessUnity, the leading provider of Vendor Risk Management software and Cybersecurity Program Management software, covers key strategies for addressing third-party cyber risk. Modern cybersecurity programs need to evolve rapidly to navigate new challenges, such as the COVID-19 pandemic and high-profile cyber attacks. The CISO’s role has expanded beyond monitoring risks and threats to include maintaining oversight of high-value assets, policies, training validation, and control ratings.
The proliferation of cyberattacks targeting the financial sector has forced the establishment of several mandatory cybersecurity regulations. Though often considered an unnecessary burden on security teams, regulatory compliance is one of the most effective strategies for keeping financial services accountable for their security posture. Cybersecurity regulations must be malleable to remain relevant in a rapidly evolving threat landscape. This means the financial sector must constantly keep track of changes to existing regulations as well as the establishment of new information security standards.
Need to build a logging and monitoring solution and unsure where to begin? Get started with our logging and monitoring best practices guide. By: Nivedita Murthy, senior security consultant, and Ashutosh Rana, senior security consultant, at Synopsys.
Bandwidth pricing is a major component of the cloud services model. And for a content-heavy service like a video or document store, egress costs can quickly spiral out of control. To mitigate this, it is important to put limits on the amount of data that can be downloaded in a given interval. However, bandwidth limiting for a multi-tenant SaaS product adds a few interesting challenges. At Egnyte, we deal with petabytes of data and, as such, it’s important that we keep a close eye on bandwidth consumption. Cloud services need to be protected against sudden high volume spikes or brute force attempts.
DevSecOps is a practice that integrates security into DevOps. It emphasizes a continuous process in which development, security, and operations collaborate and work to not only innovate and push code, but also ensure security is built in throughout.
Data privacy is top of mind for every organization, with individuals wanting reassurance that their data is secure at all times. With the ever increasing number of cloud applications on the market today, security teams are faced with the challenge of keeping track of compounding volumes of sensitive data that can flow internally, externally, and across systems.
Risks are a part of everyday life. No matter what decision we take, we always weigh the pros and cons. This core element of our daily lives is risk assessment. When it comes to cybersecurity, risks are omnipresent. Whether it is a bank dealing with financial transactions or medical providers handling the personal data of patients, cybersecurity threats are unavoidable. The only way to efficiently combat these threats is to understand them.
The modern threat landscape has evolved enormously in the past few years. Cybercriminals launch increasingly sophisticated attacks, and these attacks have only gotten worse since the arrival of the COVID-19 pandemic and the move to remote work. Think about all the sensitive information and critical assets that organizations store and handle as part of their business operations: personal information on your customers and employees, intellectual property, proprietary material, financial information, and so much more. This data is incredibly valuable for savvy cybercriminals.
In today’s unpredictable business environment, it’s more important than ever that your organization is protected against cybercrime. One of the best ways to ensure that your data is safe is to enforce identity and access management (IAM) — a method for defining the roles and privileges of individual users within your network.
SASE (Secure Access Service Edge) is a network architecture that unifies network and security solutions into a cloud-based service to enhance accessibility, efficiency, and cybersecurity. The concept of SASE was introduced in Gartner's 2019 report 'The Future of Network Security Is in the Cloud'. The concept emerged from organizations' increasing demand for reliable access across transforming network approaches. Gartner published a follow-up white paper ‘2021 Strategic Roadmap for SASE Convergence' with a migration plan for organizations shifting from legacy network infrastructure to SASE.
Security analytics has become an increasingly popular field as more and more organizations take a different tact to cybersecurity. Historically, IT teams focused on prevention and protection, but today’s priority is detection. Hackers tend to use a wide range of ever-changing tools to exploit vulnerabilities. It can feel like whack-a-mole to constantly try to defend against evolving threats.
When was the last time you checked DNS configurations for subdomains pointing at services not in use? According to Crowdsource ethical hacker Thomas Chauchefoin, while expired and forgotten subdomains can easily become an entrypoint for an attacker to steal sensitive data, a robust attack surface management programme in place can keep them at bay.
As the pandemic wears on, and return to work plans continue to shift and morph, there’s really never been a better time to re-evaluate how your organization is handling remote access. Your hastily put-together VPN setup may have gotten the job done in the early days of lockdown, but is it really ready to protect a hybrid workforce that’s now used to flexibility and choice? Here are five signs that it might be time to reconsider your remote access VPN.
It’s always important to take a pause to evaluate your software security – and what better time to do that than during Cybersecurity Awareness Month? To help get you thinking, we’ve compiled a list of cybersecurity trends that are happening now and will likely continue throughout the next several years. 1. Ubiquitous Connectivity: We are quickly moving to a world where everyone and everything is connected. Most software is internet-connected, as are most devices. Everything is talking to everything. So as data flows between enterprise applications, cloud-connected or SaaS software, and IoT devices, business risk is growing exponentially.
It’s a sure sign that year-end is fast approaching when stores start to display their holiday merchandise and decorations before Hallowe’en is even over. As you start planning for a successful 2022, and focus on payment security and frictionless customer experience, consider the global financial, regulatory and economic factors that will impact your business. Evolving cyberattacks, privacy laws, customer expectations, and increase in digital-first services layer a huge load on financial institutions and merchants. If your team is responsible for fraud prevention and a secure, seamless banking or shopping experience, how can you prepare for what’s to come and maximize the security of payments?
Cybersecurity threats evolve constantly, and it’s difficult for any organization to stay ahead of emerging risks. A company’s best defense against security breaches is to understand the tactics that hackers use, and then plan accordingly. In this post we’ll examine one of the common kinds of cyber attacks — a DDoS attack — and discuss how best to protect your network infrastructure.
In May 2021, President Joe Biden signed an executive order (EO) aiming to strengthen America’s cybersecurity. One key point in the EO was the need to improve software supply chain security, and reduce the vulnerabilities that allow adversaries to launch cyberattacks against public and private organizations.
Enterprises and small businesses alike are facing challenges that impact their ability to maintain adequate cybersecurity. Budget constraints and limited staff are just a couple of reasons why businesses have become more susceptible to cyberattacks. Hackers are becoming smarter, and the tools that teams deploy are growing in number, leading to fragmentation and increased vulnerabilities.
Have you been to the hospital lately? If so, you’ve probably been attached to at least one medical device with at least some sort of internet access. According to Cisco, the average hospital room has, on average, 15-20 connected devices, with an average of 6.2 cybersecurity vulnerabilities between them.
Security researchers at the Lookout Threat Lab have identified a new rooting malware distributed on Google Play and prominent third-party stores such as the Amazon Appstore and the Samsung Galaxy Store. We named the malware “AbstractEmu” after its use of code abstraction and anti-emulation checks to avoid running while under analysis. A total of 19 related applications were uncovered, seven of which contain rooting functionality, including one on Play that had more than 10,000 downloads. To protect Android users, Google promptly removed the app as soon as we notified them of the malware.
If you ask the question “who is responsible for a company’s cybersecurity,” the answer you’ll most likely hear is no longer the CTO, or the IT department, but instead the CEO. In fact, Gartner believes that 75% of CEOs will be held personally liable for cyber and physical breaches by 2024. That means there’s no more passing the buck on this complex issue. Not doing everything in your power to protect your company’s systems and data is tantamount to shooting yourself in the foot, figuratively.
Risk management of code is an important and often overlooked development function that you need to pay attention to. You may think that this is not a developer’s problem, however developers should not write code that unduly adds to technical debt, hence the need to manage risk. The primary motivation for risk management is to prevent error or failure. Do not seek to eliminate failure, seek to minimise it, to manage the risk of failure. To do this, we pay attention to the core principles of risk, to quality, reviews, good practise, code as a service, our architecture, and our implementation. Risk management is an essential part of the competent programmer’s toolkit.
Microservices fundamentally changed the way we build modern applications. Before microservices, engineers had a small number of huge chunks of code that made up their application. Many apps were a single monolith of code, and some might have been broken out into a frontend, backend and database. So, when a team needed to update or patch their code, they had to do it slowly and with great care because any change to any part affected every other part of their app.
It’s hard to believe that usernames and passwords are over sixty years old. They seemed like a good idea at first. But as more and more things have gone digital, we’ve become overwhelmed with the sheer number of usernames and passwords we have to manage. At ForgeRock our mission is to create identity experiences for people at work, at home, or on the go, that are both simple and secure. No more usernames or passwords, no more secret questions, and no more awkward registration processes. This is a world where you never have to log in again. We’re working to bring this vision to life. Until we’ve all gone passwordless, here are some great tips on managing those pesky passwords.
