New Magnet Forensics app automates, coordinates cybersecurity response

Read Time:39 Second

A slow response to a data breach or other cybersecurity incident can cost companies time and money, as well as damage to their reputation. To help companies accelerate their response to cybersecurity incidents, Magnet Forensics is offering a new application, Magnet Automate Enterprise, designed to automatically trigger investigations into security breaches and synchronize incident detection and response tasks by third party tools.

Magnet Forensics has a track record for developing investigation software for the processing of evidence from computers, mobile devices, IoT devices and cloud services, and has had a strong user base among law enforcement and government agencies. The new software is geared specifically for enterprises, allowing them to recover evidence of security incidents from corporate networks and remote endpoints.

To read this article in full, please click here

Read More

Major SAP vulnerability requires urgent patch to prevent HTTP request smuggling attacks

Read Time:28 Second

Security researchers, enterprise software maker SAP, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued warnings over a critical vulnerability affecting Internet Communication Manager (ICM), a core component of SAP business applications that enables HTTPS communications. Tracked as CVE-2022-22536, the vulnerability allows attackers to use malformed packets to trick SAP servers into exposing sensitive data without needing to authenticate, according to Onapsis Research Labs. A security patch is available and organizations are urged to update as soon as possible.

To read this article in full, please click here

Read More

On the Irish Health Services Executive Hack

Read Time:1 Minute, 33 Second

A detailed report of the 2021 ransomware attack against Ireland’s Health Services Executive lists some really bad security practices:

The report notes that:

The HSE did not have a Chief Information Security Officer (CISO) or a “single responsible owner for cybersecurity at either senior executive or management level to provide leadership and direction.
It had no documented cyber incident response runbooks or IT recovery plans (apart from documented AD recovery plans) for recovering from a wide-scale ransomware event.
Under-resourced Information Security Managers were not performing their business as usual role (including a NIST-based cybersecurity review of systems) but were working on evaluating security controls for the COVID-19 vaccination system. Antivirus software triggered numerous alerts after detecting Cobalt Strike activity but these were not escalated. (The antivirus server was later encrypted in the attack).
There was no security monitoring capability that was able to effectively detect, investigate and respond to security alerts across HSE’s IT environment or the wider National Healthcare Network (NHN).
There was a lack of effective patching (updates, bug fixes etc.) across the IT estate and reliance was placed on a single antivirus product that was not monitored or effectively maintained with updates across the estate. (The initial workstation attacked had not had antivirus signatures updated for over a year.)
Over 30,000 machines were running Windows 7 (out of support since January 2020).
The initial breach came after a HSE staff member interacted with a malicious Microsoft Office Excel file attached to a phishing email; numerous subsequent alerts were not effectively investigated.

PwC’s crisp list of recommendations in the wake of the incident ­ as well as detail on the business impact of the HSE ransomware attack ­ may prove highly useful guidance on best practice for IT professionals looking to set up a security programme and get it funded.

Read More

Look for attack surface management to go mainstream in 2022

Read Time:35 Second

Attack surface management (ASM) is a somewhat confusing topic that starts with a fundamental question: What exactly is the attack surface?  In reality, it’s everything—internal assets, external corporate assets, third-party assets, people, everything.  That said, the emerging attack surface management category focuses on internet-facing assets alone.  Hmm, just another day in the perplexing cybersecurity realm.

Now, just because attack surface management tools track only internet-facing assets doesn’t make ASM easy. Large organization often have thousands, tens of thousands, or more internet-facing assets, including websites, sensitive data, employee credentials, cloud workloads, S3 buckets, source code fragments, SSL certificates, and so on. 

To read this article in full, please click here

Read More