A selection of the top articles and videos from the last week on SecuritySenses.com. Don't forget to check back regularly for daily updates from around the globe.
If you like SecurityBuzz, why not forward it to some friends or share the online version?
Organizations of all sizes are struggling to keep up with the increasingly complex and evolving cybersecurity landscape. Threat actors aren’t just hunting large corporations, they’re aggressively targeting small and midsize businesses, too. As networks become more porous and cyber threats rise, organizations that lack in-house security expertise will increasingly become targets of attack and their losses will grow. Businesses must find a way to bridge the security gap to remain operational and thwart these cyber villains. Queue the hero of this story – MSPs.
2021 was a challenging year for manufacturers, energy producers, and utilities. A chaotic pandemic year created an opportunity for threat actors to take advantage of disruption to infrastructure integrity and IT to OT operational dependencies, something they achieved with frightening rapidity and effectiveness. As many organizations transitioned to a hybrid workforce, novel integrations between IT and OT systems created new vulnerabilities that threat actors exploited, leading to surging ransomware attacks, infrastructure compromise, and other problematic repercussions.
The rate that smart devices connected to the Internet of Things (IoT) was already brisk over the last few years, but the pace accelerated during the COVID-19 pandemic. Both the enterprise and the consumer IoT market boomed, despite economic uncertainty. As the World Economic Forum noted in a December 2020 report, "COVID-19 has radically transformed the role of IoT in just a few months." Security has been a concern for IoT devices all along. However, it is growing into a much bigger problem as organizations embrace hybrid workplaces and work and home spaces remain intertwined for the long term.
Before this particular bit of news sails downstream, internal control professionals might want to note that an SEC commissioner spoke this week about the importance of internal controls for cybersecurity. She raised a few points worth considering. The remarks came from Caroline Crenshaw, a Democratic appointee to the Securities and Exchange Commission who, in my opinion, is something of a stalking horse for SEC policy. She stakes out strong positions early, and then commission staff or chairman Gary Gensler follow up a while later with more measured versions of whatever Crenshaw had proposed before. So her statements are worth your attention.
We know how complicated and resource-consuming it can be to comply with the standards set up by the PCI (Payment Card Industry) Security Standards Council. It’s not surprising that less than 1 in 5 businesses (around 18%) assess their PCI DSS controls more frequently than is required by the regulation. However, things become a lot easier and streamlined with PCI DSS gap assessment.
Kubernetes’ last release for the year v1..23 will be released next week Tuesday, December 7, 2021 The Christmas edition of Kubernetes comes with 45 new enhancements to make it more mature, secure, and scalable. In this blog, we’ll focus on the critical changes grouped into the Kubernetes API, containers and infrastructure, storage, networking, and security. Let's start with the “face of Kubernetes”, which makes it scalable and expandable.
Several of the digital twin technologies out there have grown fast in only a few years. Picture establishing a virtual model of IT infrastructure where one can identify loopholes, create attack scenarios, and prevent catastrophic attacks before the system is officially put in place. Using digital twins, it's no longer a silly idea for organizations to follow. Let's get knowledge of Digital Twin technology and how it can help to assess the loopholes in your security posture.
Military general and philosopher Sun Tzu once led the largest armies in the world and authored The Art of War, still considered a masterpiece of tactical warfare and very relevant as we wage our battles against evolving cyberattacks. That’s because even though threat intelligence is a relatively new discipline in our cyber defense processes, it has actually been around for more than 2,500 years. Threat intelligence was central to Sun Tzu’s winning strategies and it is foundational to our success today as our security approaches continue to evolve, most recently with Extended Detection and Response (XDR) solutions.
A recent report from IBM found that data breach costs rose from $3.86 million to $4.24 million in 2021. This year’s estimate is the highest average total cost in the 17-year history of the IBM Cost of a Data Breach Report. Partly, the record-setting cost of a data breach has to do with the fact that so many companies are working remotely. “The average cost was $1.07 million higher in breaches where remote work was a factor in causing the breach, compared to those where remote work was not a factor,” noted IBM.
For many of us, the Thanksgiving and Christmas period is a chance for some well-deserved downtime. For cybercriminals, not so much. The holiday season is one of the most productive time of the year for the Phishing-as-a-Service (PhaaS) industry. Online retail sales spike around holidays, creating more opportunities to catch people out with phishing emails and spoofed websites. Tempting deals and time-sensitive bargains serve as the perfect lures, which is why the FBI, CISA and UK law enforcement all warn of increased cybercrime around holiday periods.
Co-authored by Andy Horwitz and Yuri Duchovny Today, Netskope released a new cloud security solution to help AWS customers provide consistent security across all their AWS accounts leveraging AWS Control Tower. Many AWS Customers follow the multi-account framework as a best practice to isolate teams and workloads on the cloud. Often this may introduce overhead in terms of policy configuration and management.
Social Engineering is a form of security fraud that relies on psychological manipulation techniques to trick people into revealing sensitive information. In the previous article in this series, we discussed what social engineering is in more detail, the social engineering lifecycle, its reliance on human error, and some of the more common social engineering techniques. The following article will delve deeper into the topic, as we explore examples of social engineering as well as exposing the details of some more advanced social engineering attacks.
The hybrid work environment is a significant and challenging change we have embraced in the past two years due to the pandemic. And Microsoft 365 continues to be the most commonly chosen cloud-based work suite with 50.2 million users around the world. With cloud-based products, all we need is internet connectivity. The people, files and data we work with travel with us, irrespective of where we work from. Microsoft 365 comes with a wide array of features to simplify collaboration and communication. However, it falls short of features for IT administrators. With separate windows for individual feature or services offered by Microsoft 365, administration becomes time consuming.
The US Cybersecurity and Infrastructure Agency (CISA) has issued a directive to federal agencies and other public bodies requiring them to take steps to reduce their risk of exploited vulnerabilities. CISA highlights the startling finding that hackers are exploiting up to 290 different vulnerabilities in these agencies.
Python is a valuable programming language, but using it without proper security best practices puts applications at risk of an attack. Python is a fast, platform-agnostic, and easy-to-learn programming language that is suited for beginners and experienced developers alike. Ever since its first release in 1991, Python has had a constant presence in the computer world and has become a go-to language thanks to its easy-to-understand code and versatility. Today, Python can boast a wide array of libraries and frameworks, and they are the cornerstone of fast and easy Python programming—the so-called Pythonic way of development.
If your organization handles any type of payment processing, storage, or transmission of credit card data electronically, you’ll be very familiar with PCI DSS (formally known as the Payment Card Industry Data Security Standard). This standard exists to protect debit and credit cardholder data from unauthorized access via data breaches, ransomware, and other security breaches. However, with the rise in these breaches also comes the rise in changes and rules to the PCI DSS.
A famous 2011 article by security adviser Roger Grimes is intriguingly titled, “To beat hackers, you have to think like them.” In the article, Grimes explains that IT security professionals must view IT systems through the eyes of hackers — and search ways to break into these systems, identify weaknesses, and create robust security measures. That is exactly what penetration testing is all about.
From innocent but costly mistakes to fraudulent manipulations, all organizations are subject to significant risks that can jeopardize financial reporting or lead to the loss of corporate assets. That’s why it is imperative to establish a robust system of internal controls to reduce or prevent such threats to the organization.
As more and more countries open their borders after COVID-19 travel restrictions, the payments industry is undergoing a shift towards more openness as well. The pandemic gave a boost to the global digital economy, accelerated open banking, and increased the need of moving funds across borders when traveling was not possible. According to the Visa GME study, 87% of global merchant executives see cross-border sales as their biggest growth potential. Cross-border business accounts for nearly a third of their revenue. Modern consumers are constantly looking for better quality, pricing, or products that are unavailable in their home markets.
Last year, as most people were stuck at home, many of us became even more dependent on e-commerce sites than we were already. Unfortunately, that includes cybercriminals too. In 2020, scams targeting the checkout forms of online retailers rose by 20%, according to reports. That sort of threat is called a formjacking attack, and while it’s not new — and not limited to just e-commerce sites — formjacking attacks can be a big problem for any organization that uses any sort of form on their site.
Threat actors are constantly evolving their tactics and techniques in the attack lifecycle and infiltrate company infrastructure. While most organizations are already performing vulnerability management based on CVEs by MITRE, few have considered the powerful correlations between threat intelligence, CVEs and the ATT&CK® framework. In this blog we highlight the benefits of bringing them together to drive focused remediation and improve cyber defense.
While remote work has many benefits, it can increase the risk of employees suffering from directed attention fatigue (DAF), where they find themselves unable to focus due to constant distractions. This is due primarily to isolation and the constant bombardment of emails and instant messages. In fact, one of the most worrying types of DAF for security professionals is email fatigue.
Infrastructure as code (IaC) promises to make developers more agile, but it’s not without risk. Learn more about what IaC is, its benefits, and best practices for how to use this technology securely.
XDR (eXtended Detection and Response) is a new Gartner category, which, we’ve argued before, is SIEM++, or what next-gen SIEM should have been. This is why we are packaging our latest feature updates into an XDR offering that should greatly improve the detection and response capabilities of any organization, especially mid-market organizations, which gain the most benefit from integrated, easy-to-use platforms. LogSentinel XDR is a unified security monitoring and response platform. It combines the capabilities for SIEM, EDR and other security tools.
Teleport will be live at re:Invent from Nov. 30-Dec. 2. If you are there, please stop by Booth 718 and talk to me and the Teleport team about how we can improve your security and compliance of apps running on AWS. If you can’t make it in person, here is my top 10 list of things you should know about AWS and Teleport. Check out our Teleport on AWS page for more info.
An enumeration attack is when cybercriminals use brute-force methods to check if certain data exists on a web server database. For simple enumeration attacks, this data could include usernames and passwords. More sophisticated attacks could uncover hostnames, SNMP, and DNS details, and even confirm poor network setting configurations. Every web application module that communicates with a user database could potentially become an enumeration attack vector if left unsecured. The two most common web application targets for enumeration attacks are: Because vulnerabilities that facilitate these attacks allow hackers to cross an information security border, enumeration is a critical component of penetration testing.
A data exfiltration attack involves the unauthorized transfer of sensitive data, such as personal data and intellectual property, out of a target system and into a separate location. These transfers could either occur internally, through insider threats, or externally, through remote Command and Control servers. Every cyberattack with a data theft objective could be classified as a data exfiltration attack. Data exfiltration usually occurs during stage 6 of the cyber-attack kill chain, when a connection is established between a compromised system remote cybercriminal servers.
In a recent Tripwire survey, over 300 respondents from both private and public sectors said that implementing Zero Trust Architecture (ZTA) could materially improve cybersecurity outcomes. This result seems like a positive outcome since we don’t often get such a unanimously high confidence level in a specific security approach from survey data. No doubt, ZTA has the potential to fundamentally change the cybersecurity landscape, and a unified security perspective is something from which we could all benefit given the challenges at hand.
With the emergence of new software security threats, businesses need robust, flexible and affordable methods to ensure their applications are protected throughout the whole application lifecycle. Application security is essential for software companies, but now more than ever, many more organizations need to make AppSec a priority.
Oculus (also now known as Meta) Quest is a virtual reality headset and game craze created by Facebook, and it is the ultimate tech must-have for the holidays in 2021. My 11-year-old son is obsessed with it and during the past few months it has been impossible to get due to a recall and the wait for the new Quest 2 to be released. This recall and the huge demand for the new Quest 2 makes it an easy way for scammers to hook unsuspecting victims, especially with all the Black Friday/ Cyber Monday sales online.
In 2014, Kubernetes surfaced from work at Google and quickly became the de facto standard for container management and orchestration. Despite its silicon valley origins, it became one of the most impactful open-source projects in the history of computing. Today, the Cloud Native Computing Foundation (CNCF) maintains Kubernetes with many private companies and independent open-source developers.
