CSO Online News
Detecting anomalies with TLS fingerprints could pinpoint supply chain compromises
Thu, 21 Oct 2021 02:00:00 -0700

Intrusions where hackers compromise the infrastructure of software developers and Trojanize their legitimate updates are hard to detect by users of the impacted software products, as highlighted by multiple incidents over the past several years. Researchers agree there is no silver bullet solution, but network defenders can use a combination of techniques to detect subtle changes in how critical software and the systems it's deployed on behave.

Researchers from security analytics firm Splunk have recently analyzed several such techniques that rely on building unique fingerprints to identify which software applications establish HTTPS connections. The premise is that malware programs, regardless of how they're delivered, often come with their own TLS libraries or TLS configuration and their HTTPS handshakes would be identifiable in traffic logs when compared to TLS client hashes of pre-approved applications.

To read this article in full, please click here

Kraft Heinz dishes up security transformation
Thu, 21 Oct 2021 02:00:00 -0700

Ricardo Lafosse walked into the CISO post at Kraft Heinz Co. in February 2020 with a mission to modernize. And he had a plan.

Lafosse envisioned transforming the company’s security program through a four-pillared initiative focused on visibility, team structure, innovation, and lifecycle. When taken all together, this initiative sought to reinvent the way the company manages, operates, and perceives the security function.

“I’m known for challenging the status quo,” he says. “So, coming in after conversations [with the executive team], I had the sense of the organization, where the business as a whole was heading, and what changes they were looking for. Then, after assessing the program, I had a better idea of where the program needed to go, how to flip the whole program upside-down and be a catalyst for change.”

To read this article in full, please click here

What is Magecart£ How this hacker group steals payment card data
Thu, 21 Oct 2021 02:00:00 -0700

Magecart definition

Magecart is a consortium of malicious hacker groups who target online shopping cart systems, usually the Magento system, to steal customer payment card information. This is known as a supply chain attack. The idea behind these attacks is to compromise a third-party piece of software from a VAR or systems integrator or infect an industrial process unbeknownst to IT.

New Windows browser security options and guidance: What you need to know
Wed, 20 Oct 2021 02:00:00 -0700

As we move cloud computing, your browser is your operating system. While we tend to hold back in business patching to ensure there are no side effects, it can be dangerous to tak that approach with browser patching. Case in point: Google acknowledged the twelfth and thirteenth Chrome zero-day attacks in a recent blog post. Because Edge is built on the Chrome platform, you should consider how each targeted zero day in Chrome impacts the Edge browser.

To read this article in full, please click here

(ISC)2 pilots new entry-level cybersecurity certification to tackle workforce shortages
Wed, 20 Oct 2021 02:00:00 -0700

Global cybersecurity membership association (ISC)2 has announced plans to pilot a new entry-level cybersecurity certification to validate the fundamental skills and abilities necessary for entry-level positions. Aimed at addressing cybersecurity workforce shortages, the new certification will provide employers means to verify new entrants’ knowledge of foundational cybersecurity concepts and essential best practices, along with supporting industry newcomers with clear and attainable career pathways into the field.

The new qualification will also provide more clarity for candidates who aspire to obtain the CISSP credential. “This approach underlines our commitment to making cybersecurity a more accessible, inclusive, and diverse profession,” commented Dr. Casey Marks, chief qualifications officer, (ISC)2. “This certification will give employers the confidence that newer entrants into the sector have a solid grasp of the right technical, ethical, and operational practices on which to build and learn.”

To read this article in full, please click here

SSRF attacks explained and how to defend against them
Wed, 20 Oct 2021 02:00:00 -0700

SSRF attack definition

Server-side request forgery (SSRF) attacks consist of an attacker tricking the server into making an unauthorized request. The name itself implies that a request that should have otherwise been made by the server has been forged by the attacker.

SSRF attacks are far more dangerous than cross-site request forgery (CSRF) attacks. That’s because, in a way, CSRF attacks involve an attacker hijacking a user’s web browser and performing unauthorized actions on the user’s behalf. During an active CSRF exploit, the malicious activity triggers from the client-side, and it is typically the individual user or their assets being targeted. Of course, CSRF attacks become dangerous when the targeted user has administrator privileges to the web application—in such a case the entire application could be compromised.

To read this article in full, please click here

8 top multifactor authentication products and how to choose an MFA solution
Tue, 19 Oct 2021 02:00:00 -0700

Today’s credential-based attacks are much more sophisticated. Whether it’s advanced phishing techniques, credential stuffing, or even credentials compromised through social engineering or breaches of a third-party service, credentials are easily the most vulnerable point in defending corporate systems. All these attacks key on traditional credentials, usernames and passwords, which are past their expiration date as a legitimate security measure. An obvious way forward in enhancing access security is multifactor authentication (MFA).

White House international ransomware initiative outlines hopes and challenges
Mon, 18 Oct 2021 06:09:00 -0700

The White House’s Counter-Ransomware Initiative event, facilitated by the National Security Council (NSC), concluded two days of public-facing and closed-door sessions. Present were ministers and representatives from more than 30 countries and the European Union.

Microsoft's very bad year for security: A timeline
Mon, 18 Oct 2021 02:00:00 -0700

So far, 2021 has proved to be somewhat of a security annus horribilis for tech giant Microsoft, with numerous vulnerabilities impacting several of its leading services, including Active Directory, Exchange, and Azure. Microsoft is no stranger to being targeted by attackers seeking to exploit known and zero-day vulnerabilities, but the rate and scale of the incidents it has faced since early March has put the tech giant on its back foot for at least a moment or two.

6 zero trust myths and misconceptions
Mon, 18 Oct 2021 02:00:00 -0700

Interest in zero trust is surging, according to IDG’s 2020 Security Priorities Study, with 40% of survey respondents saying they are actively researching zero trust technologies, up from only 11% in 2019, and 18% of organizations indicating they already have zero trust solutions, more than double the 8% in 2018. Another 23% of respondents plan to deploy zero trust in the next 12 months.

But Forrester analyst Steve Turner notes that in his recent conversations with enterprise clients, a good 50%-70% completely misunderstand the basic concepts and principles of zero trust “because the marketing hype has taken over.”

Top cybersecurity M&A deals for 2021
Fri, 15 Oct 2021 02:00:00 -0700

2021 is shaping up to be an active year for mergers and acquisitions in the cybersecurity industry. March alone saw more than 40 firms being acquired. The level of activity is driven by growth in sectors such as identity management, zero trust, managed security services, DevSecOps and cloud security.

In many cases, the acquiring company sought to strengthen its position in its market—Okta’s purchase of Auth0, for example. In others, the acquisition was an entry into a new market; Lookout is now a player in the secure access service edge (SASE) market with the acquisition of CipherCloud. Some used the newly acquired company to expand product capabilities, like Palo Alto Networks boosting its Prisma Cloud platform with cloud security technology from Bridgecrew.

To read this article in full, please click here

How shape-shifting threat actors complicate attack attribution
Thu, 14 Oct 2021 02:00:00 -0700

The already difficult task of attributing a cybersecurity attack to a particular threat actor is made harder by the shape-shifting nature of threat groups. Despite the best efforts of researchers, some attackers may never be identified.

At last week's VB2021 conference, cybersecurity analysts and researchers walked through the breadcrumbs they followed to identify the malicious actors behind the Colonial Pipeline, Sony Pictures, and Iran railway system attacks. These examples show why attribution is complicated and sometimes impossible.

To read this article in full, please click here

REvil ransomware explained: A widespread extortion operation
Thu, 14 Oct 2021 02:00:00 -0700

REvil is a ransomware-as-a-service (RaaS) operation that has extorted large amounts of money from organizations worldwide over the past year. Its name stands for Ransomware Evil and was inspired by the Resident Evil movie series. According to recent reports from security firms, it is the most widespread ransomware threat and the group behind it doubles down on its extortion efforts by also stealing business data and threatening to release it.

Chinese APT group IronHusky exploits zero-day Windows Server privilege escalation
Wed, 13 Oct 2021 21:01:00 -0700

One of the vulnerabilities patched by Microsoft Tuesday has been exploited by a Chinese cyberespionage group since at least August. The attack campaigns targeted IT companies, defense contractors and diplomatic entities.

According to researchers from Kaspersky Lab, the malware deployed with the exploit and its command-and-control infrastructure point to a connection with a known Chinese APT group tracked as IronHusky that has been operating since 2017, but also with other China-based APT activity going back to 2012.

To read this article in full, please click here

Google forms Cybersecurity Action Team to support customer security transformation
Wed, 13 Oct 2021 10:38:00 -0700

Google has announced the formation of a cybersecurity action team to provide support to governments, critical infrastructure, enterprises, and small businesses. The Google Cybersecurity Action Team will consist of cybersecurity experts from across the organization and will guide customers through the cycle of security and digital transformation.

AT&T launches managed XDR suite to provide endpoint-to-cloud security
Wed, 13 Oct 2021 10:34:00 -0700

AT&T has launched a cloud-based, managed XDR (extended detection and response) offering designed to provide automated and orchestrated malware prevention, threat detection and continuous security monitoring of endpoint, network and cloud assets to help organizations detect and recover from security threats at scale.

The AT&T Managed XDR suite of security software is built on existing offerings including the company's USM Anywhere SaaS security monitoring application; machine-learning based threat intelligence from AT&T's Alien Labs; AT&T Managed Endpoint Security, which incorporates software from AT&T partner Sentinel One; and AT&T Managed Threat Detection & Response software.

To read this article in full, please click here

Northwestern Mutual’s Laura Deaner: Resist the urge to solve stuff fast
Wed, 13 Oct 2021 02:00:00 -0700

When Laura Deaner speaks about the CISO’s mission, she doesn’t talk about preventing breaches and detecting intruders.

Rather, she gives her top task as enabling the long-term business strategy, an objective the CISO delivers by engendering in customers a high level of trust in the company’s ability to keep them safe and their data private.

“My job, and that of the security team, is to protect our clients and maintain their trust by delivering world-class and innovative cybersecurity and risk management services,” she says.

To read this article in full, please click here

Twitch breach highlights dangers of choosing ease of access over security
Wed, 13 Oct 2021 02:00:00 -0700

No company wants to see its crown jewels exposed to the elements, yet this is what happened to the Amazon-owned online streaming platform Twitch on October 6 when 125GB of its data was posted on 4Chan.

Twitch, via a Tweet, acknowledged the breach, “We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.” In an October 6 blog post, the company blamed “an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.” Thus, Twitch pointed the finger for the posting of the 125GB of sensitive internal information to an external third party and not toward a malevolent insider.

To read this article in full, please click here

Time to check software and security settings for Windows network vulnerabilities
Wed, 13 Oct 2021 02:00:00 -0700
October is high season for cyberattacks, Infosec Institute study shows
Tue, 12 Oct 2021 10:41:00 -0700

There has been an exponential increase in cyberattacks around the globe in the last five years and a major chunk of it happened in October each year, according to a study by Infosec Institute.

A similar offensive appears to be building up this month, judging from the study's projections for an "October surprise" as well as observations of cyberattacks that have occurred so far.

The study underscores that the attacks that have occurred in the month of October in the past five years have been traced back to mainly five offending entities — Russia, China, North Korea, Iran, and a catchall grouping termed anonymous. The anonymous grouping is used to refer to  unclaimed attacks with unknown assailants and could not be linked to any offending parties or nations. 

To read this article in full, please click here

Securing the edge: 4 trends to watch
Tue, 12 Oct 2021 02:00:00 -0700

The COVID-19 pandemic and the disruption to workplace and operational environments that it triggered have accentuated and, in some cases, exacerbated some of the security concerns around edge computing.

Edge computing is a model where organizations, instead of relying solely on centralized datacenters, distribute processing and storage capacities closer to where the data is generated—IoT devices for instance—and to the users and applications consuming the data.

SAML explained: How this open standard enables single sign on
Tue, 12 Oct 2021 02:00:00 -0700

What is SAML£

The Security Assertion Markup Language (SAML) is an open standard that allows security credentials to be shared by multiple computers across a network. It describes a framework that allows one computer to perform some security functions on behalf of one or more other computers:

  • Authentication: Determining that the users are who they claim to be
  • Authorization: Determining if users have the right to access certain systems or content

Strictly speaking, SAML refers to the XML variant language used to encode all this information, but the term can also cover various protocol messages and profiles that make up part of the standard.

To read this article in full, please click here

6 ways the pandemic has triggered long-term security changes
Mon, 11 Oct 2021 02:00:00 -0700

Some of the changes to IT environments prompted by the COVID-19 pandemic—primarily work-from-home (WFH) and cloud adoption—are here to stay and will require long-term revisions to enterprise cybersecurity strategies.

The often hasty measures that many organizations have deployed to ensure that remote workers can securely access enterprise data will need to be replaced or strengthened with controls that can address the requirements of a post-pandemic world, security experts say. There will be a need for capabilities that enable better visibility, control, and management of IT infrastructures where data is scattered across on-premises and cloud environments and users access it from both managed and unmanaged networks and devices.

To read this article in full, please click here

7 VPN alternatives for securing remote network access
Mon, 11 Oct 2021 02:00:00 -0700

Once the staple for securing employees working remotely, VPNs were designed to provide secure access to corporate data and systems for a small percentage of a workforce while the majority worked within traditional office confines. The move to mass remote working brought about by COVID-19 in early 2020 changed things dramatically. Since then, it has become the norm for large numbers of employees to regularly work from home, with many only going to the office sporadically (if at all).

The CSO guide to top security conferences, 2021
Fri, 08 Oct 2021 02:00:00 -0700

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts.

Fortunately, plenty of great conferences are coming up in the months ahead.

If keeping abreast of security trends and evolving threats is critical to your job — and we know it is — then attending some top-notch security conferences is on your must-do list for 2021 and 2022.

From major events to those that are more narrowly focused, this list from the editors of CSO, will help you find the security conferences that matter the most to you.

To read this article in full, please click here

TSA to issue cybersecurity requirements for US rail, aviation sectors
Thu, 07 Oct 2021 04:50:00 -0700
Top cybersecurity statistics, trends, and facts
Thu, 07 Oct 2021 02:00:00 -0700

2021 has been a banner year for cybercriminals, they have taken advantage of the COVID-19 pandemic and the increase in remote work, attacking both technical and social vulnerabilities. This historic increase in cybercrime resulted in everything from financial fraud involving CARES Act stimulus funds and Paycheck Protection Program (PPP) loans to a spike in phishing schemes and bot traffic. Piled on top of that is a growing wave of ransomware and software supply chain attacks. 

FSU’s university-wide resiliency program focuses on doing the basics better
Thu, 07 Oct 2021 02:00:00 -0700

Florida State University CISO Bill Hunkapiller wouldn’t let Covid derail his plans to improve the university’s resiliency capabilities.

Hunkapiller started devising Seminole Secure, a four-part program designed to boost FSU’s disaster preparedness and response, just before the pandemic hit. He refined his plans through 2020 and then, this year, implemented its wide-reaching recommendations to ensure his institution could handle even better whatever emergency came next.

“Not the best time to roll this out,” he says. On the other hand, he admits that Covid demonstrated why a robust plan is so critical to have in place. “We had always tied disaster recovery to hurricane season, but a pandemic is also one of those risks and threats we need to be ready for.”

To read this article in full, please click here

Iranian APT targets aerospace and telecom firms with stealthy ShellClient Trojan
Wed, 06 Oct 2021 03:00:00 -0700

Security researchers have uncovered cyberespionage operations by an Iran-based hacker group targeting aerospace and telecom firms with a previously undocumented stealthy Trojan program that's been in use since 2018. Security firm Cybereason has dubbed the campaign Operation GhostShell and said it targeted primarily companies in the Middle East, but also in the US, Europe and Russia. The goal of the attacks is the theft of information about the victims' infrastructure, technology and critical assets.

Microsoft Exchange Emergency Mitigation: What admins need to know
Wed, 06 Oct 2021 02:00:00 -0700

If you are still running and patching an on-premises Exchange server, you need to opt into a major protection that Microsoft is rolling out to its customers. Microsoft has rolled out a new feature called Microsoft Exchange Emergency Mitigation (EM) service. It is included in the September 2021 Cumulative Update and is not a replacement for patching. Rather, it provides better protections for on-premises Exchange servers.

The recent zero-day attacks on Exchange showed that many firms weren’t up to date in patching and Microsoft realized that many were behind in updating. Microsoft quickly released an Exchange On-premises Mitigation Tool (EOMT) along with automatic mitigation included in Microsoft Defender Antivirus and System Center endpoint protection. As they noted, “The EOMT is a one-click tool that applies interim mitigations to an Exchange server to proactively minimize vulnerable attack surfaces until the admin can install an available SU. This was our recommended approach for Exchange deployments with internet access and for those who needed to quickly mitigate their risk while they prepared to update their servers.”

To read this article in full, please click here

Feed Fetched by RSS Dog.