The Emotet botnet continues to evolve and now includes a credit card stealer module
Daily Archives: August 10, 2022
Accelerate Vulnerability Detection and Response for AWS with Tenable Cloud Security Agentless Assessment
Learn how to leverage our latest cloud security discovery feature, Tenable.cs Agentless Assessment, to enhance the way you can scan for software vulnerabilities and misconfigurations in the cloud.
Historically, vulnerability scanning in the cloud has been accomplished by way of using network-based scanners like Nessus or an agent-based approach with Nessus Agents. For years, Tenable has been the gold standard for security practitioners who want fast, comprehensive and accurate vulnerability scans backed by world class vulnerability research. Our customers have asked for easier ways to configure and manage their Nessus scans in the cloud and, in 2020, we released Tenable.io Frictionless Assessment, which was our first step into transforming Nessus to become more cloud-focused.
Tenable.cs Agentless Assessment for Amazon Web Services (AWS), introduced today, takes the groundbreaking work that Tenable.io Frictionless Assessment laid out and completely upgrades it for a truly seamless cloud native scanning solution.
A common problem security professionals run into within the cloud is attempting to apply traditional vulnerability management concepts to cloud workloads — especially ephemeral workloads. Auto scaling enables cloud instances to spin up and spin down, which means traditional scan windows could miss assets needing to be assessed. Service account credentials for scanning are a pain to manage in the cloud, and it can be a challenge to get different teams to standardize and adopt endpoint agents or simply use images approved by the security team. Necessity is the mother of invention, as they say, and, with Tenable.cs Agentless Assessment, we set out to build a unique technology that overcomes these obstacles.
It’s clear that removing obstacles that extend the time to discover and detect vulnerabilities, in general, has a significant impact on the amount of risk carried by an organization. Agentless Assessment aims to enhance the abilities of security teams to gain complete visibility into cloud configurations and perform comprehensive vulnerability assessment in a quick and efficient way, giving our customers a better shot at reducing that risk, faster.
Agentless Assessment and Live Results for AWS
Tenable.cs Agentless Assessment for AWS enables cloud security teams to use the power of Nessus for vulnerability and misconfiguration assessments without the need to install scanners or agents, configure credentials on target hosts or set up scan policies. Using a proprietary approach, it enables users to onboard their cloud accounts within minutes and scan all assets for software vulnerabilities and cloud posture misconfigurations without any impact on compute speed or costs. The speed at which we’re able to collect data, coupled with our event-driven approach, dramatically improves Tenable’s ability to ensure our customers are confident in the vulnerability information we’re providing. In the process, we’re helping cloud security teams and developers quickly identify security weaknesses and providing actionable recommendations on what should be done to fix them.
Furthermore, when a new vulnerability detection is published to our vulnerability research feed, Tenable.cs Live Results allows security teams to identify potential vulnerabilities within their existing collected inventory without needing to execute a new scan. This near real-time detection and unique approach to vulnerability assessment enables users to reduce their mean time to remediate issues. As a result, it provides the crucial data security teams need to make informed decisions about how to prioritize their remediation efforts.
Additional benefits of Tenable.cs Agentless Assessment include:
Ease of deployment: Agentless Assessment is API driven, so the deployment is a breeze with a single integration point: a read-only role to check for misconfigurations and vulnerabilities in one fell swoop.
Two solutions in one: Scan for vulnerabilities and cloud infrastructure configurations with a single tool.
Limited scan overhead: There are no agents to deploy or bake, no scan templates, and no policies to define. Data simply flows into Tenable.cs.
Gold standard vulnerability detection: The Tenable Research vulnerability and threat feeds, trusted by thousands of organizations around the globe, are utilized by Agentless Assessment.
Continuous vulnerability assurance: When new vulnerabilities are identified and detections are created, the Tenable.cs Live Results feature immediately rescans and re-assesses all stored inventories against the most updated vulnerability feed.
Safety: The scans are read-only, no write permissions are required.
Flexibility: The tool allows users the ability to run continuous Software-as-a-Service (SaaS) event-driven scans, scheduled scans, or simply execute manual scans on an ad-hoc basis.
Additionally, Tenable.cs Agentless Assessment makes it easy for cloud security teams to ensure AWS cloud workloads are configured correctly by providing pre-built policy templates for detecting risks in runtime, such as:
Identity-based (e.g., overprivileged admins)
Insecure storage configuration or access activities (e.g., wide open and/or unencrypted Amazon Simple Storage [S3] buckets in AWS, etc.)
Insecure instance creation and deletion
Insecure network configurations and activities
And many more…
How to use Agentless Assessment for AWS
Step 1. Onboard all of your AWS accounts in minutes.
Getting started is super fast and easy. All you need is a read-only role, easily deployed via our provided CloudFormation template. For multi-account AWS environments, we make a CloudFormation StackSet available that will automatically deploy the needed role at all sub accounts that are within scope.
Source: Tenable, August 2022
Step 2. Take AWS Elastic Block Store (EBS) snapshots
This is a prerequisite because the Agentless Assessment process reads installed package data from the Elastic Compute Cloud (EC2) storage snapshots. You can create snapshots manually or you can automate the process using AWS Data Lifecycle Manager (DLM). Although snapshots can be created manually, Tenable recommends that you automate this process. For further guidance, see:
Create an EBS snapshot manually
Automate EBS snapshot creation with AWS DLM
Source: Tenable, August 2022
Step 3. Start Agentless Assessment scans
With Agentless Assessment, there are no scan templates to configure, you’ve already deployed the role so you have no credentials to set up. You create a new Tenable.cs AWS project, select EC2 as the AWS service to be scanned, and launch the scan on demand or on a schedule. At this point, data simply flows into Tenable.cs and vulnerabilities are presented within the unified findings workspace.
Source: Tenable, August 2022
Step 4. Achieve up-to-date visibility of all your cloud assets that is easily searchable
As data flows into Tenable.cs, users can leverage existing functionality to prioritize vulnerabilities for remediation. Agentless Assessment uses the same great Tenable Research vulnerability feed, so users immediately have access to the Vulnerability Priority Rating for advanced risk prioritization. Furthermore, this is where we take advantage of Live Results. Now that we have data flowing into Tenable.cs, new vulnerability checks will be evaluated against the inventory we’ve already collected.
Source: Tenable, August 2022
What’s next?
Existing Tenable customers can now get early access to Tenable.cs Agentless Assessment for AWS. The new functionality is scheduled for general availability at the end of September. In Q4, Tenable expects to release Agentless Assessment for Microsoft Azure and Google Cloud Platform (GCP), along with additional enhancements around container security.
Learn more
Read the blog: Introducing Tenable Cloud Security with Agentless Assessment and Live Results
Attend the webinar: What’s New with Tenable Cloud Security?
Visit the Tenable.cs product page: https://www.tenable.com/products/tenable-cs
Introducing Tenable Cloud Security with Agentless Assessment and Live Results
Tenable’s latest cloud security enhancements unify cloud security posture and vulnerability management with new, 100% API-driven scanning and zero-day detection capabilities.
Tenable has helped thousands of our customers scan and manage vulnerabilities in their cloud infrastructure for years. We accelerated our cloud native application protection (CNAPP) capabilities in 2021 and 2022 with our purchase of Accurics, the launch of Tenable.cs and integration with Tenable.io. We offer a unique approach to cloud security, unifying cloud security posture and vulnerability management into a single solution.
Today, Tenable announced new cloud security features that not only reflect significant technological advances but also offer clients a unified approach to cloud security posture and vulnerability management across cloud and non-cloud assets. With the latest release of Tenable.cs, users can extend to the cloud the same level of visibility and vulnerability management they’re accustomed to from our suite of market-leading solutions. The new features include:
Tenable.cs Agentless Assessment and Tenable.cs Live Results
Enhanced policy management and reporting
Expanded DevOps / GitOps coverage
Tenable.cs Agentless Assessment and Tenable.cs Live Results
Empowering security teams to monitor the sprawling attack surface with continuous, complete cloud visibility is critical for any organization looking to build a unified cloud security program.
Tenable.cs Agentless Assessment and Tenable.cs Live Results enable security teams to quickly and easily discover and assess all their cloud assets. Data is continuously updated via live scans that are automatically triggered by any logged change event. When a new vulnerability is added to the database by our industry-leading Tenable Research team, Tenable.cs Live Results allow security teams to see if a vulnerability exists in their current asset inventory, without needing to execute a new scan.
Source: Tenable, August 2022
This will help organizations assess vulnerabilities on a continuous basis, discover zero-day threats as soon as they are published — without having to re-scan their entire environment — and reduce the potential for exploits to be executed. With coverage for more than 70,000 vulnerabilities, Tenable has the industry’s most extensive database of Common Vulnerabilities and Exposures (CVE). In addition, Tenable’s security configuration data helps customers understand all of their exposures across all of their assets.
Existing Tenable customers can now get early access to Tenable.cs Agentless Assessment for Amazon Web Services (AWS). For more on Agentless Assessment read the blog: Title TKTKTK
In Q4, Tenable expects to release Tenable.cs Agentless Assessment for Microsoft Azure and Google Cloud Platform, along with additional enhancements around container security.
Enhanced policy management and reporting
For years we’ve been hearing about the importance of certain cybersecurity practices in cloud environments, particularly:
Cloud security to properly protect those environments
DevSecOps to embed security into software delivery pipelines
“Shift left” to start security checks as part of local development cycles where they can be immediately fixed
Curious about the challenges involved in adopting these practices in the real world, we polled 388 Tenable webinar attendees in June about their concerns with regard to security in the public cloud. The responses offer us a glimpse into key areas of concern. When asked “What’s your main challenge with regards to the security of your assets in public cloud platforms?” more than 60% of respondents cited poor visibility into their assets and their security posture or concerns about cloud providers’ infrastructure security.
At Tenable, we believe organizations that have made significant investments in putting security and compliance gates into their application and infrastructure deployment lifecycles are now at a loss for the same in their journey to the public cloud.
With enriched policy workflows, new compliance reporting and failing policy groupings, Tenable.cs offers valuable insights to help users improve their cloud governance and cloud security posture management.
Tenable.cs Compliance Reporting: The image below shows how we dynamically update compliance reports and provide groupings for pre-defined benchmarks. Tenable.cs supports over 20 benchmarks, including Service Organization Control 2 (SOC2), Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR).
Source: Tenable, August 2022
Tenable.cs Automated Workflows: The image below shows an example of how users can easily create integrated workflows based on a specific policy so they can quickly re-assess any out-of-the-box policy or use it as a template to build a new customized policy specific to their environment.
Source: Tenable, August 2022
Expanded Remediation, DevOps and GitOps coverage
In the webinar poll referenced above, we asked clients, “What’s the level of integration and automation of your security checks with your software development and delivery process (aka DevSecOps)?” The response was overwhelmingly one-sided. Nearly 70% of respondents indicated minimal or no automation. This can lead to a high level of exposure and long remediation times
Tenable.cs helps DevSecOps teams reduce the number of security weaknesses found in production by integrating into existing DevOps workflows. Along these lines, we have made several key enhancements to aid DevSecOps teams.
Automated remediation workflow improvements
HashiCorp Terraform cloud run task support
Improved source code management
Automated Remediation Workflows: Out of the box, Tenable.cs provides an integrated view of all the resources failing a security policy that includes individual details along with the remediation recommendations that can be quickly passed to development teams using quick links that start automated workflows. As part of this release, we’ve made a number of improvements to enhance Jira-specific workflows and alert management. See example below.
Source: Tenable, August 2022
HashiCorp Terraform cloud run task integration: This new integration enables Tenable.cs to scan Terraform templates during the Terraform cloud deploy step. This allows Terraform cloud customers to detect any security issues within their Infrastructure as Code (IaC) using Tenable.cs as part of the planning phase of the Terraform execution. By adding this support for Terraform cloud run tasks in Tenable.cs, we’re helping developers detect and fix compliance and security risks in their IaC so they can mitigate issues before cloud infrastructure is provisioned. See example below.
Source: Tenable, August 2022
Users interested in viewing the setup guide on how to connect Tenable.cs with Terraform cloud workspace can find detailed documentation here.
Improved source code management integration and scanning: Tenable.cs provides a “no experience necessary” mechanism of discovering all your repositories and can pull multiple repositories into an integrated view of all the resources failing security policies or compliance benchmarks. Any policy violations can quickly be resolved via auto-generated pull requests that can be submitted and tracked all within the same console. See example below.
Source: Tenable, August 2022
Learn more
Attend the webinar: What’s New with Tenable Cloud Security?
Read the blog: Accelerate Vulnerability Detection and Response for AWS with Tenable Cloud Security Agentless Assessment
Visit our Tenable.cs product page: https://www.tenable.com/products/tenable-cs
More Dangers of Cyberbullying Emerge—Our Latest Connected Family Report
Earlier this year, our global Connected Family Study revealed the online habits of parents and their children. What we found called for a closer look.
One finding that leaped out, in particular, is—cyberbullying occurs far more often than parents think. And in many cases, children are keeping it from their parents.
Now with our follow-on research, we set out to answer many of the questions families have about cyberbullying. Where it happens most, who’s most affected, and are children cyberbullying others without even knowing it?
Our report, “Hidden in Plain Sight: More Dangers of Cyberbullying Emerge,” provides insights into these questions and several more. We’ll cover the top findings here in this blog, while you can get the full story by downloading the report here.
Worries about cyberbullying have only grown in 2022—and they appear justified.
Even as stay-at-home mandates in 2020 and 2021 saw children exposed to more cyberbullying while they spent more time online, our ten-country survey found that concerns about cyberbullying in 2022 are even higher today:
60% of children said they were more worried this year about cyberbullying compared to last year.
74% of parents are more worried this year about their child being cyberbullied than last.
And just as the level of concern is high, the findings show us why. Families reported alarming rates of racially motivated cyberbullying, along with high rates of attacks on the major social media and messaging platforms.
Additionally, children shared insights into who’s doing the bullying (it’s largely people who know them) and more than half are the ones doing the bullying—and they don’t even realize it.
Further findings include:
Cyberbullies are aiming racist attacks at children as young as ten.
Millions of children have deleted their social media accounts to avoid cyberbullying.
Despite its efforts, Meta’s social media and messaging platforms have the highest level of cyberbullying.
A growing number of parents turn to therapy to help their children deal with cyberbullying.
Regional and cultural backdrops give cyberbullying a distinctive feel.
Our research further revealed how the face of cyberbullying takes on different form around the globe. From nation to nation, the influences of polarized politics, racial relations, and different traditions in parent-child relationships shape and re-shape the forms of cyberbullying that children see.
Each of our ten nations surveyed set themselves apart with trends of their own, some of them including:
United States: Despite some of the most engaged parents, children in the U.S. experience among the highest rates of cyberbullying in its most extreme forms, such as sexual harassment, compromised privacy, and personal attacks.
India: Cyberbullying reaches alarming highs as more than 1 in 3 kids face cyber racism, sexual harassment, and threats of physical harm as early as at the age of 10—making India the #1 nation for reported cyberbullying in the world.
Canada: Canadian children experience cyberbullying largely on par with global rates—yet their parents act on it less often than other parents. Meanwhile, Canadian children are the least likely to seek help when it happens to them.
Australia: Australian cyberbullying rates dropped significantly since our last report, yet Snapchat stands out as a primary platform for cyberbullying, more than anywhere else in the world. And of all parents worldwide, Australians feel most strongly that technology companies should do more to protect their children.
Cyberbullying in 2022: The facts confirm your feelings.
These new findings reflect the concerns of parents and children alike—cyberbullying remains a pervasive and potentially harmful fact of life online, particularly as racism and other severe forms of cyberbullying take rise.
Without question, cyberbullying endures as a persistent growing pain that the still relatively young internet has yet to shake.
The solution is arguably just as complex as the factors that give cyberbullying its shape—cultural, regional, technological, societal, even governmental. Addressing one factor alone won’t curb it. Significantly curtailing cyberbullying for an internet that’s far safer than it is today requires addressing those factors in concert.
While we recognize that tall order for what it is, and as a leader in online protection, we remain committed to it.
With these findings, and continued research to come, our aim is to further an understanding of cyberbullying for all—whether that’s educators, technology innovators, policymakers, and of course parents. With this understanding, programs, platforms, and legislation can put protections in place that still allow for companies to innovate and create platforms that people love to use. Safely and securely.
The post More Dangers of Cyberbullying Emerge—Our Latest Connected Family Report appeared first on McAfee Blog.
CrowdStrike adds AI-powered indicators of attack to Falcon platform
Cybersecurity vendor CrowdStrike has added new AI-powered indicators of attack (IoA) functionality to its Falcon platform. Announced at the Black Hat USA 2022 Conference, the enhancement leverages AI techniques to create new IoAs at machine speed and scale to help organizations stop emerging attack techniques and enable them to optimize detection and response, the firm said.
AI IoAs trained on real-world adversary behavior, rich threat intelligence
In a press release, CrowdStrike stated that Falcon now allows organizations to find emerging attack techniques with IoAs created by AI models trained on real-world adversary behavior and rich threat intelligence. Brian Trombley vice president product management, endpoint security at CrowdStrike, tells CSO that the AI-powered IoAs leverage intelligence from the CrowdStrike Security Cloud, where the firm collects over one trillion security events per day from its customer base.
Chinese APT group uses multiple backdoors in attacks on military and research organizations
Since early this year, a known APT group of Chinese origin has been targeting military industrial complex enterprises and public institutions in Ukraine, Russia and Belarus, as well as in other parts of the world like Afghanistan. The group, tracked in the past as TA428, has an interesting approach where it deploys up to six different backdoors on compromised targets, likely to achieve persistence and redundancy.
The targets included industrial plants, design bureaus, research institutes, and government ministries, agencies, and departments, according to researchers from antivirus vendor Kaspersky Lab, which investigated the attack campaign.
“The attackers were able to penetrate dozens of enterprises and even hijack the IT infrastructure of some, taking control of systems used to manage security solutions,” the researchers said in a report. “An analysis of information obtained while investigating the incidents indicates that cyberespionage was the goal of this series of attacks.”
Critical Patches Issued for Microsoft Products, August 09, 2022
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Critical Patches Issued for Microsoft Products, August 09, 2022
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
OPSWAT launches new malware analysis capabilities for ICS, OT networks
Critical infrastructure cybersecurity vendor OPSWAT has announced new malware analysis capabilities for IT and operational technology (OT). Revealed at the Black Hat USA 2022 Conference, enhancements include OPSWAT Sandbox for OT with detection of malicious communications on OT network protocols and support for open-source third-party tools in OPSWAT’s MetaDefender Malware Analyzer platform, the firm stated. The release comes amid increasing cyberthreats surrounding OT networks in industrial control systems (ICS).