Login
In the coming years, new technologies will further invade every element of daily life with sensors, cameras and other devices embedded in homes, offices, factories and public spaces. A constant stream of data will flow between the digital and physical worlds, with attacks on the digital world directly impacting the physical and creating dire consequences for privacy, well-being and personal safety.
Augmented Reality (AR) technologies will provide new opportunities for attackers to compromise the privacy and safety of their victims. Organizations rushing to adopt AR to enhance products and services will become an attractive target for attackers.
Compromised AR technologies will have an impact on a range of industries as they move beyond the traditional entertainment and gaming markets into areas such as retail, manufacturing, engineering and healthcare. Attackers will perform man-in-the-middle attacks on AR-enabled devices and infrastructure, gaining access to intimate and sensitive information in real-time. Ransomware and denial of service attacks will affect the availability of AR systems used in critical processes such as surgical operations or engineering safety checks. Attacks on the integrity of data used in AR systems will threaten the health and safety of individuals and the reputations of organizations.
As AR begins to pervade many elements of life, organizations, governments and consumers will begin using it more frequently and with greater dependency. AR will bridge the digital and physical realms. But as a relatively immature technology it will present nation states, organized criminal groups, terrorists and hackers with new opportunities to distort reality.
What is the Justification for This Threat?
AR has been heralded as the future visual interface to digital information systems. With 5G networks reducing latency between devices, AR technologies will proliferate across the world, with significant investment in the UK, US and Chinese markets.
The estimated global market value for AR technologies is set to grow from $4bn in 2017 to $60 billion by 2023, with use cases already being developed in the entertainment, retail, engineering, manufacturing and healthcare industries. There are increasing signs that AR will be promoted by major technology vendors such as Apple, which is said to be developing an AR headset for launch in 2020.
Vulnerabilities in devices, mobile apps and systems used by AR will give attackers the opportunity to compromise information, steal highly valuable and sensitive intellectual property, send false information to AR headsets and prevent access to AR systems.
The development of AR technologies across the manufacturing and engineering sectors is being driven by digital transformation and the desire for lower operational costs, increased productivity and streamlined processes. As AR systems and devices become the chosen medium for displaying schematics, blueprints and manuals to workers, attackers will be able to manipulate the information provided in real-time to compromise the quality and safety of products, as well as threatening the lives of users.
Many industries will become dependent on AR technologies for their products and services. For example, within air traffic control, AR displays are being evaluated as an aid to understanding aircraft movements in conditions of poor visibility. In the logistics and transport industries, AR will build upon systems such as GPS and voice assistants. With the help of Internet of Things (IoT) sensors, AI technologies, 5G and edge computing, AR systems will be able to overlay information to drivers in real-time. This will include demonstrating where live traffic accidents are happening, assisting during poor weather conditions, providing accurate journey times, and highlighting vehicle performance.
If the integrity or availability of data used in such systems is compromised, it will lead to significant operational disruption as well as risks to health and safety.
The healthcare industry is already a major target for cyber-attacks and the adoption of immature and vulnerable AR technologies in medical administration and surgical environments is likely to accelerate this trend. Medical professionals will be able to access sensitive records such as medical history, medication regimens and prescriptions through AR devices. This will create a greater attack surface as data is made available on more devices, resulting in a growing number of breaches and thefts of sensitive personal information.
AR promises much, but organizations will soon find themselves targeted by digital attacks that distort the physical world, disrupting operations and causing significant financial and reputational damage.
How Should Your Organization Prepare?
Organizations should be wary of the risks posed by AR. Many of the opportunities that AR ushers in will need to be risk assessed, with mitigating controls introduced to ensure that employees and consumers are safe and that privacy requirements are upheld.
In the short term, organizations should enhance vulnerability scanning and risk assessments of AR devices and software. They should also ensure that AR systems and devices that have records relating to personal data are secure. Additionally, create work-arounds, business continuity plans and redundancy processes in the event of failure of critical AR systems and devices.
In the long term, limit data propagation and sharing across AR environments. Organizations should also ensure that security requirements are included when procuring AR devices and purchase comprehensive insurance coverage for AR technology. Finally, establish and maintain skillsets required for individuals in roles that are reliant upon AR technology.
About the author: Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include strategy, information technology, cyber security and the emerging security threat landscape across both the corporate and personal environments. Previously, he was senior vice president at Gartner.
Copyright 2010 Respective Author at Infosec IslandLike many things in life, network security is a continuous cycle. Just when you’ve completed the security model for your organization’s current network environment, the network will evolve and change – which will in turn demand changes to the security model. And perhaps the biggest change that organizations’ security teams need to get to grips with is the cloud.
This was highlighted by a recent survey, in which over 75% of respondents said the cloud service provider is entirely responsible for cloud security. This rather worrying finding was offset by some respondents stating that security is also the responsibility of the customer to protect their applications and data in the cloud service, which shows at least some familiarity with the ‘shared responsibility’ cloud security model.
What exactly does ‘shared responsibility’ mean?
In reality, the responsibility for security in the cloud is only shared in the same way that an auto manufacturer installs locks and alarms in its cars. The security features are certainly there: but they offer no protection at all unless the vehicle owner actually activates and uses them.
In other words, responsibility for security in the public cloud isn’t really ‘shared’. Ensuring that applications and data are protected rests entirely on the customer of those services. Over recent years we’ve seen how several high-profile companies unwittingly exposed large volumes of data in AWS S3 buckets. These issues were not caused by problems in Amazon: they were the result of users misconfiguring the Amazon S3 services they were using, and not using proper controls when uploading sensitive data to the services. The data was placed in the buckets protected by only weak passwords (and in some cases, no password at all).
Cloud exposure
It’s important to remember that cloud servers and resources are much more exposed than physical, on-premise servers. For example, if you make a mistake when configuring the security for an on-premise server that stores sensitive data, it is still likely to be protected by other security measures by default. It will probably sit behind the main corporate gateway, or other firewalls used to segment the network internally. Its databases will be accessible only from well-defined network segments. Users logging into it will have their accounts controlled by the centralized passwords management system. And so on.
In contrast, when you provision a server in the public cloud, it may easily be exposed to and accessible from any computer, anywhere in the world. Apart from a password, it might not have any other default protections in place. Therefore, it’s up to you to deploy the controls to protect the public cloud servers you use, and the applications and data they process. If you neglect this task and a breach occurs, the fault will be yours, not the cloud provider’s.
This means that it is the responsibility of your security team to establish perimeters, define security policies and implement controls to manage connectivity to those cloud servers. They need to set up controls to manage the connection between the organization’s public cloud and on-premise networks, for example using a VPN, and consider whether encryption is needed for data in the cloud. These measures will also require a logging infrastructure to record actions for management and audits, to get a record of what changes were made and who made them.
Of course, all these requirements across both on-premise and cloud environments add significant complexity to security management, demanding that IT and security teams use multiple different tools to make network changes and enforce security. However, using a network security policy management solution will greatly simplify these processes, enabling security teams to have visibility of their entire estate and enforce policies consistently across public clouds and the on-premise network from a single console.
The solution’s network simulation capabilities can be used to easily answer questions such as: ‘is my application server secure?’, or ‘is the traffic between these workloads protected by a security gateway?’ It can also quickly identify issues that could block an application’s connectivity (such as misconfigured or missing security rules, or incorrect routes) and then plan how to correct the connectivity issue across the relevant security controls. What’s more, the solution keeps an audit trail of every change for compliance reporting.
Remember that in the public cloud, there’s almost no such thing as ‘shared responsibility.’ Security is primarily your responsibility – with help from the cloud provider. But with the right approach to security management, that responsibility and protection is easy to maintain, without having to play the blame game.
About the author: Professor Avishai Wool is the CTO and Co-Founder of AlgoSec.
Copyright 2010 Respective Author at Infosec IslandThis week, we welcome Juan Canales, an ExtraHop customer, and Matt Cauthorn, VP Sales Engineering at ExtraHop, to discuss An Honest Conversation About "Response"! In the Leadership and Communications section, Profile of the Post-Pandemic CISO, Time to rethink business continuity and cyber security, Protecting Remote Workers Productivity and Performance, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode179
To request a demo with ExtraHop, visit: https://securityweekly.com/extrahop
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, TikTok bans part 2, Try2Cry, Lazarus rises from the dead, Chinese Data blocking, and the Bubonic Plague! Jason Wood returns for Expert Commentary on how a flashy Nigerian Instagram star was extradited to the U.S. to face BEC charges!
Show Notes: https://wiki.securityweekly.com/SWNEpisode47
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Things fail. It happens. A core principle of building well in the AWS Cloud is reliability. Dr. Vogels said it best, “How can you reduce the impact of failure on your customers?” He uses the term “blast radius” to describe this principle.
One of the key methods for reducing blast radius is the AWS account itself. Accounts are free and provide a strong barrier between resources, and thus, failures or other issues. This type of protection and peace of mind helps teams innovate by reducing the risk of running into another team’s work. The challenge is managing all of these accounts in a reasonable manner. You need to strike a balance between providing security guardrails for teams while also ensuring that each team gets access to the resources they need.
AWS Services & Features
There are a number of AWS services and features that help address this need. AWS Organizations, AWS Firewall Manager, IAM Roles, tagging, AWS Resource Access Manager, AWS Control Tower, and more, which all play a role in helping your team manage multiple accounts.
For this post, we’ll look at AWS Control Tower a little closer. AWS Control Tower was made generally available at AWS re:Inforce. The service provides an easy way to setup and govern AWS accounts in your environment. You can configure strong defaults for all new accounts, pre-populate IAM Roles, and more. Essentially, AWS Control Tower makes sure that any new account starts off on the right foot.
For more on the service, check out this excellent talk from the launch.
Partner Integrations
With almost a year under its belt, AWS Control Tower is now expanding to provide partner integrations. Now, in addition to setting up AWS services and features, you can pre-config supported APN solutions as well. Trend Micro is among the first partners to support this integration by providing the ability to add Trend Micro Cloud One – Workload Security and Trend Micro Cloud One – Conformity to your Control Tower account factory. Once configured, any new account that is created via the factory will automatically be configured in your Trend Micro Cloud One account.
Integration Advantage
This integration not only reduces the friction in getting these key security tools setup, it also provides immediate visibility into your environment. Workload Security will now be able show you any Amazon EC2 instances or Amazon ECS hosts within your accounts. You’ll still need to install and apply a policy to the Workload Security agent to protect these instances, but this initial visibility provides a map for your teams, reducing the time to protection. Conformity will start generating information within minutes. This information from Conformity will allow your teams to get a quick handle on their security posture and more with fast and ongoing security and compliance checks.
Integrating this from the beginning of every new account will allow each team to track their progress against a huge set of recommended practices across all five pillars of the Well-Architected Framework.
What’s Next?
One of the biggest challenges in cloud security is integrating it early in the development process. We know that the earlier security is factored into your builds, the better the result. You can’t get much earlier than the initial creation on an account. That’s why this new integration with AWS Control Tower is so exciting. Having security in every account within your organization from day zero provides much needed visibility and a fantastic head start.
The post Automatic Visibility And Immediate Security with Trend Micro + AWS Control Tower appeared first on .
The endpoint has long been a major focal point for attackers targeting enterprise IT environments. Yet increasingly, security bosses are being forced to protect data across the organization, whether it’s in the cloud, on IoT devices, in email, or on-premises servers. Attackers may jump from one environment to the next in multi-stage attacks and even hide between the layers. So, it pays to have holistic visibility, in order to detect and respond more effectively.
This is where XDR solutions offer a convincing alternative to EDR and point solutions. But unfortunately, not all providers are created equal. Trend Micro separates themselves from the pack by providing mature security capabilities across all layers, industry-leading threat intelligence, and an AI-powered analytical approach that produces fewer, higher fidelity alerts.
Under pressure
It’s no secret that IT security teams today are under extreme pressure. They’re faced with an enemy able to tap into a growing range of tools and techniques from the cybercrime underground. Ransomware, social engineering, fileless malware, vulnerability exploits, and drive-by-downloads, are just the tip of the iceberg. There are “several hundred thousand new malicious programs or unwanted apps registered every day,” according to a new Osterman Research report. It argues that, while endpoint protection must be a “key component” in corporate security strategy, “It can only be one strand” —complemented with protection in the cloud, on the network, and elsewhere.
There’s more. Best-of-breed approaches have saddled organizations with too many disparate tools over the years, creating extra cost, complexity, management headaches, and security gaps. This adds to the workload for overwhelmed security teams.
According to Gartner, “Two of the biggest challenges for all security organizations are hiring and retaining technically savvy security operations staff, and building a security operations capability that can confidently configure and maintain a defensive posture as well as provide a rapid detection and response capacity. Mainstream organizations are often overwhelmed by the intersectionality of these two problems.”
XDR appeals to organizations struggling with all of these challenges as well as those unable to gain value from, or who don’t have the resources to invest in, SIEM or SOAR solutions. So what does it involve?
What to look for
As reported by Gartner, all XDR solutions should fundamentally achieve the following:
However, the analyst urges IT buyers to think carefully before choosing which provider to invest in. That’s because, in some cases, underlying threat intelligence may be underpowered, and vendors have gaps in their product portfolio which could create dangerous IT blind spots. Efficacy will be a key metric. As Gartner says, “You will not only have to answer the question of does it find things, but also is it actually finding things that your existing tooling is not.”
A leader in XDR
This is where Trend Micro XDR excels. It has been designed to go beyond the endpoint, collecting and correlating data from across the organization, including; email, endpoint, servers, cloud workloads, and networks. With this enhanced context, and the power of Trend Micro’s AI algorithms and expert security analytics, the platform is able to identify threats more easily and contain them more effectively.
Forrester recently recognized Trend Micro as a leader in enterprise detection and response, saying of XDR, “Trend Micro has a forward-thinking approach and is an excellent choice for organizations wanting to centralize reporting and detection with XDR but have less capacity for proactively performing threat hunting.”
According to Gartner, fewer than 5% of organizations currently employ XDR. This means there’s a huge need to improve enterprise-wide protection. At a time when corporate resources are being stretched to the limit, Trend Micro XDR offers global organizations an invaluable chance to minimize enterprise risk exposure whilst maximizing the productivity of security teams.
The post Beyond the Endpoint: Why Organizations are Choosing XDR for Holistic Detection and Response appeared first on .
This week, we welcome Catherine Chambers and Will Hickie from Irdeto, to discuss Protecting Mobile Applications! In the Application Security News, Would you like some RCE with your Guacamole?, Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn, Microsoft releases emergency security update to fix two bugs in Windows codecs, The Current State of Kubernetes Threat Modelling, and How To Build a Culture of Resilience Through Good Habits!
Show Notes: https://wiki.securityweekly.com/ASWEpisode113
To download the white paper, visit: https://securityweekly.com/irdeto
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Connected cars are on the move. Globally their number is set to grow 270% between 2018 and 2022 to reach an estimated 125 million in a couple of years. Increasingly, these vehicles are more akin to high-performance mobile computers with wheels than traditional cars, with features including internet access, app-based remote monitoring and management, advanced driver-assistance, and autonomous driving capabilities. But this also leaves them exposed to sensitive data theft and remote manipulation, which could create serious physical safety issues.
This is where a new standard comes in. ISO/SAE 21434 creates detailed guidance for the automotive industry to help it navigate these challenges and reduce reputational and cyber-risk. A new report from Trend Micro details what industry stakeholders need to, along with our recommendations as cybersecurity experts.
Packed with power
Modern automobiles do far more than transport their occupants from A to B. They are filled with computing power, sensors, infotainment systems and connectivity to help improve the car experience, traffic safety, vehicle maintenance and much more. This all creates complexity, which in turn leads to the emergence of cybersecurity gaps.
For example, there are now more than 100 engine control units (ECUs) in many modern vehicles, packed with software to control everything from the engine and suspension to the brakes. By hijacking the execution of any ECU an attacker could move laterally to any target in the vehicle, potentially allowing them to remotely cause life-threatening accidents.
As our report explains, there are three fundamental issues that make securing connected cars challenging:
Vulnerabilities are difficult to patch due to the highly tiered mature of car supply chains, firmware interoperability and long update times. If updates fail, as they can, a vehicle may be left inoperable.
Protocols used for connectivity between ECUs were not designed with security in mind, allowing attackers to conduct lateral movement.
Aftermarket products and services represent a third area of risk exposure. Akin to unsecured IoT devices in the smart home, they can be abused by attackers to pivot to more sensitive parts of the vehicle.
These vulnerabilities have been highlighted in research dating back years, but as connected cars grow in number, real-world attacks are now starting to emerge. Attack scenarios target everything from user applications to network protocols, to the CAN bus, on-board software and more. In short, there’s much for the bad guys to gain and plenty for carmakers to lose.
Here to help
This is where the new standard comes in. ISO/SAE 21434 “Road vehicles – Cybersecurity engineering” is a typically long and detailed document designed to improve automotive cybersecurity and risk mitigation across the entire supply chain — from vehicle design and engineering through to decommissioning.
As a long-time collaborator with the automotive industry, Trend Micro welcomes the new standard as a way to enhance security-by-design in an area coming under the increasing scrutiny of attackers. In fact, eight out of the world’s top 10 automotive companies have adopted Trend Micro solutions for their enterprise IT.
In order to follow ISO/SAE 21434 and protect connected cars, organizations need comprehensive visibility and control of the entire connected car ecosystem, including: vehicle, network and backend systems. They should then consider developing a Vehicle Security Operations Center (VSOC) to manage notifications coming in from all three areas and to create a bird’s eye view of the entire ecosystem.
Consider the following capabilities in each of these key areas:
Vehicle: Detect in-vehicle vulnerabilities and possible exploitation, including those in critical devices that connected the in-vehicle network to outside networks, for instance, in-vehicle infotainment systems (IVI) and telematic control units (TCUs).
Network: Apply network security policy, monitoring traffic to detect and prevent threats including connections between vehicle and backend cloud and data centers.
Backend: Secure data centers, cloud and containers from known and unknown threats and bugs without compromising performance.
Vehicle SOC: Take quick and effective action by correlating threats detected from the endpoint, network, and backend with individual notifications from each, enabling a bird’s eye view of comprehensive elements.
In uncertain times for the industry, it pays to get ahead of the game, and any prospective changes in local laws that the new ISO/SAE standard may encourage. For carmakers looking to differentiate in a tough market, and do the right thing by protecting their customers, Trend Micro is here to help.
To find out more, read the full report here.
The post ISO/SAE 21434: It’s time to put the brakes on connected car cyber-threats appeared first on .
This week, we welcome Jerry Chen, Co-Founder of Firewalla, to discuss Work From Home Cyber Security! In our second segment, we welcome Ryan Hays, Offensive Security Manager at RSA Security, to talk about OSINT Scraping with Python! In the Security News, Cisco Releases Security Advisory for Telnet Vulnerability in IOS XE Software, Firefox 78 is out with a mysteriously empty list of security fixes, Python Arbitrary File Write Prevention: The Tarbomb, New Lucifer DDoS Botnet Targets Windows Systems with Multiple Exploits, Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking, and how the Internet is too unsafe, and why we need more hackers!
Show Notes: https://wiki.securityweekly.com/PSWEpisode656
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about eight U.S. cities that recently had payment card data stolen via point-of-sale skimming malware on their Click2Gov online payment platforms. Also, learn about the cybersecurity behaviors of more than 13,000 remote workers across 27 countries in a new survey from Trend Micro.
Read on:
Connected Car Standards – Thank Goodness!
Intelligent transportation systems (ITS) require harmonization among manufacturers to have any chance of succeeding in the real world. Successful ITS’ require interoperable components, especially for managing cybersecurity issues. The good news is we now have a standard for automotive cybersecurity (ISA/SAE 21434) that addresses all the major elements of connected car security. In this blog from Trend Micro, learn more about this standard for automotive cybersecurity.
The Next Cybersecurity Headache: Employees Know the Rules but Just Don’t Care
Cybersecurity has shot to the top of many IT leaders’ priorities over the past few months as remote working became the de facto way of doing business. Yet despite more awareness of the security risks of working from home, employees are still showing a lax attitude when putting it into practice. Trend Micro recently surveyed more than 13,000 remote workers across 27 countries and found that 72% of respondents claimed to have gained better cybersecurity awareness during the pandemic.
Risk Decisions in an Imperfect World
Risk decisions are the foundation of information security – but sadly also one of the most often misunderstood parts. This is bad enough on its own but can sink any effort at education as an organization moves towards a DevOps philosophy. In this blog, check out a video on how to properly evaluate risk from Mark Nunnikhoven, vice president of cloud research at Trend Micro.
Payment Card Skimmer Attacks Hit 8 Cities
Eight U.S. cities recently had payment card data stolen via point-of-sale skimming malware on their Click2Gov online payment platforms, according to Trend Micro. Five of those cities had already been victims of similar Magecart-style attacks in recent years. This new round of attacks targeted payment card information, along with the card owner’s name and address.
Perspectives Summary – What You Said
On Thursday, June 25, Trend Micro hosted its first-ever virtual Perspectives event. As the session progressed, Trend Micro polled attendees, composed of more than 5,000 global registrants, on two key cloud security questions. In this blog, Trend Micro analyzes and shares the responses.
Microsoft Issues Two Emergency Security Updates Impacting Windows 10 and Windows Server
This week, Microsoft issued emergency security updates for two vulnerabilities that could allow attackers to run remote code execution against victims. One of the flaws, CVE-2020-1425, would allow attackers to gather information from victims about further compromising their targets. Abdul-Aziz Hariri, a vulnerability analysis manager for Trend Micro’s Zero Day Initiative, is credited for finding and reporting the vulnerabilities.
Principles of a Cloud Migration
Development and application teams can be the initial entry point of a cloud migration as they start looking at faster ways to accelerate value delivery. In this video, Trend Micro’s Jason Dablow describes some techniques on how development staff can incorporate the Well Architected Framework and other compliance scanning against their Infrastructure as Code prior to it being launched into a cloud environment.
V Shred Data Leak Exposes PII, Sensitive Photos of Fitness Customers and Trainers
Las Vegas-based fitness brand V Shred, that offers fitness plans for women and men, exposed the personally identifiable information (PII) of more than 99,000 customers and trainers – and has yet to fully resolve the leaking database responsible. On Thursday, vpnMentor’s research team made the data leak public.
When remote work becomes not just an option but the only choice for many, it raises vital questions about the technical side regarding how to make the transition feasible and how to keep it secure. In this blog, Mark Liggett, CEO of Liggett Consulting and longtime IT and cybersecurity key player, sits down with Trend Micro to share his thoughts on the importance of connectivity and visibility in securing WFH setups.
FakeSpy Android Malware Spread Via ‘Postal-Service’ Apps
Android mobile device users are being targeted in a new SMS phishing campaign that is spreading the FakeSpy infostealer. The malware, disguised as legitimate global postal-service apps, steals SMS messages, financial data and more from victims’ devices. The campaign was first discovered targeting South Korean and Japanese speakers, but it has now expanded to China, Taiwan, France, Switzerland, Germany, the United Kingdom and the United States.
This blog series from Trend Micro describes typical examples of general-purpose guidelines for ICS and OT security and helps readers understand the concepts required for security in smart factories. In part two, learn about the concepts of system design and security levels in IEC62443.
In this five-part blog series, Trend Micro looks at the security risks to be aware of when promoting smart factories by examining overlooked attack vectors, feasible attack scenarios, and recommended defense strategies. Wrapping up this series is a blog examining recommended security strategies and countermeasures to secure smart factories and to keep operations running.
How well do you think your organization’s employees are following security and IT procedures during quarantine? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Payment Card Skimmer Attacks Hit 8 Cities and Survey Finds 72% of Remote Workers Have Gained Cybersecurity Awareness During Lockdown appeared first on .
This week, Dr. Doug wraps up the hot topics across all the shows for this week, talking about Bad laws, bad hackers, India bans 59 Chinese Apps including TikTok, Lucifer botnet threatens Windows Systems, Schuchman sentenced to 13 months for botnet development, and more!
Show Notes: https://wiki.securityweekly.com/SWNEpisode46
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about how Semperis adds vulnerability assessment, security reporting, and auto-remediation to its DSP, AWS launches Amazon Honeycode to help quickly build mobile and web apps without programming, Attivo Networks Advanced Protection Disrupts Ransomware 2.0, Improved threat visibility, defense and protection across social platforms with SafeGuard 7.6, and more! In our second segment, we welcome Greg Thomas, Lead Security Engineer at Jvion, to talk about HITRUST Compliance vs. Security and Diversity in InfoSec! In our final segment, we welcome Franz Payer, CEO at Cyber Skyline, to discuss Cybersecurity Hiring!
Show Notes: https://wiki.securityweekly.com/ESWEpisode189
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Matt Springfield, Founder of 12Feet, Inc., to talk about PCI Workloads in the Cloud! In the Security and Compliance News, Cloud Security for a Dynamic Environment, Why identity-based, distributed controls are better suited to address cloud-era threats, Top Cloud Security Challenges in 2020, Exposed Cloud Databases Attacked 18 Times Per Day, and more!
Show Notes: https://wiki.securityweekly.com/SCWEpisode33
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Organisations have been forced to adapt rapidly over the past few months as government lockdowns kept most workers to their homes. For many, the changes they’ve made may even become permanent as more distributed working becomes the norm. This has major implications for cybersecurity. Employees are often described as the weakest link in the corporate security chain, so do they become an even greater liability when working from home?
Unfortunately, a major new study from Trend Micro finds that, although many have become more cyber-aware during lockdown, bad habits persist. CISOs looking to ramp up user awareness training may get a better return on investment if they try to personalize strategies according to specific user personas.
What we found
We polled 13,200 remote workers across 27 countries to compile the Head in the Clouds study. It reveals that 72% feel more conscious of their organisation’s cybersecurity policies since lockdown began, 85% claim they take IT instructions seriously, and 81% agree that cybersecurity is partly their responsibility. Nearly two-thirds (64%) even admit that using non-work apps on a corporate device is a risk.
Yet in spite of these lockdown learnings, many employees are more preoccupied by productivity. Over half (56%) admit using a non-work app on a corporate device, and 66% have uploaded corporate data to it; 39% of respondents “often” or “always” access corporate data from a personal device; and 29% feel they can get away with using a non-work app, as IT-backed solutions are “nonsense.”
This is a recipe for shadow IT and escalating levels of cyber-risk. It also illustrates that current approaches to user awareness training are falling short. In fact, many employees seem to be aware of what best practice looks like, they just choose not to follow it.
Four security personas
This is where the second part of the research comes in. Trend Micro commissioned Dr Linda Kaye, Cyberpsychology Academic at Edge Hill University, to profile four employee personas based on their cybersecurity behaviors: fearful, conscientious, ignorant and daredevil.
In this way: Fearful employees may benefit from training simulation tools like Trend Micro’s Phish Insight, with real-time feedback from security controls and mentoring.
Conscientious staff require very little training but can be used as exemplars of good behavior, and to team up with “buddies” from the other groups.
Ignorant users need gamification techniques and simulation exercises to keep them engaged in training, and may also require additional interventions to truly understand the consequences of risky behavior.
Daredevil employees are perhaps the most challenging because their wrongdoing is the result not of ignorance but a perceived superiority to others. Organisations may need to use award schemes to promote compliance, and, in extreme circumstances, step up data loss prevention and security controls to mitigate their risky behavior.
By understanding that no two employees are the same, security leaders can tailor their approach in a more nuanced way. Splitting staff into four camps should ensure a more personalized approach than the one-size-fits-all training sessions most organisations run today.
Ultimately, remote working only works if there is a high degree of trust between managers and their teams. Once the pandemic recedes and staff are technically allowed back in the office, that trust will have to be re-earned if they are to continue benefiting from a Work From Home environment.
The post Survey: Employee Security Training is Essential to Remote Working Success appeared first on .
This week, we welcome Graeme Park, CISO at Matillion, to discuss Cybersecurity Challenges in Growth Organizations! In the Leadership and Communications section, Why Cybersecurity Is Really A Business Problem, 6 Reasons Your Strategy Isn t Working, 5 cities with the highest tech salaries, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode178
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, TikTok bans, OZ increases Cyber budgets, The US Senate wants the justice department to read your mail, the Top Ten Bug Bounties, and BlueLeaks! Jason Wood returns for Expert Commentary on how the REvil Ransomware Gang Adds Auction Feature for Stolen Data!
Show Notes: https://wiki.securityweekly.com/SWNEpisode45
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Intelligent transportation systems (ITS) require harmonization among manufacturers to have any chance of succeeding in the real world. No large-scale car manufacturer, multimodal shipper, or MaaS (Mobility as a Service) provider will risk investing in a single-vendor solution. Successful ITS require interoperable components, especially for managing cybersecurity issues. See https://www.trendmicro.com/vinfo/us/security/news/intelligent-transportation-systems for a set of reports on ITS cybersecurity.
The good news is we now have a standard for automotive cybersecurity, ISA/SAE 21434. This standard addresses all the major elements of connected car security including V2X, reaching from the internals of ECUs and communications busses including CAN to the broader issues of fleet management and public safety. See https://www.iso.org/standard/70918.html for the current draft version of this standard.
Intelligent transport systems rely on complex, contemporary infrastructure elements, including cloud (for data aggregation, traffic analysis, and system-wide recommendations) and 5G (for inter-component networking and real-time sensing). ITS also rely on aging industrial control systems and components, for vehicle detection, weather reporting, and traffic signaling, some dating back forty years or more. This profound heterogeneity makes the cybersecurity problem unwieldy. Automotive systems generally are the most complex public-facing applications of industrial IoT. Any information security problems with them will erode public trust in this important and ultimately critical infrastructure.
Robert Bosch GmbH began working on the first automotive bus architecture in 1986. Automobiles gained increasing electronic functions (smog controls, seat belt monitors, electric window controls, climate controls, and so on). With each new device, the manufacturers had to install additional point-to-point wiring to monitor and control them. This led to increasing complexity, the possibility for error, extended manufacturing time, more costly diagnosis and repair post-sales, and added weight. See Figure 1 for details. By replacing point-to-point wiring with a simple bus, manufacturers could introduce new features connected with one pair of wires for control. This simplified design, manufacturing, diagnosis, and improved quality and maintainability.
Figure 1: CAN Networks Significantly Reduce Wiring (from National Instruments https://www.ni.com/en-us/innovations/white-papers/06/controller-area-network–can–overview.html)
The bus was simple: all devices saw all traffic and responded to messages relevant to them. Each message has a standard format, with a header describing the message content and priority (the arbitration IDs), the body which contains the relevant data, and a cyclic redundancy check (CRC), which is a code to verify that the message contents are accurate. This CRC uses a mathematical formula to determine if any bits have flipped, and for small numbers of errors can correct the message, like a checksum. This is not as powerful as a digital signature. It has no cryptographic power. Every device on the bus can use the CRC algorithm to create a code for messages it sends and to verify the data integrity of messages it receives. Other than this, there is no data confidentiality, authentication, authorization, data integrity, or non-repudiation in CAN bus messages – or any other automotive bus messages. The devices used in cars are generally quite simple, lightweight, and inexpensive: 8-bit processors with little memory on board. Any device connected to the network is trusted. Figure 2 shows the layout of a CAN bus message.
Figure 2: The Standard CAN Frame Format, from National Instruments
Today’s automobiles have more sophisticated devices on board. The types of messages and the services the offer are becoming more complex. In-vehicle infotainment (IVI) systems provide maps, music, Bluetooth connectivity for smartphones and other devices, in addition to increasingly more elaborate driving assistance and monitoring systems all add more traffic to the bus. But given the diversity of manufacturers and suppliers, impeding security measures over the automotive network. No single vendor could today achieve what Robert Bosch did nearly forty years ago. Yet the need for stronger vehicle security is growing.
The ISO/SAE 21434 standard describes a model for securing the supply chain for automotive technology, for validating the integrity of the development process, detecting vulnerabilities and cybersecurity attacks in automotive systems, and managing the deployment of fixes as needed. It is comprehensive. ISO/SAE 21434 builds on decades of work in information security. By applying that body of knowledge to the automotive case, the standard will move the industry towards a safer and more trustworthy connected car world.
But the standard’s value doesn’t stop with cars and intelligent transport systems. Domains far beyond connected cars will benefit from having a model for securing communications among elements from diverse manufacturers sharing a common bus. The CAN bus and related technologies are used onboard ships, in aircraft, in railroad management, in maritime port systems, and even in controlling prosthetic limbs. The vulnerabilities are common, the complexity of the supply chain is equivalent, and the need for a comprehensive architectural solution is as great. So this standard is a superb achievement and will go far to improve the quality, reliability, and trustworthiness of critical systems globally.
What do you think? Let me know in the comments below or @WilliamMalikTM.
The post Connected Car Standards – Thank Goodness! appeared first on .
Risk decisions are the foundation of information security. Sadly, they are also one of the most often misunderstood parts of information security.
This is bad enough on its own but can sink any effort at education as an organization moves towards a DevOps philosophy.
To properly evaluate the risk of an event, two components are required:
Unfortunately, teams—and humans in general—are reasonably good at the first part and unreasonably bad at the second.
This is a problem.
It’s a problem that is amplified when security starts to integration with teams in a DevOps environment. Originally presented as part of AllTheTalks.online, this talk examines the ins and outs of risk decisions and how we can start to work on improving how our teams handle them.
The post Risk Decisions in an Imperfect World appeared first on .
This week, we welcome Cesar Rodriguez, Head of Developer Advocacy at Accurics, to talk about Using IaC to Establish And Analyze Secure Environments! In the Application Security News, DLL Hijacking at the Trend Micro Password Manager, Adobe Prompts Users to Uninstall Flash Player As EOL Date Looms, The State of Open Source Security 2020, Microservices vs. Monoliths: Which is Right for Your Enterprise?, What Modern CI/CD Should Look Like, and Build trust through better privacy!
Show Notes: https://wiki.securityweekly.com/ASWEpisode112
To learn more about Accurics, visit: https://securityweekly.com/accurics
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
On Thursday, June 25, Trend Micro hosted our Perspectives 2-hour virtual event. As the session progressed, we asked our attendees, composed of +5000 global registrants, two key questions. This blog analyzes those answers.
First, what is your current strategy for securing the cloud?
Rely completely on native cloud platform security capabilities (AWS, Azure, Google…) 33%
Add on single-purpose security capabilities (workload protection, container security…) 13%
Add on security platform with multiple security capabilities for reduced complexity 54%
This result affirms IDC analyst Frank Dickson’s observation that most cloud customers will benefit from a suite offering a range of security capabilities covering multiple cloud environments. For the 15% to 20% of organizations that rely on one cloud provider, purchasing a security solution from that vendor may provide sufficient coverage. The quest for point products (which may be best-of-breed, as well) introduces additional complexity across multiple cloud platforms, which can obscure problems, confuse cybersecurity analysts and business users, increase costs, and reduce efficiency. The comprehensive suite strategy compliments most organizations’ hybrid, multi-cloud approach.
Second, and this is multiple choice, how are you enabling secure digital transformation in the cloud today?
This shows that cloud users are open to many available solutions for improving cloud security. The adoption pattern follows traditional on-premise security deployment models. The most commonly cited solution, Network Security/Cloud IPS, recognizes that communication with anything in the cloud requires a trustworthy network. This is a very familiar technique, dating back in the on-premise environment to the introduction of firewalls in the early 1990s from vendors like CheckPoint and supported by academic research as found in Cheswick and Bellovin’s Firewalls and Internet Security (Addison Wesley, 1994).
The frequency of data exposure due to misconfigured cloud instances surely drives Cloud Security Posture Management, certainly aided by the ease of deployment of tools like Cloud One conformity.
The newness of containers in the production environment most likely explains the relatively lower deployment of container security today.
The good news is that organizations do not have to deploy and manage a multitude of point products addressing one problem on one environment. The suite approach simplifies today’s reality and positions the organization for tomorrow’s challenges.
Looking ahead, future growth in industrial IoT and increasing deployments of 5G-based public and non-public networks will drive further innovations, increasing the breadth of the suite approach to securing hybrid, multi-cloud environments.
What do you think? Let me know @WilliamMalikTM.
The post Perspectives Summary – What You Said appeared first on .
Development and application teams can be the initial entry point of a cloud migration as they start looking at faster ways to accelerate value delivery. One of the main things they might use during this is “Infrastructure as Code,” where they are creating cloud resources for running their applications using lines of code.
In the below video, as part of a NADOG (North American DevOps Group) event, I describe some additional techniques on how your development staff can incorporate the Well Architected Framework and other compliance scanning against their Infrastructure as Code prior to it being launched into your cloud environment.
If this content has sparked additional questions, please feel free to reach out to me on my LinkedIn. Always happy to share my knowledge of working with large customers on their cloud and transformation journeys!
The post Principles of a Cloud Migration appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about two recently detected variants of existing Linux botnet malware types targeting exposed Docker servers. Also, read about a group of vulnerabilities dubbed Ripple20 that have the potential to critically impact millions of IoT devices across many different industries.
Read on:
The Fear of Vendor Lock-in Leads to Cloud Failures
Vendor lock-in, the fear that by investing too much with one vendor an organization reduces their options in the future, has been an often-quoted risk since the mid-1990s. Organizations continue to walk a fine line with their technology vendors. Ideally, you select a set of technologies that not only meet your current needs but that align with your future vision as well.
How Do I Select a Mobile Security Solution for My Business?
The percentage of companies admitting to suffering a mobile-related compromise has grown, despite a higher percentage of organizations deciding not to sacrifice the security of mobile devices to meet business targets. To make things worse, the C-suite is the most likely group within an organization to ask for relaxed mobile security protocols – despite also being highly targeted by cyberattacks.
Knowing Your Shared Security Responsibility in Microsoft Azure and Avoiding Misconfigurations
Trend Micro is excited to launch new Trend Micro Cloud One – Conformity capabilities that will strengthen protection for Azure resources. As with any launch, there is a lot of new information, so we held a Q&A with one of the founders of Conformity, Mike Rahmati. In the interview, Mike shares how these new capabilities can help customers prevent or easily remediate misconfigurations on Azure.
FBI Warns K-12 Schools of Ransomware Attacks via RDP
The US Federal Bureau of Investigation (FBI) this week sent out a security alert to K-12 schools about the increase in ransomware attacks during the coronavirus pandemic, and especially about ransomware gangs that abuse RDP connections to break into school systems.
XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers
Trend Micro recently detected variants of two existing Linux botnet malware types targeting exposed Docker servers: XORDDoS malware and Kaiji DDoS malware. Having Docker servers as their target is a new development for both XORDDoS and Kaiji; XORDDoS was known for targeting Linux hosts on cloud systems, while recently discovered Kaiji was first reported to affect internet of things (IoT) devices.
Frost & Sullivan Employee, Customer Data for Sale on Dark Web
A group is hawking records of more than 12,000 Frost & Sullivan employees and customers on a hacker folder. According to Cyble CEO Beenu Arora the breach was a result of a misconfigured backup directory on one of Frost & Sullivan’s public-facing servers. The KelvinSecurity Team said they put the information – which includes names, email addresses, company contacts, login names and hashed passwords – for sale in a hacking forum to sound the “alarm” after Frost & Sullivan didn’t respond to the group’s attempt to alert it to the exposed database.
Millions of IoT Devices Affected by Ripple20 Vulnerabilities
Israeli cybersecurity firm JSOF has released information on a group of vulnerabilities dubbed Ripple20. These vulnerabilities have the potential to critically impact millions of internet of things (IoT) devices across many different industries — crucial machines in the medical, oil and gas, transportation, power, and manufacturing industries can be affected by these bugs.
Nvidia Warns Windows Gamers of Serious Graphics Driver Bugs
Graphics chipmaker Nvidia has fixed two high-severity flaws in its graphics drivers. Attackers can exploit the vulnerabilities to view sensitive data, gain escalated privileges or launch denial-of-service (DoS) attacks in impacted Windows gaming devices.
Cyberattacks from the Frontlines: Incident Response Playbook for Beginners
For enterprises, staying competitive in an ever-changing market involves keeping up with the latest technological trends. However, without the parallel development of security infrastructure and robust response, new technology could be used as a conduit for cyberthreats that result in losses. Organizations should aim to prevent these breaches from happening — but having protocols for reducing a breach lifecycle is an essential and realistic approach for dealing with current threats.
OneClass Unsecured S3 Bucket Exposes PII on More than One Million Students, Instructors
An unsecured database belonging to remote learning platform OneClass has exposed information associated with more than a million students in North America who use the platform to access study guides and educational assistance. Data exposed includes full names, email addresses (some masked), schools and universities attended, phone numbers, school and university course enrollment details and OneClass account details.
During the past decade, various countries and industries have actively developed guidelines and frameworks for OT security. Recently, multiple guidelines have been integrated, and two standards as global standards are IEC62443 and the NIST CSF, SP800 series, from the viewpoint of security in smart factories. In this series, Trend Miro explains the overviews of IEC62443 and NIST CSF, in order to understand their concepts required for security in smart factories.
Many businesses have misperceptions about cloud environments, providers, and how to secure it all. In order to help separate fact from fiction when it comes to your cloud environment, Trend Micro debunks 8 myths to help you confidently take the next steps in the cloud.
Does your organization have an incident response playbook for potential breaches? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: XORDDoS and Kaiji Botnet Malware Variants Target Exposed Docker Servers and Ripple20 Vulnerabilities Could Impact Millions of IoT Devices appeared first on .
Many businesses have misperceptions about cloud environments, providers, and how to secure it all. We want to help you separate fact from fiction when it comes to your cloud environment.
This list debunks 8 myths to help you confidently take the next steps in the cloud.
The post 8 Cloud Myths Debunked appeared first on .
Trend Micro is excited to launch new Trend Micro Cloud One – Conformity capabilities that will strengthen protection for Azure resources.
As with any launch, there is a lot of new information, so we decided to sit down with one of the founders of Conformity, Mike Rahmati. Mike is a technologist at heart, with a proven track record of success in the development of software systems that are resilient to failure and grow and scale dynamically through cloud, open-source, agile, and lean disciplines. In the interview, we picked Mike’s brain on how these new capabilities can help customers prevent or easily remediate misconfigurations on Azure. Let’s dive in.
What are the common business problems that customers encounter when building on or moving their applications to Azure or Amazon Web Services (AWS)?
The common problem is there are a lot of tools and cloud services out there. Organizations are looking for tool consolidation and visibility into their cloud environment. Shadow IT and business units spinning up their own cloud accounts is a real challenge for IT organizations to keep on top of. Compliance, security, and governance controls are not necessarily top of mind for business units that are innovating at incredible speeds. That is why it is so powerful to have a tool that can provide visibility into your cloud environment and show where you are potentially vulnerable from a security and compliance perspective.
Common misconfigurations on AWS are an open Amazon Elastic Compute Cloud (EC2) or a misconfigured IAM policy. What is the equivalent for Microsoft?
The common misconfigurations are actually quite similar to what we’ve seen with AWS. During the product preview phase, we’ve seen customers with many of the same kinds of misconfiguration issues as we’ve seen with AWS. For example, Microsoft Azure Blobs Storage is the equivalent to Amazon S3 – that is a common source of misconfigurations. We have observed misconfiguration in two main areas: Firewall and Web Application Firewall (WAF),which is equivalent to AWS WAF. The Firewall is similar to networking configuration in AWS, which provides inbound protection for non-HTTP protocols and network related protection for all ports and protocols. It is important to note that this is based on the 100 best practices and 15 services we currently support for Azure and growing, whereas, for AWS, we have over 600 best practices in total, with over 70 controls with auto-remediation.
Can you tell me about the CIS Microsoft Azure Foundation Security Benchmark?
We are thrilled to support the CIS Microsoft Azure Foundation Security Benchmark. The CIS Microsoft Azure Foundations Benchmark includes automated checks and remediation recommendations for the following: Identity and Access Management, Security Center, Storage Accounts, Database Services, Logging and Monitoring, Networking, Virtual Machines, and App Service. There are over 100 best practices in this framework and we have rules built to check for all of those best practices to ensure cloud builders are avoiding risk in their Azure environments.
Can you tell me a little bit about the Microsoft Shared Responsibility Model?
In terms of shared responsibility model, it’s is very similar to AWS. The security OF the cloud is a Microsoft responsibility, but the security IN the cloud is the customers responsibility. Microsoft’s ecosystem is growing rapidly, and there are a lot of services that you need to know in order to configure them properly. With Conformity, customers only need to know how to properly configure the core services, according to best practices, and then we can help you take it to the next level.
Can you give an example of how the shared responsibility model is used?
Yes. Imagine you have a Microsoft Azure Blob Storage that includes sensitive data. Then, by accident, someone makes it public. The customer might not be able to afford an hour, two hours, or even days to close that security gap.
In just a few minutes, Conformity will alert you to your risk status, provide remediation recommendations, and for our AWS checks give you the ability to set up auto-remediation. Auto-remediation can be very helpful, as it can close the gap in near-real time for customers.
What are next steps for our readers?
I’d say that whether your cloud exploration is just taking shape, you’re midway through a migration, or you’re already running complex workloads in the cloud, we can help. You can gain full visibility of your infrastructure with continuous cloud security and compliance posture management. We can do the heavy lifting so you can focus on innovating and growing. Also, you can ask anyone from our team to set you up with a complimentary cloud health check. Our cloud engineers are happy to provide an AWS and/or Azure assessment to see if you are building a secure, compliant, and reliable cloud infrastructure. You can find out your risk level in just 10-minutes.
Get started today with a 60-day free trial >
Check out our knowledge base of Azure best practice rules>
Do you see value in building a security culture that is shifted left?
Yes, we have done this for our customers using AWS and it has been very successful. The more we talk about shifting security left the better, and I think that’s where we help customers build a security culture. Every cloud customer is struggling with implementing earlier on in the development cycle and they need tools. Conformity is a tool for customers which is DevOps or DevSecOps friendly and helps them build a security culture that is shifted left.
We help customers shift security left by integrating the Conformity API into their CI/CD pipeline. The product also has preventative controls, which our API and template scanners provide. The idea is we help customers shift security left to identify those misconfigurations early on, even before they’re actually deployed into their environments.
We also help them scan their infrastructure-as-code templates before being deployed into the cloud. Customers need a tool to bake into their CI/CD pipeline. Shifting left doesn’t simply mean having a reporting tool, but rather a tool that allows them to shift security left. That’s where our product, Conformity, can help.
The post Knowing your shared security responsibility in Microsoft Azure and avoiding misconfigurations appeared first on .
Vendor lock-in has been an often-quoted risk since the mid-1990’s.
Fear that by investing too much with one vendor, an organization reduces their options in the future.
Was this a valid concern? Is it still today?
Organizations walk a fine line with their technology vendors. Ideally, you select a set of technologies that not only meet your current need but that align with your future vision as well.
This way, as the vendor’s tools mature, they continue to support your business.
The risk is that if you have all of your eggs in one basket, you lose all of the leverage in the relationship with your vendor.
If the vendor changes directions, significantly increases their prices, retires a critical offering, the quality of their product drops, or if any number of other scenarios happen, you are stuck.
Locking in to one vendor means that the cost of switching to another or changing technologies is prohibitively expensive.
All of these scenarios have happened and will happen again. So it’s natural that organizations are concerned about lock-in.
When the cloud started to rise to prominence, the spectre of vendor lock-in reared its ugly head again. CIOs around the world thought that moving the majority of their infrastructure to AWS, Azure, or Google Cloud would lock them into that vendor for the foreseeable future.
Trying to mitigate this risk, organizations regularly adopt a “cloud neutral” approach. This means they only use “generic” cloud services that can be found from the providers. Often hidden under the guise of a “multi-cloud” strategy, it’s really a hedge so as not to lose position in the vendor/client relationship.
In isolation, that’s a smart move.
Taking a step back and looking at the bigger picture starts to show some of the issues with this approach.
The first issue is the heavy use of automation in cloud deployments means that vendor “lock-in” is not nearly as significant a risk as in was in past decades. The manual effort required to make a vendor change for your storage network used to be monumental.
Now? It’s a couple of API calls and a consumption-based bill adjusted by the megabyte. This pattern is echoed across other resource types.
Automation greatly reduces the cost of switching providers, which reduces the risk of vendor lock-in.
When your organization sets the mandate to only use the basic services (server-based compute, databases, network, etc.) from a cloud service provider, you’re missing out one of the biggest advantages of moving to the cloud; doing less.
The goal of a cloud migration is to remove all of the undifferentiated heavy lifting from your teams.
You want your teams directly delivering business value as much of the time as possible. One of the most direct routes to this goal is to leverage more and more managed services.
Using AWS as an example, you don’t want to run your own database servers in Amazon EC2 or even standard RDS if you can help it. Amazon Aurora and DynamoDB generally offer less operation impacts, higher performance, and lower costs.
When organizations are worried about vendor lock-in, they typically miss out on the true value of cloud; a laser focus on delivering business value.
In this new light, a multi-cloud strategy takes on a different aim. Your teams should be trying to maximize business value (which includes cost, operational burden, development effort, and other aspects) wherever that leads them.
As organizations mature in their cloud usage and use of DevOps philosophies, they generally start to cherry pick managed services from cloud providers that best fit the business problem at hand.
They use automation to reduce the impact if they have to change providers at some point in the future.
This leads to a multi-cloud split that typically falls around 80% in one cloud and 10% in the other two. That can vary depending on the situation but the premise is the same; organizations that thrive have a primary cloud and use other services when and where it makes sense.
There are some tools that are more effective when they work in all clouds the organization is using. These tools range from software products (like deployment and security tools) to metrics to operational playbooks.
Following the principles of focusing on delivering business value, you want to actively avoid duplicating a toolset unless it’s absolutely necessary.
The maturity of the tooling in cloud operations has reached the point where it can deliver support to multiple clouds without reducing its effectiveness.
This means automation playbooks can easily support multi-cloud (e.g., Terraform). Security tools can easily support multi-cloud (e.g., Trend Micro Cloud One). Observability tools can easily support multi-cloud (e.g., Honeycomb.io).
The guiding principle for a multi-cloud strategy is to maximize the amount of business value the team is able to deliver. You accomplish this by becoming more efficient (using the right service and tool at the right time) and by removing work that doesn’t matter to that goal.
In the age of cloud, vendor lock-in should be far down on your list of concerns. Don’t let a long standing fear slow down your teams.
The post The Fear of Vendor Lock-in Leads to Cloud Failures appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how the next generation of Intel mobile processors will include malware protection built into the chip. Also, read about a new phishing campaign that uses brand names to bypass security filters and trick victims into giving up Microsoft Office 365 credentials to gain access to corporate networks.
Read on:
Intel Says ‘Tiger Lake’ Will Drown Control-Flow Malware
Announced this week, the next generation of Intel mobile processors will include malware protection built into the chip. The protection, provided by Intel’s Control-Flow Enforcement Technology (CET), will first be available in the company’s “Tiger Lake” mobile processors. In this article, Greg Young, vice president of cybersecurity at Trend Micro, shares his thoughts.
Forward-Looking Security Analysis of Smart Factories Part 4: MES Database Compromises
In this five-part blog series, Trend Micro looks at the security risks to be aware of when promoting smart factories by examining overlooked attack vectors, feasible attack scenarios and recommended defense strategies. Part four describes how the Manufacturing Engineering System (MES) plays an important role in the manufacturing process and how cyberattacks on the MES can affect production activities.
The theft of top-secret computer hacking tools from the CIA in 2016 was the result of a workplace culture in which the agency’s elite computer hackers “prioritized building cyber weapons at the expense of securing their own systems,” according to an internal report. The breach — allegedly committed by a CIA employee — was discovered a year after it happened, when the information was published by WikiLeaks in March 2017.
Unpatched Vulnerability Identified in 79 NETGEAR Router Models
A whopping 79 NETGEAR router models are vulnerable to a severe security flaw that can let hackers take over devices remotely. According to researchers, the vulnerability impacts 758 different firmware versions that have been used on 79 NETGEAR routers across the years, with some firmware versions being first deployed on devices released as far back as 2007.
Massive IBM Cloud Outage Caused by BGP Hijacking
IBM has provided new information about the large-scale outage that occurred this week, affecting many IBM Cloud customers. The outage, which knocked a whole host of sites offline, was the result of BGP hijacking, said the firm.
Hackers Posing as LinkedIn Recruiters to Scam Military, Aerospace Firms
A new, highly sophisticated espionage campaign targeting military and aerospace organizations across Europe and the Middle East has been discovered by cybersecurity firm ESET. The campaigners attempt to lure company employees to extract money and/or sensitive documents. Dubbed Operation In(ter)caption; the campaign was active from September to December 2019, and espionage is declared the primary objective behind this campaign.
Phishing Campaign Targeting Office 365, Exploits Brand Names
Researchers have discovered a sophisticated new phishing campaign that uses recognized brand names to bypass security filters and to trick victims into giving up Microsoft Office 365 credentials to gain access to corporate networks. A report from Check Point Software first observed the attacks—the majority of which targeted European companies, with others seen in Asia and the Middle East.
Foodora Data Breach Impacts Customers in 14 Countries
Online food delivery service Delivery Hero has confirmed a data breach affecting its Foodora brand. The cybersecurity incident has exposed the account details of 727,000 customers in 14 different countries. Information exposed in the incident included names, addresses, phone numbers, and hashed passwords. While no financial data was leaked, customers’ geolocation data, accurate to within a couple of inches, was breached.
Cisco Adds New Security Features to Webex, Patches Serious Vulnerabilities
At its Cisco Live 2020 event, the networking giant informed customers that it has extended its data loss prevention (DLP) retention, Legal Hold and eDiscovery features to Webex Meetings. The company has also published several security advisories this week for Webex vulnerabilities, including three that have been classified as high severity and one rated medium severity.
Vulnerable Platform Used in Power Plants Enables Attackers to Run Malicious Code on User Browsers
Otorio’s incident response team identified a high-score vulnerability in OSIsoft’s PI System. They immediately notified OSIsoft Software of the vulnerability, which OSIsoft filed with ICS-CERT (ICSA-20-163-01). Installed in some of the world’s largest critical infrastructure facilities, OSIsoft Software’s PI System is a data management platform that accesses a broad range of core OT network assets in the sites it serves.
What other sophisticated phishing campaigns have you seen during the pandemic? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Intel Says ‘Tiger Lake’ Will Drown Control-Flow Malware and New Phishing Campaign Targeting Office 365 Exploits Brand Names appeared first on .
This week, Show News, Ebay thugs, Ripple 20, T-Mobile, Zoom, and the call may be coming from inside the house! All this and more on the Security Weekly News Wrap Up!
Show Notes: https://wiki.securityweekly.com/SWNEpisode44
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about how BeyondTrust Announces Integration with the SailPoint Predictive Identity Platform, Check Point Launches CloudGuard Cloud Native Security, CyberArk Alero enhancements provide secure privileged access for remote users, Digital Shadows announces new capabilities to identify and remediate unwanted code exposure, and more! In our second segment, we welcome back Ferruh Mavituna, CEO of Netsparker, to talk about Debunking DAST Myths and Short-Term Strategies To Fixing Vulnerabilities! In our final segment, we welcome Jason Fruge, Vice President, Business Application Cybersecurity at Onapsis, to talk about Emerging Security Threats to Your Digital Supply Chain!
Show Notes: https://wiki.securityweekly.com/ESWEpisode188
To learn more about Netsparker, visit: https://securityweekly.com/netsparker
To request a complimentary assessment, visit https://securityweekly.com/onapsis
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Jeff, Matt, Scott, and Josh continue the conversation and talk "How to Become an InfoSec Professional With Limited Resources", and talk about "What Is An InfoSec Professional?"!
Show Notes: https://wiki.securityweekly.com/SCWEpisode32
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Cute robot dogs available for sale, T-Mobile was down all day, lightbulbs can be bugged, DARPA bug bounties, Ebay is going to get ya, and Bob Erdman from Core Security talks about Ransomware!
Show Notes: https://wiki.securityweekly.com/SWNEpisode43
To learn more about Core Security, visit: https://securityweekly.com/coresecurity
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show news, Facebook and the FBI try to catch a child predator, REvil, State Sponsored hacking, Darpa bug bounties, and the F Word!
Show Notes: https://wiki.securityweekly.com/SWNEpisode42
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Lewie Dunsworth, CEO of Nuspire, to talk about How CISOs Can Best Prioritize Security With a Decreased Budget! In the Leadership and Communications section, Five signs a virtual CISO makes sense for your organization, How to Negotiate Virtually, Why Securing Endpoints Is The Future Of Cybersecurity, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode177
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Michelle Dennedy, CEO of DrumWave, to discuss Data Mapping & Data Value Journey! In the Application Security News, CallStranger hits the horror trope where the call is coming from inside the house, SMBleedingGhost Writeup expands on prior SMB flaws that exposed kernel memory, Misconfigured Kubeflow workloads are a security risk, Verizon Data Breach Investigations Report, and more!
Show Notes: https://wiki.securityweekly.com/ASWEpisode111
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
In the coming years, the requirement for real-time data processing and analysis will drive organizations to adopt edge computing in order to reduce latency and increase connectivity between devices – but adopters will inadvertently bring about a renaissance of neglected security issues. Poorly secured edge computing environments will create multiple points of failure, and a lack of security oversight will enable attackers to significantly disrupt operations.
Organizations in industries such as manufacturing, utilities, or those using IoT and robotics will be dependent upon edge computing to connect their ever-expanding technical infrastructure. However, many will not have the visibility, security or analysis capabilities that have previously been associated with cloud service providers – information risks will be transferred firmly back within the purview of the organization. Attackers will exploit security blind spots, targeting devices on the periphery of the network environment. Operational capabilities will be crippled by sophisticated malware attacks, with organizations experiencing periods of significant downtime and financial damage.
Poor implementation of edge computing solutions will leave organizations open to attack. Nation states, hacking groups, hacktivists and terrorists aiming to disrupt operations will target edge computing devices, pushing security to the brink of failure and beyond.
What is the Justification for This Threat?
As the world moves into the fourth industrial revolution, the requirement for high-speed connectivity, real-time data processing and analytics will be increasingly important for business and society. With the combined IoT market size projected to reach $520 billion by 2021, the development of edge computing solutions alongside 5G networks will be required to provide near-instantaneous network speed and to underpin computational platforms close to where data is created.
The transition of processing from cloud platforms to edge computing will be a requirement for organizations demanding speed and significantly lower latency between devices. With potential use cases of edge computing ranging from real-time maintenance in vehicles, to drone surveillance in defense and mining, to health monitoring of livestock, securing this architecture will be a priority.
With edge computing solutions, security blind spots will provide attackers with an opportunity to access vital operational data and intellectual property. Moreover, organizations will be particularly susceptible to espionage and sabotage from nation states and other adversarial threats. Edge computing environments, by their nature, are decentralized and unlikely to benefit from initiatives such as security monitoring. Many devices sitting within this type of environment are also likely to have poor physical security while also operating in remote and hostile conditions. This creates challenges in terms of maintaining these devices and detecting any vulnerabilities or breaches.
Organizations that adopt edge computing will see an expansion of their threat landscape. With many organizations valuing speed and connectivity over security, the vast number of IoT devices, robotics and other technologies operating within edge computing environments will become unmanageable and hard to secure.
Edge computing will underpin critical national infrastructure (CNI) and many important services, reinforcing the necessity to secure them against a range of disruptive attacks and accidental errors. Failures in edge computing solutions will result in financial loss, regulatory fines and significant reputational damage. An inability to secure this infrastructure will be detrimental to the operational capabilities of the business as attackers compromise both physical and digital assets alike. Human lives may also be endangered, should systems in products such as drones, weaponry and vehicles be compromised.
How Should Your Organization Prepare?
Organizations that are planning to adopt edge computing should consider if this architectural approach is suitable for their requirements.
In the short term, organizations should review physical security and potential points of failure for edge computing environments in the context of operational resilience. Carry out penetration testing on edge computing environments, including hardware components. Finally, identify blind spots in security event and network management systems.
In the long term, generate a hybrid security approach that incorporates both cloud and edge computing. Create a secure architectural framework for edge computing and ensure security specialists are suitably trained to deal with edge computing-related threats.
About the author: Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include strategy, information technology, cyber security and the emerging security threat landscape across both the corporate and personal environments. Previously, he was senior vice president at Gartner.
Copyright 2010 Respective Author at Infosec IslandSometimes, it seems that IT and security teams can’t win. They are judged on how quickly they can deploy their organization’s latest application or digital transformation initiative, but they’re also expected to safeguard those critical applications and data in increasingly complex hybrid networks – and in an ever more sophisticated threat landscape. That’s not an easy balancing act.
When an enterprise rolls out a new application, or migrates a service to the cloud, it can take days, or even weeks, to ensure that all the servers and network segments can communicate with each other, while blocking access to hackers and unauthorized users. This is because the network fabric can include hundreds of servers and devices (such as firewalls and routers) as well as virtualized devices in public or private clouds.
When making changes to all these devices, teams need to ensure that they don’t disrupt the connectivity that supports the application, and don’t create any security gaps or compliance violations. But given the sheer complexity of today’s networks, it’s not too surprising that many organizations struggle with doing this. Our 2019 survey of managing security in hybrid and multi-cloud environments found that over 42% of organizations had experienced application or network outages caused by simple human errors or misconfigurations.
What’s more, most organizations already have large network security policies in place with thousands, or even millions of policy rules deployed on their firewalls and routers. Removing any of these rules is often a very worrisome task, because the IT teams don’t have an answer to the big question of “why does this rule exist?”
The same question arises in many other scenarios, such as planning a maintenance window or handling an outage (“which applications are impacted when this device is powered off?”, “who should be notified”?), dealing with an insecure rule flagged by an audit, or limiting the blast radius of a malware attack (“What will be impacted if we remove this rule”?).
Intent-based networking (IBN) promises to solve these problems. Once security policies are properly annotated with the intent behind them, these operational tasks become much clearer and can be handled efficiently and with minimal damage. Instead of “move fast and break things” (which is unattractive in a security context, because “breaking” might mean “become vulnerable”) – wouldn’t it be better to “move fast and NOT break things”?
Intentions versus reality
As such, it’s no surprise that IBN is appealing to larger enterprises: it has the potential to ensure that networks can quickly adapt to the changing needs of the business, boosting agility without creating additional risk. However, while there are several IBN options available today, the technology is not yet fully mature. Some solutions offer IBN capabilities only in single-vendor network environments, while others have limited automation features.
This means many current solutions are of limited use in the majority of enterprises which have hybrid network environments. To satisfy security and compliance demands, an enterprise’s network management and automation processes must cover its entire heterogeneous fabric, including all security devices and policies (whether in the data center, at its perimeter, across on-premise networks or in the cloud) to enable true agility without compromising protection.
So how can enterprises with these complex, hybrid environments align their network and security management processes closely to the needs of the business? Can they automate the management of business-driven application and network changes with straightforward, high level ‘make it so’ commands?
Also, where would the “intent” information come from? In an existing “brown-field” environment, how can we find out, in retrospect, what was the intent behind the existing policies?
The answer is that it is possible to do all this with network security policy management (NSPM) solutions. These can already deliver on IBN’s promise of enabling automated, error-free handling of business-driven changes, and faster application delivery across heterogenous environments – without compromising the organizations’ security or compliance postures.
Intent-based network security
The right solution starts with the ability to automatically discover and map all the business applications in an enterprise, by monitoring and analyzing the network connectivity flows that support them. Through clustering analysis of netflow traffic summaries, modern NSPM solutions can automatically identify correlated business applications, and label the security policies supporting them – thereby automatically identifying the intent.
NSPM solutions can also identify the security devices and policies that support those connectivity flows across heterogeneous on-premise, SDN and cloud environments. This gives a ‘single source of truth’ for the entire network, storing and correlating all the application’s attributes in a single pane of glass, including configurations, IP addresses and policies.
With this holistic application and network map, the solution enables business application owners to request changes to network connectivity for their business applications without having to understand anything about the underlying network and security devices that the connectivity flows pass through.
The application owner simply makes a network connectivity request in their own high-level language, and the solution automatically understands and defines the technical changes required directly on the relevant network security devices.
As part of this process the solution assesses the change requests for risk and compliance with the organization’s own policies, as well as industry regulations. If the changes carry no significant security risk, the solution automatically implements them directly on the relevant devices, and then verifies the process has been completed – all with zero touch.
This means normal change requests are processed automatically — from request to implementation — in minutes, with little or no involvement of the networking team. Manual intervention is only required if a problem arises during the process, or if a request is flagged by the solution as high risk, while enabling IT, security and application teams to continuously monitor the state of the network and the business applications it supports.
Network security management solutions realize the potential of IBN, as they:
These intent-based network security capabilities allow business application owners to express their high-level business needs, and automatically receive a continuously maintained, secure and continuously compliant end-to-end connectivity path for their applications. They also enable IT teams to provision, configure and manage networks far easier, faster and more securely. This achieves the delicate balance of meeting business demands for speed and agility, while ensuring that risks are minimized.
About the author: Professor Avishai Wool is the CTO and Co-Founder of AlgoSec.
Copyright 2010 Respective Author at Infosec IslandThis week, we welcome back Dan DeCloss, President and CEO of PlexTrac, to talk about Enhancing Vulnerability Management By Including Penetration Testing Results! In the Security News, Hospital-busting hacker crew may be behind ransomware attack that made Honda halt car factories, 3 common misconceptions about PCI compliance, SMBleed could allow a remote attacker to leak kernel memory, Kubernetes Falls to Cryptomining via Machine-Learning Framework, and The F-words hidden superpower: How Repeating it can increase your pain threshold! In our Final Segment, we air a Pre-Recorded Interview with Ben Mussler, Senior Security Researcher at Acunetix, discussing New Web Technology and its Impact on Automated Security Testing!
Show Notes: https://wiki.securityweekly.com/PSWEpisode655
To learn more about PlexTrac, visit: https://securityweekly.com/plextrac
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Microsoft’s largest-ever Patch Tuesday update including 129 CVEs. Also, read about a new Android Spyware dubbed ActionSpy.
Read on:
Microsoft June Patch Tuesday Fixes 129 Flaws in Largest-Ever Update
Microsoft has released patches for 129 vulnerabilities as part of its June Patch Tuesday updates – the highest number of CVEs ever released by Microsoft in a single month. Within the blockbuster security update, 11 critical remote code-execution flaws were patched in Windows, SharePoint server, Windows Shell, VBScript and other products.
#LetsTalkSecurity: Become the Hunter
This week, Rik Ferguson, vice president of Security Research at Trend Micro, hosted the sixth episode of #LetsTalkSecurity featuring guest Jake Williams, founder of Rendition Infosec. Check out this week’s episode and follow the link to find more information about upcoming episodes and guests.
Not Just Good Security Products, But a Good Partner
This week, Trend Micro announced it has been placed in the Champions quadrant of the Canalys Global Cybersecurity Leadership Matrix, in recognition of major investments and improvements in the channel over the past year. The report particularly highlights Trend Micro’s partner portal improvements that include significant investments in deal registration, sales kits, promotions and training.
12 Biggest Cloud Threats and Vulnerabilities In 2020
Data breaches, cybercrime and targeted attacks in the cloud have driven demand for cloud security products and services in recent years. From misconfigured storage buckets and excess privileges to Infrastructure as Code (IoC) templates and automated attacks, here’s a look at 12 of the biggest cloud threats technical experts are worried about this year. Data breaches, cybercrime and targeted attacks in the cloud have driven demand for cloud security products and services in recent years.
Trend Micro Guardian: Protecting Your Kids On-the-Go
Some smart devices are not limited for use on the home network, for example, your child’s mobile phone or tablet. Keeping your kids safe with on-the-go devices means extending your security policies beyond the home. Trend Micro Home Network Security makes it easy with its free app, Trend Micro Guardian. Guardian integrates with HNS’s parental control rules via Mobile Device Management technology to extend the rules you’ve applied on your home network to your children’s Wi-Fi/mobile connections outside the home.
Microsoft Discovers Cryptomining Gang Hijacking ML-Focused Kubernetes Clusters
Microsoft published a report detailing a never-before-seen series of attacks against Kubeflow, a toolkit for running machine learning (ML) operations on top of Kubernetes clusters. The attacks have been going on since April, and Microsoft says its end-goal has been to install a cryptocurrency miner on Kubernetes clusters running Kubeflow instances exposed to the internet.
New Tekya Ad Fraud Found on Google Play
In late March, researchers from CheckPoint found the Tekya malware family being used to carry out ad fraud on Google Play. These apps have since been removed from the store, but Trend Micro recently found a variant of this family that had made its way onto Google Play via five malicious apps, although these have also been removed.
Fake COVID-19 Contact-Tracing Apps Infect Android Phones
Security researchers have identified 12 malicious Android applications, disguised to appear as official government COVID-19 contact-tracing apps, distributing malware onto devices. The Anomali Threat Research team found multiple applications containing a range of malware families, primarily banking Trojan Anubis and SpyNote, an Android Trojan with the goal of collecting and monitoring data on infected devices.
Tracking, Detecting, and Thwarting PowerShell-based Malware and Attacks
While traditional malware and attacks rely on crafted executables to function, fileless malware reside in memory to evade traditional scanners and detection methods. PowerShell, a legitimate management tool used by system administrators, provides an ideal cover for threat actors as they craft payloads heavily dependent on its deep Windows integration. Trend Micro has published multiple reports on this phenomenon, which has been further validated by telemetry data.
Updated Analysis on Nefilim Ransomware’s Behavior
Shortly after the discovery of Nefilim in March 2019, Trend Micro released its analysis of the ransomware and its behavior. Through recent investigations of cases observed in several companies, Trend Micro has amassed more information on how this ransomware operates. Some notable updates added the use of other tools such as Mimikatz, AdFind, CobaltStrike, and MegaSync, and the description of events that occur within the attack phases weeks or even months before the ransomware is deployed.
New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa
While tracking Earth Empura, also known as POISON CARP/Evil Eye, Trend Micro identified an undocumented Android spyware it has dubbed ActionSpy. During the first quarter of 2020, Trend Micro observed Earth Empusa’s activity targeting users in Tibet and Turkey before they extended their scope to include Taiwan.
Babylon Health Admits ‘Software Error’ Led to Patient Data Breach
Babylon Health, a UK AI chatbot and telehealth startup which has been valued in excess of $2BN, has suffered an embarrassing data breach after a user of the app found he was able to access other patients’ video consultations. The company confirmed the breach yesterday, telling the BBC that a “software error” related to a feature that lets users switch from audio to video-based consultations part way through a call had caused a “small number” of UK users to be able to see others sessions.
In part three of this five-part blog series, Trend Micro looks at the security risks of promoting smart factories by examining overlooked attack vectors, feasible attack scenarios, and recommended defense strategies. This blog describes the usage of Industrial IoT (IIoT) devices and overlooked security risks in software supply chains.
Surprised by the new Android spyware ActionSpy that was revealed via phishing attacks from Earth Empusa? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Microsoft June Patch Tuesday Fixes 129 Flaws in Largest-Ever Update and New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa appeared first on .
This week, we talk Enterprise News, to talk about how Morpheus Announces Zero-Trust Cloud Management Platform, Thycotic Releases New Version of DevOps Secrets Vault, Qualys Remote Endpoint Protection gets malware detection, F-Secure launches ID PROTECTION, Vectra integrates network threat detection and response for Microsoft Security Services, and more! In our second segment, we welcome Scott Kuffer, Co-Founder & COO at Nucleus Security, to talk about Vulnerability Management! In our final segment, we welcome Heather Adkins, Senior Director of Information Security and Privacy at Google, to talk about Google s New Site Reliability Engineering Book and best practices for designing scalable and reliable systems that are fundamentally secure!
Show Notes: https://wiki.securityweekly.com/ESWEpisode187
To learn more about Nucleus Security, visit: http://nucleussec.com
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Some smart devices are not limited to use on the home network; for instance, your child’s mobile phone or tablet. Keeping your kids safe on these on-the-go devices means extending your security policies beyond the home. Trend Micro Home Network Security (HNS) makes it easy with its complementary app, Trend Micro Guardian. Guardian integrates with HNS’s parental control rules via Mobile Device Management technology to extend the rules you’ve applied on your home network to your children’s Wi-Fi / mobile connections outside the home.
Guardian enables the following security and parental controls:
|
|
Setup and Configuration
In order to benefit from these features, the Trend Micro Guardian app must be installed on your child’s device and paired with your Home Network Security Station. It’s recommended that you install Trend Micro Guardian on the child’s device before setting up Parental Controls. However, you may also save the Trend Micro Guardian setup process until after you’ve defined the Parental Control rules for your child. Either way, Guardian accepts the rules defined and applies them to the child’s device whenever they go beyond your home and hook up to public WiFi or their mobile network.
For the Trend Micro Guardian app setup and installation process, you may refer to FAQ: Trend Micro Guardian or the Home Network Security Product Guide for more details.
A Few Additional Notes
|
|
Protection that Goes Where Your Child Goes
Internet safety for kids is a must, whether they’re online at home, or out and about, away from home. Trend Micro Guardian ensures the child will observe and practice the same security rules at home and on the internet anywhere in the world.
For more information on Trend Micro Home Network Security with Guardian, go to Home Network Security.
The post Trend Micro Guardian: Protecting Your Kids On-the-Go appeared first on .
This week, we welcome Chris Patteson and Robert Carey from RSA Security, to talk about Navigating the Risks Associated With the Return to "Normal"! Jeff, Scott, Josh, and Matt round out the show with the Compliance News of the week!
Show Notes: https://wiki.securityweekly.com/SCWEpisode31
To learn more about RSA Security, visit: https://securityweekly.com/RSAsecurity
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Twitter cracks down on 5G, Tycoon Ransomware, Citizen App, CallStranger, and REvil! Matt Allen from VIAVI Solutions joins us for Expert Commentary to talk about Leveraging enriched flow insights to accelerate response and remediation!
Show Notes: https://wiki.securityweekly.com/SWNEpisode41
To learn more about VIAVI Solution, visit: https://securityweekly.com/viavi
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Marc French, CISO & Managing Director at Product Security Group, Inc., to talk about Career Ladders in Information Security! In the Leadership and Communications section, Challenges of a New CISO: The First Year, Why a robust security culture begins with people, How Cybersecurity Leaders Can Chart the Seas of Business Communication, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode176
All of the open source career ladders can be found here: https://github.com/product-security-group/Security_Ladders
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
The analyst firm Canalys annually produces their Cybersecurity Leadership Matrix. Whereas many third-party assessments are looking at just the security product, this one focuses on the value to channel partners.
Sidebar: what is the channel? If you aren’t actively buying or selling cybersecurity and aren’t familiar with the term, the short answer is that the channel is how products get from the maker to the buyer. Resellers are the most commonly discussed example, however the channel is also distributors, system integrators, and others. Most established cybersecurity makers don’t have a big sales force that sells direct, for good reasons. Channel partners are usually not a single product seller, and they know a region, vertical or specific customer best and are ideally the end users’ de facto partner or trusted advisor. The channel dedicated for smaller companies sell more than just cybersecurity and can be an extension of the CIO team. Channel partners select products carefully: they are usually in for a much longer period of time and more of a commitment than a specific buyer.
Partners have to train staff, make significant investments, become familiar with the product and back it with their reputation. Features alone aren’t enough. Even the very best product that isn’t backed with a channel friendly vendor is a nightmare for the channel. Of course, bad products are a non-starter no matter how channel-friendly a company is as that reseller has to live with any fallout. Assessing channel success matters obviously to the channel but it is also significant for buyers. Channel partner success at the end of the day is a simple metric: a positive customer experience throughout a product lifecycle. In my experience a channel partner will do a more thorough product assessment than any enterprise buyer.
Canalys does a good job in capturing the channel aspects of a successful cybersecurity vendor with the leadership matrix, and they make it more than just about product or channel but combine the two. So, it is good news that Trend Micro is in the upper right “Champions” quadrant in 2020. It’s significant to me that Trend Micro is one of only seven entries in that quadrant when there are, according to Richard Stiennon, more than 2300 cybersecurity vendors in the world[1]. What is particularly significant to me is that the placement movement for Trend from last 2019 was so important, as it reflects the effort and focus we have put on our channel activities.
Like any third-party assessment it matters to know the context, so check out the Matrix here, and our own formal announcement here.
[1] https://www.techcentury.com/2020/02/14/cybersecurity-guru-stiennon-publishes-2020-yearbook/
The post Not Just Good Security Products, But a Good Partner appeared first on .
This week, we welcome Phillip Maddux, Sr. Technical Account Manager at Signal Sciences, to talk about The Future State of AppSec! In the Application Security News, Two vulnerabilities in Zoom could lead to code execution, Zero-day in Sign in with Apple, Focus on Speed Doesn t Mean Focus on Automation, Apple pushes fix across ALL devices for unc0ver jailbreak flaw, and more!
Show Notes: https://wiki.securityweekly.com/ASWEpisode110
To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, first we present a Technical Segment, on Lightweight Vulnerability Management using NMAP! In our second segment, we welcome back Corey Thuen, Co-Founder of Gravwell, for a second Technical Segment, entitled "PCAPS or it didn't happen", diving into Collecting Packet Captures on Demand within a Threat Hunting use case with Gravwell! In the Security News, Octopus Scanner Sinks Tentacles into GitHub Repositories, RobbinHood and the Merry Men, Zoom Restricts End-to-End Encryption to Paid Users, Hackers steal secrets from US nuclear missile contractor, and Had a bad weekend? Probably, if you're a Sectigo customer, after root cert expires and online chaos ensues!
Show Notes: https://wiki.securityweekly.com/PSWEpisode654
To learn more about Gravwell, visit: https://securityweekly.com/gravwell
To check out Packet Fleet, visit: https://github.com/gravwell/ingesters/tree/master/PacketFleet
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show news, Anonymous Returns, Deep Fakes and Deep Fake Hunters, IP in IP hacks, and IPv6.
Show Notes: https://wiki.securityweekly.com/SWNEpisode40
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a new module for the infamous trojan known as TrickBot that has been deployed. Also, read about Google’s $5 billion class-action lawsuit over claims that it has been collecting people’s browsing information when using the incognito browsing mode.
Read on:
No Entry: How Attackers Can Sneak Past Facial Recognition Devices
Now more than ever, businesses are looking into contactless entry solutions, turning to edge devices that use facial recognition or small devices like radio-frequency identification cards. These devices serve as the first line of defense for keeping intruders out of offices, which can be subject to many different types of attacks. In this blog, Trend Micro analyzes the different ways an intruder can trick or hack into facial recognition access control devices.
Cloud Security and Data Protection: What Enterprises Need to Know
Data security is rarely the first consideration when choosing a public cloud service provider. That is changing, though, because of the rise of tougher rules, regulations, and standards aimed at protecting consumer privacy. In this article, Mark Nunnikhoven, vice president of cloud research at Trend Micro, shares his thoughts on what enterprises need to know about cloud security and data protection.
Lemon Duck Cryptominer Spreads Through Covid-19 Themed Emails
In a recent campaign, Trend Micro came across a PowerShell script (mailer script) that distributes the Lemon Duck cryptominer through a new propagation method: Covid-19-themed emails with weaponized attachments. These emails are delivered to all Microsoft Outlook contacts of the user of a compromised machine, as similarly observed by SANS Internet Storm Center.
TrickBot Adds BazarBackdoor to Malware Arsenal
A new module for the infamous trojan known as TrickBot has been deployed: A stealthy backdoor that researchers call “BazarBackdoor.” The binary was first spotted being delivered as part of a phishing campaign that began in March, according to Panda Security. The campaign used the legitimate marketing platform Sendgrid to reach targets in a mass-mailing fashion.
Factory Security Problems from an IT Perspective (Part 3): Practical Approach for Stable Operation
This article is the last in a three-part series discussing the challenges IT departments face when they are tasked with overseeing cybersecurity in factories and implementing measures to overcome those challenges. For strong factory security, Trend Micro recommends three measures: network separation, layer-optimized measures, and integrated management of these elements. In this third article, Trend Micro explains this concrete approach to security.
Zoom Patches Two Serious Vulnerabilities Found by Cisco Researchers
Members of Cisco’s Talos threat intelligence and research group have identified two vulnerabilities in the Zoom client application that can allow a remote attacker to write files to the targeted user’s system and possibly achieve arbitrary code execution. The vulnerabilities, tracked as CVE-2020-6109 and CVE-2020-6110, are both rated high severity.
#LetsTalkSecurity: Ghost in the Machine
This Week, Rik Ferguson, vice president of security research at Trend Micro, hosted the fourth episode of #LetsTalkSecurity featuring guest Joe Slowik, USN Vet, Adversary Hunter, and Digital Sanitation Engineer with a focus on ICS. Check out this week’s episode and follow the link to find information about upcoming episodes and guests.
Google Faces Privacy Lawsuit Over Tracking Users in Incognito Mode
Google faces a $5 billion class-action lawsuit over claims that it has been collecting people’s browsing information without their knowledge when using the incognito browsing mode that is meant to keep their online activities private. The lawsuit, filed in the federal court in San Jose, California, alleges that Google compiles user data through Google Analytics, Google Ad Manager and other applications and website plug-ins, including smartphone apps, regardless of whether users click on Google-supported ads.
Barcode Reader Apps on Google Play Found Using New Ad Fraud Technique
Trend Micro recently saw two barcode reader apps in Google Play, together downloaded more than a million times, that started showing unusual behavior (detected as AndroidOS_HiddenAd.HRXJA). This includes behavior that can be seen even when the user is not actively using the phone.
Email Scammer Pleads Guilty to Defrauding Texas Firms Out of More Than $500,000
A 64-year-old man has admitted his role in an email-based fraud scheme that relied on spoofed email addresses to con two companies out of more than $500,000. Kenety Kim, or Myung Kim, pleaded guilty Tuesday in a Texas court to conspiracy to commit money laundering as part his role in a business email compromise scheme.
Surprised by Google’s lawsuit over tracking users in incognito mode? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Google Faces Privacy Lawsuit Over Tracking Users in Incognito Mode and TrickBot Adds Enterprise-grade Module to Malware Arsenal appeared first on .
I would like to express my outrage over the brutal killings of George Floyd, Breonna Taylor, and Ahmaud Arbery – not as the CEO of an international company, but as a human being and a citizen of the world. It makes me very sad, but also intensely frustrated and angry to realize how little is being done around the world to overcome the blatant inequality and racism that persists. The disturbing, high-profile incidents in the past weeks expose in a cruel way how we live in a world where fear, uncertainty and discrimination continue to impact the lives of black people every single day.
As a global society, we should do better; we must be better.
At Trend Micro, we are committed to providing a safe, empathetic and respectful environment where we reject any form of racism and discrimination, with zero tolerance. We not only welcome diversity in our Trend Micro family, we encourage it, whether it is diversity of race, ethnicity, nationality, gender, gender identification, sexual orientation, physical ability, age, religion, veteran status, socio-economic status, and political philosophy. We believe it is our different backgrounds and experiences that make us who we are and make us as strong as we are. But we continue to listen and learn how to create equality for all.
I feel very strongly that we all need to do something and become a force for change. We have an obligation towards our communities and our children to leave this world in a better place. I am fortunate as a CEO to be able to use my voice to speak out against any kind of discrimination, against racism in any form. I ask that we all seek to expand our perspectives and heighten our awareness of others. We must open our eyes to the current and ugly truth and challenge any subconscious tendencies to avoid this painful reality of inequality!
Today I am inspired to lift up the voice of a young Trend Micro employee who posted on our internal web site:
“Progress is a process. Unity is part of the process.
Unity drives awareness…
Awareness drives education…
Education drives action…
Action drives change…
Let’s make a change!”
These are very difficult times for us as individuals, communities, and as nations. I ask you to join me in doing our part to fight racism – we can’t afford any more lives to be lost, any more children growing up deprived of their opportunities. First and foremost, we need to listen to our black communities and educate ourselves. And we must acknowledge that this is an ongoing issue – and continue to fight inequality every day, even when the protests don’t make headlines anymore. We can all make a difference. Speak out against injustice, listen to the stories of inequality, act, vote and make a change.
Together, we can make this world a better place!
Eva Chen
The post Message from Eva Chen – as a human being, not a CEO: We need to speak out and act against racism appeared first on .
This week, we talk Enterprise News, to talk about how SureCloud Launches Cyber Resilience Assessment Solution, Blackpoint Cyber launches 365 Defense - a Microsoft 365 security add-on for its MDR service, Endace and Palo Alto Networks Cortex XSOAR enable accelerated forensics of cyberthreats, Zscaler acquires Edgewise Networks, WatchGuard Technologies Completes Acquisition of Panda Security, and more! In our second segment, we welcome Alyssa Miller, Application Security Advocate at Snyk, to talk about Unraveling Your Software Bill of Materials! In our final segment, we welcome Aaron Rinehart, CTO and Co-Founder of Verica, and Casey Rosenthal, CEO and Co-Founder of Verica, to talk about Security Chaos Engineering!
Show Notes: https://wiki.securityweekly.com/ESWEpisode186
To learn more about Snyk, visit: https://securityweekly.com/snyk
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Jeff loves PCI DSS. Josh has been a fierce critic of it... and... Josh has been working with public policy... We'll dig into the nuances and offer better ways to tell good from bad policy incentives.
Show Notes: https://wiki.securityweekly.com/SCWEpisode30
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, SpaceX docks, Anonymous returns, Apple pays, Zephyr blows, and Mobile Phishing is Expensive!
Show Notes: https://wiki.securityweekly.com/SWNEpisode39
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jen Ellis, Vice President of Community & Public Affairs at Rapid7, to talk about How to Truly Disrupt Cybercrime! In the Leadership and Communications section, CISO vs. CEO: How executives rate their security posture, 3 Reasons Why Cybersecurity Is Not A Technical Problem, How to Be a Great Listener in Remote Meetings and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode175
To learn more about Rapid7 or to request a demo, visit: https://securityweekly.com/rapid7
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we speak with John Chirhart, Customer Experience Engineer at Google Cloud, to discuss How to Prevent Account Takeover Attacks! In our second segment, we welcome Catherine Chambers, Senior Product Manager at Irdeto, to talk about why Apps Are the New Endpoint!
Show Notes: https://wiki.securityweekly.com/ASWEpisode109
To learn more about Irdeto, visit: https://securityweekly.com/irdeto
To learn more about Google Cloud and reCAPTCHA, visit: https://securityweekly.com/recaptcha
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Greg Foss, Senior Threat Researcher at VMware Carbon Black's Threat Analysis Unit, to talk about 2020 MITRE ATT&CK Malware Trends! In this week's Security News, NSA warns Russia-linked APT group is exploiting Exim flaw since 2019, 'Suspicious superhumans' behind rise in attacks on online services, Hackers Compromise Cisco Servers Via SaltStack Flaws, OpenSSH to deprecate SHA-1 logins due to security risk, all this and more with Special Guest Ed Skoudis, Founder of Counter Hack and Faculty Fellow at SANS Institute! In our final segment, we air a pre recorded interview with Peter Singer, Strategist at New America, and Author of Burn-In: A Novel of the Real Robotics Revolution, talking all things about his new novel Burn-In!
Show Notes: https://wiki.securityweekly.com/PSWEpisode653
To get a discounted copy of Burn-In: A Novel of the Real Robotic Revolution, visit: https://800ceoread.com/securityweekly
To check out the SANS Pen Test HackFest and Cyber Range Summit, visit: https://www.sans.org/event/hackfest-ranges-summit-2020
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show news, 5G Quantum Oscillations, Ragnar, Windows Hello, Facebook, and FISA!
Show Notes: https://wiki.securityweekly.com/SWNEpisode38
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how, over the past five years, the cybercriminal underground has seen a major shift to new platforms, communications channels, products, and services. Also, read about a new wave of Sandworm cyberattacks against email servers conducted by one of Russia’s most advanced cyber-espionage units.
Read on:
How the Cybercriminal Underground Has Changed in 5 Years
Trend Micro has been profiling the underground cybercrime community for many years. Over the past five years, it has seen a major shift to new platforms, communications channels, products, and services, as trust on the dark web erodes and new market demands emerge. Trend Micro expects the current pandemic to create yet another evolution, as cyber-criminals look to take advantage of new ways of working and systemic vulnerabilities.
Shadowserver, an Internet Guardian, Finds a Lifeline
In March, internet security group Shadowserver learned that longtime corporate sponsor Cisco was ending its support. With just weeks to raise hundreds of thousands of dollars to move its data center out of Cisco’s facility—not to mention an additional $1.7 million to make it through the year—the organization was at real risk of extinction. Ten weeks later, Shadowserver has come a long way toward securing its financial future. This week, Trend Micro committed $600,000 to Shadowserver over three years, providing an important backbone to the organization’s fundraising efforts.
#LetsTalkSecurity: No Trust for the Wicked
This Week, Rik Ferguson, vice president of Security Research at Trend Micro, hosted the fourth episode of #LetsTalkSecurity featuring guest Dave Lewis, Global Advisory CISO at Duo Security. Check out this week’s episode and follow the link to find information about upcoming episodes and guests.
Principles of a Cloud Migration – Security W5H – The HOW
Security needs to be treated much like DevOps in evolving organizations, meaning everyone in the company has a shared responsibility to make sure it is implemented. It is not just a part of operations, but a cultural shift in doing things right the first time – security by default. In this blog from Trend Micro, learn 3 tips to get you started on your journey to securing the cloud.
What’s Trending on the Underground Market?
Trust has eroded among criminal interactions in the underground markets, causing a switch to e-commerce platforms and communication using Discord, which both increase user anonymization, a new Trend Micro report reveals. Determined efforts by law enforcement appear to be having an impact on the cybercrime underground as several forums have been taken down by global police entities.
Is Cloud Computing Any Safer from Malicious Hackers?
Cloud computing has revolutionized the IT world, making it easier for companies to deploy infrastructure and applications and deliver their services to the public. The idea of not spending millions of dollars on equipment and facilities to host an on-premises data center is a very attractive prospect to many. But is cloud computing any safer from malicious threat actors? Read this blog from Trend Micro to find out.
Smart Yet Flawed: IoT Device Vulnerabilities Explained
The variety and range of functions of smart devices present countless ways of improving different industries and environments. While the “things” in the internet of things (IoT) benefits homes, factories, and cities, these devices can also introduce blind spots and security risks in the form of vulnerabilities. Vulnerable smart devices open networks to attack vectors and can weaken the overall security of the internet. For now, it is better to be cautious and understand that “smart” can also mean vulnerable to threats.
Cyberattacks Against Hospitals Must Stop, Says Red Cross
Immediate action needs to be taken to stop cyberattacks targeting hospitals and healthcare organizations during the ongoing coronavirus pandemic – and governments around the world need to work together to make it happen, says a newly published open letter signed by the International Committee of the Red Cross, former world leaders, cybersecurity executives and others.
Securing the 4 Cs of Cloud-Native Systems: Cloud, Cluster, Container, and Code
Cloud-native technologies enable businesses to make the most of their cloud resources with less overhead, faster response times, and easier management. Like any technology that uses various interconnected tools and platforms, security plays a vital role in cloud-native computing. Cloud-native security adopts the defense-in-depth approach and divides the security strategies utilized in cloud-native systems into four different layers.
Coinminers Exploit SaltStack Vulnerabilities CVE-2020-11651 and CVE-2020-11652
Researchers from F-Secure recently disclosed two high-severity vulnerabilities in SaltStack Salt: CVE-2020-11651, an authentication bypass vulnerability, and CVE-2020-11652, a directory traversal vulnerability. These can be exploited by remote, unauthenticated attackers, and all versions of SaltStack Salt before 2019.2.4 and 3000 before 3000.2 are affected. Trend Micro has witnessed attacks exploiting these vulnerabilities, notably those using cryptocurrency miners.
PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time
A Java-based ransomware known as PonyFinal has emerged, targeting enterprise systems management servers as an initial infection vector. It exfiltrates information about infected environments, spreads laterally and then waits before striking — the operators go on to encrypt files at a later date and time, when the likelihood of the target paying is deemed to be the most likely.
Qakbot Resurges, Spreads through VBS Files
Trend Micro has seen events that point to the resurgence of Qakbot, a multi-component, information-stealing threat first discovered in 2007. Feedback from Trend Micro’s sensors indicates that Qakbot detections increased overall. A notable rise in detections of a particular Qakbot sample (detected by Trend Micro as Backdoor.Win32.QBOT.SMTH) was also witnessed in early April.
CSO Insights: SBV’s Ian Keller on the Challenges and Opportunities of Working Remotely
The COVID-19 pandemic has forced businesses to change the way they operate. These abrupt changes come with a unique set of challenges, including security challenges. Ian Keller, Chief Security Officer of SBV Services in South Africa, sat down with Trend Micro and shared his thoughts on how SBV is coping with the current pandemic, the main challenges they faced when transitioning their staff to remote work, as well as how they plan to move forward.
NSA Warns of New Sandworm Attacks on Email Servers
The US National Security Agency (NSA) has published a security alert warning of a new wave of cyberattacks against email servers, attacks conducted by one of Russia’s most advanced cyber-espionage units. The NSA says that members of Unit 74455 of the GRU Main Center for Special Technologies (GTsST), a division of the Russian military intelligence service, have been attacking email servers running the Exim mail transfer agent (MTA).
In the second part of this five series column, Trend Micro looks at the security risks to be aware of when promoting smart factories by examining overlooked attack vectors, feasible attack scenarios, and recommended defense strategies. This column is especially applicable for architects, engineers, and developers who are involved in smart factory technology.
Factory Security Problems from an IT Perspective (Part 2): People, Processes, and Technology
This blog is the second in a series that discusses the challenges that IT departments face when they are assigned the task of overseeing cybersecurity in factories and implementing measures to overcome these challenges. In this article, Trend Micro carries out an analysis to uncover the challenges that lie in the way of promoting factory security from an IT perspective.
21 Tips to Stay Secure, Private, and Productive as You Work from Home on Your Mac
If you brought a Mac home from the office, it’s likely already set up to meet your company’s security policies. But what if you are using your personal Mac to work from home? You need to outfit it for business, to protect it and your company from infections and snooping, while ensuring it continues to run smoothly over time. In this blog, learn 21 tips for staying secure, private, and productive while working from home on your Mac.
Surprised by the new wave of Sandworm attacks? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: How the Cybercriminal Underground Has Changed in 5 Years and the NSA Warns of New Sandworm Attacks on Email Servers appeared first on .
This week, we talk Enterprise News, to talk about the MITRE ATT&CK for ICS: A Technical Deep Dive, Tufin Expands Security Automation Capabilities, Strengthen Business and Security Alignment with ThreatConnect, BeyondTrust Privilege Management for Windows and Mac SaaS Accelerates and Enhances Endpoint Security, Re-imaging threat detection, hunting and response with CTI, and more! In our second segment, we welcome Adam Bosnian, Executive Vice President of Global Business Development at CyberArk, discussing What Is The Real Value Of Identity In A Multi-vendor IT Environment? In our final segment, we welcome Zack Moody, Head of Global Cybersecurity & Privacy at AVX Corporation, to talk about how Cybersecurity Is a Mindset That Cannot Be Taught!
Show Notes: https://wiki.securityweekly.com/ESWEpisode185
To learn more about CyberArk, visit: https://securityweekly.com/cyberark
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
“How about… ya!”
Security needs to be treated much like DevOps in evolving organizations; everyone in the company has a responsibility to make sure it is implemented. It is not just a part of operations, but a cultural shift in doing things right the first time – Security by default. Here are a few pointers to get you started:
1. Security should be a focus from the top on down
Executives should be thinking about security as a part of the cloud migration project, and not just as a step of the implementation. Security should be top of mind in planning, building, developing, and deploying applications as part of your cloud migration. This is why the Well Architected Framework has an entire pillar dedicated to security. Use it as a framework to plan and integrate security at each and every phase of your migration.
2. A cloud security policy should be created and/or integrated into existing policy
Start with what you know: least privilege permission models, cloud native network security designs, etc. This will help you start creating a framework for these new cloud resources that will be in use in the future. Your cloud provider and security vendors, like Trend Micro, can help you with these discussions in terms of planning a thorough policy based on the initial migration services that will be used. Remember from my other articles, a migration does not just stop when the workload has been moved. You need to continue to invest in your operation teams and processes as you move to the next phase of cloud native application delivery.
3. Trend Micro’s Cloud One can check off a lot of boxes!
Using a collection of security services, like Trend Micro’s Cloud One, can be a huge relief when it comes to implementing runtime security controls to your new cloud migration project. Workload Security is already protecting thousands of customers and billions of workload hours within AWS with security controls like host-based Intrusion Prevention and Anti-Malware, along with compliance controls like Integrity Monitoring and Application Control. Meanwhile, Network Security can handle all your traffic inspection needs by integrating directly with your cloud network infrastructure, a huge advantage in performance and design over Layer 4 virtual appliances requiring constant changes to route tables and money wasted on infrastructure. As you migrate your workloads, continuously check your posture against the Well Architected Framework using Conformity. You now have your new infrastructure secure and agile, allowing your teams to take full advantage of the newly migrated workloads and begin building the next iteration of your cloud native application design.
This is part of a multi-part blog series on things to keep in mind during a cloud migration project. You can start at the beginning which was kicked off with a webinar here: https://resources.trendmicro.com/Cloud-One-Webinar-Series-Secure-Cloud-Migration.html. To have a more personalized conversation, please add me to LinkedIn!
The post Principles of a Cloud Migration – Security W5H – The HOW appeared first on .
If the first few months of 2020 have taught us anything, it’s the importance of collaboration and partnership to tackle a common enemy. This is true of efforts to fight the current pandemic, and it’s also true of the fight against cybercrime. That’s why Trend Micro has, over the years, struck partnerships with various organizations that share a common goal of securing our connected world.
So when we heard that one of these partners, the non-profit Shadowserver Foundation, was in urgent need of financial help, we didn’t hesitate to step in. Our new $600,000 commitment over three years will help to support the vital work it does collecting and sharing global threat data for the next three years.
What is Shadowserver?
Founded in 2004, The Shadowserver Foundation is now one of the world’s leading resources for reporting vulnerabilities, threats and malicious activity. Their work has helped to pioneer a more collaborative approach among the international cybersecurity community, from vendors and academia to governments and law enforcement.
Today, its volunteers, 16 full-time staff and global infrastructure of sinkholes, honeypots and honeyclients help run 45 scans across 4 billion IPv4 addresses every single day. It also performs daily sandbox scans on 713,000 unique malware samples, to add to the 12 Petabytes of malware and threat intelligence already stored on its servers. Thousands of network owners, including 109 CSIRTS in 138 countries worldwide, rely on the resulting daily reports — which are available free of charge to help make the digital world a safer place.
A Global Effort
Trend Micro is a long-time partner of The Shadowserver Foundation. We automatically share new malware samples via its malware exchange program, with the end goal of improving protection for both Trend Micro customers and Shadowserver subscribers around the world. Not only that, but we regularly collaborate on global law enforcement-led investigations. Our vision and mission statements of working towards a more secure, connected world couldn’t be more closely aligned.
As COVID-19 has brutally illustrated, protecting one’s own backyard is not enough to tackle a global challenge. Instead, we need to reach out and build alliances to take on the threats and those behind them, wherever they are. These are even more pronounced at a time when remote working has dramatically expanded the corporate attack surface, and offered new opportunities for the black hats to prosper by taking advantage of distracted employees and stretched security teams.
The money Trend Micro has donated over the next three years will help the Shadowserver Foundation migrate to the new data center it urgently needs and support operational costs that combined will exceed $2 million in 2020. We wish the team well with their plans for this year.
It’s no exaggeration to say that our shared digital world is a safer place today because of their efforts, and we hope to continue to collaborate long into the future
The post Securing the Connected World with Support for The Shadowserver Foundation appeared first on .
Nowadays, Macs are part of the work-from-home workforce during the COVID-19 pandemic. If you’ve brought a Mac from the office to home, it’s likely your IT department has already set it up to meet your company’s security policies. But what if you’re enlisting a Mac already at home to do duty for your company? You need to outfit it for business, to protect it and your company from infections and snooping, while ensuring it continues to run smoothly over time.
Here are 21 tips for staying secure, private, and productive while working from home on your Mac—while also making sure your personal “helpdesk” is in place, should you run into problems while doing your work.
While good security habits are important for all Mac users (since, contrary to popular opinion, Macs are as vulnerable to malicious attacks as PCs), you need to take special care when working from home on your Mac because you’ll be interacting with your company’s applications and platforms over the internet. Start your “security upgrade” with the Mac itself, to keep it free of viruses and malware. Make sure your security checklist includes the following:
|
|
Trend Micro Mac Endpoint Security solutions include:
|
|
Next, you need to make sure your work remains private. This means creating a “chain of privacy” that extends from your Mac over the internet to your company’s servers, so that each link in the chain is “locked” to ensure your company data remains private.
|
|
Trend Micro Mac Privacy/Security solutions include:
|
|
Working from home means contending with home distractions (though working in the office has its own set of distractions too). Staying productive therefore includes setting good work and break habits, physically optimizing your work-from-home Mac setup, and keeping your Mac in good working order. Effective and productive remote working, when it comes setting up good work habits, using efficiency maximizing tools, and separating work from home activities, is a whole topic in itself. Here we include only those tips that directly affect the healthy operation and optimization of your Mac:
|
|
Trend Micro Performance tools include:
|
|
Finally, should things go wrong at any time with your working Mac setup, you need to make sure to have a work-from-home “Help Desk” in place for when you need it. This can include the following:
|
|
Trend Micro Solutions include:
|
|
That’s it! These tips should get you started on the road to staying secure, private, and productive, while running smoothly, as you work from home on your Mac. During the COVID-19 pandemic, many of us are doing just that. Now is the time to keep your working Mac working for you!
The post 21 Tips to Stay Secure, Private, and Productive as You Work from Home on Your Mac appeared first on .
FreshRSS 