Login
This week, we welcome back Cesar Rodriguez, Head of Developer Advocacy at Accurics, to discuss Immutable Security For Immutable Infrastructure! In the Application Security News, Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards, In-band key negotiation issue in AWS S3 Crypto SDK for golang, Re VoL TE attack can decrypt 4G (LTE) calls to eavesdrop on conversations, Hardware Security Is Hard: How Hardware Boundaries Define Platform Security, How to make your security team more business savvy, and more!
Show Notes: https://wiki.securityweekly.com/asw118
Visit https://securityweekly.com/accurics to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Mike Nichols, Head of Product at Elastic Security, to discuss Why Elastic Is Making Endpoint Security 'Free And Open'! In our second segment, it's the Security News! We'll be talking about how Amazon Alexa One-Click Attack Can Divulge Personal Data, Researcher Publishes Patch Bypass for vBulletin 0-Day, Threat actors managed to control 23% of Tor Exit nodes, a Half a Million IoT Passwords were Leaked, Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment, and a Zoom zero-day flaw allows code execution on victim's Windows machine! In our final segment, we air a pre recorded interview with Michael Assraf, CEO and Co-Founder at Vicarius, to talk about Vulnerability Rich - Contextually Blind!
Show Notes: https://wiki.securityweekly.com/psw662
Visit https://securityweekly.com/vicarius to learn more about them!
Visit https://securityweekly.com/elastic to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug wraps up Fancy Bear, Alexa flaws, 747's fly with 3.5 inch floppies, Drovorub, Volte/Revolte LTE hacks, and how Cybersecurity Earnings are up!
Show Notes: https://wiki.securityweekly.com/swn56
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about one of Microsoft’s largest Patch Tuesday updates ever, including fixes for 120 vulnerabilities and two zero-days. Also, learn about Trend Micro’s new integrations with Amazon Web Services (AWS).
Read on:
Microsoft Patches 120 Vulnerabilities, Two Zero-Days
This week Microsoft released fixes for 120 vulnerabilities, including two zero-days, in 13 products and services as part of its monthly Patch Tuesday rollout. The August release marks its third-largest Patch Tuesday update, bringing the total number of security fixes for 2020 to 862. “If they maintain this pace, it’s quite possible for them to ship more than 1,300 patches this year,” says Dustin Childs of Trend Micro’s Zero-Day Initiative (ZDI).
Trend Micro has discovered an unusual infection related to Xcode developer projects. Upon further investigation, it was discovered that a developer’s Xcode project at large contained the source malware, which leads to a rabbit hole of malicious payloads. Most notable in our investigation is the discovery of two zero-day exploits: one is used to steal cookies via a flaw in the behavior of Data Vaults, another is used to abuse the development version of Safari.
Top Tips for Home Cybersecurity and Privacy in a Coronavirus-Impacted World: Part 1
We’re all now living in a post-COVID-19 world characterized by uncertainty, mass home working and remote learning. To help you adapt to these new conditions while protecting what matters most, Trend Micro has developed a two-part blog series on ‘the new normal’. Part one identifies the scope and specific cyber-threats of the new normal.
Trend Micro enhances agility and automation in cloud security through integrations with Amazon Web Services (AWS). Through this collaboration, Trend Micro Cloud One offers the broadest platform support and API integration to protect AWS infrastructure whether building with Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS Lambda, AWS Fargate, containers, Amazon Simple Storage Service (Amazon S3), or Amazon Virtual Private Cloud (Amazon VPC) networking.
Shedding Light on Security Considerations in Serverless Cloud Architectures
The big shift to serverless computing is imminent. According to a 2019 survey, 21% of enterprises have already adopted serverless technology, while 39% are considering it. Trend Micro’s new research on serverless computing aims to shed light on the security considerations in serverless environments and help adopters in keeping their serverless deployments as secure as possible.
In One Click: Amazon Alexa Could be Exploited for Theft of Voice History, PII, Skill Tampering
Amazon’s Alexa voice assistant could be exploited to hand over user data due to security vulnerabilities in the service’s subdomains. The smart assistant, which is found in devices such as the Amazon Echo and Echo Dot — with over 200 million shipments worldwide — was vulnerable to attackers seeking user personally identifiable information (PII) and voice recordings.
New Attack Lets Hackers Decrypt VoLTE Encryption to Spy on Phone Calls
A team of academic researchers presented a new attack called ‘ReVoLTE,’ that could let remote attackers break the encryption used by VoLTE voice calls and spy on targeted phone calls. The attack doesn’t exploit any flaw in the Voice over LTE (VoLTE) protocol; instead, it leverages weak implementation of the LTE mobile network by most telecommunication providers in practice, allowing an attacker to eavesdrop on the encrypted phone calls made by targeted victims.
An Advanced Group Specializing in Corporate Espionage is on a Hacking Spree
A Russian-speaking hacking group specializing in corporate espionage has carried out 26 campaigns since 2018 in attempts to steal vast amounts of data from the private sector, according to new findings. The hacking group, dubbed RedCurl, stole confidential corporate documents including contracts, financial documents, employee records and legal records, according to research published this week by the security firm Group-IB.
Walgreens Discloses Data Breach Impacting Personal Health Information of More Than 72,000 Customers
The second-largest pharmacy chain in the U.S. recently disclosed a data breach that may have compromised the personal health information (PHI) of more than 72,000 individuals across the United States. According to Walgreens spokesman Jim Cohn, prescription information of customers was stolen during May protests, when around 180 of the company’s 9,277 locations were looted.
Top Tips for Home Cybersecurity and Privacy in a Coronavirus-Impacted World: Part 2
The past few months have seen radical changes to our work and home life under the Coronavirus threat, upending norms and confining millions of American families within just four walls. In this context, it’s not surprising that more of us are spending an increasing portion of our lives online. In the final blog of this two-part series, Trend Micro discusses what you can do to protect your family, your data, and access to your corporate accounts.
What are your thoughts on Trend Micro’s tips to make your home cybersecurity and privacy stronger in the COVID-19-impacted world? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Microsoft Patches 120 Vulnerabilities, Including Two Zero-Days and Trend Micro Brings DevOps Agility and Automation to Security Operations Through Integration with AWS Solutions appeared first on .
This week, first we talk Enterprise News, discussing how Attivo Networks Announces New Integration with IBM Security Resilient, GreatHorn improves email security with better visibility and intelligent protection, Elite Intelligence Ascends to the Cloud With Recorded Future and Microsoft Azure, Thycotic Releases Privileged Access Management Capabilities for the New Reality of Cloud and Remote Work, Datadog has acquired Undefined Labs, a testing and observability company for developer workflows, and more! In our second segment, we air two pre-recorded interviews from Security Weekly Virtual Hacker Summer Camp with Chris Wysopal from Veracode and Mario Vuksan from ReversingLabs! In our final segment, we air two more pre-recorded interviews from Virtual Hacker Summer Camp with Danny Jenkins from ThreatLocker and Stephen Boyer from BitSight!
Show Notes: https://securityweekly.com/esw194
To learn more about BitSight, visit: https://securityweekly.com/bitsight
To learn more about ThreatLocker, visit: https://www.securityweekly.com/threatlocker
To learn more about ReversingLabs, visit: https://www.reversinglabs.com/
To learn more about Veracode, visit: https://www.veracode.com/
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jeanette Manfra, Global Director, Security and Compliance at Google Cloud! Government agencies are running in antiquated, fortress-based government clouds under the guise this is the only option for superior security and compliance. However, security and compliance don t have to be a blocker to innovation; they can be part of the transformation. Jeanette will discuss how Google Cloud is enabling this transformation with Assured Workloads for Government by simplifying the compliance configuration process and providing seamless platform compatibility between government and commercial cloud environments.
Show Notes: https://wiki.securityweekly.com/scw38
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug White talks TikTok, Microsoft 0-Days, Google Bug Bounties, Mercedes bugs, Kr00k redux, Tor nodes, and is 5G Dead? Jason Wood joins us for Expert Commentary on how the Cybersecurity Skills Gap Worsens, Fueled by Lack of Career Development!
Show Notes: https://wiki.securityweekly.com/swn55
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
The official Call for Presentations (speakers) for SecurityWeek’s 2020 Industrial Control Systems (ICS) Cyber Security Conference, being held October 19 – 22, 2020 in SecurityWeek’s Virtual Conference Center, has been extended to August 31st.
As the premier ICS/SCADA cyber security conference, the event was originally scheduled to take place at the InterContinental Atlanta, but will now take place in a virtual environment due to COVID-19.
“Due to the impact of COVID-19 and transition to a fully virtual event, we have extended the deadline for submissions to allow more time for speakers to put together their ideas under the new format,” said Mike Lennon, Managing Director at SecurityWeek. “Given SecurityWeek’s global reach and scale, we expect this to be the largest security-focused gathering of its kind serving the industrial and critical infrastructure sectors.”
The 2020 Conference is expected to attract thousands of attendees from around the world, including large critical infrastructure and industrial organizations, military and state and Federal Government.
SecurityWeek has developed a fully immersive virtual conference center on a cutting- edge platform that provides attendees with the opportunity to network and interact from anywhere in the world.
As the original ICS/SCADA cyber security conference, the event is the longest-running cyber security-focused event series for the industrial control systems sector.
With an 18-year history, the conference has proven to bring value to attendees through the robust exchange of technical information, actual incidents, insights, and best practices to help protect critical infrastructures from cyber-attacks.
Produced by SecurityWeek, the conference addresses ICS/SCADA topics including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.
Through the Call for Speakers, a conference committee will accept speaker submissions for possible inclusion in the program at the 2020 ICS Cyber Security Conference.
The conference committee encourages proposals for both main track, panel discussions, and “In Focus” sessions. Most sessions will be mixed between 30 and 45 minutes in length including time for Q&A.
Submissions will be reviewed on an ongoing basis so early submission is highly encouraged. Submissions must include proposed presentation title, an informative session abstract, including learning objectives for attendees if relevant; and contact information and bio for the proposed speaker.
All speakers must adhere to the 100% vendor neutral / no commercial policy of the conference. If speakers cannot respect this policy, they should not submit a proposal.
To be considered, interested speakers should submit proposals by email to events(at)securityweek.com with the subject line “ICS2020 CFP” by August 31, 2020.
Plan on Attending the 2020 ICS Cyber Security Conference? Online registration is open, with discounts available for early registration.
Copyright 2010 Respective Author at Infosec IslandEnterprise Security Professional to Discuss Latest Cloud Security Trends and Strategies Via Fully Immersive Virtual Event Experience
SecurityWeek will host its 2020 Cloud Security Summit virtual event on Thursday, August 13, 2020.
Through a fully immersive virtual environment, attendees will be able to interact with leading solution providers and other end users tasked with securing various cloud environments and services.
“As enterprises adopt cloud-based services to leverage benefits such as scalability, increased efficiency, and cost savings, security has remained a top concern,” said Mike Lennon, Managing Director at SecurityWeek. “SecurityWeek’s Cloud Security Summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments.”
The Cloud Security Summit kicks off at 11:00AM ET on Thursday, August 13, 2020 and features sessions, including:
Sponsors of the 2020 Cloud Security Summit include: DivvyCloud by Rapid7, Tufin, Darktrace, SecurityScorecard, Bitglass, Orca Security, Auth0 and Datadog.
Register for the Cloud Security Summit at: https://bit.ly/CloudSec2020
Copyright 2010 Respective Author at Infosec IslandWelcome to the new normal. We’re all now living in a post-COVID-19 world characterized by uncertainty, mass home working and remote learning. The lines demarcating normal life have shifted abruptly – perhaps never to return. That’s not the worst that can happen, as we all know, but it does mean we all need to get used to new ways of living, working and studying from home. This has major implications for the online safety, security and privacy of our families.
To help you adapt to these new conditions while protecting what matters most, Trend Micro has developed a two-part blog series on “The New Normal.” Part 1 identifies the scope and specific cyber-threats of the new normal. Part 2 provides security tips and products to help address those threats.
In April, nearly 300 million Americans were estimated to be in government-mandated lockdown. Even as some businesses, municipalities and states begin to relax these rules, experts have warned of subsequent waves of the virus, which could result in new localized lockdowns. In short, a lot of people will continue to work from home, while their children, also at home, attempt to study remotely from their mobile devices.
This has considerable implications for how we spend our time. Without that morning commute to work or school, more of it than ever will involve sitting in front of a desktop, laptop, tablet or smartphone screen. Even the smart TV is enlisted. Dangers include
|
|
Unfortunately, the increase in working from home (WFH), especially for those not used to it, may lead to an increase in risky behavior, such as: using non-approved apps for work; visiting non work-related sites on work devices; and using personal devices to access work resources. Recent global Trend Micro research found that:
|
|
This is not about restricting your freedom to visit the sites you want to visit while at home. It’s about reducing the risk of exposing corporate data and systems to possible malware.
Unsurprisingly, there has also been a major uptick in the volume of cyber-threats targeting home users. With a captive audience to aim at, it’s a huge opportunity for cyber-criminals to steal your log-ins and personal data to sell to fraudsters, or even to steal corporate passwords and information for a potentially bigger pay-off. They are helped by the fact that many home workers may be more distracted than they usually would be at the office, especially if they have young children. Your kids may even share the same laptops or PCs as you, potentially visiting risky sites and/or downloading unapproved apps.
There’s also a chance that, unless you have a corporate machine at home, your personal computing equipment is less secure than the kit you had in the office. Add to that the fact that support from the IT department may be less forthcoming than usual, given that stretched teams are overwhelmed with requests, while themselves struggling to WFH. One recent report claimed that nearly half (47%) of IT security pros have been taken off some or all of their typical security tasks to support other IT-related jobs. In another, only 59% of respondents said they believe their cybersecurity team has the right tools and resources at home to perform their job effectively.
It’s time to step up and take security into your own hands. Stay on the lookout for the following threats.
|
|
So what’s a remote worker/concerned parent to do to protect themselves and the family in the midst of the “new normal?”
Read Part 2 in this mini-series, which we’re publishing simultaneously with Part 1, where we share some best practice advice on how to keep your digital lives and work systems safe from online threats during lockdown—and where we provide tools to help you do just that.
The post Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 1) appeared first on .
The past few months have seen radical changes to our work and home life under the Coronavirus threat, upending norms and confining millions of American families within just four walls. In this context, it’s not surprising that more of us are spending an increasing portion of our lives online. But this brings with it some familiar cyber-risks. In Part 1 of this mini-series, we explained how cyber-criminals are looking to capitalize on these sweeping changes to society to further their own ends.
Now let’s take a look at what you can do to protect your family, your data, and access to your corporate accounts.
The bad guys are laser-focused on stealing your personal data and log-ins and increasingly see the remote worker as an easy target for leapfrogging into corporate networks. That’s not to mention the potential internet safety risks inherent in bored kids spending more time in front of their screens. To respond, you’ll need to create an equally focused “home security plan” governed by sensible policies and best practices. Here are some of the key areas to consider.
Protect your smart home and router
Increasingly, unprotected smart home devices are being targeted by cyber-criminals to turn into botnets to attack others. They might also provide sophisticated attackers with a stepping-stone into your corporate systems, via the home network. The home router, with its known flaws, is (after the modem) the digital front door to the smart home and the basis for your networking, so it should be first in any security strategy. Consider the following when tackling home network security:
|
|
Secure your home office
Cyber-criminals are primed to take advantage of distracted home workers and potentially less secure PCs/devices. Secure this environment by doing the following:
|
|
Stay safe from phishing
Phishing is the number one tactic used by attackers to trick you into installing malware or handing over your log-ins. Emails, text messages, social media messages and more are spoofed to appear as if sent by a legitimate company or contact. In response:
|
|
Use video conferencing safely
New videoconferencing platforms can introduce risk, especially if you’re not familiar with the default settings. Here’s how to stay safe when video conferencing:
|
|
Stay safe shopping and banking
Next, protect your financial information and stay safe from e-commerce fraud by doing the following:
|
|
Think about online safety for kids
They may be under your roof for more hours of the day than usual, but your children are also likely to be spending more time online. That means you need to have a measured conversation with them about internet safety, backed up with parental controls. Consider the following:
|
|
Mobile security best practices
Finally, sheltering at home has limits, particularly for restless kids. When they go to the store or out to the park, facemasks notwithstanding, they’re likely going to use their mobile devices, just as they’ll continue to do at home. Of course, you’re not exempt either from mobile threats. Ensure mobile security by
|
|
When it comes to protecting the home from security and privacy threats during lockdown, leave no stone unturned. Cyber-criminals will always look for the weak link in the chain and focus their efforts there. Network security is important, but it doesn’t replace the need for protection on each individual device. You’ll need to cover your router, network, smart devices, and all endpoints (PCs, laptops, mobiles and other devices). Here’s how Trend Micro can help:
Trend Micro Home Network Security
Trend Micro Home Network Security provides industry-leading protection against any threats to internet-connected devices in the home. The solution
|
|
Trend Micro Security (PC and Mac)
Trend Micro Security, available in various editions (led by Trend Micro Maximum Security), is Trend’s flagship endpoint security product for consumers. Available for both PCs and Macs, it features AI learning to stop advanced threats. Among a wide range of protections, it includes:
|
|
Trend Micro Mobile Security:
Trend Micro Mobile Security provides endpoint security for all your mobile devices, whether Android or iOS-based.
|
|
Additional Trend Micro Tools:
Network and endpoint security should be supplemented with tools that accomplish specific tasks, such as protecting your internet connections, your passwords, and your identity data. Trend Micro provides
|
|
Maintaining your family’s security and privacy on all their devices during the coronavirus lockdown above all means changing your mindset, to take into account the mix of work and play in the household during the “new normal.” Use these tips and tools during lockdown and you’ll be well on your way to ensuring you and your family’s safety from malicious viruses—both digital and natural.
The post Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 2) appeared first on .
We all know that the prices of key commodities such as oil, gold, steel and wheat don’t just impact individual business sectors as they fluctuate according to supply and demand: they also power international trading markets and underpin the global economy. And it’s exactly the same with cyber-crime.
The prices of key commodities in the cyber-crime economy – such as stolen credentials, hacked accounts, or payment card details – not only reflect changes in supply and usage, but also influence the types of attack that criminals will favor. After all, criminals are just as keen to maximise return on their investments and create ‘value’ as any legitimate business.
A recent report gave the current average prices during 2020 for some of these cyber-crime commodities on the Dark Web. Stolen credit-card details start at $12 each, and online banking details at $35. ‘Fullz’ (full identity) prices are typically $18, which is cheaper than just two years ago due to an oversupply of personally identifiable information following several high-profile breaches. A very basic malware-as-a-service attack against European or U.S. targets starts at $300, and a targeted DDoS attack starts at $10 per hour.
Extortion evolves
These prices help to explain one of the key shifts in cyber crime over the past two years: the move away from ransomware to DDoS attacks for extortion. Ransomware has been around for decades, but on a relatively small scale, because most types of ransomware were unable to spread without users’ intervention. This meant attacks were limited in their scope to scrambling data on a few PCs or servers, unless the attacker got lucky.
But in 2017, the leak of the ‘EternalBlue’ exploit changed the game. Ransomware designed to take advantage of it – 2017’s WannaCry and NotPetya – could spread automatically to any vulnerable computer in an organization. All that was needed was a single user to open the malicious attachment, and the organization’s network could be paralyzed in minutes – making it much easier for criminals to monetize their attacks.
While this drove an 18-month bubble of ransomware attacks, it also forced organizations to patch against EternalBlue and deploy additional security measures, meaning attacks became less effective. Sophisticated malware like WannaCry and NotPetya cost time and money to develop, and major new exploits like EternalBlue are not common. As such, use of ransomware has declined, returning to its roots as a targeted attack tool.
DDoS deeds, done dirt cheap
DDoS attacks have replaced ransomware as the weapon of choice for extortion attempts. As mentioned earlier, a damaging attack is cheap to launch, using one of the many available DDoS-for-hire services at just $10 per hour or $60 for 24 hours (like any other business looking to attract customers, these services offer discounts to customers on bigger orders).
Why are DDoS attacks so cheap? One of the key reasons is DDoS-for-hire service operators are increasingly using the scale and flexibility of public cloud services, just as legitimate organizations do. Link11’s researchshows the proportion of attacks using public clouds grew from 31% in H2 2018 to 51% in H2 2019. It’s easy to set up public cloud accounts using a $18 fake ID and a $12 stolen credit card, and simply hire out instances as needed to whoever wants to launch a malicious attack. When that credit card stops working, buy another.
Operating or renting these services is also very low-risk: the World Economic Forum's ‘Global Risks Report 2020’ states that in the US, the likelihood of a cybercrime actor being caught and prosecuted is as low as 0.05%. Yet the impact on the businesses targeted by attacks can be huge: over $600,000 on average, according to Ponemon Institute´s Cost of Cyber Crime Study.
Further, the Covid-19 pandemic has made organizations more vulnerable than ever to the loss of online services, with the mass shift to home working and consumption of remote services – making DDoS attacks even more attractive as an extortion tool, as they cost so little, but have a strong ROI. This means any organization could find itself in attackers’ cross-hairs: from banks and financial institutions to internet infrastructure, retailers, online gaming site, as well as public sector organizations and local governments. If services are taken offline, or slowed to a crawl for just a few hours, employees’ normal work will be disrupted, customers won’t be able to transact, and revenues and reputation will take a hit.
Make sure crime doesn’t pay
To avoid falling victim to the new wave of DDoS extortion attacks, and fuelling the cyber-crime economy through ransom payments, organizations need to defend their complex, decentralized and hybrid environments with cloud-based protection. This should route all traffic to the organization’s networks via an external cloud service, that identifies and filters out all malicious traffic instantly using AI techniques before an attack can impact on critical services – helping to ensure that those services are not disrupted. Online crime may continue to be profitable for threat actors – but with the right defences, individual organizations can ensure that they’re not contributing.
Copyright 2010 Respective Author at Infosec IslandIn the coming years, organizations’ insatiable desire to understand consumers through behavioral analytics will result in an invasive deployment of cameras, sensors and applications in public and private places. A consumer and regulatory backlash against this intrusive practice will follow as individuals begin to understand the consequences.
Highly connected ecosystems of digital devices will enable organizations to harvest, repurpose and sell sensitive behavioral data about consumers without their consent, with attackers targeting and compromising poorly secured systems and databases at will.
Impacts will be felt across industries such as retail, gaming, marketing and insurance that are already dependent on behavioral analytics to sell products and services. There are also a growing number of sectors that will see an increased dependency on behavioral analytics, including finance, healthcare and education.
Organized criminal groups, hackers and competitors will begin stealing and compromising these treasure troves of sensitive data. Organizations whose business model is dependent on behavioral analytics will be forced to backtrack on costly investments as their practices are deemed to be based on mass surveillance and seen as a growing privacy concern by regulators and consumers alike.
What is the Justification for This Threat?
Data gathered from sensors and cameras in the physical world will supplement data already captured by digital platforms to build consumer profiles of unprecedented detail. The gathering and monetization of data from social media has already faced widespread condemnation, with regulators determining that some organizations’ practices are unethical.
For example, Facebook’s role in using behavioral data to affect political advertising for the European Referendum resulted in the UK's Information Commissioner’s Office fining the organization the maximum penalty of £500,000 in late 2019 – citing a lack of protection of personal information and privacy and failing to preserve a strong democracy.
Many organizations and governments will become increasingly dependent on behavioral analytics to underpin business models, as well as for monitoring the workforce and citizens. The development of ‘smart cities’ will only serve to amplify the production and gathering of behavioral data, with people interacting with digital ecosystems and technologies throughout the day in both private and public spaces. Data will be harvested, repurposed and sold to third parties, while the analysis will provide insights about individuals that they didn’t even know themselves.
An increasing number of individuals and consumer-rights groups are realizing how invasive behavioral analytics can be. An example of an associated backlash involved New York’s Hudson Yard in 2019, where the management required visitors to sign away the rights to their own photos taken of a specific building. However, this obligation was hidden within the small print of the contract signed by visitors upon entry. These visitors boycotted the building and sent thousands of complaints, resulting in the organization backtracking and rewriting the contracts.
Another substantial backlash surrounding invasive data collection occurred in London when Argent, a biometrics vendor, used facial recognition software to track individuals across a 67-acre site surrounding King's Cross Station without consent.
Attackers will also see this swathe of highly personal data as a key target. For example, data relating to individuals’ personal habits, medical and insurance details, will present an enticing prospect. Organizations that do not secure this information will face further scrutiny and potential fines from regulators.
How Should Your Organization Prepare?
Organizations that have invested in a range of sensors, cameras and applications for data gathering and behavioral analysis should ensure that current technical infrastructure is secure by design and is compliant with regulatory requirements.
In the short term, organizations should build and incorporate data gathering principles into a corporate policy. Additionally, they need to create transparency over data gathering practices and use and fully understand the legal and contractual exposure on harvesting, repurposing and selling data.
In the long term, implement privacy by design across the organization and identify the use of data in supply chain relationships. Finally, ensure that algorithms used in behavioral analytical systems are not skewed or biased towards particular demographics.
About the author: Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include strategy, information technology, cyber security and the emerging security threat landscape across both the corporate and personal environments. Previously, he was senior vice president at Gartner.
Copyright 2010 Respective Author at Infosec IslandAt one of the last cyber-security events I attended before the Covid-19 enforced lockdowns, I was talking with an IT director about how his organization secures its public cloud deployments. He told me: “We have over 500 separate AWS accounts in use, it helps all our development and cloud teams to manage the workloads they are responsible for without crossover or account bloat, and it also makes it easier to control cloud usage costs: all the accounts are billed centrally, but each account is a separate cost center with a clear owner.”
I asked about security, and he replied that each AWS account had different logins, meaning fewer staff had access to each account, which helped to protect each account.
While it’s true that having hundreds of separate public cloud accounts will help to keep a closer eye on cloud costs, it also creates huge complexity when trying to manage the connectivity and security of applications and workloads. Especially when making changes to applications that cross different public cloud accounts, or when introducing infrastructure changes that touch many – or even all- accounts.
As I covered in my recent article on public cloud security, securing applications and data in these environments can be challenging. It’s far easier for application teams to spin up cloud resources and move applications to them, than it is for IT and security teams to get visibility and control across their growing cloud estates.
Even if you are using a single public cloud platform like AWS, each account has its own security controls – and many of them. Each VPC in every region within the account has separate security groups and access lists: even if they embody the same policy, you need to write and deploy them individually. Any time you need to make a change, you need to duplicate the work across each of these elements.
Then there’s the question of how security teams get visibility into all these cloud accounts with their different configurations, to ensure they are all properly protected according to the organization’s security policy. It’s almost impossible to do this using manual processes without overlooking – or introducing – potential vulnerabilities.
So how do the teams in charge of those hundreds of accounts manage them effectively? Here are my three key steps:
1. Gain visibility across your networks
The first challenge to address is a lack of visibility into all your AWS cloud accounts, from one vantage point. The security teams need to be able to observe all the security controls, across all account/region/VPC combinations.
2. Manage changes from a single console
The majority of network security policy changes need to touch a mix of the cloud providers’ own security controls as well as other controls, both in the cloud and on-premise. No cloud application is an island that is entire of itself – it needs to access resources in other parts of the organization’s estate. When changes to network security policies in all these diverse security controls are managed from a single system, security policies can be applied consistently, efficiently, and with a full audit trail of every change.
3. Automate security processes
In order to manage multiple public cloud accounts efficiently, automation is essential. Security automation dramatically accelerates change processes, avoids manual processing mistakes and misconfigurations, and enables better enforcement and auditing for regulatory compliance. It also helps organizations overcome skill gaps and staffing limitations.
With an automation solution handling these steps, organizations can get holistic, single-console security management across all their public cloud accounts, as well as their private cloud and on-premise deployments – which ensures they can count on robust security across their entire IT estate.
About the author: Professor Avishai Wool is the CTO and Co-Founder of AlgoSec.
Copyright 2010 Respective Author at Infosec IslandInfosec professionals have always had their work cut out for them, as the threat landscape continuously challenges existing security measures to adapt, improve and cope with the unexpected. As the coronavirus pandemic forced organizations to migrate their entire workforce to a work-from-home context, practically overnight, security professionals faced a new challenge for which half of them had not planned.
A recent Bitdefender survey reveal that 83 percent of US security and IT professionals believe the COVID-19 pandemic will change the way their business operates, mostly because their infrastructure had to adapt to accommodate remote work. Another concern for companies is that employees tend to be more relaxed about security (34 percent) and that working remotely means they will not be as vigilant in identifying and flagging suspicious activity and sticking to security protocols (34 percent).
Lessons learned
Having managed the initial work-from-home technology transition challenges, 1 in 4 security professionals understands the significant value and deployment of endpoint risk assessment tools. As mobility shifted to 100% for all employees, organizations could no longer rely on infrastructure-embedded and perimeter defense technologies to protect endpoints. Augmenting the endpoint security stack with risk assessment and risk analytics tools became mandatory in order to give infosec professionals needed visibility and more control over remote employee devices.
In addition to deploying risk analytics, 31 percent of infosec professionals indicated they would also increase employee training, as the current threat landscape has been witness to more socially engineered threats than actual malware sophistication. Employees are more at risk of clicking the wrong link or opening a tainted attachment, potentially compromising both their devices and company infrastructure.
With a greater need for visibility of weak spots within their infrastructure, 28 percent of security professionals have also had to adjust security policies. For instance, pre-pandemic policies that took into account infrastructure hardware and security appliances became useless in a remote work context.
The New Normal
While some companies have transitioned to the new normal faster than others, businesses understand they need to provide additional cybersecurity measures for employees, and to permanently increase their capability to monitor and protect devices outside of the office. There’s never been a silver bullet for addressing cybersecurity challenges, and the current post-pandemic era is further proof that security is a living organism that needs to adapt to ensure business continuity.
Nothing new to the role of an infosecurity professional.They still need to deploy the right people, the proper process and products, and the correct procedures to achieve long-term safety and success.
About the author: Liviu Arsene is a Senior E-Threat analyst for Bitdefender, with a strong background in security and technology. Reporting on global trends and developments in computer security, he writes about malware outbreaks and security incidents while coordinating with technical and research departments.
Copyright 2010 Respective Author at Infosec IslandLearning from the experiences of others should be a key job requirement for all cybersecurity, AppSec, DevSecOps, CISO, CRMO and SecSDLC professionals. The recent attack against Twitter where high-profile accounts were compromised to promote a Bitcoin scam is one such opportunity.
As new information comes to light (and I sincerely hope that Twitter continues to provide meaningful details), everyone within the cybersecurity realm should look to both their internal IT and application development practices as well as those of your suppliers for evidence that this particular attack pattern couldn’t be executed against your organization.
What we know as of now is that on July 15th, an attack was launched against Twitter that targeted 130 accounts. Of those 130, 45 had their passwords reset and eight had their Twitter data downloaded. While the initial public focus was on Twitter Verified accounts, those eight accounts were not verified.
The attack itself was based on the concept of social engineering where the targets were Twitter employees with access to an administrative tool capable of modifying account access of individual Twitter employees.
The attacker’s actions included posting a Bitcoin scam on prominent accounts, but it has also been reported that there was an effort to acquire Twitter accounts with valuable names.
That the attack had a prominent component of a Bitcoin scam and a secondary component of account harvesting, there is an obvious first question we should be thinking about: With the level of access the attackers had, why wasn’t their attack more disruptive? This is a perfect example of attackers defining the success criteria and thus the rules of their attack.
That being said, it’s entirely plausible that the true goal of this attack has yet to be identified and that the attackers might easily have installed backdoors in Twitter’s systems that could lay dormant for some time.
Looking solely at the known information, everyone working with user data should be asking these types of questions:
For most organizations, administrator access is something given to their most trusted employees. For some, this trust might stem from how long the employee has been with the organization. For others, trust might stem from a variety of background checks. None-the-less, administrators are humans and humans make errors in judgement – precisely the type of scenario social engineering targets.
Knowing that an administrator, particularly one with God-mode access rights, will be a prime target for social engineering efforts, any access granted to an administrator should be as limited as possible. This includes scenarios where an administrator is called upon to resolve users access issues.
After all, someone claiming to be locked out from their account could easily be an attacker attempting to coerce someone in tech support to transfer rightful ownership into their hands. This implies that on occasion a successful account takeover will occur, and that the legitimate owner will retain control of the original contact methods, such as email address, phone numbers and authenticator apps.
If the business sends a confirmation notice to the previous contact method when it changes, that then offers an additional level of warning for users who may be potential targets. The same situation should play out with any security settings such as recovery questions or 2FA configuration.
Since this attack on Twitter exploited weaknesses in their account administration process, it effectively targeted some of the most trusted people and processes within Twitter. Every business has trusted processes and people, which means that they could be equally vulnerable to such an attack.
This then serves as an opportunity for all businesses to reassess how they build and deploy applications with an eye on how they would be administered and what process weaknesses could be exploited.
About the author: Tim Mackey is Principal Security Strategist, CyRC, at Synopsys. Within this role, he engages with various technical communities to understand how to best solve application security problems. He specializes in container security, virtualization, cloud technologies, distributed systems engineering, mission critical engineering, performance monitoring, and large-scale data center operations.
Copyright 2010 Respective Author at Infosec IslandThis week, it's the Security Weekly Virtual Hacker Summer Camp edition of Paul's Security Weekly! In our first segment, we welcome Chad Anderson, Senior Security Researcher at DomainTools, to discuss Observing Disinformation Campaigns! In our second segment, it's the Security News! We'll be talking about How hackers could spy on satellite internet traffic with just $300 of home TV equipment, Smart locks opened with nothing more than a MAC address, 17-Year-Old 'Mastermind' and 2 Others Behind the Biggest Twitter Hack Arrested, Flaw in popular NodeJS express-fileupload module allows DoS attacks and code injection, and how Netgear Won't Patch 45 Router Models Vulnerable to a Serious Flaw! In our final segment, we air a pre recorded interview with Sumedh Thakar, President and Chief Product Officer at Qualys, and Mehul Revankar, VP Product Management and Engineering of VMDR at Qualys, discussing Automating Your Vulnerability Management Program!
Show Notes: https://wiki.securityweekly.com/psw661
For your free trial of Qualys VMDR, visit: https://securityweekly.com/qualys
Visit https://securityweekly.com/domaintools to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Based on research that Trend Micro released during Black Hat USA this past week, read about how some industrial robots have flaws that could make them vulnerable to advanced hackers, as well as the risks related to protocol gateways and how to secure these devices.
Read on:
Unveiling the Hidden Risks of Industrial Automation Programming
The legacy programming environments of widely used industrial machines could harbor virtually undetectable vulnerabilities and malware. Trend Micro’s recent security analysis of these environments, presented at Black Hat USA 2020 this week, reveals critical flaws and their repercussions for smart factories.
Top 6 Cybersecurity Trends to Watch for at Black Hat USA 2020
At this year’s Black Hat USA 2020 conference, some of the top trends expected to surface include ransomware, election security and how to protect a remote workforce. Trend Micro’s vice president of cybersecurity, Greg Young, said, “Cybercrime increased rather than slowed down due to the pandemic, as we saw 1 billion more threats blocked in the first half of 2020 compared to 2019.”
Lost in Translation: When Industrial Protocol Translation Goes Wrong
Also presented this week at Black Hat USA, this recent research from Trend Micro examines the risks related to protocol gateways, the possible impact of an attack or wrong translation, and ways to secure these devices.
As COVID-19 cases around the U.S. continue to rise, the International Criminal Police Organization (INTERPOL) says that governments are seeing an “alarming” rate of cyberattacks aimed at major corporations, governments and critical infrastructure.
Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts
A series of ongoing business email compromise (BEC) campaigns that uses spear-phishing schemes on Office 365 accounts has been seen targeting business executives of more than 1,000 companies globally since March. The campaigns target senior positions in the United States and Canada, and the fraudsters, dubbed “Water Nue” by Trend Micro, primarily target accounts of financial executives to obtain credentials for further financial fraud.
Robots Running the Industrial World Are Open to Cyber Attacks
Industrial robots are now being used to assemble everything from airplanes to smartphones, using human-like arms to mechanically repeat the same processes over and over, thousands of times a day with nanometric precision. But according to a new report from Trend Micro, some robots have flaws that could make them vulnerable to advanced hackers, who could steal data or alter a robot’s movements remotely.
Patch Fail Led to Password Leak of 900 VPN Enterprise Servers
Applying a security update to a CVE released more than a year ago could have prevented a hacker from publishing plaintext usernames and passwords as well as IP addresses for more than 900 Pulse Secure VPN enterprise servers. This vulnerability, CVE 2019-11510, was one of the several recently exploited vulnerabilities by Russia’s Cozy Bear, APT29, in an attempt to steal COVID-19 vaccine research.
U.S. Offers Reward of $10M for Info Leading to Discovery of Election Meddling
The U.S. government is concerned about foreign interference in the 2020 election, so much so that it will offer a reward of up to $10 million for anyone providing information that could lead to tracking down potential cybercriminals aiming to sabotage the November vote.
TeamViewer Flaw Could be Exploited to Crack Users’ Password
A high-risk vulnerability in TeamViewer for Windows could be exploited by remote attackers to crack users’ password and, consequently, lead to further system exploitation. CVE-2020-13699 is a security weakness arising from an unquoted search path or element – more specifically, it’s due to the application not properly quoting its custom URI handlers – and could be exploited when the system with a vulnerable version of TeamViewer installed visits a maliciously crafted website.
Black Hat: How Your Pacemaker Could Become an Insider Threat to National Security
Implanted medical devices are an overlooked security challenge that is only going to increase over time. The emerging problem of vulnerabilities and avenues for attack in IMDs was first highlighted by the 2017 case of St. Jude (now under the Abbott umbrella), in which the US Food and Drug Administration (FDA) issued a voluntary recall of 465,000 pacemakers due to vulnerabilities that could be remotely exploited to tamper with the life-saving equipment.
What was your favorite session from Black Hat USA this week? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Robots Running the Industrial World Are Open to Cyber Attacks and Industrial Protocol Translation Gone Wrong appeared first on .
This week, it's Security Weekly Virtual Hacker Summer Camp! In our first segment, we welcome John Loucaides, VP of Research & Development at Eclypsium, to talk about Putting Zero Trust in Your Devices! In our second segment, we talk Enterprise News, discussing Tanium offering new cybersecurity service through a partnership with Google Cloud, CyberArk launches open-source Shadow Admin identification tool for Azure and AWS, Threat Stack Cloud Security Platform extends security observability to AWS Fargate tasks, Polyrize announces its SaaS-based security platform, and more! In our final segment, we welcome our dear friend and Security and Compliance Weekly's host Jeff Man, to talk about Mapping MITRE ATT&CK to PCI DSS!
Show Notes: https://securityweekly.com/esw193
To learn more about securing devices down to the firmware and hardware level, visit: https://eclypsium.com/
Visit https://www.securityweekly.com/esw for all the latest episodes!
Join the Security Weekly Discord: https://discord.gg/pqSwWm4
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, it's Security Weekly Virtual Hacker Summer Camp, and we have two interviews! First, we welcome Matt Ashburn, Federal Engagement Lead at Authentic8, to discuss "How Security Spending Overlooks the Biggest Risk of All"! Then, we welcome Doug Hubbard, Founder at Hubbard Decision Research, to discuss "The Failure of Risk Management"!
Show Notes: https://wiki.securityweekly.com/bsw183
Learn more on how to quantify risk in terms of dollars and cents in order to build better "business impact" decision makers, visit: https://hubbardresearch.com/
Visit https://www.authentic8.com/bsw to learn more about them!
Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
This week, it's Security Weekly Virtual Hacker Summer Camp 2020! In our first segment, we welcome Mike Rothman, President at DisruptOps, to discuss: How Does Sec Live In A DevOps World? In the Application Security News, Using Amazon GuardDuty to Protect Your S3, OkCupid Security Flaw Threatens Intimate Dater Details, Florida teen charged as mastermind in Twitter hack hitting Biden, Bezos, and others, Sandboxing and Workload Isolation, and Microsoft to remove all SHA-1 Windows downloads next week!
Show Notes: https://wiki.securityweekly.com/asw117
Try it out free of charge and experience the future of security operations. Visit https://disruptops.com/free-evaluation/
Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
This week, we welcome back Corey Thuen, Co-Founder at Gravwell, to talk about Gravwell's Big Bang Release! In our second segment, we welcome Siddharth Bhatia, PhD student at National University of Singapore, to discuss MIDAS: Siddharth's Research that finds anomalies or malicious entities in real-time! In the Security News, a Vulnerability that Allowed Brute-Forcing Passwords of Private Zoom Meetings, Russia's GRU Hackers Hit US Government and Energy Targets, a New tool that detects shadow admin accounts in AWS and Azure environments, BootHole Secure Boot Threat Found In Mostly Every Linux Distro, Windows 8 And 10, and how Hackers Broke Into Real News Sites to Plant Fake Stories!
Show Notes: https://wiki.securityweekly.com/psw660
Visit https://securityweekly.com/gravwell to learn more about them!
Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4
Visit https://www.securityweekly.com/psw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
This week, 'Boothole' vulnerability basically affects everything, Garmin Pays Ransomware but the implications are scary, Doki, Fancy Bear, GRU, Fancy Bear is hitting lots of US targets in an escalating campaign ,and someone who does like Assange doesn't like Idaho very much!
Show Notes: https://wiki.securityweekly.com/swn54
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about how Trend Micro found an IoT Mirai botnet downloader that can be added to new malware variants to scan for exposed Big-IP boxes for intrusion. Also, learn about how the Vermont Department of Taxes may have been exposing taxpayer data for more than three years.
Read on:
Ransomware is Still a Blight on Business
Ransomware has been with us for years, but only really became mainstream after the global WannaCry and NotPetya incidents of 2017. Now mainly targeting organizations in lieu of consumers, and with increasingly sophisticated tools and tactics, the cybercriminals behind these campaigns have been turning up the heat during the COVID-19 pandemic. That’s why we need industry partnerships like No More Ransom.
Garmin Outage Caused by Confirmed WastedLocker Ransomware Attack
Wearable device maker Garmin shut down some of its connected services and call centers last week following what the company called a worldwide outage, now confirmed to be caused by a WastedLocker ransomware attack. Garmin’s product line includes GPS navigation and wearable technology for the automotive, marine, aviation, marine, fitness, and outdoor markets.
Trend Micro Launches Cloud Solution for Microsoft Azure
Trend Micro announced the availability of its Trend Micro Cloud One – Conformity offering to Azure customers, helping global organizations tackle misconfigurations, compliance challenges and cyber-risks in the cloud. The company also achieved the CIS Microsoft Azure Foundation Security Benchmark, certifying that the Conformity product has built-in rules to check for more than 100 best practices in the CIS framework.
Ensiko: A Webshell with Ransomware Capabilities
Ensiko is a PHP web shell with ransomware capabilities that targets platforms such as Linux, Windows, macOS, or any other platform that has PHP installed. The malware has the capability to remotely control the system and accept commands to perform malicious activities on the infected machine. It can also execute shell commands on an infected system and send the results back to the attacker via a PHP reverse shell.
‘Boothole’ Threatens Billions of Linux, Windows Devices
A newly discovered serious vulnerability – dubbed “BootHole” – with a CVSS rating of 8.2 could unleash attacks that could gain total control of billions of Linux and Windows devices. Security firm Eclypsium researchers released details this week about how the flaw can take over nearly any device’s boot process.
Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902
Following the initial disclosure of two F5 BIG-IP vulnerabilities in early July, Trend Micro continued monitoring and analyzing the vulnerabilities and other related activities to further understand their severities. Based on the workaround published for CVE-2020-5902, Trend Micro found an IoT Mirai botnet downloader that can be added to new malware variants to scan for exposed Big-IP boxes for intrusion and deliver the malicious payload.
Hackers Stole GitHub and GitLab OAuth Tokens from Git Analytics Firm Waydev
Waydev, a San Francisco-based company, runs a platform that can be used to track software engineers’ work output by analyzing Git-based codebases. Earlier this month, the company disclosed a security breach, saying that hackers broke into its platform and stole GitHub and GitLab OAuth tokens from its internal database.
As the world currently grapples with the disruption brought about by the coronavirus pandemic, the need for digital transformation has become not only more apparent but also more urgent. Applications now play an integral role, with many businesses and users relying on a wide range of applications for work, education, entertainment, retail, and other uses.
Vermont Taxpayers Warned of Data Leak Over the Past Three Years
The Vermont Department of Taxes may have been exposing taxpayer data that could be used in credential scams for more than three years due to a vulnerability in its online tax filing system. A notice posted on the department’s website warned taxpayers who filed a Property Transfer Tax return through the department’s online filing site between Feb. 1, 2017, and July 2, 2020, may have had their personal information leaked.
Guidelines Related to Security in Smart Factories Part 6: MITRE ATT&CK
This blog series explains examples of general-purpose guidelines for ICS and OT security and helps readers understand the concepts required for security in smart factories. Thus far, part one through part five have explained IEC62443, the NIST CSF, part of the P800 series, and CIS Controls. In part six, Trend Micro explains MITRE ATT&CK, although not a guideline, it is a knowledge base in which offensive and defensive technologies in cyber-attacks are clearly organized.
Netgear has decided not to patch more than 40 home routers to plug a remote code execution vulnerability – despite security researchers having published proof-of-concept exploit code. The vulnerability was revealed publicly in June by Trend Micro’s Zero Day Initiative (ZDI).
Online Dating Websites Lure Japanese Customers to Scams
In May, Trend Micro observed a sudden increase in traffic for online dating websites primarily targeting Japanese customers. After analyzing and tracking these numbers, we found that these dating scam campaigns attract potential victims by using different website domains that have similar screen page layouts. By the end of the transactions, the fraudsters steal money from victims without the subscribers receiving any of the advertised results.
ESG Findings on Trend Micro Cloud-Powered XDR Drives Monumental Business Value
Trend Micro’s cloud-powered XDR and Managed XDR offerings optimize threat detection and response across all critical vectors. In a recent survey commissioned by Trend Micro and conducted by ESG, organizations surveyed experience faster detection and less alert fatigue as a result of intelligently using data from all their security controls (including those covering endpoints, email, servers, cloud workloads and networks).
How does your organization manage threat detection and response? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902 and Vermont Taxpayers Warned of Data Leak Over the Past Three Years appeared first on .
This material was published by ESG Research Insights Report, Validating Trend Micro’s Approach and Enhancing GTM Intelligence, 2020.
The post ESG Findings on Trend Micro Cloud-Powered XDR Drives Monumental Business Value appeared first on .
This week, we talk Enterprise News, discussing how Attivo Networks EDN enhancements prevent attackers from fingerprinting an endpoint, CloudPassage Expands Cloud Security Capabilities for Docker, Kubernetes, and Container-related Services on AWS, Digital Shadows announces integration with Atlassian Jira, LogRhythm Releases Version 7.5 of NextGen SIEM Platform and New Open Collector Technology, Cloudflare releases Workers Unbound, a secure serverless computing platform, and more! In our second segment, we welcome Om Moolchandani, Chief Technology Officer of Accurics, to Learn about a new paradigm dubbed immutable security! In our final segment, we air a pre recorded interview with Neira Jones, Ambassador at Emerging payments Association, discussing Compliance and Fraud Prevention in FinTech!
Show Notes: https://securityweekly.com/esw192
Visit https://securityweekly.com/accurics to learn more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, John Snyder will lead the discussion about the legal implications of Security and Compliance! In the second segment, we continue the discussion with John Snyder, our new co-host. Peppering him with questions about the law, hacking, security, compliance, and we might throw in a few of our favorite lawyer movie quotes!
Show Notes: https://wiki.securityweekly.com/scw37
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, QSnatch, dave.com, ShinyHunters, a quantum internet, government tyranny, and DEFCON! Jason Wood returns with Expert Commentary on A Cyberattack on Garmin Disrupted More Than Workouts!
Show Notes: https://wiki.securityweekly.com/swn53
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Drew Cohen, President & CEO at MasterPeace Solutions Ltd., to discuss Cybersecurity Challenges in a Teleworking World! In the second segment, Matt, Paul, and Jason talk about how marketing to today s CISO is no easy task. CISOs have an unprecedented amount of work on their plates with constantly shifting technology, vast amounts of data in motion, regulatory requirements and new threats arising daily. We'll discuss the results of a Merritt Group Survey on Marketing and Selling to the CISO, 2020 Edition.
Show Notes: https://wiki.securityweekly.com/bsw182
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Ransomware is Still a Blight on Business
Trends come and go with alarming regularity in cybersecurity. Yet a persistent menace over the past few years has been ransomware. Now mainly targeting organizations rather than consumers, and with increasingly sophisticated tools and tactics at their disposal, the cybercriminals behind these campaigns have been turning up the heat during the COVID-19 pandemic. That’s why we need industry partnerships like No More Ransom.
Celebrating its fourth anniversary this week, the initiative has helped over four million victims fight the scourge of ransomware, saving hundreds of millions of dollars in the process. At Trend Micro, we’re proud to have played a major part, helping to decrypt over 77 million files for victims.
Not going anywhere
Ransomware has been with us for years, but only really hit the mainstream after the global WannaCry and NotPetya incidents of 2017. Unfortunately, that was just the start. Today, no sector is safe. We saw attacks rage across US municipalities, school districts and hospitals in 2019. Most recently, a major outage at a connected technology giant impacted everything from consumer fitness trackers to on-board flight systems.
Such attacks can hit victim organizations hard. There are serious reputational and financial repercussions from major service outages, and the stakes have been raised even further as attackers now often steal data before encrypting victims’ files. A recent incident at a US cloud computing provider has led to data compromise at over 20 universities and charities in the UK and North America, for example. A separate ransomware attack on a managed service provider earlier this year may cost it up to $70m.
The bad guys have shown no sign of slowing down during the pandemic — quite the reverse. Even as hospitals have been battling to save the lives of patients battling COVID-19, they’ve been targeted by ransomware designed to lock mission-critical systems.
No More Ransom
That’s why we need to celebrate public-private partnerships like No More Ransom, which provides helpful advice for victims and a free decryption tool repository. Over the past four years it has helped 4.2 million visitors from 188 countries, preventing an estimated $632 million in ransom demands finding its way into the pockets of cyber-criminals.
At Trend Micro, we’re proud to have been an associate partner from the very start, contributing our own decryption tools to the scores available today to unlock 140 separate ransomware types. Since the start of No More Ransom, Trend Micro tools have been downloaded nearly half a million times, helping over 50,000 victims globally to decrypt more than 77 million files. We simply can’t put a price on this kind of intervention.
https://www.europol.europa.eu/publications-documents/infographic-4th-anniversary-no-more-ransom
Yet while the initiative is a vital response to the continued threat posed by ransomware, it is not all we can do. To truly beat this menace, we need to educate organizations all over the planet to improve their resilience to such malware threats. That means taking simple steps such as:
|
|
I’m also speaking on a panel today hosted by the U.S. Chamber of Commerce on NotPetya and general ransomware attack trends related to the pandemic. Join us to learn more about ransomware from law enforcement agencies, policy makers and businesses.
If your organization has been impacted by ransomware, check the resources available on https://www.nomoreransom.org/ for advice and access to the free decryption tool repository.
The post Ransomware is Still a Blight on Business appeared first on .
This week, we welcome John Matherly, Founder of Shodan, to talk about Fixing Vulnerabilities Effectively & Efficiently! In the Application Security News, TaskRouter JS SDK Security Incident, Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability, An EL1/EL3 coldboot vulnerability affecting 7 years of LG Android devices, Towards native security defenses for the web ecosystem, and more!
Show Notes: https://wiki.securityweekly.com/asw116
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Zane Lackey, Chief Security Officer at Signal Sciences, to talk about the Affects Of COVID-19 On Web Applications! In our second segment, we welcome back Sumedh Thakar, President and Chief Product Officer at Qualys, to discuss The Power of the Cloud Platform, One Single Agent, One Global View! In the Security News, Vulnerable Cellular Routers Targeted in Latest Attacks on Israel Water Facilities, Fugitive Wirecard Executive Jan Marsalek Was Involved In Attempt to Purchase Hacking Team Spyware, 8 Cybersecurity Themes to Expect at Black Hat USA 2020, Twitter says hackers viewed 36 accounts' private messages, and how Thieves Are Emptying ATMs Using a New Form of Jackpotting!
Show Notes: https://wiki.securityweekly.com/psw659
Visit https://securityweekly.com/signalsciences to learn more about them!
Visit https://securityweekly.com/qualys to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Mark Ralls, President and Chief Operating Officer at Acunetix, to discuss The Evolution of Enterprise Web Apps and Its Impact on Web Security! In our second segment, we welcome Brian Kelly, Head of Conjur Engineering for CyberArk, for a Technical Segment on Secretless And The End Of Application Secrets As We Know Them! In our final segment, we air a pre recorded interview with Steve Wylie, General Manager at Black Hat, discussing An overview of Black Hat USA 2020!
Show Notes: https://securityweekly.com/esw191
Visit https://securityweekly.com/cyberark to learn more about them!
Visit https://securityweekly.com/acunetix to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Twitter is still hacked, social engineering, Emotet returns, Chinese Hackers, Your VPN is definitely lying to you, Bad Power, and Doug Revisits Forever Hack via the Meow Attack!
Show Notes: https://wiki.securityweekly.com/swn52
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read new insights from Trend Micro that look at the market for underground hosting services and where cybercriminals rent the infrastructure for their business. Also, learn about Apple’s new iPhone Research Device Program that will provide certain hackers with special devices to conduct security research.
Read on:
Trend Micro Research Uncovers the Business Infrastructure of Cybercrime
This week Trend Micro released new insights analyzing the market for underground hosting services and detailing how and where cybercriminals rent the infrastructure that hosts their business. This first report of a planned three-part series details the market for buying and selling these services, which are the backbone of every other aspect of the cybercriminal business model, whether that includes sending spam, communicating with a command and control server, or offering a help desk for ransomware.
Have You Considered your Organization’s Technical Debt?
In the tech world where one seemingly tiny vulnerability can bring down your whole system, managing technical debt is critical. Fixing issues before they become emergent situations is necessary in order to succeed. By spending a little time each day to tidy up a few things, you can make your system more stable and provide a better experience for both your customers and your fellow developers.
New ‘Shadow Attack’ Can Replace Content in Digitally Signed PDF Files
Fifteen out of 28 desktop PDF viewer applications are vulnerable to a new attack that lets malicious threat actors modify the content of digitally signed PDF documents. The list of vulnerable applications includes Adobe Acrobat Pro, Adobe Acrobat Reader, Perfect PDF, Foxit Reader, PDFelement, and others, according to new research published this week by academics from the Ruhr-University Bochum in Germany.
Cleaner One Pro Speeds Up Your Mac: Part 2
In the first part of this blog series, Trend Micro introduced its Cleaner One Pro, a one-stop shop to help you speed up your Mac, highlighting the quick optimizer, the main console, and the cleaning tools. In part two, Trend Micro resumes the discussion of how to make your Mac run faster with more Cleaner One Pro features: system and application management, privacy protection and other options.
Multi-Platform Malware Framework Linked to North Korean Hackers
Security researchers at Kaspersky have identified a multi-platform malware framework that they believe North Korea-linked hackers have been leveraging in attacks over the past couple of years. Called MATA, the platform appears to have been in use since spring 2018 to target computers running Windows, Linux, and macOS. The framework, which consists of components such as a loader, an orchestrator, and plugins, is believed to be linked to the prolific North Korean hacking group Lazarus.
Updates on ThiefQuest, the Quickly-Evolving macOS Malware
In early July, Trend Micro noticed a new malware dubbed ThiefQuest, a threat that targets macOS devices, encrypts files, and installs keyloggers in affected systems. However, new reports on the malware state the assumption that the malware’s ransomware activity is not its main attack method; rather, it is a pre-emptive move to disguise its other capabilities such as file exfiltration, Command and Control (C&C) communication, and keylogging.
Apple’s Long-Awaited Security Device Research Program Makes its Debut
In order to make it easier for security researchers to find vulnerabilities in iPhones, Apple is launching an iPhone Research Device Program that will provide certain hackers with special devices to conduct security research. Beyond enhancing security for iOS users and making it easier to unearth flaws in iPhones, the program also aims to improve the efficiency of ongoing security research on iOS.
Guidelines Related to Security in Smart Factories Part 5: CIS Controls
The purpose of this blog series is to explain typical examples of general-purpose guidelines for ICS and OT security and understand the concepts required for security in smart factories. As a subset of NIST SP800-53 which was introduced in part four, part five explains the CIS Controls that correspond to practical guides.
US Charges Two Chinese Spies for a Global Hacking Campaign that Targeted COVID-19 Research
U.S. prosecutors have charged two Chinese nationals, said to be working for China’s state intelligence bureau, for their alleged involvement in a massive global hacking operation that targeted hundreds of companies and governments for more than a decade. The 11-count indictment, unsealed Tuesday, alleges Li Xiaoyu, 34, and Dong Jiazhi, 33, stole terabytes of data from high-technology companies around the world—including the United States.
Twitter Hacked in Bitcoin Scam
Are Apple, Elon Musk, Barrack Obama, Uber, Joe Biden, and a host of others participating in a very transparent bitcoin scheme? No. The question was whether individual accounts were compromised or if something deeper was going on. Underlying this whole situation is a more challenging issue: The level of access that support has to any given system.
What are your thoughts on Apple’s new iPhone Research Device program? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Trend Micro Research Uncovers the Business Infrastructure of Cybercrime and Apple Launches Security Device Research Program appeared first on .
In Part 1 of this blog, we introduced Trend Micro Cleaner One Pro, a one-stop shop to help you speed up your Mac, highlighting the Quick Optimizer, the Main Console, and the Cleaning Tools. In Part 2, we resume the discussion of how to make your Mac run faster with the remaining Cleaner One Pro features: System and Application Management, Privacy Protection, and Other Options.
Your Mac may get sluggish after a year or two of usage and you may find that booting up takes a lot longer. Doing a Startup Manager scan can help you reduce slowdown due to unwanted startup programs and services, to help your Mac boot faster.
Upon completing the scan, Startup Manager will identify apps under two categories: Login Items and Launch Agents.
Login Items are apps that run automatically upon login. You can manage these apps by enabling them to run automatically or disabling them to make your Mac more efficient. If you don’t need autorun, you can remove the apps from the list.
Launch Agents are background services that run automatically on System startup for the extension features of apps. You can manage these services by letting them run automatically or by disabling them to make your Mac boot faster. Similarly, you can remove these agents if you don’t need them or they’re broken.
When a user installs an app that doesn’t meet their expectations, they’ll never use it again. In many cases, they remove the app by simply dragging it into the trash, assuming the action completely removes the app, but this is not always true. When you uninstall an app, there are often associated files left on your Mac, even after you have emptied the Trash. They’re known as leftovers.
Leftovers are an app’s associated files and folders that can include different languages, log files, agents, or processes that might try to start an application. App Manager aims to resolve this and helps you clean up your Mac by completely removing app leftovers. App Manager detects all app leftovers automatically so you can remove them with just one click.
Data security and privacy are especially important and managing these applies to anyone collecting and keeping data. Data that has reached its retention limit needs to be permanently removed from your file system and to be sure it can’t be recovered you need to overwrite the file with random series of binary data multiple times. This process is often referred to as shredding. With File Shredder, you can remove sensitive files from your hard disk without worrying that they can be recovered.
Preferences allows you to manage how the Cleaner One Pro app performs. In Preferences, you’ll see General, Notifications, Memory, Duplicates, Whitelists and Auto Select.
On the General tab, you can choose Auto start at login and other options according to how you would like Cleaner One Pro to behave during startup.
On the Notifications tab, you can disable the notification about smart memory optimization.
Cleaner One Pro is also equipped with a Smart Memory Optimization feature on the Memory tab. This feature uses artificial intelligence. You can set auto clean when your available memory is low or when an app is closed.
The Duplicates, Whitelists and Auto Select tabs work when you use the Duplicate Files feature on the main console. When there are too many duplicate files on your Mac, you can set the rules on the minimum file size, as well as which files to exempt or prioritize during deletion.
If you need technical assistance about Cleaner One Pro, click the robot icon either in the Apple Menu window or on the Main Console.
A chat support person will attend to your concerns or suggestions when using Cleaner One Pro. In case there is no available support engineer, you can send an email by clicking Send Email. Make sure to provide the correct email address.
Aside from Cleaner One Pro for Mac, we offer Antivirus One for Mac—as well as Cleaner One for iPhone, which you can download by scanning the QR Code. You can also submit your ideas for Other Tools by clicking the panel.
As you use your Mac over time, you need to maintain it to keep it running smoothly. Trend Micro Cleaner One Pro can clean up your disk space, help boost performance, and solve other Mac issues you might encounter during your daily work. As you consider it for your Mac, you may have remaining questions:
What’s the difference between the Free version and the Paid version? The Free version of Cleaner One Pro includes the Memory Optimizer, basic CPU and Network Monitoring, a Junk Files Cleaner, a Big Files Scanner, a Disk Map, and the Startup Manager. The Paid upgrade of Cleaner One Pro unlocks more features, including more Advanced CPU/Network Monitoring, a Duplicate Finder, a Similar Photos Scanner, an App Manager, and a File Shredder.
Is it safe to use Cleaner One Pro? Cleaner One Pro is notarized by Apple, which assures its users both security and privacy.
How can I download Cleaner One Pro? Cleaner One Pro is distributed via the official Trend Micro website and other authorized channels. Note that Cleaner One Pro is also available for Windows. To make it easy for the readers of this blog series, we’ve provided the download links here: Download Mac Version – Download Windows Version
Go to Cleaner One Windows or to Cleaner One Mac for more information or to purchase the apps.
The post Cleaner One Pro Speeds Up Your Mac: Part 2 appeared first on .
This week, we have a very special edition of Security & Compliance weekly, welcoming the PCI Dream Team: Ben Rothke, Jeff Hall, David Mundhenk, Art Cooper, as they answer all of the toughest PCI questions in a two part interview!
Show Notes: https://wiki.securityweekly.com/scw36
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Twitter updates, Chinese GoldenSpy, Cloudflare outages, Rapid 7 reports, Crypto Trojans, BadPower attacks, and Jason Wood returns for Expert Commentary on 7 VPNs that leaked their logs - the logs that "didn't exist"!
Show Notes: https://wiki.securityweekly.com/swn51
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
TL;DR Deal with your dirty laundry.
Have you ever skipped doing your laundry and watched as that pile of dirty clothes kept growing, just waiting for you to get around to it? You’re busy, you’re tired and you keep saying you’ll get to it tomorrow. Then suddenly, you realize that it’s been three weeks and now you’re running around frantically, late for work because you have no clean socks!
That is technical debt.
Those little things that you put off, which can grow from a minor inconvenience into a full-blown emergency when they’re ignored long enough.
How many times have you had an alarm go off, or a customer issue arise from something you already knew about and meant to fix, but “haven’t had the time”? How many times have you been working on something and thought, “wow, this would be so much easier if I just had the time to …”?
That is technical debt.
But back to you. In your craze to leave for work you manage to find two old mismatched socks. One of them has a hole in it. You don’t have time for this! You throw them on and run out the door, on your way to solve real problems. Throughout the day, that hole grows and your foot starts to hurt.
This is really not your day. In your panicked state this morning you actually managed to add more pain to your already stressed system, plus you still have to do your laundry when you get home! If only you’d taken the time a few days ago…
In the tech world where one seemingly small hole – one tiny vulnerability – can bring down your whole system, managing technical debt is critical. Fixing issues before they become emergent situations is necessary in order to succeed.
If you’re always running at full speed to solve the latest issue in production, you’ll never get ahead of your competition and only fall further behind.
It’s very easy to get into a pattern of leaving the little things for another day. Build optimizations, that random unit test that’s missing, that playbook you meant to write up after the last incident – technical debt is a real problem too! By spending just a little time each day to tidy up a few things, you can make your system more stable and provide a better experience for both your customers and your fellow developers.
Picture your code as that mountain of dirty laundry. Each day that passes, you add just a little more to it. The more debt you add on, the more daunting your task seems. It becomes a thing of legend. You joke about how you haven’t dealt with it, but really you’re growing increasingly anxious and wary about actually tackling it, and what you’ll find when you do.
Maybe if you put it off just a little bit longer a hero will swoop in and clean up for you! (A woman can dream, right?) The more debt you add, the longer it will take to conquer it, and the harder it will be and the higher the risk is of introducing a new issue.
This added stress and complexity doesn’t sound too appealing, so why do we do it? It’s usually caused by things like having too much work in progress, conflicting priorities and (surprise!) neglected work.
Managing technical debt requires only one important thing – a cultural change.
As much as possible we need to stop creating technical debt, otherwise we will never be able to get it under control. To do that, we need to shift our mindset. We need to step back and take the time to see and make visible all of the technical debt we’re drowning in. Then we can start to chip away at it.
My team took a page out of “The Unicorn Project” (Kim, 2019) and started by running “debt days” when we caught our breath between projects. Each person chose a pain point, something they were interested in fixing, and we started there. We dedicated two days to removing debt and came out the other side having completed tickets that were on the backlog for over a year.
We also added new metrics and dashboards for better incident response, and improved developer tools.
Now, with each new code change, we’re on the lookout. Does this change introduce any debt? Do we have the ability to fix that now? We encourage each other to fix issues as we find them whether it’s with the way our builds work, our communication processes or a bug in the code.
We need to give ourselves the time to breathe, in both our personal lives or our work day. Taking a pause between tasks not only allows us to mentally prepare for the next one, but it gives us time to learn and reflect. It’s in these pauses that we can see if we’ve created technical debt in any form and potentially go about fixing it right away.
The improvement of daily work ultimately enables developers to focus on what’s really important, delivering value. It enables them to move faster and find more joy in their work.
So how do you stay on top of your never-ending laundry? Your family chooses to makes a cultural change and decides to dedicate time to it. You declare Saturday as laundry day!
Make the time to deal with technical debt –your developers, security teams, and your customers will thank you for it.
The post Have You Considered Your Organization’s Technical Debt? appeared first on .
This week, we welcome Justin Bradley, Chief Growth Officer at Intezer, to talk about Zero Trust Execution as Part of Your Cloud Workload Protection Strategy! In the Leadership and Communications section, CISOs undervalued, overworked, burning out, warns CIISec, The 10 Worst Cybersecurity Strategies, AppSec Becomes A Priority For New CISOs/CSOs, and more!
Show Notes: https://wiki.securityweekly.com/bsw181
Visit https://securityweekly.com/intezer to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Kris Rajana, President and CTO at Biarca, and Bhasker Nallapothula, Director of Engineering at Biarca, to talk about Cloud Security Posture Management & Governance! In the Application Security News, SIGRed Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers, Introducing Google Cloud Confidential Computing with Confidential VMs, Internet of Things devices: Stick to these security rules or you could face a ban, Google Cloud Unveils 'Confidential VMs' to Protect Data in Use, and more!
Show Notes: https://wiki.securityweekly.com/asw115
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ankur Chowdhary, Security Consultant at Bishop Fox, to talk about Artificial Intelligence and Machine Learning in Cybersecurity! In our second segment, we welcome John Snyder, CEO of Agnes Intelligence, and Security and Compliance Weekly's New Co-Host, for an Introduction to John Snyder himself! In the Security News, Microsoft fixes critical wormable RCE SigRed in Windows DNS servers, Zoom Addresses Vanity URL Zero-Day, Docker attackers devise clever technique to avoid detection, a massive DDoS Attack Launched Against Cloudflare in Late June, Critical Vulnerabilities Can Be Exploited to Hack Cisco Small Business Routers, and what you need to know about the Twitter Mega Hack!
Show Notes: https://wiki.securityweekly.com/psw658
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Twitter hacked, TikTok Bans continued, Cozy Bear, Huawei bans, Social Engineering and Sir Walter Raleigh in a can!
Show Notes: https://wiki.securityweekly.com/swn50
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about Trend Micro’s report on the botnet battle for IoT territory and how attacker groups are trying to gain control of vulnerable routers and other devices. Also, learn about a Twitter breach that happened earlier this week, involving some of the most well-known and wealthiest people and brands globally.
Read on:
‘DDoS-For-Hire’ is Fueling a New Wave of Attacks
Earlier this week, Trend Micro released a report about escalating global turf wars between attacker groups vying to seize control of vulnerable routers and other devices, titled “Worm War: The Botnet Battle for IoT Territory.” Robert McArdle, director of Trend Micro’s forward-looking threat research (FTR) and David Sancho, senior threat researcher, spoke with WIRED about findings from the report and how the aim of attacker groups is to power botnets that can direct a firehose of malign traffic or requests for DDoS attacks.
Extraordinary Twitter Hack Compromises Some of the World’s Most Prominent Accounts
Earlier this week, hackers hijacked the Twitter accounts of some of the world’s most prominent and wealthiest people and brands including Barack Obama, Joe Biden, Kanye West, Jeff Bezos, Bill Gates, Elon Musk and tech giant Apple. These hacked accounts sent out messages promising bitcoin payments as part of a scam.
Tax Scams – Everything You Need to Know to Keep Your Money and Data Safe
Cybercriminals are always on the hunt for two things: people’s identity data from their accounts and their money. Both can be exposed during the tax-filing season, and cybercriminals have adapted multiple tools and techniques to obtain this information. In this blog, take a look at some of the main threats during tax-filing season and what you can do to stay safe.
Russia is Trying to Hack and Steal Coronavirus Vaccine Data, U.S., Canadian and UK Officials Claim
Officials said that hackers linked to Russian intelligence services are trying to steal information about coronavirus vaccine research in the U.S., Canada and the U.K. They said that a group known as APT29 — also known as “Cozy Bear” and believed to be associated with Russian intelligence — was likely to blame for the attack, which used spear phishing and custom malware to target vaccine researchers.
Trend Micro and Girls in Tech to Provide Cybersecurity Training to Girls Around the World
Trend Micro recently announced that it is expanding its partnership with non-profit Girls in Tech with a new initiative aimed at closing the gender diversity and talent gap in the technology industry. Together, the organizations will provide cybersecurity training to girls around the world to help develop a large talent pool of women eager to get their start in the industry.
Microsoft Tackles 123 Fixes for July Patch Tuesday
A critical DNS bug and a publicly known elevation-of-privilege flaw top this month’s Patch Tuesday list of 123 fixes. This article includes data from the Trend Micro Zero Day Initiative (ZDI) July Patch Tuesday blog post, which says that this Patch Tuesday “makes five straight months of 110+ CVEs released and brings the total for 2020 up to 742. For comparison, Microsoft released patches for 851 CVEs in all of 2019. At this pace, Microsoft will eclipse that number next month.”
Guidelines Related to Security in Smart Factories (Part 4) NIST SP800 Series
This blog series explains examples of general-purpose guidelines for ICS and OT security and helps readers understand the concepts required for security in smart factories. Based on the NIST CSF that was introduced in Part 3, from the SP800 series which are guidelines with high specificity, Part 4 explains SP800-53, SP800-82, and SP800-171, which are considered to be particularly relevant to general manufacturing industries.
TikTok’s Huge Data Harvesting Prompts U.S. Security Concerns
Security researchers say TikTok’s information collection practices are consistent with Facebook Inc., Google and other U.S. tech companies looking to tailor ads and services to their users. The bigger issue lies in what TikTok does with the intel it gathers. Some groups like the Democratic and Republican national committees and Wells Fargo & Co. have discouraged or banned people from using the app.
Infrastructure as Code: Security Risks and How to Avoid Them
Infrastructure as Code (IaC) is a key DevOps practice that bolsters agile software development. In this report, Trend Micro identifies security risk areas in IaC implementations and the best practices in securing them.
Lost in Translation: Serious Flaws Found in ICS Protocol Gateways
Marco Balduzzi, senior research scientist with Trend Micro, will disclose details of multiple vulnerabilities he and his team discovered in a sampling study of five popular ICS gateway products at Black Hat USA’s virtual event next month. Their findings focus not on the gateways’ software nor the industrial protocols as in previous research, but rather on a lesser-studied function: the protocol translation process that the devices conduct.
Fixing Cloud Migration: What Goes Wrong and Why?
As part of our #LetsTalkCloud series, Trend Micro is sharing some of its deep, in-house expertise on cloud migration through conversations with company experts and folks from the industry. To kick off the series, this blog covers some of the security challenges that solution architects and security engineers face with customers when discussing cloud migrations. Spoiler: these challenges may not be what you expect.
Has your organization experienced security challenges related to cloud migration? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Trend Micro Research Discovers Cybercriminal Turf War on Routers and a Massive Twitter Breach Compromises Some of the World’s Most Prominent Accounts appeared first on .
It started with one weird tweet. Then another. Quickly, some of the most prominent accounts on Twitter were all sending out the same message;
I am giving back to the community.
All Bitcoin sent to the address below will be sent back double! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes.
[- BITCOIN WALLET ADDRESS -]
Are Apple, Elon Musk, Barrack Obama, Uber, Joe Biden, and a host of others participating in a very transparent bitcoin scheme?
No. Of course, not. The question was whether or not individual accounts were compromised or if something deeper was going on.
User Account Protection
These high profile accounts are prime targets for cybercriminals. They have a broad reach, and even a brief compromise of one of these accounts would significantly increase a hacker’s reputation in the underground.
That is why these accounts leverage the protections made available by Twitter in order to keep their accounts safe.
This means;
|
|
While it’s believed that one or two of these accounts failed to take these measures, it’s highly unlikely that dozens and dozens of them did. So what happened?
Rumours Swirl
As with any public attack, the Twitter-verse (ironically) was abuzz with speculation. That speculation ramped up when Twitter took the reasonable step of preventing any verified account from tweeting for about three hours.
This step helped prevent any additional scam tweets from being published and further raised the profile of this attack.
While some might shy away from raising the profile of an attack, this was a reasonable trade-off to prevent further damage to affected accounts and to help prevent the attack from taking more ground.
This move also provided a hint as to what was going on. If individual accounts were being attacked, it’s unlikely that this type of movement would’ve done much to prevent the attacker from gaining access. However, if the attacker was accessing a backend system, this mitigation would be effective.
Had Twitter itself been hacked?
Occam’s Razor
When imagining attack scenarios, a direct breach of the main service is a scenario that is often examined in-depth, which is also why it is one of the most planned for scenarios.
Twitter — like any company — has challenges with its systems, but they center primarily around content moderation…their backend security is top-notch.
An example of this an incident in 2018. Twitter engineers made a mistake that meant anyone’s password could have been exposed in their internal logs. Just in case, Twitter urged everyone to reset their password.
While possible, it’s unlikely that Twitter’s backend systems were directly breached. There is a much simpler potential explanation: insider access.
Internal Screenshot
Quickly after the attack, some in the security community noticed a screenshot of an internal support tool from Twitter surfacing in underground discussion forums. This rare inside view showed what appeared to be what a Twitter support team member would see.
This type of access is dangerous. Very dangerous.
Joseph Cox’s article detailing the hack has a key quote,
“We used a rep that literally done all the work for us.”
Anonymous Source
What remains unclear is whether this is a case of social engineering (tricking a privileged insider into taking action) or a malicious insider (someone internally motivated to attack the system).
The difference is important for other defenders out there.
The investigation is ongoing, and Twitter continues to provide updates via @TwitterSupport;
Our investigation is still ongoing but here’s what we know so far:
— Twitter Support (@TwitterSupport) July 16, 2020
Social Engineering
Donnie Sullivan from CNN has a fantastic interview with the legendary Rachel Tobac showing how simple social engineering can be and the dangerous impact it can have;
What is “social engineering,” you ask? @RachelTobac showed me. pic.twitter.com/TAw7FB1QPQ
— Donie O'Sullivan (@donie) July 16, 2020
If this attack was conducted through social engineering, the security team at Twitter would need to implement additional processes and controls to ensure that it doesn’t happen again.
Such a situation is what your team also needs to look at. While password resets, account closures, data transfers, and other critical processes are at particular risk of social engineering, financial transactions are atop the cybercriminal’s target list.
BEC—business email compromise—attacks accounted for USD 1.7 billion in losses in 2019 alone.
Adding additional side-channel confirmations, additional steps for verifications, firm and clear approvals and other process steps can help organizations mitigate these types of social engineering attacks.
Malicious Insider
If the attack turns out to be from a malicious insider. Defenders need to take a different approach.
Malicious insiders are both a security problem and human resource one.
From the security perspective, two key principles help mitigate the potential of these attacks;
Making sure that individuals only have the technical access needed to complete their assigned tasks, and only that access is key to limiting this potential attack. Combined with the smart separation of duties (one person to request a change, another to approval it), this significantly reduces the possibility of these attacks causing harm.
The other—and not often spoken of—side of these attacks is the reason behind the malicious intent. Some people are just malicious, and when presented with an opportunity, they will take it.
Other times, it’s an employee that feels neglected, passed over, or is disgruntled in some other way. A strong internal community, regular communication, and a strong HR program can help address these issues before they escalate to the point where aiding a cybercriminal becomes an enticing choice.
Support Risks
Underlying this whole situation is a more challenging issue; the level of access that support has to any given system.
It’s easy to think of a Twitter account as “yours.” It’s not. It’s part of a system run by a company that needs to monitor the health of the system, respond to support issues, and aid law enforcement when legally required.
All of these requirements necessitate a level of access that most don’t think about.
How often are you sharing sensitive information via direct message? Those messages are most likely accessible by support.
What’s to prevent them from accessing any given account or message at any time? We don’t know.
Hopefully, Twitter—and others—have clear guardrails (technical and policy-based) in place to prevent abuse of support access, and they regularly audit them.
It’s a hard balance to strike. User trust is at stake but also the viability of running a service.
Clear, transparent policies and controls are the keys to success here.
Abuse can be internal or external. Support teams typically have privileged access but are also among the lowest paid in the organization. Support—outside of the SRE community—is usually seen as entry-level.
These teams have highly sensitive access, and when things go south, can do a lot of harm. Again, the principles of least privilege, separation of duties, and a strong set of policies can help.
What’s Next?
In the coming days, more details of the attack will surface. In the meantime, the community is still struggling to reconcile the level of access gained and how it was used.
Getting access to some of the world’s most prominent accounts and then conducting a bitcoin scam? Based on the bitcoin transactions, it appears the cybercriminals made off with a little over USD 100,000. Not insignificant, but surely there were other opportunities?
Occam’s razor can help here again. Bitcoin scams and coin miners are the most direct method fo cybercriminals to capitalized on their efforts. Given the high profile nature of the attack, the time before the discovery was always going to be sure. This may have been the “safest” bet for the criminal(s) to profit from this hack.
In the end, it’s a lesson for users of social networks and other services; even if you take all of the reasonable security precautions, you are relying on the service itself to help protect you. That might not always hold true.
It’s a harsh reminder that the very tooling you put in place to run your service may be its biggest risk for service providers and defenders…a risk that’s often overlooked and underestimated.
In the end, Marques Brownlee sums it up succinctly;
Don't send Bitcoin to strangers.
— Marques Brownlee (@MKBHD) July 15, 2020
What do you think of this entire episode? Let’s talk about it—un-ironically—on Twitter, where I’m @marknca.
The post Twitter Hacked in Bitcoin Scam appeared first on .
The cloud space has been evolving for almost a decade. As a company we’re a major cloud user ourselves. That means we’ve built up a huge amount of in-house expertise over the years around cloud migration — including common challenges and perspectives on how organizations can best approach projects to improve success rates.
As part of our #LetsTalkCloud series, we’ve focused on sharing some of this expertise through conversations with our own experts and folks from the industry. To kick off the series, we discussed some of the security challenges solution architects and security engineers face with customers when discussing cloud migrations. Spoiler…these challenges may not be what you expect.
Drag and drop
This lack of strategy and planning from the start is symptomatic of a broader challenge in many organizations: There’s no big-picture thinking around cloud, only short-term tactical efforts. Sometimes we get the impression that a senior exec has just seen a ‘cool’ demo at a cloud vendor’s conference and now wants to migrate a host of apps onto that platform. There’s no consideration of how difficult or otherwise this would be, or even whether it’s necessary and desirable.
These issues are compounded by organizational siloes. The larger the customer, the larger and more established their individual teams are likely to be, which can make communication a major challenge. Even if you have a dedicated cloud team to work on a project, they may not be talking to other key stakeholders in DevOps or security, for example.
The result is that, in many cases, tools, applications, policies, and more are forklifted over from on-premises environments to the cloud. This ends up becoming incredibly expensive. as these organizations are not really changing anything. All they are doing is adding an extra middleman, without taking advantage of the benefits of cloud-native tools like microservices, containers, and serverless.
There’s often no visibility or control. Organizations don’t understand they need to lockdown all their containers and sanitize APIs, for example. Plus, there’s no authority given to cloud teams around governance, cost management, and policy assignment, so things just run out of control. Often, shared responsibility isn’t well understood, especially in the new world of DevOps pipelines, so security isn’t applied to the right areas.
Getting it right
These aren’t easy problems to solve. From a security perspective, it seems we still have a job to do in educating the market about shared responsibility in the cloud, especially when it comes to newer technologies, like serverless and containers. Every time there’s a new way of deploying an app, it seems like people make the same mistakes all over again — presuming the vendors are in charge of security.
Automation is a key ingredient of successful migrations. Organizations should be automating everywhere, including policies and governance, to bring more consistency to projects and keep costs under control. In doing so, they must realize that this may require a redesign of apps, and a change in the tools they use to deploy and manage those apps.
Ultimately, you can migrate apps to the cloud in a couple of clicks. But the governance, policy, and management that must go along with this is often forgotten. That’s why you need clear strategic objectives and careful planning to secure more successful outcomes. It may not be very sexy, but it’s the best way forward.
To learn more about cloud migration, check out our blog series. And catch up on all of the latest trends in DevOps to learn more about securing your cloud environment.
The post Fixing cloud migration: What goes wrong and why? appeared first on .
This week, we welcome Brian Tremblay, Director, SOX Cyber Audit & Compliance in Sales at Onapsis, to talk about how security misconfigurations and vulnerabilities can lead to compliance problems and the need for organizations to adopt a process of continuous compliance. Learn the best practices leaders can use to identify, monitor, and mitigate compliance risks related to their most critical business applications.
Show Notes: https://wiki.securityweekly.com/SCWEpisode35
To learn more about Onapsis, visit: https://securityweekly.com/onapsis
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, it's our quarterly Security Money update of the Security Weekly 25 Index and the Nasdaq! At the close on July 10th, 2020: - SW25 Index is 1,437.23, which is an increase of 43.72% - NASDAQ Index is 10,617.44, which is an increase of 60.01% Both indexes closed at an all time high on July 10th, 2020 In the Leadership and Communications section, I'm a CISO, what's next?, The Upside of Virtual Board Meetings, The new cybersecurity priorities of 2020, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode180
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Even more TikTok wars, MGM Grand data for sale, Karens, SAP Vulnerability, Mirai Returns with 9 new exploits, and the Secret Service! Jason Wood joins us for Expert Commentary on how TrickBot Sample Accidentally Warns Victims They re Infected!
Show Notes: https://wiki.securityweekly.com/SWNEpisode49
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Judy Ngure, Cybersecurity Engineer at Africastalking, to talk about DevSecOps! In the Application Security News, Microsoft OneDrive client for Windows Qt QML module hijack, Zero-day flaw found in Zoom for Windows 7, Protecting your remote workforce from application-based attacks like consent phishing, Verizon Media, PayPal, Twitter Top Bug-Bounty Rankings, Mozilla suspends Firefox Send service while it addresses malware abuse, and Stop Talking About Technical Debt!
Show Notes: https://wiki.securityweekly.com/ASWEpisode114
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Migrating to the cloud is hard. The PowerPoint deck and pretty architectures are drawn up quickly but the work required to make the move will take months and possibly years.
The early stages require significant effort by teams to learn new technologies (the cloud services themselves) and new ways of the working (the shared responsibility model).
In the early days of your cloud efforts, the cloud center of expertise is a logical model to follow.
A cloud center of excellence is exactly what it sounds like. Your organization forms a new team—or an existing team grows into the role—that focuses on setting cloud standards and architectures.
They are often the “go-to” team for any cloud questions. From the simple (“What’s an Amazon S3 bucket?”), to the nuanced (“What are the advantages of Amazon Aurora over RDS?”), to the complex (“What’s the optimum index/sort keying for this DynamoDB table?”).
The cloud center of excellence is the one-stop shop for cloud in your organization. At the beginning, this organizational design choice can greatly accelerate the adoption of cloud technologies.
The problem is that accelerated adoption doesn’t necessarily correlate with accelerated understanding and learning.
In fact, as the center of excellent continues to grow its success, there is an inverse failure in organizational learning which create a general lack of cloud fluency.
Cloud fluency is an idea introduced by Forrest Brazeal at A Cloud Guru that describes the general ability of all teams within the organization to discuss cloud technologies and solutions. Forrest’s blog post shines a light on this situation and is summed up nicely in this cartoon;
Our own Mark Nunnikhoven also spoke to Forrest on episode 2 of season 2 for #LetsTalkCloud.
Even though the cloud center of excellence team sets out to teach everyone and raise the bar, the work soon piles up and the team quickly shifts away from an educational mandate to a “fix everything” one.
What was once a cloud accelerator is now a place of burnout for your top, hard-to-replace cloud talent.
If you’ve paid attention to how cybersecurity teams operate within organizations, you have probably spotted a number of very concerning similarities.
Cybersecurity teams are also considered a center of excellence and the central team within the organization for security knowledge.
Most requests for security architecture, advice, operations, and generally anything that includes the prefix “cyber”, word “risk”, or hints of “hacking” get routed to this team.
This isn’t the security team’s fault. Over the years, systems have increased in complexity, more and more incidents occur, and security teams rarely get the opportunity to look ahead. They are too busy stuck in “firefighting mode” to take as step back and re-evaluate the organizational design structure they work within.
According to Gartner, for every 750 employees in an organization, one of those is dedicated to cybersecurity. Those are impossible odds that have lead to the massive security skills gap.
Security needs to follow the example of cloud fluency. We need “security fluency” in order to import the security posture of the systems we built and to reduce the risk our organizations face.
This is the reason that security teams need to turn their efforts to educating development teams. DevSecOps is a term chock full of misconceptions and it lacks context to drive the needed changes but it is handy for raising awareness of the lack of security fluency.
Successful adoption of a DevOps philosophy is all about removing barriers to customer success. Providing teams with the tools and autonomy they require is a critical factor in their success.
Security is just one aspect of the development team’s toolkit. It’s up to the current security team to help educate them on the principles driving modern cybersecurity and how to ensure that the systems they build work as intended…and only as intended.
The post Are You Promoting Security Fluency in your Organization? appeared first on .
In July 2015, I did my first threat webinar. I had planned to do it on a monthly basis, and never imagined I would still be doing it five years later, but here I am, still creating monthly webinars. I still do. I started the webinar series to help people understand the different threats targeting our customers and I have always tried to focus on three areas:
|
|
This last point, discussing technologies versus solutions, has been one of the key items I try to follow as much as possible – after all, the goal of my webinars is to be educational, not a sales pitch.
Coming from a technical background, BS in Electrical Engineering from Michigan State University (Go Spartans!!), I enjoy learning about the new technologies being used to detect the latest threats and to ensure you know what to look for when selecting a vendor and/or a security solution. Over the years, I’ve discussed everything from APTs, coinminers, exploits, messaging threats, ransomware, underground activity and lots in between. It is pretty easy to find topics to discuss, as there is so much going on in our industry, and with the malicious actors regularly shifting their tactics, techniques and procedures, I can keep the content fairly fresh.
I really enjoy having guest speakers on my webinars to mix things up a bit for the viewers as well, as I know my limitations – there are just too many threats out there to keep up with all of them. The main reason I love doing the threat webinars is that I enjoy sharing information and teaching others about our industry and the threats affecting them. If you want to check out any of my previous five years of webinars you can watch them here.
For my fifth year anniversary I wanted to try something different and I would like to do an open Q&A session. As I’ve never done this before, it will certainly be an interesting experience for me, but hopefully for you as well. I hope I can answer a majority of your questions, but I know some of you are way too smart for me, so please bear with me.
Our registration page for this webinar allows you to submit any pre-session questions that I’ll answer throughout the webinar. You can ask me anything that is on your mind and if I cannot get to your question, I’ll do my best to answer you afterwards in an email.
I hope to continue to do these webinars for the foreseeable future and I would like to end my post by thanking each and every one of you who has participated in my webinars over the years. It has been a pleasure, and I look forward to answering your questions.
Take care, stay healthy, and keep on smiling!
Jon
The post Ask Me Anything – Celebrating The Fifth Anniversary Of My Monthly Threat Webinar appeared first on .
This week, we welcome our very own Joff Thyer, Security Analyst at Black Hills Information Security, to deliver a Technical Segment on IPv6 Tunneling! In our second segment, we welcome Terry Dunlap, Co-Founder at ReFirm Labs, to talk about IoT Security! In the Security News, Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment, Cisco Talos discloses technicals details of Chrome and Firefox flaws, Palo Alto Networks Patches Command Injection Vulnerabilities in PAN-OS, Zoom zero-day flaw allows code execution on victim's Windows machine, and how the Trump administration is looking into ban on TikTok and other Chinese apps!
Show Notes: https://wiki.securityweekly.com/PSWEpisode657
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Look, this week, it's all about the RCE. Seriously, there were so many RCE stories, wow. Oh and a creepy guy story. All this and more on the Security Weekly News Wrap Up!
Show Notes: https://wiki.securityweekly.com/SWNEpisode48
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about how fifteen billion usernames and passwords for a range of internet services are currently for sale on underground forums. Also, learn about a new Mirai variant that exploits nine vulnerabilities, most notable of which is CVE-2020-10173.
Read on:
Cloud Security is Simple, Absolutely Simple.
“Cloud security is simple, absolutely simple. Stop over complicating it.” This is the advice that Mark Nunnikhoven, vice president of cloud research at Trend Micro, shared to kick off his presentation at the CyberRisk Alliance Cloud Security Summit this year. Check out a recording of his talk in this blog recap to learn more.
Order Out of Chaos: Tackling Phishing Attacks
Responding to phishing attacks requires a combination of commodity tools, cutting-edge machine learning techniques and human-powered defense. That’s how to create order out of chaos and beat the phishers at their own game, according to Trend Micro’s Greg Young. Learn more in his recent article on phishing in Security Boulevard.
Beyond the Endpoint: Why Organizations are Choosing XDR for Holistic Detection and Response
The endpoint has long been a major focal point for attackers targeting enterprise IT environments. Yet increasingly, security teams are needing to protect data across the organization – whether it’s in the cloud, on IoT devices, in email, or on-premises servers – attackers may jump from one environment to the next in multi-stage attacks and even hide between the layers. XDR solutions offer a convincing alternative to EDR and point solutions.
15 Billion Credentials Currently Up for Grabs on Hacker Forums
Fifteen billion usernames and passwords for a range of internet services are currently for sale on underground forums. A report released from the Digital Shadows Photon Research Team found that 100,000 separate data breaches over a 2-year period have yielded a 300% increase in stolen credentials, leaving a wealth of account details on dark-web hacker forums up for grabs.
ISO/SAE 21434: It’s Time to Put the Brakes on Connected Car Cyber-Threats
Connected cars are set to grow 270% by 2022 to reach an estimated 125 million in just a few years. However, the high-performance mobile computers in connected cars can also leave them exposed to sensitive data theft and remote manipulation, which could create serious physical safety issues. This is where the ISO/SAE 21434 standard comes in and creates detailed guidance for the automotive industry to help it navigate these challenges and reduce reputational and cyber-risk.
New Mirai Variant Expands Arsenal, Exploits CVE-2020-10173
Trend Micro discovered a new Mirai variant that exploits nine vulnerabilities, most notable of which is CVE-2020-10173 in Comtrend VR-3033 routers which were not observed as exploited by past Mirai variants. This discovery is a new addition to the Mirai variants that appeared in the past few months which include SORA, UNSTABLE, and Mukashi.
Microsoft Files Lawsuit to Seize Fake Domains Used in COVID-19-Themed BEC Attacks
Microsoft has filed a lawsuit in an effort to seize control of several domains used to launch COVID-19-themed cyberattacks against the company’s customers in 62 countries. The company started tracking the malicious activity in December 2019 after identifying it as a phishing scheme attempting to compromise Microsoft customer accounts and access emails, contacts, sensitive files, and other information.
Cleaner One Pro Speeds Up Your Mac: Part 1
Trend Micro Cleaner One Pro is an easy-to-use, all-in-one disk cleaning and optimization utility that can help you boost your Mac’s performance. In this two-part blog series, Trend Micro outlines how you can use Cleaner One Pro to make your Mac run faster, walking you through its features. In Part 1, Trend Micro focuses on Quick Optimizer, the Main Console, and the Cleaning Tools.
Joker Malware Apps Once Again Bypass Google’s Security to Spread via Play Store
Cybersecurity researchers unveiled another instance of Android malware hidden under the guise of legitimate applications to stealthily subscribe unsuspecting users for premium services without their knowledge. The Joker malware has found another trick to bypass Google’s Play Store protections: obfuscate the malicious DEX executable inside the application as Base64 encoded strings, which are then decoded and loaded on the compromised device.
Malicious Chrome Extensions, Domains Used to Steal User Data
Google Chrome extensions and Communigal Communication Ltd. (Galcomm) domains were used in a campaign that aims to track user activity and data, according to Awake Security. In the past three months, the researchers found 111 malicious or fake Chrome extensions using Galcomm domains as their command and control infrastructure. There have been at least 32 million downloads of these malicious extensions.
Patch Now: F5 Vulnerability with CVSS 10 Severity Score
F5 Networks, a provider of networking devices and services, urges users to patch their BIG-IP networking systems as soon as possible after disclosing two vulnerabilities: CVE-2020-5902, a critical remote code execution (RCE) vulnerability found in BIG-IP device’s Traffic Management User Interface (TMUI), and CVE-2020-5903, a less critical vulnerability that involves cross-site scripting (XSS). F5 has now released patches for both in the vulnerabilities’ respective security advisories.
Ransomware Report: Avaddon and New Techniques Emerge, Industrial Sector Targeted
Over the past couple of months, ransomware has remained a formidable threat as new families, techniques, and targets continue emerging at every turn. Trend Micro recently witnessed the rise of a new ransomware family called Avaddon. In this blog, Trend Micro examines techniques utilized by some ransomware variants and the industries affected by these attacks.
70% of Organizations Experienced a Public Cloud Security Incident in the Last Year
70% of organizations experienced a public cloud security incident in the last year – including ransomware and other malware (50%), exposed data (29%), compromised accounts (25%), and cryptojacking (17%), according to Sophos. Organizations running multi-cloud environments are greater than 50% more likely to suffer a cloud security incident than those running a single cloud.
Russian Group Cosmic Lynx Launches Over 200 BEC Campaigns
A Russian group dubbed as Cosmic Lynx initiated more than 200 Business Email Compromise (BEC) campaigns targeting hundreds of multinational companies, according to security firm Agari. Cosmic Lynx was revealed to have been launching campaigns in over 40 countries including the United States, Canada, and Australia since 2019. The average amount requested from the targets is at US $1.27 million.
Guidelines Related to Security in Smart Factories Part 3: NIST Cyber Security Framework
This blog series explains examples of general-purpose guidelines for ICS and OT security and helps readers understand the concepts required for security in smart factories. Part three dives into the NIST Cyber Security Framework (CSF), which is issued by US National Institute of Standards and Technology (NIST).
Has your organization experienced a public cloud security incident over the last year? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: 15 Billion Credentials Currently Up for Grabs on Hacker Forums and New Mirai Variant Expands Arsenal appeared first on .
This week, we talk Enterprise News, to talk about Why You Need Recorded Futures Ultimate Security Intelligence Kit, Securing the Multi-Cloud Environment through CSPM and SSPM, CyberKnight joins forces with Armis to bring agentless EDR to OT, IoT and ICS environments, Attivo Networks' enhanced EDN solution prevents attackers from seeing or exploiting production data, Check Point Infinity SOC is launched, and more! In our second segment, we welcome Scott DeLong, Chief Information Officer and Sr. Technology & Security Officer at Scott DeLong & Associates, to talk about Living Through a Ransomware Attack! In our final segment, we welcome Robb Reck, Chief Information Security Officer at Ping Identity, to discuss Trends in Enterprise Identity!
Show Notes: https://wiki.securityweekly.com/ESWEpisode190
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
The Mac has always been pretty easy to use, but even the most ardent Mac supporters know there comes a time when their Mac is no longer new and they notice slowdowns in its performance, particularly after intensive use. They’d like a handy one-stop tool to help them optimize memory and CPU performance, free up disk space, and generally speed up their Mac, since they don’t want to dig around in the MacOS for buried utilities they don’t know how to use. Fortunately, Trend Micro has a solution for that.
Trend Micro Cleaner One Pro is an easy-to-use, all-in-one disk cleaning and optimization utility that can help you boost your Mac’s performance. Cleaner One Pro includes a number of Mac housecleaning tools such as a Memory Optimizer, a Junk Files cleaner, a Big Files scanner, a Duplicate Files finder, an App Manager, a File Shredder, and a Disk Map. These functions are all rolled into an easy-to-use interface that helps you visualize your Mac’s usage, while freeing up memory and storage on your Mac.
In this two-part blog, we will show you how you can use Cleaner One Pro to make your Mac run faster, walking you through its features. In Part 1, we focus on Quick Optimizer, the Main Console, and the Cleaning Tools. In Part 2, we’ll focus on System and Application Management, Privacy Protection, and some Other Options.
Once you’ve installed Cleaner One Pro, its Quick Optimizer appears in the Apple Menu, with handy tools to speed up your Mac. Click the icon and it displays a Console that monitors your Memory, Junk Files, CPU, and Network Usage, while letting you Optimize your Memory Usage and Clean your Junk Files with just one click. System Optimizer opens a Window onto the contents of your Mac for more detailed management.
Memory Optimizer
There are applications running in the background of your Mac that take up physical memory and affect its performance. The Memory Optimizer gives you control over how your computer consumes its memory resources—and you can free up your Mac’s memory in seconds with just one click on the Optimize button. If you want to see which apps are taking up significant memory, you can click the three-dot icon next to Memory Usage. It will show your Mac’s memory usage by app, in descending order. Click the Information (i) icon in the Memory Usage window for a breakdown of the types of memory being used.
Junk files, temporary files, system files and other non-essential items will accumulate on your Mac over time. These files take up a lot of space on your hard drive and may degrade the performance of your Mac as you reach higher disk usage. Click the Clean button and the Junk Files cleaner quickly removes application cache, system log files, update files, temporary files and hidden leftover files. You can also see the details of the identified Junk Files by clicking the three-dot icon next to Junk Files.
When your computer starts to run slowly it’s helpful to have a snapshot of its CPU usage. With this feature, you can see which apps are using significant CPU resources and how much percentage they’re using. It also let you know how long your computer has been up and running, since system reliability can degrade if it’s been awhile since you restarted your Mac.
If you want to keep an eye on your bandwidth consumption and avoid exceeding data caps, it’s useful to know the real-time download and upload speeds on your Mac. The Network Usage Monitor also provides a view of other network related information such as your Wi-Fi signal quality.
The Main Console is the core workplace in Trend Micro Cleaner One Pro and provides the following features, which are presented here grouped by purpose:
|
|
To access the Main Console, click System Optimizer in the Cleaner One Pro Apple Menu. The first time you do, you’ll need to authorize full access to your disk, so Cleaner One Pro can access more junk files. Simply click Grant Access in the System Optimizer window and watch the video or follow the written instructions. Complete the steps by closing Cleaner One Pro, then reload it. You’re now ready to begin optimizing.
The hard drive on your Mac holds the entire Mac operating system and important files including your data. As you use your Mac, over time its hard drive will accumulate junk files. These junk files are generated by the system and other programs. Cleaner One Pro is equipped with advanced and efficient algorithms that scan and remove junk files within seconds. Click Scan to scan for Junk Files and when the scan is done, either check a whole category or individual items in the category, then click Remove.
You may have a lot of clutter on your Mac in the form of big or old files that you probably no longer need and may have just forgotten about. Removing big unused files can recover a lot of disk space, but it could be time-consuming to delete them if done manually. Also, it is hard to select files for deletion if you don’t know the proper context— where the files are stored or how important they may be.
Big Files scanner provides a big file collector where you can easily spot and remove these files if you don’t need them anymore. Additionally, if you hover your mouse on a file, you’ll see a magnifier and a lock icon. Once you click the magnifier icon, you’ll locate the actual file. If you click the lock icon, the file will be added to the Ignore List, which will be locked.
Disk Map is a significant tool that helps you analyze the usage of your storage in a visual and interactive map. It quickly scans your drive and builds a visualization of files on the target folder of your Mac, allowing you to easily navigate the system. With Disk Map, you can find out the date when the file/folder was created, modified, and last opened. Furthermore, hovering your mouse on a folder then clicking the magnifier icon will direct you to the file’s location.
Another practice that you are probably comfortable doing is backing-up important files, photos, program installation files and apps on your hard drive. While this is a good practice, it creates duplicate files on your Mac that eventually add clutter and consume disk space. It’s also hard to find files in name searches when you have too many of them.
The Duplicate Files function lets you select a source folder where it will inspect and identify duplicate files on your Mac. In the scan results, an option called “Auto Select” helps you automatically select duplicate files. The information provided by “Auto Select” is listed below:
|
|
You can choose Remove to Trash or Delete Permanently on the confirmation page.
Often, you organize pictures of travels and life events, and also keep a copy to ensure you don’t lose those captured moments. But as digital photos pile up, often similar to others on your drive, they take up a lot of space. To assist you cleaning these up, use Similar Photos, and then choose your photo library to scan the photos on your Mac.
The result will display similar photos and you can choose the ones you don’t need, and the files will be added in the selected list. Click the Remove button to completely delete them from your hard drive.
That’s it for now! The second part of this blog will take up the remaining toolsets of Trend Micro Cleaner One Pro.
Go to Cleaner One Mac for more information or to purchase the app.
The post Cleaner One Pro Speeds Up Your Mac: Part 1 appeared first on .
This week, we welcome Kimber Dowsett (@mzbat) for a two part interview! @mzbat is a frequent speaker at hacker conferences, and likes to help folks prepare for job searches by performing mock interviews and resume reviews!
Show Notes: https://wiki.securityweekly.com/SCWEpisode34
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
“Cloud security is simple, absolutely simple. Stop over complicating it.”
This is how I kicked off a presentation I gave at the CyberRisk Alliance, Cloud Security Summit on Apr 17 of this year. And I truly believe that cloud security is simple, but that does not mean easy. You need the right strategy.
As I am often asked about strategies for the cloud, and the complexities that come with it, I decided to share my recent talk with you all. Depending on your preference, you can either watch the video below or read the transcript of my talk that’s posted just below the video. I hope you find it useful and will enjoy it. And, as always, I’d love to hear from you, find me @marknca.
For those of you who prefer to read rather than watch a video, here’s the transcript of my talk:
Cloud security is simple, absolutely simple. Stop over complicating it.
Now, I know you’re probably thinking, “Wait a minute, what is this guy talking about? He is just off his rocker.”
Remember, simple doesn’t mean easy. I think we make things way more complicated than they need to be when it comes to securing the cloud, and this makes our lives a lot harder than they need to be. There’s some massive advantages when it comes to security in the cloud. Primarily, I think we can simplify our security approach because of three major reasons.
The first is integrated identity and access management. All three major cloud providers, AWS, Google and Microsoft offer fantastic identity, and access management systems. These are things that security, and [inaudible 00:00:48] professionals have been clamouring for, for decades.
We finally have this ability, we need to take advantage of it.
The second main area is the shared responsibility model. We’ll cover that more in a minute, but it’s an absolutely wonderful tool to understand your mental model, to realize where you need to focus your security efforts, and the third area that simplifies security for us is the universal application of APIs or application programming interfaces.
These give us as security professionals the ability to orchestrate. and automate a huge amount of the grunt work away. These three things add up to, uh, the ability for us to execute a very sophisticated, uh, or very difficult to pull off, uh, security practice, but one that ultimately is actually pretty simple in its approach.
It’s just all the details are hard and we’re going to use these three advantages to make those details simpler. So, let’s take a step back for a second and look at what our goal is.
What is the goal of cybersecurity? That’s not something you hear quite often as a question.
A lot of the time you’ll hear the definition of cybersecurity is, uh, about, uh, securing the confidentiality, integrity, and availability of information or data. The CIA triad, different CIA, but I like to phrase this in a different way. I think the goal is much clearer, and the goal’s much simpler.
It is to make sure that whatever you’re building works as intended and only as intended. Now, you’ll realize you can’t accomplish this goal just as a security team. You need to work with your, uh, developers, you need to work with operations, you need to work with the business units, with the end users of your application as well.
This is a wonderful way of phrasing our goal, and realizing that we’re all in this together to make sure whatever you’re building works as intended, and only as intended.
Now, if we move forward, and we look at who are we up against, who’s preventing our stuff from working, uh, well?
You look at normally, you think of, uh, who’s attacking our systems? Who are the risks? Is it nation states? Is it maybe insider threats? While these are valid threats, they’re really overblown. You’re… don’t have to worry about nation state attacks.
If you’re a nation state, worry about it. If you’re not a nation state, you don’t have to worry about it because frankly, there’s nothing you can do to stop them. You can slow them down a little bit, but by definition, they’re going to get through your resources.
As far as insider attacks, this is an HR problem. Treat your people well. Um, check in with them, and have a strong information management policy in place, and you’re going to reduce this threat naturally. If you go hunting for people, you’re going to create the very threats that you’re looking at.
So, it brings us to the next set. What about cyber criminals? You know, we do have to worry about cyber criminals.
Cyber criminals are targeting systems simply because these systems are online, these are profit motivated criminals who are organized, and have a good set of tools, so we absolutely need to worry about them, but there’s a more insidious or more commonplace, maybe a simpler threat that we need to worry about, and that’s one of mistakes.
The vast majority of issues that happen around data breaches around security vulnerabilities in the cloud are mistake driven. In fact, to the point where I would not even worry about cyber criminals simply because all the work we’re going to do to focus on, uh, preventing mistakes.
And catching, and rectifying the stakes really, really quickly is going to uh, you a cover all the stuff that we would have done to block out cyber criminals as well, so mistakes are very common because people are using a lot more services in the cloud.
You have a lot more, um, parts and moving, uh, complexity in your deployment, um, and you’re going to make a mistake, which is why you need to put automated systems in place to make sure that those mistakes don’t happen, or if they do happen that they’re caught very, very quickly.
This applies to standard DevOps, the philosophies for building. It also applies to security very, very wonderfully, so this is the main thing we’re going to focus on.
So, if we look at that sum up together, we have our goal of making sure whatever we’re building works as intended, and only as intended, and our major issue here, the biggest risk to this is simple mistakes and misconfigurations.
Okay, so we’re not starting from ground zero here. We can learn from others, and the first place we’re going to learn is the shared responsibility model. The shared responsibility applies to all cloud service providers.
If you look on the left hand side of the slide here, you’ll see the traditional on premise model. We roughly have six areas where something has to be done roughly daily, whether it’s patching, maintenance, uh, just operational visibility, monitoring, that kind of thing, and in a traditional on premise environment, you’re responsible for all of it, whether it’s your team, or a team underneath your organization.
Somewhere within your tree, people are on the hook for doing stuff daily. Here when we move into an infrastructure, so getting a virtual machine from a cloud provider right off the bat, half of the responsibilities are pushed away.
That’s a huge, huge win.
And, as we move further and further to the right to more managed service, or staff level services, we have less and less daily responsibilities.
Now, of course, you always still have to verify that the cloud service provider’s doing what they, uh, say they’re doing, which is why certifications and compliance frameworks come into play, uh, but the bottom line is you’re doing less work, so you can focus on fewer areas.
Um, that is, or I should say not less work, but you’re doing, uh, less broad of a work.
So you can have that deeper focus, and of course, you always have to worry about service configuration. You are given knobs and dials to turn to lock things down. You should use them like things like encrypting, uh, all your data at rest.
Most of the time it’s an easy check box, but it’s up to you to check it ‘cause it’s your responsibility.
We also have the idea of an adoption framework, and this applies for Azure, for AWS and for Google, uh, and what they do is they help you map out your business processes.
This is important to security, because it gives you the understanding of where your data is, what’s important to the business, where does it lie, who needs to touch it, and access it and process it.
That also gives us the idea, uh, or the ability to identify the stakeholders, so that we know, uh, you know, who’s concerned about this data, who is, has an investment in this data, and finally it helps to, to deliver an action plan.
The output of all of these frameworks is to deliver an action plan to help you migrate into the cloud and help you to continuously evolve. Well, it’s also a phenomenal map for your security efforts.
You want to prioritize security, this is how you do it. You get it through the adoption framework, understanding what’s important to the business, and that lets you identify critical systems and areas for your security.
Again, we want to keep things simple, right? And, the third, uh, the o- other things we want to look at is the CIS foundations. They have them for AWS, Azure and GCP, um, and these provide a prescriptive guidance.
They’re really, um, a strong baseline, and a checklist of tasks that you can accomplish, um, or take on, on your, uh, take on, on your own, excuse me, uh, in order to, um, you know, basically cover off the really basics is encryption at rest on, um, you know, do I make sure that I don’t have, uh, things needlessly exposed to the internet, that type of thing.
Really fantastic reference point and a starting point for your security practice.
Again, with this idea of keeping things as simple as possible, so when it comes to looking at our security policy, we’ve used the frameworks, um, and the baseline to kind of set up a strong, uh, start to understand, uh, where the business is concerned, and to prioritize.
And, the first question we need to ask ourselves as security practitioners, what happened? If we, if something happens, and we ask what happened?
Do we have the ability to answer this question? So, that starts us off with logging and auditing. This needs to be in place before something happened. Let me just say that again, before something happened, you need [laughs] to be able to have this information in place.
Now, uh, this is really, uh, to ask these key questions of what happened in my account, and who, or what made that thing happen?
So, this starts in the cloud with some basic services. Uh, for AWS it’s cloud trail, for Azure, it’s monitor, and for Google Cloud it used to be called Stackdriver, it is now the Google Cloud operations suite, so these need to be enabled on at full volume.
Don’t worry, you can use some lifecycle rules on the data source to keep your costs low.
But, this gives you that layer, that basic auditing and logging layer, so that you can answer that question of what happened?
So, the next question you want to ask yourself or have the ability to answer is who’s there, right? Who’s doing what in my account? And, that comes down to identity.
We’ve already mentioned this is one of the key pillars of keeping security simple, and getting that highly effective security in your cloud.
[00:09:00] So here you’re answering the questions of who are you, and what are you allowed to do? This is where we get a very simple privilege, uh, or principle in security, which is the principle of least privilege.
You want to give an identity, so whether that’s a user, or a role, or a service, uh, only the privileges they, uh, require that are essential to perform the task that, uh, they are intended to do.
Okay?
So, basically if I need to write a file into a storage, um, folder or a bucket, I should only have the ability to write that file. I don’t need to read it, I don’t need to delete it, I just need to write to it, so only give me that ability.
Remember, that comes back to the other pillar of simple security here of, of key cloud security, is integrated identity.
This is where it really takes off, is that we start to assign very granular access permissions, and don’t worry, we’re going to use the APIs to automate all this stuff, so that it’s not a management headache, but the principle of these privilege is absolutely critical here.
The services you’re going to be using, amazingly, all three cloud providers got in line, and named them the same thing. It’s IAM, identity access management, whether that’s AWS, Azure or Google Cloud.
Now, the next question we’re going to a- ask ourselves are the areas where we’re going to be looking at is really where should I be focusing security controls? Where should I be putting stuff in place?
Because up until now we’ve really talked about leveraging what’s available from the cloud service providers, and you absolutely should available, uh, maximize your usage of their, um, native and primitive, uh, structures primitive as far as base concepts, not as, um, refined.
They’re very advanced controls and, but there are times where you’re going to need to put in your own controls, and these are the areas you’re going to focus on, so you’re going to start with networking, right?
So, in your networking, you’re going to maximize the native structures that are available in the cloud that you’re in, so whether that’s a project structure in Google Cloud, whether that’s a service like transit gateway in AWS, um, and all of them have this idea of a VPC or virtual private cloud or virtual network that is a very strong boundary for you to use.
Remember, most of the time you’re not charged for the creation of those. You have limits in your accounts, but accounts are free, and you can keep adding more, uh, virtual networks. You may be saying, wait a minute, I’m trying to simplify things.
Actually, having multiple virtual networks or virtual private clouds ends up being far simpler because each of them has a task. You go, this application runs in this virtual private cloud, not a big shared one in this specific VPC, and that gives you this wonderfully strong security boundaries, and a very simple way of looking at one VPC, one action, very much the Unix philosophy in play.
Key here though is understanding that while all of the security controls in place for your service provider, um, give you, so, you know, whether it’s VPCs, routing tables, um, uh, access control lists, security groups, all the SDN features that they’ve got in place.
These really help you figure out whether service A or system A is allowed to talk to B, but they don’t tell you what they’re saying.
And, that’s where additional controls called an IPS, or intrusion prevention system come into play, and you may want to look at getting a third party control in to do that, because none of the th- big three cloud providers offer an IPS at this point.
[00:12:00] But that gives you the ability to not just say, “Hey, you’re allowed to talk to each other.” But, to monitor that conversation, to ensure that there’s not malicious code being passed back and forth between systems that nobody’s trying a denial of service attack.
A whole bunch of extra things on there have, so that’s where IPS comes into play in your network defense. Now, we look at compute, right?
We can have compute in various forms, whether that’s in serverless functions, whether that’s in containers, manage containers, whether that’s in traditional virtual machines, but all the principles are the same.
You want to understand where the shared responsibility line is, how much is on your plate, how much is on the CSPs?
You want to understand that you need to harden the EOS, or the service, or both in some cases, make sure that, that’s locked down, so have administrator passwords. Very, very complicated.
Don’t log into these systems, uh, you know, because you want to be fixing things upstream. You want to be fixing things in the build pipeline, not logging into these systems directly, and that’s a huge thing for, uh, systems people to get over, but it’s absolutely essential for security, and you know what?
It’s going to take a while, but there’s some tricks there you can follow with me. You can see, uh, on the slides, uh, at Mark, that is my social everywhere, uh, happy to walk you through the next steps.
This idea of this presentation’s really just the simple basics to start with, to give you that overview of where to focus your time, and, dispel that myth that cloud security is complicating things.
It is a huge path is simplicity, which is a massive lens, or for security.
So, the last area you want to focus here is in data and storage. Whether this is databases, whether this is big blob storage, or, uh, buckets in AWS, it doesn’t really matter the principles, again, all the same.
You want to encrypt your data at rest using the native cloud provided, uh, cloud service provider, uh, features functionality, because most of the time it’s just give it a key address, and give it a checkbox, and you’re good to go.
It’s never been easier to encrypt things, and there is no excuse for it and none of the providers charge extra for, uh, encryption, which is amazing, and you absolutely want to be taking advantage of that, and you want to be as granular as possible with your IAM, uh, and as reasonable, okay?
So, there’s a line here, and a lot of the data stores that are native to the cloud service providers, you can go right down to the data cell level and say, Mark has access, or Mark doesn’t have access to this cell.
That can be highly effective, and maybe right for your use case. It might be too much as well.
But, the nice thing is that you have that option. It’s integrated, it’s pretty straightforward to implement, and then, uh, when we look here, uh, sorry. and then, finally you want to be looking at lifecycle strategies to keep your costs under control.
Um, data really spins out of control when you don’t have to worry about capacity. All of the cloud service providers have some fantastic automations in place.
Basically, just giving you, uh, very simple rules to say, “Okay, after 90 days, move this over to cheaper storage. After 180 days, you know, get rid of it completely, or put it in cold storage.”
Take advantage of those or your bill’s going to spiral out of control, and, and that relates to availability ‘cause uh, uh, and reliability, ‘cause the more you’re spending on that kind of stuff, the less you have to spend on other areas like security and operational efficiency.
So, that brings us to our next big security question. Is this working?
[00:15:00] How do you know if any of this stuff is working? Well, you want to talk about the concept of traceability. Traceability is a, you know, somewhat formal definition, but for me it really comes down to where did this come from, who can access it, and when did they access it?
That ties very closely with the concept of observability. Basically, the ability to look at, uh, closed systems and to infer what’s going on inside based on what’s coming into that system, and what’s leaving that system, really what’s going on.
There’s some great tools here from the service providers. Again, you want to look at, uh, Amazon CloudWatch, uh, Azure Monitor and the Google Cloud operations, uh, suite. Um, and here this leads us to the key, okay?
This is the key to simplifying everything, and I know we’ve covered a ton in this presentation, but I really want you to take a good look at this slide, and again, hit me up, uh, @marknca, happy to answer any questions with, questions afterwards as well here, um, that this will really, really make this simple, and this will really take your security practice to the next level.
If the idea of something happened in your, cloud system, right? In your deployment, there’s a trigger, and then, it either is generating an event or a log.
If you go the bottom row here, you’ve got a log, which you can then react to in a function to deliver some sort of result. That’s the slow-lane on the bottom.
We’re talking minutes here. You also have the top lane where your trigger fires off an event, and then, you react to that with a function, and then, you get a result in the fast lane.
These things happen in seconds, sub-second time. You start to build out your security practice based on this model.
You start automating more and more in these functions, whether it’s, uh, Lambda, whether it’s Cloud Functions, whether it’s Azure Functions, it doesn’t matter.
The CSPs all offer the same core functionality here. This is the critical, critical success metric, is that when you start reacting in the fast lane automatically to things, so if you see that a security event is triggered from like your malware, uh, on your, uh, virtual machine, you can lock that off, and have a new one spin up automatically.
Um, if you’re looking for compliance stuff, the slow lane is the place to go, because it takes minutes.
Reactions happen up top, more, um, stately or more sedate things, so somebody logging into a system is both up top and down low, so up top, if you logged into a VPC or into, um, an instance, or a virtual machine, you’d have a trigger fire off and maybe ask me immediately, “Mark, did you log into the system? Uh, ‘cause you’re, you know, you’re not supposed to be.”
But then I’d respond and say, “Yeah, I, I did log in.” So, immediately you don’t have to respond. It’s not an incident response scenario, but on the bottom track, maybe you’re tracking how many times I’ve logged in.
And after the three or fourth time maybe someone comes by, and has a chat with me, and says, “Hey, do you keep logging into these systems? Can’t you fix it upstream in the deployment, uh, and build a pipeline ‘cause that’s where we need to be moving?”
So, you’ll find this balance, and this concept, I just wanted to get into your heads right now of automating your security practice. If you have a checklist, it should be sitting in a model like this, because it’ll help you, uh, reduce your workload, right?
The idea is to get as much automated possible, and keep things in very clear, and simple boundaries, and what’s more simple than having every security action listed as an automated function, uh, sitting in a code repository somewhere?
[00:18:00] Fantastic approach to modern security practice in the cloud. Very simple, very clear. Yes, difficult to implement. It can be, but it’s an awesome, simple mental model to keep in your head that everything gets automated as a function based on a trigger somewhere.
So, what are the keys to success? What are the keys to keeping this cloud security thing simple? And, hopefully you’ve realized the difference between a simple mental model, and the challenges, uh, in, uh, implementation.
It can be difficult. It’s not easy to implement, but the mental model needs to be kept simple, right? Keep things in their own VPCs, and their own accounts, automate everything. Very, very simple approach. Everything fits into this s- into this structure, so the keys here are remembering the goal.
Make sure that cybersecurity, uh, is making sure that whatever you build works as intended and only as intended. It’s understanding the shared responsibility model, and it’s really looking at, uh, having a plan through cloud adoption frameworks, how to build well, which is a, uh, a concept called the Well-Architected Framework.
It’s specific to AWS, but it’s generic, um, its principles, it can be applied everywhere. We didn’t cover it here, but I’ll put the links, um, in the materials for you, uh, as well as remembering systems over people, right?
Adding the right controls at the right time, uh, and then, finally observing and react. Be vigilant, practice. You’re not going to get this right out of the gates, uh, perfect.
You’re going to have to refine, iterate, and then it’s extremely cloud friendly. That is the cloud model is, get it out there, iterate quickly, but putting the structures in place, you’re not going to make sure that you’re not doing that in an insecure manner.
Thank you very much, uh, here’s a couple of links that’ll help you out before we take some Q&A here, um, trendmicro.com/cloud will get you to the products to learn more. We’re also doing this really cool streaming.
Uh, I host a show called Let’s Talk Cloud. Um, we uh, interview experts, uh, and have a great conversation around, um, what they’re talking about, uh, in the cloud, what they’re working on, and not just around security, but just in building in general.
You can hit that up at trendtalks.fyi. Um, and again, hit me up on social @marknca.
So, we have a couple of questions to kick this off, and you can put more questions in the webinar here, and they will send them along, or answer them in kind if they can.
Um, and that’s really what these are about, is the interaction is getting that, um, to and from. So, the first question that I wanted to tackle is an interesting one, and it’s really that systems over people.
Um, you heard me mention it in the, uh, in the end and the question is really what does that mean systems over people? Isn’t security really about people’s expertise?
And, yes and no, so if you are a SOC analyst, if you are working in a security, uh, role right now, I am really confident saying that 80%, 90% of what you do right now could be delegated out to a system.
So, if you were looking at log lines, and stuff that should be done by systems and bubble up, just the goal for you to investigate to do what people are good at in systems are bad at, so systems mean, uh, you know, putting in, uh, to build pipeline, putting in container scanning in the build pipeline, so that you have to manually scan stuff, right to get rid of the basics. Is that a pen test? 100% no.
Um, but it gets rid of that, hey, you didn’t upgrade to, um, you know, this version of this library.
[00:21:00] That’s all automated, and those, the more systems you get in place, the more you as a security professional, or your security team will be able to focus on where they can really deliver value and frankly, where it’s more interesting work, so that’s what systems over people mean, is basically automate as much as you can to get people doing what people are really good at, and to make sure that the systems catch what we make as mistakes all the time.
If you accidentally try to push an old build out, you know that systems should stop that, if you push a build that hasn’t been checked by that container scanning or by, um, you know, it doesn’t have the appropriate security policy in place.
Systems should catch all that humans shouldn’t have to worry about it at all. That’s systems over processing. You saw that on the, uh, keys to success slide here. I’ll just pull it up. Um, you know, is that, that’s absolutely key.
Another question that we had, uh, was what we didn’t get into here, which was around the Well-Architected Framework. Now, this is a document that was published by AWS, uh, a number of years back, and they’ve kept it going.
They’ve evolved it and essentially it has five pillars. Um, performance, efficiency, uh, op- reliability, security, cost optimization, and operational excellence. Hey, I’ve got all five.
Um, and really [laughs] what that is, is it’s about how to take advantage of these cloud tools.
Now, AWS publishes it, but honestly it applies to Azure, it applies to Google Cloud as well. It’s not service specific. It teaches you how to build in the cloud, and obviously security is one of those big pillars, but it’s… so talking about teaching you how to make those trade offs, how to build an innovation flywheel, so that you have an idea, test it, uh, get the feedback from it, and move forward.
Um, and that’s really, really key. Again, now you should be reading that even if you are an Azure, or GCP customer or, uh, that’s where you’re putting your most of your stuff, because it’s really about the principles, and everything we do, and encourage people to build well, it means that there’s less security issues, right?
Especially we know that the number one problem is mistakes.
That leads to the last question we have here, which is about that, how can I say that cyber criminals, you don’t need to worry about them.
You need to worry about mistakes? That’s a good question. It’s valid, and, um, Trend Micro does a huge amount of research around cyber criminals. I do a whole huge amount of research around cyber criminals.
Uh, my training, by training, and by professional experience. I’m a forensic investigator. This is what I do is take down cyber crimes. Um, but I think mistakes are the number one thing that we deal with in the cloud simply because of the underlying complexity.
I know it’s ironic, and to talk about simplicity, to talk about complexity, but the idea is, um, is that you look at all the major breaches, especially around s3 buckets, those are all m- based on mistake.
There’ve been billions, and billions, and billions of records, and, uh, millions of dollars of damage exposed because of simple mistakes, and that is far more common, uh, than cyber criminals.
And yes, cyber crimes you have [inaudible 00:23:32] worry. You have to worry about them, but everything you’re going to do to fix mistakes, and to put systems in place to stop those mistakes from happening is also going to be for your pr- uh, protection up against cyber criminals, and honestly, if you’re the guy who runs around your organization’s screaming about cyber criminals all the time, you’re far less credible than if you’re saying, “Hey, I want to make sure that we build really, really well, and don’t make mistakes.”
Thank you for taking the time. My name’s Mark Nunnikhoven. I’m the vice president of cloud research at Trend Micro. I’m also an AWS community hero, and I love this stuff. Hit me up on social @marknca. Happy to chat more.
The post Cloud Security Is Simple, Absolutely Simple. appeared first on .
FreshRSS 