Embracing change and collaboration are key to government-backed DSbD initiative, which aims to transform UK’s approach to cybersecurity
Daily Archives: March 8, 2022
Critical flaws in APC uninterruptible power supplies poses risks to mission-critical devices
Security researchers have found several vulnerabilities affecting many models of APC Smart-UPS uninterruptible power supplies that could be exploited to take over the devices. UPS devices are used across many industries to keep mission-critical devices running in case of power loss.
“Two of these are remote code execution (RCE) vulnerabilities in the code handling the cloud connection, making these vulnerabilities exploitable over the Internet,” researchers from security firm Armis, who found the flaws, said in a report. The company has dubbed the vulnerabilities TLStorm because they’re located in the TLS implementation used in cloud-connected Smart-UPS devices.
Using Radar to Read Body Language
Yet another method of surveillance:
Radar can detect you moving closer to a computer and entering its personal space. This might mean the computer can then choose to perform certain actions, like booting up the screen without requiring you to press a button. This kind of interaction already exists in current Google Nest smart displays, though instead of radar, Google employs ultrasonic sound waves to measure a person’s distance from the device. When a Nest Hub notices you’re moving closer, it highlights current reminders, calendar events, or other important notifications.
Proximity alone isn’t enough. What if you just ended up walking past the machine and looking in a different direction? To solve this, Soli can capture greater subtleties in movements and gestures, such as body orientation, the pathway you might be taking, and the direction your head is facing — aided by machine learning algorithms that further refine the data. All this rich radar information helps it better guess if you are indeed about to start an interaction with the device, and what the type of engagement might be.
[…]
The ATAP team chose to use radar because it’s one of the more privacy-friendly methods of gathering rich spatial data. (It also has really low latency, works in the dark, and external factors like sound or temperature don’t affect it.) Unlike a camera, radar doesn’t capture and store distinguishable images of your body, your face, or other means of identification. “It’s more like an advanced motion sensor,” Giusti says. Soli has a detectable range of around 9 feet — less than most cameras — but multiple gadgets in your home with the Soli sensor could effectively blanket your space and create an effective mesh network for tracking your whereabouts in a home.
“Privacy-friendly” is a relative term.
These technologies are coming. They’re going to be an essential part of the Internet of Things.
Critical flaws in remote management agent impacts thousands of medical devices
Critical vulnerabilities in a software agent that’s used for remote management could allow hackers to execute malicious code and commands on thousands of medical and other types of devices from healthcare, manufacturing and other industries. Patches have been issued by the software agent’s developer, but most of the affected device vendors will need to release their own updates.
In the meantime, users should mitigate the risks by doing network segmentation and blocking some of the communication ports that can be used to exploit the vulnerabilities.
Seven vulnerabilities on the Axeda platform
Seven flaws ranging in severity from critical to medium were discovered in the Axeda platform by researchers from Forescout and CyberMDX. Axeda was a standalone solution, but is now owned by computer software and services company PTC, which develops solutions for the industrial IoT market.
Working with MSSPs to optimize XDR
Businesses today have many tools in their security stack and security teams find themselves spending too much time managing the tools and not enough time tackling business-critical projects. Security tool overload creates internal challenges and distracts from the primary business mission. How can companies better protect themselves while staying on track to achieve goals?
Let’s take a look at how working with a managed security service provider (MSSP) to manage your extended detection and response (XDR) solution can improve security coverage in busy and complex environments.
Much like secure access service edge (SASE) combines several network security protections, XDR combines network and endpoint detection and response capabilities with endpoint protection and security orchestration, automation, and response (SOAR). As with SASE, the devil is in the details.
XDR as a service helps you scale
One material way to simplify security is to enlist the aid of an MSSP. These experts have a deep understanding of how the tools work, and they have broad experience installing and running a variety of products and platforms in different customer environments.
XDR provides protection, detection, and response across the security ecosystem
While AT&T’s USM-based XDR is vendor-agnostic, it features a unique integration with SentinelOne, one of the leading vendors in the endpoint detection and response space. SentinelOne consolidates multiple endpoint security solutions, including next generation antivirus, pre-execution protection, and AI-based detection and response, into a single agent. The USM Anywhere integration with SentinelOne powered by the SentinelOne Advanced AlienApp allows the SOC analyst to terminate malicious processes, quarantine infected devices, and even roll back events to keep endpoints in a constant clean state. All this is achieved from a single pane of glass with the USM Anywhere platform.
Services based on AT&T’s USM Anywhere and SentinelOne bring broad visibility into your environment through their ability to interoperate with many security tools utilizing AT&T’s AlienApp integrations. These connections across your environment pull events and security intelligence into one centralized hub for further correlation and add context to help you respond faster to investigations and threats. With an extensive and evolving library of AlienApps, you will not need to rip and replace your current infrastructure; as you grow or change, your security can too.
Intelligence is key
Threat intelligence is critical for accurate detections and reducing false positives. This is one of the strengths of the USM Anywhere-based solutions—they include access to AT&T’s unique perspective as a service provider and operator of one of the largest networks in the world.
It starts with the world’s largest open threat intelligence community, AT&T Alien Labs Open Threat Exchange (OTX), feeding in data from researchers around the globe. Additional machine learning and security analytics help correlate the data and provide context so threats can be identified faster and more accurately. However, the biggest advantage is the AT&T Alien Labs researchers who, in combination with the OTX platform, can discover infrastructure and tools used by threat actors to host their operations and launch ransomware and other sophisticated cyberattacks. By concentrating on threat actor tactics, techniques, and procedures (TTPs), this approach provides early-stage, more predictive identification of threats, which means higher-fidelity detection of evolving threats.
Highly contextualized and correlated data is automatically maintained and fed into the award-winning USM platform, along with AlienApp intelligence for data analysis across your growing business.
Vendor lock-in, or multi-vendor integration?
One approach to addressing security tool complexity is to “go all in” with one vendor. The argument here is that standardizing on one vendor’s approach is better because the tools were designed to work together. However, the truth is that often each vendor’s products are more a collection of acquired technology than an integrated solution, and roadmaps for consolidation frequently stretch to the horizon. Not to mention that vendors tend to be leaders in one type of tech but followers in most other areas.
Another approach to consider is an open XDR solution. This approach brings together two important existing solutions: advanced security information and event management (SIEM) platforms with correlation engines, and endpoint detection and response agents. They also have deep integrations with third-party tools such as firewalls, SaaS/IaaS clouds, SASE solutions, and more. These integrations make responding to incidents, and automating responses, quick and easy. With this approach, you are free to choose the best security vendors with the confidence that they can be used together without the need for you to replace your entire stack.
Conclusion
There are no quick fixes for most of our modern security challenges, but one clear way to simplify things is to select products and services that are well integrated and offer the flexibility to mix and match critical components. By relying on MSSPs, organizations can reduce the need for both staff and subject matter expertise. Since detection and response has a significant learning curve, businesses can also realize significant savings and rest assured that their network is guarded by professionals. AT&T’s USM-based XDR brings together our strongest resources to help you improve your time to detect, respond, and recover from threats. Leverage our advanced security analytics, leading endpoint security, deep integrations with industry-leading vendors, and world-class 24×7 support to drive efficiencies in your security operations and help you find and quickly act on true threats to your business.
To learn more, visit AT&T Cybersecurity MSSP Partner Program (att.com)
Coinbase: We’re Blocking 25,000 Russian Accounts
Crypto firms say digital currency unlikely to be used to evade sanctions
Scores of US Critical Infrastructure Firms Hit by Ransomware
Strangest social engineering attacks of 2021
New research has highlighted the creative and occasionally unusual lengths fraudsters take to carry out social engineering attacks. Proofpoint has listed what it describes as the five strangest social engineering scams it detected last year, with campaigns including the spoofing of soccer coaches and scholars to trick victims into parting with data and money.
As organizations continue to struggle to defend information, devices, and systems against socially engineered attacks, experts say the most successful social engineering groups are usually the most imaginative. “Social engineering is inherently people-centric, and regardless of whether threat actors are targeting businesses or individuals, they’re responding in real time to the events and themes that have the attention of the wider world,” Lucia Milică, global resident CISO at Proofpoint, tells CSO.
Clearview AI commercialization of facial recognition raises concerns, risks
The year is 2054 and a man walks into a Gap store. The virtual salesperson greets him by name, “Hello Mr. Yakomoto. Welcome back to the Gap,” from the life-size video monitor. This famous scene is cribbed from the film Minority Report. The prescience displayed in the 2002 film has actually short-changed the advances of science and technology between then and now. Indeed, some may argue that today we are well beyond the fictional capabilities of the Minority Report. The moral dilemma posed in the film, however, remains.
Today many sensors and cameras are in constant search-and-connect mode. Recently, Clearview AI has announced that it is taking its advanced facial recognition technologies beyond the already controversial government/law enforcement usage into the commercial sector. The company, according to the Washington Post, has accumulated over 100 billion facial photos and is adding to the total at a rate of 1.5 billion images per month, which it wishes to monetize.