USN-5440-1: PostgreSQL vulnerability

Read Time:12 Second

Alexander Lakhin discovered that PostgreSQL incorrectly handled the
security restricted operation sandbox when a privileged user is maintaining
another user’s objects. An attacker having permission to create non-temp
objects can use this issue to execute arbitrary commands as the superuser.

Read More

The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking

Read Time:1 Minute, 36 Second

Following a recent Supreme Court ruling, the Justice Department will no longer prosecute “good faith” security researchers with cybercrimes:

The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.

[…]

The new policy states explicitly the longstanding practice that “the department’s goals for CFAA enforcement are to promote privacy and cybersecurity by upholding the legal right of individuals, network owners, operators, and other persons to ensure the confidentiality, integrity, and availability of information stored in their information systems.” Accordingly, the policy clarifies that hypothetical CFAA violations that have concerned some courts and commentators are not to be charged. Embellishing an online dating profile contrary to the terms of service of the dating website; creating fictional accounts on hiring, housing, or rental websites; using a pseudonym on a social networking site that prohibits them; checking sports scores at work; paying bills at work; or violating an access restriction contained in a term of service are not themselves sufficient to warrant federal criminal charges. The policy focuses the department’s resources on cases where a defendant is either not authorized at all to access a computer or was authorized to access one part of a computer—such as one email account—and, despite knowing about that restriction, accessed a part of the computer to which his authorized access did not extend, such as other users’ emails.

News article.

Read More

How DNS filtering can help protect your business from Cybersecurity threats

Read Time:6 Minute, 16 Second

This blog was written by an independent guest blogger.

The Domain Name System (DNS) is an important tool that connects devices and services together across the Internet. Managing your DNS is essential to your IT cybersecurity infrastructure. When poorly managed, DNS can become a huge landscape for attackers.

Nonetheless, when properly configured, DNS is a key line of defense against cyber threats for your organization. DNS filtering is an essential component of business cybersecurity. The best part about DNS filtering is that it is simple and effective to implement. Think of DNS filtering as another component in building a secure network. Implementing a DNS web filtering solution will protect your network in many different ways.

In this article, we’ll discuss how DNS systems work and how DNS filtering works. Then we’ll take a look at how DNS filtering can improve the security of your network. Finally, we’ll take a look at some of the other issues you might face with your DNS system.

DNS filtering to improve security

What is the Domain Name System (DNS)?

The Domain Name System, abbreviated DNS, is a tech solution for matching domain names (also called web addresses) to IP addresses, like 192.168.1.1. DNS is useful because it allows you to access the web without memorizing IP addresses. If you’re old enough, you might remember memorizing all of your friends’ telephone numbers, but today most people don’t bother.

How does DNS work?

DNS works by taking a web address and then matching it to the right IP. 

When you open a web browser (like Safari or Firefox), you typically type in a web address, like www.att.com, into the address bar. The browser then sends a DNS query to a specialized web server called a DNS resolver.
The DNS resolver then checks for an IP that matches the name you type into the web browser. It does this by either checking additional DNS servers or by checking its own cache.
Third, the DNS resolver “resolves” the domain by sending a reply to the user’s web browser with the correct IP address.
Finally, the user’s web browser contacts the server at the IP address that the DNS resolver looked up to establish a connection and load the web page.

Why is DNS so important?

The DNS system is essential to be able to access the web. Unless you have the web addresses of all your favorite websites memorized, you can’t load any web content before the DNS resolution process occurs. As a result, DNS filtering is a smart, effective way of enhancing security.

Furthermore, today web security is a top priority for businesses. This is because cybersecurity is no longer just an IT issue, but it’s a practical business issue as well.

How does DNS filtering work?

Because all DNS queries go to a DNS resolver, DNS resolvers can also be used as a filter to block malicious activity. For instance, a specially configured DNS resolver can refuse to resolve queries for certain domains that are listed on a private or publicly-maintained blocklist (sometimes called a blacklist). 

Similarly, for even greater and enhanced security, DNS resolvers can also be configured to only permit access to the web through an allowlist (or whitelist). An allowlist is a list of websites that users are permitted to access. Any attempts to visit unauthorized websites will prevent the page from loading.

For example, imagine an employee browsing Facebook at work. The employee comes across a Facebook post with a link to win $1,000,000, so they never have to work again. When the employee clicks the link, the query is first sent to a DNS resolving service. The service compares the link to a list of unapproved websites. If it turns out that the link is to an unauthorized website, the DNS resolver will block the request.

As it turns out, in this scenario, the $1,000,000 prize was actually a phishing attempt, and the request is blocked. This is one way that you can configure DNS filtering services.

Bring phishing attacks and inappropriate browsing to a halt

A blocklist isn’t just for stopping phishing attacks. A blocklist can list harmful domains and IP addresses that are curated by the cybersecurity community or are maintained by your own cybersecurity team. Consider joining OTX, the Open Threat Exchange, where you can stay up to date on the latest developments in emergent cybersecurity threats.

In some cases, DNS filters are automated, where they will check websites for malicious code. Often, JavaScript is a primary culprit for these types of malicious websites. When malicious code is detected, the website and IP address are automatically added to the blocklist.

As a plus, DNS filtering can also be used to block objectionable content. A common way this is done is by blocking adult content. Unsurprisingly, these websites frequently contain malware and cause other security concerns, so they are probably best blocked anyway. DNS filtering is often used in conjunction with a firewall to enhance security protections.

Block malware with secure DNS servers

Malware is a type of software designed to execute bad code that steals information or takes control of a user’s device. Using secure DNS servers is one way to enhance security and prevent malware from taking hold. Secure DNS servers can also enhance the privacy of user data. Cloudflare, a popular web hosting backup service, offers a DNS resolving service called 1.1.1.1 that wipes all of its DNS query logs after 24 hours.

In order to increase security, it’s recommended that you enable several additional security tools when utilizing DNS resolution services. DNSSEC is a protocol that verifies DNS resolver information and makes sure they have not been compromised by an attacker.

Additional protocols like DNS over TLS (DoT) and DNS over HTTPS (DoH) encrypt your DNS queries and replies. Encrypting DNS queries is vital because it prevents attackers from analyzing your queries and tracking which websites your users visit. When used in conjunction with threat monitoring and detection, your security will be a step above everyone else.

Stop DNS spoofing

A final form of DNS security to be aware of is DNS spoofing. DNS spoofing is sometimes called cache poisoning. When a computer takes data from a cache (a saved index), it does not know if the IP has changed since the last time a website was visited. If that’s the case, a computer can maliciously change values in a cache and redirect users to malicious websites. 

DNS spoofing is done using malicious software like Ettercap, dns2proxy, SSLStrip+, and others. In some cases, hackers gain access using a user’s computer. When they do, the hackers gain access to the DNS cache and manipulate the addresses.

Preventing DNS spoofing is easy if you utilize a secure DNS service. Additionally, preventing users from phishing attempts also helps increase security.

Use multiple forms of protection

DNS filtering is just one step in building a cybersecurity defense net. Cybersecurity is all about identifying potential threat vectors and eliminating them. Remember, there are plenty of other dangers to educate yourself and be aware of, whether it’s e-mail security to potential threats from hackers and malware. Grab AT&T’s latest cybersecurity insights report to learn more about the latest issues in cybersecurity.

Additional thought: try using tools such as GetWeave to find out what people are saying online about the security of your business.

Read More

7 machine identity management best practices

Read Time:40 Second

Machine identities are a large, and fast-growing part of the enterprise attack surface. The number of machines—servers, devices, and services—is growing rapidly and efforts to secure them often fall short.

Cybercriminals and other threat actors have been quick to take advantage. Cyberattacks that involved the misuse of machine identities increased by 1,600% over the last five years, according to a report released last spring by cybersecurity vendor Venafi.

Research firm Gartner named machine identity as one of the top cybersecurity trends of the year, in a report released last fall. In 2020, 50% of cloud security failures resulted from inadequate management of identities, access, and privileges, according to another Gartner report. In 2023, that percentage will rise to 75%.

To read this article in full, please click here

Read More