Chainguard launches native Kubernetes compliance software Enforce

Read Time:33 Second

Software supply chain security provider Chainguard is launching its first product, Chainguard Enforce, a native Kubernetes application for securing deployment of container images.

Enforce is designed to let developers define, observe, distribute, and enact policies that ensure only trusted container images are deployed and run in their clusters.

“Chainguard Enforce is built on cryptographic signatures, which allows it to authenticate the contents of an image rather than where it was served from,” says Kim Lewandowski, co-founder, Chainguard. “This system can be used to protect against insider risks and to restrict production deployments to a set of highly secured build systems.” 

To read this article in full, please click here

Read More

IDC Ranks Tenable Number One in Worldwide Device Vulnerability Management Market Share for 2020

Read Time:3 Minute, 15 Second

The research firm’s latest report also provides market insights security professionals can use to improve their vulnerability management strategy.

IDC recently published its Worldwide Device Vulnerability Management Market Shares, 2020: Addressing Multiple Attack Surfaces and Realizing Great Precision Through Prioritization Report1 to highlight the top worldwide Vulnerability Management vendors. For the third consecutive year, Tenable ranks No. 1 in market share.

IDC credits Tenable’s success to our strong acquisition strategy that enables Tenable to discover more vulnerabilities on more attack surfaces. They also credit Tenable’s success to our ability to bring together vulnerability data from many sources into a converged platform, and our ability to then take that data and help you prioritize the vulnerabilities with the greatest risk. 

IDC’s report also provides market insight and developments, as well as advice for technology suppliers to ensure they’re aligned with future market needs. We believe Tenable’s vision and strategy aligns with advice from IDC, validating that we are well positioned to help your needs now and into the future. 

Here are three recommendations the IDC report makes to technology providers, along with ways in which Tenable is already addressing these: 

Spend energy on solutions to detect vulnerabilities on Operational Technology (OT) devices, since they are increasingly attacked by threat actors. IT and OT environments are rapidly converging as organizations in the industrial and critical infrastructure sectors adopt internet-facing technology at an unprecedented rate. Tenable’s acquisition of Indegy, now Tenable.ot, gives you visibility into your industrial control networks to discover and assess vulnerabilities on OT devices. Tenable’s Industrial Control System (ICS) security capabilities maximize the safety and reliability of OT environments by offering complete visibility across the entire attack surface, including threat detection and asset tracking, vulnerability management and configuration control.
Provide organizations with transparent risk scoring so their security teams can prioritize vulnerabilities that are most important to their organization. To combat vulnerability overload and to quickly remediate high risk vulnerabilities, security teams must prioritize vulnerabilities with the biggest risk to their organization. Tenable provides a Vulnerability Priority Rating in Tenable.io and Tenable.sc to help you prioritize vulnerabilities and understand a vulnerability’s risk and likelihood of exploitation. Tenable Lumin elevates cyber risk management even further with additional prioritization metrics and capabilities, such as cyber exposure visualizations, asset criticality ratings, cyber exposure risk scoring and peer benchmarking, as well as providing the ability to track risk reduction over time.
Incorporate external internet scans to find shadow IT that will not show up using current network scan methods. Organizations are adopting the cloud at exponential rates, and they struggle to protect and secure resources and workloads in the public cloud. Using Tenable solutions, such as Tenable.cs, Tenable Web Application Scanning, Tenable.io VM and Nessus, you can scan external internet devices to find shadow IT. With Tenable.cs, you get a complete, continuously updated view across all your cloud resources and assets. With this comprehensive view you can find, detect and fix cloud infrastructure misconfigurations to discover and assess shadow IT and prevent exposures from reaching production. Further, Tenable.cs helps you establish guardrails in DevOps pipelines (e.g., continuous integration/continuous deliver [CI/CD] systems) and automated workflows to prevent unresolved misconfigurations or vulnerabilities from reaching the runtime environment. It monitors infrastructure deployed in Amazone Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) to ensure all compliant runtime changes and drifts are propagated back to the infrastructure as code (IaC).

1Worldwide Device Vulnerability Management Market Shares, 2020: Addressing Multiple Attack Surfaces and Realizing Greater Precision Through Prioritization (doc. # US48459621, Dec. 2021)

Get the report today!

Learn more

Download Tenable’s 2021 Threat Landscape Retrospective 
Download Frost & Sullivan: Global Vulnerability Management Market, 2021
Read the press release: 
Tenable Ranked #1 for 2020 Market Share in Device Vulnerability Management for Third Consecutive Year by Leading Analyst Firm

Read More

Block over two billion known breached passwords from your AD with Specops Password Policy tools

Read Time:22 Second

Graham Cluley Security News is sponsored this week by the folks at Specops. Thanks to the great team there for their support! With the help of live attack data from our own honeypots, Specops Software’s Breached Password Protection can now detect over 2 billion known breached passwords in your Active Directory. Using our database, you … Continue reading “Block over two billion known breached passwords from your AD with Specops Password Policy tools”

Read More

Post Title

Read Time:31 Second

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Read More

Endpoint security and remote work

Read Time:5 Minute, 8 Second

This is part one of a three-part series, written by an independent guest blogger. Please keep an eye out for the next blog in this series.

Remote work is the new reality for companies of all sizes and across every industry.  As the majority of employees now perform their job functions outside the technology ecosystem of their local office, the cybersecurity landscape has evolved with the adoption of terms such as Zero Trust and Secure Services Edge (SSE).  To accommodate this new landscape, organizations have undergone fundamental changes to allow employees to work from anywhere, using any device, and many times at the expense of data security. As a result, a paradigm shift has occurred that demonstrates employees are increasingly dependent on their smartphones and tablets which have jointly become the new epicenter of endpoint security.

This next-level dependence on mobile devices is consistent across the remote work environment.  There are countless anecdotes about the new reality of hybrid work.  For example, workers using personal tablets to access sensitive data via SaaS apps, or taking a work Zoom call while waiting in the school pickup line.   The constant for each of these stories has been the overwhelming preference to use whatever device is available to complete the task at hand. Therefore, it is extremely logical that bad actors have pivoted to mobile to launch their attacks given the overwhelming use of non-traditional endpoints to send email, edit spreadsheets, update CRMs and craft presentations.  

4.32B Active Mobile Internet Users

56.89% Mobile Internet Traffic as Share of Total Global Online Traffic

Although the experience paradigm quickly changed with the adoption of remote work, the perception of mobile devices as a risk vector has been more gradual for most customers. In fact, Gartner estimates that only 30% of enterprise customers currently employ a mobile threat detection solution.  Many organizations still assume that their UEM solution provides security or that iOS devices are already safe enough. The most shocking feedback from customers indicates that they historically haven’t seen attacks on mobile, so they have no reason to worry about it.  Given this mindset, it’s again no surprise that hackers have trained their focus on mobile as their primary attack vector and entry point to harvest user credentials.

16.1 % of Enterprise Devices Encountered one (or more) Phishing or Malicious links in 3Q2021 globally
51.2% of Personal Devices Encountered one (or more) Phishing or Malicious links in 3Q2021 globally.

What this mindset reveals is a certain naivete from many organizations, regardless of size or industry, that believe mobile devices do not present significant risk and therefore don’t need to be considered in their data security and compliance strategies. This oversight points to two separate tenants that must be addressed when protecting sensitive data via mobile devices:

Endpoint security is an absolute requirement to protect sensitive data and it includes laptops, desktops, and mobile devices

There isn’t a single business that would issue a laptop to an employee without some version of anti-virus or anti-malware security installed yet most mobile devices have no such protections.  The primary explanation for this is that organizations think mobile device management is the same as mobile endpoint security.  While device management tools are capable of locking or wiping a device, they lack the vast majority of capabilities necessary to proactively detect threats. Without visibility into threats like mobile phishing, malicious network connections, or advanced surveillanceware like Pegasus, device management falls far short of providing the necessary capabilities for true mobile security.

Even cybersecurity thought leaders sometimes overlook the reality of cyber-attacks on mobile.  In a recent blog, “5 Endpoint Attacks Your Antivirus Won’t Catch”, the entire story was exclusive to the impact on traditional endpoints even though rootkits and ransomware are just as likely to occur on mobile. 

Traditional security tools do not inherently protect mobile devices

Given the architectural differences that exist between mobile operating systems (iOS/Android) and traditional endpoint OS (MacOS, Windows, Linux, etc.), the methods for securing them are vastly different.  These differences inhibit traditional endpoint security tools, which are not purpose-built for mobile, from providing the right level of protection. 

This is especially true when talking about the leading EPP/EDR vendors such as Carbon Black, SentinelOne and Crowdstrike.  Their core functionality is exclusive to traditional endpoints, although the inclusion of mobile security elements to their solutions is trending.  We’re seeing strategic partnerships emerge and it’s expected that the mobile security and traditional endpoint security ecosystems will continue to merge as customers look to consolidate vendors. 

What’s more is that there are so many ways that users interact with their smartphones and tablets that are unique to these devices. For example, a secure email gateway solution can’t protect against phishing attacks delivered via SMS or QR codes. Also, can you identify all of your devices (managed and unmanaged) that are subject to the latest OS vulnerability that was just identified and needs to be patched immediately?  Did one of your engineers just fall victim to a man-in-the-middle attack when they connected to a malicious WiFi network at a random coffee shop?  These are just some of the examples of the threats and vulnerabilities that can only be mitigated with the use of a mobile endpoint security tool, dedicated to protecting mobile endpoints.

The acceleration of remote work and the “always-on” productivity that’s expected has shifted your employees’ preferences for the devices they use to get work done.   Reading email, sending an SMS rather than leaving a voicemail (who still uses voicemail?), and the fact that just about every work-related application now resides in the cloud has changed how business is transacted.  This pivot to mobile has already occurred. It’s well past time that companies acknowledge this fact and update their endpoint security posture to include mobile devices.  

If you would like to learn more or are interested in a Mobile Security Risk Assessment to provide visibility into the threat landscape of your existing mobile fleet, please click here or contact your local AT&T sales team.           

Read More

USN-5391-1: libsepol vulnerabilities

Read Time:49 Second

Nicolas Iooss discovered that libsepol incorrectly handled memory
when handling policies. An attacker could possibly use this issue
to cause a crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-36084)

It was discovered that libsepol incorrectly handled memory when
handling policies. An attacker could possibly use this issue to cause
a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-36085)

It was discovered that libsepol incorrectly handled memory when
handling policies. An attacker could possibly use this issue to cause
a crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affects Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-36086)

It was discovered that libsepol incorrectly validated certain data,
leading to a heap overflow. An attacker could possibly use this issue
to cause a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-36087)

Read More

Protecting on-premises Microsoft servers

Read Time:37 Second

We are still in an on-premises world, as Microsoft has recently acknowledged. The company announced an increase in its security bug bounty for on-premises Exchange, SharePoint, and other Office servers. Some of the most concerning recent attacks to on-premises servers have not been against Windows or web servers but rather SharePoint and especially Exchange servers.  

Security researchers have long complained that Exchange on-premises servers received too little financial award to find security issues. This came to a head in March 2021 when the Hafnium attack targeted Exchange on-premises servers. The attack was so impactful that even the U.S. federal government reached out and “patched” impacted Exchange servers.

To read this article in full, please click here

Read More

SOC modernization: 8 key considerations

Read Time:1 Minute, 2 Second

The 2022 RSA Security Conference is just weeks away, and the security diaspora is boosted and ready to meet in person at the Moscone Center in San Francisco.

While we’ve certainly accomplished a lot working remotely over the past 2 years, cybersecurity remains in a precarious position in 2022, so an industry huddle is in order. We are at a point where the scale and complexity of historical security defenses either aren’t working or are stretched to their limits. This means CISOs need to think about security transformation, and as they do, every process and layer of the security technology stack is in play.

Now, there will be plenty of hype at the conference around security “platforms” like extended detection and response (XDR), cloud-native application protection platforms (CNAPPs), secure access service edge (SASE), and zero trust—all important topics but also strewn with industry hype and associated user confusion. My good friend Candy Alexander, president of ISSA International, and I will be discussing these trends during our RSA session on Tuesday morning (6/7).  But when I’m not presenting with Candy, I’ll be learning everything I can about security operations center (SOC) modernization.

To read this article in full, please click here

Read More