CSO Online News
Security Recruiter Directory
Fri, 01 Jul 2022 02:00:00 -0700

Looking for a qualified candidate or new job£ CSO's security recruiter directory is your one-stop shop.

The recruiters listed below can help you find your next chief information security officer (CISO) or VP of security and fill hard-to-hire positions in risk management, security operations, security engineering, compliance, application security, penetration testers, and computer forensics, among many others.

If you're a security recruiting firm, we want your information! Our goal is to provide the most complete recruiter resource available, but to do that we need your assistance. Please send the name, contact info and a few sentences about your company and its specialties to Michael Nadeau.

To read this article in full, please click here

Google Cloud previews advanced new API security features
Thu, 30 Jun 2022 09:51:00 -0700

Google Cloud's API security is getting a facelift, the company announced Thursday— a new Advanced API Security framework will help users identify potential threats, weed out bot traffic and identify data breaches caused by API misconfigurations or attacks.

Advanced API Security is an outgrowth of the company's 2016 acquisition of Apigee, which became part of Google in a $625 million deal. According to Google, the new system allows users to dig more deeply into API traffic to detect unusual patterns, which may be signs of an exploit in progress.

To read this article in full, please click here

How you handle independent contractors may determine your insider threat risk
Thu, 30 Jun 2022 02:00:00 -0700

If one was to build a Venn diagram to compare the onboarding, educating, supervising, and offboarding of staff versus contract workers, the areas differences might offer a surprise. In this case, surprises aren’t what a CISO wants to encounter. Thus, such a diagram as part of their insider risk threat management program highlights the delta between the two types of workers and how they are handled.

The concept of core and context when it comes to separating the duties of the full-time-equivalent workforce into staff and independent contractors has long been an ongoing challenge for every enterprise and small- to medium-sized business. Add to the mix the contracted service offerings -- for example, a managed security service provider -- and entities find themselves handing the keys to the kingdom over to a third party to handle tasks at hand. On top of that, the past two-plus years have caused many an entity to undergo a momentous change to how employees/independent contractors engage, with a noted influx in the remote work option.

To read this article in full, please click here

Key takeaways from CSA’s SaaS Governance Best Practices guide
Thu, 30 Jun 2022 02:00:00 -0700

SaaS governance and security is gaining attention among IT and security leaders. This is good, given that organizations are using exponentially more software-as-a-service (SaaS) than infrastructure-as-a-service (IaaS) offerings. Large enterprises are using upwards of 200 different SaaS offerings, compared to two or three IaaS providers, and only about 30% of organizations have any sort of SaaS security solutions in place.

Despite the pervasive use of SaaS, it is overwhelmingly ungoverned with little insight into use, data storage or access control. That’s why the Cloud Security Alliance (CSA) created the SaaS Governance Best Practices for Cloud Customers whitepaper, for which I was honored to serve as its co-lead. These are some of the key security takeaways from the SaaS governance best practices guidance.

To read this article in full, please click here

SolarWinds creates new software build system in wake of Sunburst attack
Wed, 29 Jun 2022 16:25:00 -0700

SolarWinds became the poster child for attacks on software supply chains last year when a group of threat actors injected malicious code known as Sunburst into the company's software development system. It was subsequently distributed through an upgrade to it Orion product to thousands of government and enterprise customers worldwide.

SolarWinds learned from the experience and has introduced new software development practices and technology to strengthen the integrity of its build environment. It includes what SolarWinds says is the first-of-its-kind “parallel build” process, where the software development takes place through multiple highly secure duplicate paths to establish a basis for integrity checks.

To read this article in full, please click here

Google Cloud gets new built-in security features
Wed, 29 Jun 2022 12:52:00 -0700

Google has announced that Google Cloud users will have access to two new security features, namely native integration with the MITRE ATT&CK threat classification and response framework and baked-in protection against DDoS attacks.

Cloud Armor is Google's brand name for its DDoS mitigation and web application firewall service. It replicates many of the techniques used in traditionally structured DDoS protection systems, including per-client rate limiting, captchas to help weed out bot requests, and machine learning to counteract Layer 7 attacks. MITRE inclusion allows users to map Google Cloud's built-in security controls onto the MITRE ATT&CK rubric of threat classification and response planning, letting users automate certain types of security response.

To read this article in full, please click here

Sysdig Secure update adds ability to stop container attacks at runtime
Wed, 29 Jun 2022 12:36:00 -0700

Container and cloud security company Sysdig has announced a new capability, Drift Control, designed to detect and prevent container attacks at runtime.

Drift Control will function as part of Sysdig Secure, built to detect vulnerabilities in containers. Sysdig Secure is a component in Sysdig's container intelligence platform, which includes several container-oriented security applications.

Aiming to detect, prevent and speed incident response for containers that were modified in production, also known as container drifts, Drift Control offers the ability to close "dangerous security gaps" created due to deviations from the trusted original container.

To read this article in full, please click here

Why more zero-day vulnerabilities are being found in the wild
Wed, 29 Jun 2022 02:00:00 -0700

The number of zero-days exploited in the wild has been high over the past year and a half, with different kinds of actors using them. These vulnerabilities, which are unknown to the software maker, are leveraged by both state-sponsored groups and ransomware gangs.

During the first half of this year, Google Project Zero counted almost 20 zero-days, most of which target products built by Microsoft, Apple and Google, with browsers and operating systems taking up large chunks. In addition, a critical remote code execution vulnerability was found in Atlassian's Confluence Server, which continues to be exploited. But in 2021, the number of in-the-wild zero-days was even higher. Project Zero found 58 vulnerabilities, while Mandiant detected 80--more than double compared to 2020.

To read this article in full, please click here

How and why threat actors target Microsoft Active Directory
Wed, 29 Jun 2022 02:00:00 -0700

Microsoft Active Directory debuted 22 years ago. In computer age, that’s old technology. Threat actors like old technology because it often has legacy code or processes that are not secured to modern standards or organizations have not kept up with patches and recommended settings.

Derek Melber, chief technology and security strategist for Tenable, discussed Active Directory risks at this year’s RSA conference. Attackers target domains. If they see a device joined to Active Directory, they will continue with the attack. If they don’t see a domain-joined machine, they will go on to another workstation. Below are some examples of how attackers can exploit legacy Active Directory vulnerabilities

To read this article in full, please click here

Russian DDoS attack on Lithuania was planned on Telegram, Flashpoint says
Tue, 28 Jun 2022 08:47:00 -0700

Cyberattacks on the Lithuanian government and private institutions conducted by  the Russian cybercollective Killnet, and the group's possible collaboration with the Conti hacking gang, were shared on the Telegram messaging service ahead of a major DDoS (distributed denial of service) attack Monday, according to cybersecurity company Flashpoint.

Multiple attacks on Lithuanian entities have been claimed by Killnet on its Telegram channel "WE ARE KILLNET," in response to Lithuania's June 18 restrictions of trade routes with Russia.

A Flashpoint blog post confirms that Killnet warned about the attacks on the Telegram channel, highlighting the cloud-based instant messaging platform's use as a popular communication channel for threat actors.

To read this article in full, please click here

Microsoft's Defending Ukraine report offers fresh details on digital conflict and disinformation
Tue, 28 Jun 2022 05:00:00 -0700

Last week Microsoft published an in-depth examination of the early cyber lessons learned from the war in Ukraine, offering fresh insight into the scope of Russia's malicious digital activities and new details about the sophisticated and widespread Russian foreign influence operations surrounding the war. Microsoft has been uniquely positioned to observe the digital landscape in Ukraine since Russia invaded on February 24 and even before then.

To read this article in full, please click here

Russia-China cybercriminal collaboration could “destabilize” international order
Tue, 28 Jun 2022 02:00:00 -0700

In a riff on the “Field of Dreams” theme, Russian cybercriminals continue to court their Chinese counterparts in hopes of forming mutually beneficial avenues of collaboration and are finding the Chinese to be a tough date. The latest peek into this engagement of Russia-China “frenemies” comes to us from Cybersixgill and its The Bear and The Dragon analysis of the two communities.

Russian cybercriminals motivated by money, Chinese by knowledge

The Cybersixgill findings have the two cybercriminal communities colliding and attempting to form what appears to be a “fledgling alliance.” This is a step above where the situation stood in November 2021, when Flashpoint Intelligence connected the dots between Chinese and Russian threat actors.

To read this article in full, please click here

Adversarial machine learning explained: How attackers disrupt AI and ML systems
Tue, 28 Jun 2022 02:00:00 -0700

As more companies roll out artificial intelligence (AI) and machine learning (ML) projects, securing them becomes more important. A report released by IBM and Morning Consult in May stated that of more than 7,500 global businesses, 35% of companies are already using AI, up 13% from last year, while another 42% are exploring it. However, almost 20% of companies say that they were having difficulties securing data and that it is slowing down AI adoption.

In a survey conducted last spring by Gartner, security concerns were a top obstacle to adopting AI, tied for first place with the complexity of integrating AI solutions into existing infrastructure.

To read this article in full, please click here

How Visa fights fraud
Tue, 28 Jun 2022 02:00:00 -0700

For Visa, successful fraud detection must happen in mere milliseconds.

Its Visa Advanced Authorization (VAA) scoring service, one of the company’s most prominent offerings, uses artificial intelligence and machine learning techniques to score the likelihood that a transaction in progress is fraudulent.

It does so in just 300 milliseconds, allowing customers and merchants alike to transact with confidence in real time.

VAA does its job extremely well, too, with the company reporting that VAA prevented $26 billion in fraud on its network in 2021 alone.

Figures like that, says Visa Chief Risk Data Officer Dustin White, prove that the company’s investments in advanced analytics, machine learning, and AI enables “the safe, reliable and fast movement of money between entities that’s powering today’s global economy.”

To read this article in full, please click here

Security startup Cerby debuts with platform to manage shadow IT
Mon, 27 Jun 2022 11:14:00 -0700

Security automation startup Cerby is exiting stealth mode with the public launch of a security platform designed to help companies deal with shadow IT—information technology products that are used by staff without prior approval or knowledge of IT decision makers.

Such products are either selected and onboarded by business units other than the IT department, and may not support industry standards like SAML (security assertion markup language) and SCIM (system for cross-domain identity management) for logging and exchanging identity data.

To read this article in full, please click here

5 years after NotPetya: Lessons learned
Mon, 27 Jun 2022 02:00:00 -0700

On June 27, 2017, the eve of Ukraine’s Constitution Day holiday, a major global cyberattack was launched, infecting more than 80 companies in that country using a brand-new cyber pathogen that became known as NotPetya. NotPetya didn't stay within Ukraine's borders but spilled out to infect and cause havoc for thousands of organizations across Europe and worldwide.

NotPetya was so named because it was similar to but different from Petya, a self-propagating ransomware virus discovered in 2016 that, unlike other nascent forms of ransomware at the time, was incapable of being decrypted. In another departure from the earlier forms of ransomware, Petya also overwrote and encrypted master boot records and was, therefore, considered more a form of wiper malware than bona fide ransomware.

To read this article in full, please click here

The strange business of cybercrime
Mon, 27 Jun 2022 02:00:00 -0700

The old hacker stereotype—the antisocial lone wolf with coding skills—has been eclipsed by something far stranger: the cybercrime enterprise.  This mutant business model has grown exponentially, with annual cybercrime revenues reaching $1.5 trillion, according to a 2018 study by endpoint security provider Bromium.

The sophistication of cybercrime operations underpins this scale of damage.  The only explanation is that profit motive is fueling an engine that has driven the creation of effective organizations.  But these organizations are curiously subject to many of the vicissitudes of normal business. 

To read this article in full, please click here

Mitek launches MiVIP platform to fight identity theft
Fri, 24 Jun 2022 10:49:00 -0700

A new easy-to-deploy identity platform was announced this week to help address growing concerns about identity theft. The Mitek Verified Identity Platform (MiVIP) melds the company's mobile technologies with those of its recent acquisitions to give its customers flexible control over their consumers' experiences.

With MiVIP, customers have the ability to orchestrate the full range of authentication technologies offered by Mitek, including biometrics, geolocation, politically exposed persons (PEPS) and sanctions, and bureau checks. Those technologies, together with those from recent acquisitions HooYu and ID R&D, enable MiVIP to address the security of the entire transaction lifecycle, according to Mitek.

To read this article in full, please click here

Italian spyware firm is hacking into iOS and Android devices, Google says
Fri, 24 Jun 2022 08:51:00 -0700
RCS Lab spyware uses known exploits to install harmful payloads and steal private user data, according to a Google report.
5 social engineering assumptions that are wrong
Fri, 24 Jun 2022 05:11:00 -0700

Social engineering is involved in the vast majority of cyberattacks, but a new report from Proofpoint has revealed five common social engineering assumptions that are not only wrong but are repeatedly subverted by malicious actors in their attacks.

Commenting on the report’s findings, Sherrod DeGrippo, Proofpoint’s vice president threat research and detection, stated that the vendor has attempted to debunk faulty assumptions made by organizations and security teams so they can better protect employees against cybercrime. “Despite defenders’ best efforts, cybercriminals continue to defraud, extort and ransom companies for billions of dollars annually. Security-focused decision makers have prioritized bolstering defenses around physical and cloud-based infrastructure, which has led to human beings becoming the most relied upon entry point for compromise. As a result, a wide array of content and techniques continue to be developed to exploit human behaviors and interests.”

To read this article in full, please click here

Security startups to watch for 2022
Fri, 24 Jun 2022 02:00:00 -0700

The problems cybersecurity startups attempt to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Startups can often innovative faster because they are unfettered by an installed base.

The downside, of course, is that startups often lack resources and maturity. It’s a risk for a company to commit to a startup’s product or platform, and it requires a different kind of customer/vendor relationship. The rewards, however, can be huge if it gives that company a competitive advantage or reduces stress on security resources.

To read this article in full, please click here

Open-source software risks persist, according to new reports
Thu, 23 Jun 2022 13:48:00 -0700

Open-source software (OSS) has become a mainstay of most applications, but it has also created security challenges for developers and security teams, challenges that may be overcome by the growing "shift left" movement, according to two studies released this week.

More than four out of five organizations (41%) don't have high confidence in their open-source security, researchers at Snyk, a developer security company, and The Linux Foundation reveal in their The State of Open Source Security report.

It also notes that the time to fix vulnerabilities in open-source projects has steadily increased over the last three years, more than doubling from 49 days in 2018 to 110 days in 2021.

To read this article in full, please click here

Kaseya closes $6.2 billion Datto deal, vows to cut prices
Thu, 23 Jun 2022 11:36:00 -0700

Kaseya, a maker of IT service and security management software, announced Thursday that it had finalized its $6.2 billion acquisition of cybersecurity company Datto, promising tight integration between the two companies' products and lower pricing for customers.

The deal's closure marks the third high-profile acquisition for Kaseya in the past 18 months, as the company acquired security threat response company Infocyte in January, and threat detection company BitDam in March 2021. A total of 12 acquisitions have been completed by Kaseya under CEO Fred Voccola.

The company's public messaging about the Datto deal emphasized impending price cuts—an average of 10% across the board, according to Kaseya. Some products are expected to remain at the same price point, while others will drop significantly more, Kaseya said. Datto will continue to operate as an independent brand, Kaseya added.

To read this article in full, please click here

Cisco reports vulnerabilities in products including email and web manager
Thu, 23 Jun 2022 11:08:00 -0700

Cisco has issued alerts for a vulnerability found in its email security and web management products that could allow an authenticated remote actor to retrieve sensitive information from an affected device.

An advisory issued by Cisco this week outlined that the vulnerability—detected in the web management interface of Cisco Secure Email and Web Manager, known formerly as Cisco Security Management Appliance (CSMA), and Cisco Email Security Appliance (ESA)—allows an authenticated actor to extract sensitive information through a Lightweight Directory Access Protocol (LDAP) server connected to the affected device.

This vulnerability is due to a design oversight in the querying process, according to Cisco. LDAP is an external authentication protocol for accessing and maintaining distributed directory information services on the public internet or corporate intranet.

To read this article in full, please click here

Palo Alto adds out-of-band web application security features to Prisma Cloud
Thu, 23 Jun 2022 05:15:00 -0700

Palo Alto Networks has announced updates to its Prisma Cloud platform with new out-of-band web application and API security (WAAS) features, along with new application visibility capabilities. The vendor said the updates are designed to help organizations monitor and secure web applications without impacting performance. The move comes as businesses continue to expand their use of cloud environments and face demands in managing the complexity of cloud migration, securing applications across their lifecycle, and preventing web application attacks.

Prisma Cloud updates introduce “novel approach” to web application security

In a press release, Palo Alto stated that the latest Prisma Cloud version offers a novel approach to securing web applications and cloud environments that combines both inline and out-of-band methods. Until now, a primary approach to securing web applications has been to deploy inline web application firewalls (WAFs), but some organizations are reluctant to introduce WAFs or API security solutions inline to protect business-critical or sensitive applications due to performance and scalability concerns, the vendor said.

To read this article in full, please click here

U.S. data privacy and security solutions emerging at the federal level
Thu, 23 Jun 2022 02:00:00 -0700

Although a handful of U.S. states have enacted strict privacy laws, the United States still lacks a comprehensive federal privacy statute, a vacuum that has fueled what many observers argue is a culture of “surveillance capitalism.” The lack of a national privacy law looms particularly large now as the Supreme Court seems poised to overturn its landmark abortion decision Roe v. Wade, which is likely to accelerate private data hunting expeditions by prosecutors and law enforcement in nearly 30 U.S. states.

To read this article in full, please click here

MITRE's Inside-R Protect goes deep into the behavior side of insider threats
Thu, 23 Jun 2022 02:00:00 -0700

Insider threat and risk management programs are the Achilles heel of every corporate and information security program, as many a CISO can attest to. The MITRE Inside-R Protect program is the organization’s latest initiative to assist both public and private sector efforts in addressing the insider threat. The Inside-R program’s bar for success is high. The focus of Inside-R is on evolving analytic capabilities focused on the behavior of the insider. To that end, MITRE invites the participation of government and private organizations to provide their historical insider incident data to the organization’s corpora of information from which findings are derived.

To read this article in full, please click here

Dozens of insecure-by-design flaws found in OT products
Wed, 22 Jun 2022 13:56:00 -0700

A new research project has uncovered 56 vulnerabilities in operational technology (OT) devices from 10 different vendors, all of which stem from insecurely designed or implemented functionality rather than programming errors. This highlights that despite the increased attention this type of critical devices have received over the past decade from both security researchers and malicious attackers, the industry is still not following fundamental secure-by-design principles.

"Exploiting these vulnerabilities, attackers with network access to a target device could remotely execute code, change the logic, files or firmware of OT devices, bypass authentication, compromise credentials, cause denials of service or have a variety of operational impacts," researchers from security firm Forescout said in their new report.

To read this article in full, please click here

Microsoft includes IoT devices under its Secured-core program
Wed, 22 Jun 2022 08:00:00 -0700

Addressing security concerns associated with the growing momentum for edge computing, Microsoft is making its Edge Secured-core program for Windows-based IoT devices generally available.

Added as a new certification under the Azure Certified Device program, Edge Secured-core is for IoT devices running a full operating system, such as Windows 10 IoT or Linux. While support for Windows 10 IoT is generally available, it is still in preview for Linux.

To read this article in full, please click here

How the Secure Software Factory Reference Architecture protects the software supply chain
Wed, 22 Jun 2022 02:00:00 -0700

The term “factory” related to software production might seem bizarre. Most still associate it with the collection, manipulation and manufacturing of hard materials such as steel, automobiles or consumer electronics. However, software is produced in a factory construct as well. “Software factory” generally refers to the collection of tools, assets and processes required to produce software in an efficient, repeatable and secure manner.

The software factory concept has taken hold in both the public and private sector, being recognized by organizations such as MITRE and VMware. The U.S. Department of Defense (DoD) has a robust ecosystem of at least 29 software factories, most notably Kessel Run and Platform One. Given the concern over software vulnerability, particularly in the software supply chain, it’s important to execute the software factory approach in a secure manner.

To read this article in full, please click here

Feed Fetched by RSS Dog.