A selection of the top articles and videos from the last week on SecuritySenses.com. Don't forget to check back regularly for daily updates from around the globe.
If you like SecurityBuzz, why not forward it to some friends or share the online version?
Protect your organization from the Trojan Source exploit with fast and trusted vulnerability detection from Rapid Scan Static. As everyone in the industry knows, all software vulnerabilities are not equal—some are trivial, some are irrelevant, and some are severe. Obviously, you should focus your attention on those that are characterized as severe. The recently published Trojan Source (CVE 2021-42574) vulnerability falls into the severe category—meaning you should give it full attention. It’s classified as severe for multiple reasons: It’s damaging (the NVD has given it a 9.8 severity ranking), it’s pervasive, and it’s very hard to find.
Your organization runs on information, and much of that information is sensitive. You need consistent governance policies to protect users and data, but just protecting files is not enough. You also need to be able to scan your documents quickly and easily to find personally identifiable information (PII). More than three-quarters of companies have files housed in email repositories, and these often contain customer PII, health records, and other sensitive information. That information may be in attachments, or in the body of the email itself, so you need to have visibility into both.
It’s finally happening. More than a year after embarking on “the world’s largest work-from experiment,” many businesses are bringing people back to the office. For some, this is excellent news. They’ve been looking forward to highway commutes, in-person meetings, and always valuable watercooler talk. These people are in the minority. According to a survey on work arrangement preferences, just 26 percent of respondents indicated that their ideal working situation would be outside the home. For most people, the sweet spot is a mixture of on-site and remote work.
Among its evangelists and advocates, DevOps is about the cultural shift from traditional silo groups to the integration of a DevOps team. DevOps teams speak about change, feedback, inclusiveness, and collaboration. The goal is to bring everyone who has a seat at the table onto a common platform to work together and deliver changes to business systems safely and securely. Companies that choose to go through digital transformation use DevOps as their platform to deliver software at speed and scale.
Partners and customers using WatchGuard's Endpoint Security solutions can now layer on Patch Management, Encryption, Reporting and Data Control to simplify management and create new revenue opportunities.
The 2021 Software Vulnerability Snapshot report uncovers the issues impacting web and mobile apps and what AppSec tools and activities can minimize risks. One of the most compelling reasons organizations use third-party application security testing is to extend their own software security testing capability when circumstances make adding new resources problematic. That’s certainly the case in today’s pandemic environment. According to research from Cybersecurity Ventures, the number of unfilled cybersecurity positions in the world currently is over 3.5 million—enough people to fill 50 football stadiums.
As we embark on another holiday season in the United States, we are being told to start our holiday shopping even earlier this year to avoid some of the delays in shipping. These slowdowns stem from a number of factors, including container shortages, Covid-19 outbreaks that backlogged ports, and a dearth of truck drivers and warehouse workers. Even without the shortages and slowdowns, retailers are in for a long holiday season ahead of them as sales are predicted to grow by 7% this holiday season. And, as many of us do our shopping online, that means a big Cyber Monday this year.
More than half of businesses are in the “Data Ditch”. More than half of businesses have started to invest in their Data Maturity and have begun to make smarter, wider use of their data. And by more than 10 metrics of business performance, they are worse off than if they had not bothered. Meanwhile, a third of businesses have come out the other side and have seen dramatic upticks to their performance. and more... These are the findings of our Data Maturity Impact Report – unique market research into the progress made by mid-tier organizations and enterprises in their use of data, and the commercial impacts seen at the various stages of development.
Cybercriminals choose their targets based on two conditions - maximum impact and maximum profit. Financial institutions perfectly meet these conditions because they store highly valuable data, and their digital transformation efforts are creating greater opportunities for cyber attackers to access that data. This is why the financial sector is disproportionately targeted by cybercriminals, behind healthcare. Besides implementing a data protection solution specific to financial services, one of the best methods of mitigating data breaches is learning from the mistakes of others.
Global organizations are working towards making data privacy a fundamental right. However, as the privacy paradigm shifts to a digital world, businesses are more exposed than ever before. That’s because security has not been the focus of this revolution in IT infrastructure. With recent trends indicating a rise in attacks and vulnerabilities, it is safe to assume that cybersecurity professionals will experience more significant challenges in the coming years when it comes to combating data breaches. This article will take a look at the cybersecurity trends set to change SecOps and how these trends can shift the industry towards greater security and privacy for businesses and customers.
Malware is continuously mutating, targeting new services and platforms. The Sysdig Security Research team has identified the famous Muhstik Botnet with new behavior, attacking a Kubernetes Pod with the plan to control the Pod and mine cryptocurrency. A WordPress Kubernetes Pod was compromised by the Muhstik worm and added to the botnet. On the Pod has been deployed and executed various types of crypto miners, like xmra64andxmrig64. This attack confirms what we’ve been seeing for quite some time; Crypto miner attacks are on the rise, and they come in many different forms. The fact that crypto currency prices are over the roof is only making things worse.
We decided to try to run a well-known Remote Access Trojan (RAT) called Remcos used by FIN7. This tool has been around for some time and has a reputation for being stealthy and effective in controlling compromised hosts. Sold as a remote computer monitoring tool, this tool has plenty of features that can allow an operator behind the control to do multiple operations against a compromised system.
Static Application Security Testing (SAST), or static analysis, is a method of testing and analysing source code. This method allows organisations to analyse their source code and detect vulnerabilities that could make their applications prone to attacks. This methodology has been used in application security for over 15 years and is especially useful for helping developers spot possible security weaknesses in the early stages of software development. Learn more about the different types of AppSec tools and how SAST fits into the mix
Given the large and growing number of cyber attacks that exploit software vulnerabilities, vulnerability management is critical. A variety of unintended consequences can result from misjudging the severity of an existing vulnerability. Legal battles, financial losses, and reputational damage are all possible outcomes for a business. To combat today's modern cyber security challenges, it's critical to have a vulnerability management program in place.
The COVID-19 pandemic changed many aspects of how businesses operate, remote work being one of the most significant. At the outbreak’s peak, 71% of American workers telecommuted at least part-time, 62% of whom rarely worked remotely before. This shift has impacted many industries, but the legal sector faces more disruption than most. Legal work rarely happened over telecommunication services before the COVID-19 pandemic. Now, more than 80% of law firms have transitioned to working remotely some or all of the time. Consultations and court hearings now regularly take place over teleconferencing software, which has produced mixed results.
Global cyberattacks increased by 29 percent in the first half of 2021 compared to 2020, and we can assume that cybercriminals and hackers won’t stop their malware and ransomware attacks any time soon. A strong cybersecurity strategy is vital to reduce losses from those attacks, and a robust incident response plan should be a part of that strategy.
All organizations rely on vendors to function in today’s dynamic landscape while achieving peak operational efficiency, cost-effectiveness, and economies of scale. A growing third-party network can yield significant benefits for organizations — but it also results in greater risk. A robust third-party risk management program (TPRM) is crucial to mitigate that risk and maintain business continuity; and a critical component of that program is understanding which providers pose the most significant “threat criticality.” This ranking system can be achieved with vendor tiering.
According to a Pew survey in 2019, 70 percent of American adults believed at the time that their data was less secure than it had been five years prior. Now consider that a pandemic followed, along with major data breaches at the likes of Microsoft and others. One can safely assume Americans are even less confident about the security of their data today.
According to VMware, the first half of 2020 saw a 238% increase in cyberattacks targeting financial institutions. And according to IBM and the Ponemon Institute, the average cost of a data breach in the financial sector in 2021 is $5.72 million. Based on these statistics, if you're in the financial services sector, there's a very high chance that you'll eventually fall victim to a very costly cyberattack. Prevailing against such overwhelming odds requires a cybersecurity strategy that addresses the specific cyber threats in the financial industry.
Hardware security modules (HSM) and trusted platform modules (TPM) seemingly do the same thing: they manage secret keys and enable data protection. But what does “managing secrets” mean, and what’s the difference between the two? Before diving deeper, let’s explore why computers need help with managing their secrets.
Any organisation that sends electronic marketing communications via phone, fax, email or text, uses web cookies, or provides communications services to the public falls under the PECR’s scope, and must be aware of its information security requirements.
Digital transformation was well underway before the pandemic and in order to enable remote work and e-commerce, organizations have been adding new digital offerings at an unprecedented rate. Businesses are growing increasingly reliant on digital infrastructure with the expectation to secure a shifting cloud while managing a hybrid workforce and a growing IoT. Transformation and a global pandemic have created a feeding frenzy for threat actors that are driving urgent governance mandates which have a reputation of introducing more complexity to an already complicated, understaffed, under-budgeted situation.
A recently published report from the US Government Accountability Office (GAO) has warned that official security guidance from the Department of Education is out-of-date, and needs to be refreshed to address the increasing reports of ransomware and other cyber threats. According to the GAO report, the current plan for addressing threats to K-12 schools was developed and issued in 2010 and has not been updated to deal with the changing nature of cybersecurity attacks, such as ransomware: Anyone who follows the cybersecurity news headlines, and reads blogs such as Tripwire’s State of Security, is only too aware that digital threats have evolved considerably in the past 11 years.
A few months ago, I wrote a blog on “SASE as a Service” that described how managed services providers (MSPs) can be a catalyzing force for transforming to SASE and bridging the gap between networking and security teams. Since then, AT&T has released a series of managed SASE offers that bring together intelligent networking and cloud-based security in support of our customers. These offers represent practical implementations of the principles I described in my previous blog, one of these being AT&T SASE with Palo Alto Networks.
Discover how to get started with Falco to overcome the challenges of implementing runtime security for cloud-native workloads. If you are adopting containers and cloud, you are probably enjoying benefits like automated deployments and easier scalability. However, you may also find that when it comes to security, this is a whole new world with new rules, and traditional security tools struggle to keep up. As a new paradigm, cloud-native environments need new cloud-native tools. Let’s focus on runtime security.
ISO 27001 is the most popular internationally recognized standard for managing information security. Its creation was a joint effort between the International Organization for Standardization (ISO), and the International Electrotechnical Commission (IEC) - this is why the framework is also referred to as ISO/IEC 27001. ISO 27001 can also be implemented into a Third-Party Risk Management program. However, many organizations struggle with identifying which security controls apply to vendor security and how to successfully map them to a Vendor Risk Management platform.
Organizations are increasingly concerned about cybersecurity risks and with good reason. Risks are constantly changing; take this last year, for example, the pandemic lockdown meant many knowledge workers went remote, which in turn increased the vulnerability of remote desktop services by 40%, saw criminals targeting end-users, and caused phishing and ransomware scams to boom. And then there’s the bottom line. The average cost of a data breach is $3.61 million, according to Ponemon’s Cost of a Data Breach report. That in itself is quite an incentive to reduce cybersecurity risk.
Many high-growth technology startups are pressured to deliver applications to market ahead of fast-moving competitors. It’s all too easy to allow a “we’ll get to that eventually” mentality to creep in when competing priorities appear to force a tradeoff with development velocity. This introduces unnecessary risks, but they can be mitigated by implementing an effective AppSec program that involves the right tools, processes, and mindset. In this post, we’ll look at the challenges of hypergrowth and how to overcome them by empowering developers to take ownership over application security themselves.
These days, regulators and auditors are inspecting risk management, regulatory mandates, cybersecurity, vendor management and other areas like never before. With so many organizations across various industries having to pay massive fines for non-compliance, it’s become obvious that manually performing governance, risk management and compliance (GRC) activities isn’t only risky — it just doesn’t work.
Data security and privacy are today a prime focus for most organizations globally. While there have been several regulations and standards introduced to improve data security, the evolving landscape makes it challenging for organizations to stay compliant. For many organizations, GDPR and PCI DSS are the first topics that come to mind when privacy is concerned. While GDPR is an international data privacy law for securing personal data, PCI DSS is a data security standard that is designed to secure personal cardholder data.
In this tutorial, we will walk through the end-to-end process of scanning your Amazon S3 buckets for sensitive data with Nightfall’s S3 Sensitive Data Scanner. By the end of this tutorial, you will have an exported spreadsheet report (CSV) of the sensitive data in your S3 buckets. You can then use this report in your data loss prevention (DLP) efforts to remediate/remove sensitive content for better security/privacy or use it as part of your compliance efforts, for example in relation to PCI-DSS.
Cloud security is not only good for consumers — but it’s also a requirement for businesses in many industries. Understanding compliance regulations (like GDPR) and security frameworks (like NIST) can help IT teams create strong, layered privacy and security controls and data loss prevention using a range of platforms and integrations. Here are the most common and comprehensive security standards that businesses need to know to be cloud compliant.
Organizations store high volumes of business-critical information in Amazon S3, such as personally identifiable information (PII), credit card information, secrets & credentials, and more. Identifying and protecting sensitive data in Amazon S3 is increasingly time-consuming, complex, and expensive, especially as your organization takes on more data.
At SecurityScorecard, we believe that making the world a safer place means transforming how organizations view cybersecurity. For us, this means that companies must take a holistic approach, protecting systems not just from the inside, but also knowing what an organization’s vulnerabilities look like from the outside-in to see what the hackers are seeing. As the Deputy National Security Advisor for cybersecurity, Anne Neuberger, recently noted, “one needs to be able to see a space in order to defend a space.”
Online travel agencies, more commonly referred to as OTAs, are online booking platforms used to compare prices and book flights, hotels or holiday packages. Well-known OTAs include Expedia, Booking.com and TripAdvisor. While we have seen a significant increase in the use of OTAs for booking travel arrangements in recent years, we have also seen a similar rise in OTA fraud. Total fraud loss to OTAs was predicted to grow by 19% to $25 billion by the year 2020.
A CASB (cloud access security broker) is an intermediary between users, an organization, and a cloud environment. CASBs allow organizations to manage cloud security and enforce security policies through a consolidated platform. The term CASB was introduced by Gartner in 2012, defined as “... on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed.”
Ransomware has quite rightly been one of biggest ongoing stories of 2021 – and not just in the world of cybersecurity. The biggest ransomware cases where major companies have been forced to a halt until they pay a ransom have made global, headline news. The impact to victim organizations is usually financial loss and reputational damage. However, in cases such as the Colonial Pipelines attack, ransomware has caused real-world impacts on the general public too. This attack created energy shortages all the way down the east coast of the US.
A virtual private network (VPN) is a useful tool that protects your online activity by creating a secure ‘tunnel’ that sits between your device and the site or service you’re trying to access.
A vulnerability was discovered in the named DNS server implementation contained in the development branch builds of BIND 9. This is a story of catastrophe averted. It’s a case study for the value of fuzzing in software development. Synopsys Cybersecurity Research Center (CyRC) researchers discovered a denial-of-service vulnerability in development branch builds of BIND 9 by Internet Systems Consortium (ISC). Had this vulnerability gone unnoticed in a stable release version, nearly two-thirds of the internet’s name servers would have been vulnerable to a trivial-to-execute denial-of-service attack.
As organizations look for solutions that enable them to create a software bill of materials (SBOM) to ensure they’re meeting new governmental mandates for protecting the software supply chain, it’s important to understand the difference between solutions based on reporting vs. remediation. The primary focus of any SBOM solution should be on open source code. The use of open source continues to expand exponentially. Open source components comprise 60%-80% of today’s applications. Unfortunately, open source is also attractive to cyber attackers. In 2020, almost 10,000 vulnerabilities were found in open source code.
The possibility of a data breach at your organization can be anxiety-inducing. According to the Ponemon Institute, the average cost of a data breach is $3.61 million, and it’s on the rise; the average data breach cost is up 10% over last year and remote work is a contributing factor: Ponemon found that breaches caused by remote work were $1.07 million more expensive than those that weren’t. This may have your organization wondering if you’re protecting your data in every way you can. What security controls should your company have in place to protect your data, devices, and networks?
Our core values as a company center around our users’ privacy, security, and satisfaction. While developing Masked Email – our integration with Fastmail that lets users create new, unique email addresses without ever leaving the sign-up page – we needed a technology that brought all three values together.
From reading many Python Docker container blogs, we’ve found that the majority of posts provide examples of how to containerize a Python application independent of its framework (Django, Flask, Falcon, etc.). For example, you might see something like this: With this Dockerfile, we can build and run a Python Flask application: Two simple steps and it works just fine, right? While this example is simple and useful for demos and getting started tutorials, it leaves many important concerns unattended. So with that in mind, in this post, we’ll attend to those concerns and take a look at some 6 best practices when containerizing Python applications with Docker. We’ll explore why you should.
Customers are increasingly looking for just-in-time access to infrastructure. Imagine there is a production outage and a senior SRE needs to login to a production server to diagnose and fix the issue. In this organization, on-call SREs have elevated access to production systems, but when they are off-duty, their privileges are reduced. When the Pager Duty alert goes off, our on-call SRE ssh’s into the server but after several minutes of looking, can’t diagnose the issue. But she thinks a colleague might be able to. The colleague who she wants to help isn’t on call, so doesn’t have SSH access to the box. Not a problem, she can use Teleport to request temporary elevated access through PagerDuty, Jira or another system which is then approved via the on-call SRE or other required approver and jump in and fix the issue.
Cybersecurity regulations were long viewed as an esoteric afterthought, even as technology exploded into every corner of our lives. But that's no longer the case, as governments and businesses seek to get a better grip on privacy regulations and data protections. At Egnyte, we track legal and regulatory trends closely so we can better serve our customers and respond to changes. Based on those observations, here are our cybersecurity regulation predictions for 2022.
The number of ransomware attacks continues to grow, and that trend will likely continue in 2022. Organizations will be attacked, files will be encrypted, and victims will need to decide whether to pay ransom or try to implement expensive and painful recovery techniques on their own. That much, unfortunately, should come as no surprise, but what will be different is how those attacks are carried out. Egnyte anticipates a broader approach to cyber-extortion in 2022, as criminals experiment with a wide array of attacks that can be combined with basic encryption threats. Attackers will look to expand their impact and increase revenue, so businesses need to be prepared for what's on the horizon.
Nowadays, teleworking or following a hybrid work model has become commonplace. The question we need to ask ourselves is, is our remote connection secure? The National Security Agency (NSA) in the United States has published a best practices info sheet for government workers and contractors working in areas related to national security and defense. info sheet supplies advice on how to avoid cyberattacks due to a compromised or unsecured wireless connection.
Every organization needs strong internal controls to ensure the integrity of financial statements and to promote ethical values and transparency across the enterprise. Internal controls are the mechanism to do those things; controls help to identify risks and then reduce them to an acceptable level. Strong processes supported by robust internal controls systems allow an organization to comply consistently with all applicable laws and regulations, and to earn confidence, trust, and loyalty among its stakeholders. Internal controls also play an essential role in preventing employees and others from committing fraud.
Cyberattacks can take many forms. Those intended to disrupt a business often happen as denial of service (DoS) attacks, and its even more disruptive cousin, the distributed denial of service (DDoS) attack. Such attacks are often executed by a botnet, which is a network of infected machines or connected devices at the order of a botmaster. Botnet attacks present yet another challenge for security and IT teams focused on cybersecurity. In this post, we’ll explore the nuances of botnet attacks and how to defend against them.
The rapid pace of technological progress has let companies around the world benefit from operational improvements that lower costs. This progress, however, also brings risks that companies must take into account to protect their stakeholders. Cyber-threats are executed by cybercriminals using various means to gain access to an organization’s digital infrastructure. Cyberattack vectors are the means and entrance points that allow attackers to exploit a security vulnerability and gain access to an operating system. These attack vectors vary depending on the design of the IT system.
In our previous blog about cloud migrations & dependencies, we discussed the importance of understanding application dependencies when performing cloud migration and modernization projects. There are a handful of challenges that those projects introduce, including: We dive deeper into those challenges below.
AT&T Alien Labs™ has found new malware written in the open source programming language Golang. Deployed with more than 30 exploits, it has the potential of targeting millions of routers and IoT devices.
