Former US CISA Director Chris Krebs opens Black Hat USA detailing the state of cybersecurity today
Daily Archives: August 11, 2022
#BHUSA: New Open Source Group Set to Streamline Threat Detection
New open source project set to reduce operational pain for SecOps analysts
Cisco admits hack on IT network, links attacker to LAPSUS$ threat group
IT, networking, and cybersecurity solutions giant Cisco has admitted suffering a security incident targeting its corporate IT infrastructure in late May 2022. On August 10, the firm stated that an employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized. Bad actors published a list of files from this security incident to the dark web, Cisco added.
“The incident was contained to the corporate IT environment and Cisco did not identify any impact to any Cisco products or services, sensitive customer data or employee information, Cisco intellectual property, or supply chain operations,” the company said. Cisco claimed it took immediate action to contain and eradicate the bad actor, which it has linked to notorious threat group LAPSUS$. It also said that it has taken the decision to publicly announce the incident now as it was previously actively collecting information about the bad actor to help protect the security community.
Ransomware Data Theft Epidemic Fuelling BEC Attacks
Accenture warns that stolen data is flooding the cybercrime underground
How to reduce your exposure & secure your data in the cloud in 5 quick ways
This blog was written by an independent guest blogger.
More companies are switching from on-premises systems to public cloud services, ensuring long-term growth and digital resilience. But as their implementations grow, they begin to realize that their exposure to cyberattacks and other risks grows as well.
Cybersecurity is an essential practice for successful businesses. Adapting to business growth is a good problem to have, but without an eye on cloud security, that growth could cost you in the long run. Multi-cloud environments offer an even wider attack surface, not to mention data centers, servers, virtual machines, remote applications, containers, cloud workloads, and network communications between environments.
That’s why organizations need to reduce risk exposure and improve data security in the cloud before an incident occurs. If you want to know how to reduce the likelihood of a data breach, this article will tell you five ways to secure your data in the cloud and reduce your exposure to risks and vulnerabilities.
How secure is the cloud?
In general, cloud implementations are just as safe as on-premise systems. But that doesn’t mean that there are no vulnerabilities to address. Some cloud providers offer built-in security features, but they may not be enough to secure your implementation around the clock.
Cloud vulnerabilities are especially prevalent in multi-cloud implementations. The more integrated and overlapping implementations you have, either in the cloud or in a hybrid environment, the more cracks and corners can be left open to savvy cybercriminals. Add that to inconsistent protocols, and a lack of centralized security visibility can greatly impact your organization’s ability to prevent, detect, and mitigate cyber incidents.
When you consider that most industries are experiencing a digital transformation that includes cloud implementations and migrations, you can start to see how damaging cyberattacks can be. The healthcare industry regularly collects private information and medical data on billions of people around the world.
Financial institutions and fintech companies rely on cloud computing to offer real-time banking features via mobile applications. More people than ever are using online banking apps to make transactions. In the event of a data breach, millions of people could experience major losses.
Manufacturing, transportation, and IT organizations also have crucial supply chain data that can put customers at risk, with the potential to cause bottlenecks and shortages around the world.
Plus, the current cybersecurity environment is wrought with bad actors executing large-scale ransomware attacks, series of consumer-level attacks, and even selling private data on the dark web part of the internet.
5 ways to secure your data in the cloud
While the cloud is a very secure place to store data and run applications, there will always be vulnerabilities that hackers will learn how to exploit. Protecting your data in the cloud should be a top priority company-wide to ensure that your assets, data, financials, and other private data are stored far from prying eyes.
Here are five ways you can reduce the risks of operating in a cloud environment and secure your data in the cloud:
1. Segmentation
Segmentation is a cybersecurity technique that involves dividing your cloud environment into several smaller zones. This helps maintain separate access to each part of the network, improving the effectiveness of your other security measures and reducing your exposure to risk by minimizing your attack surface. These smaller segments help teams keep attacks contained, limiting the impact of the damage in case of a data breach.
Teams can organize segmentations in many different ways. For example, you can segment your environment into zones based on device type, functions, and even user identity. Implementing an effective segmentation strategy involves deploying virtual private clouds, multiple cloud accounts, subnets, and roles according to different types of workloads.
2. Encryption
Cloud encryption is a process that transforms data into an unreadable format before it is sent to the cloud for storage. Encrypted data is virtually useless unless you have the correct encryption keys used to return the data into its original format. Since there is no way to read the information once encrypted, even if data is lost, stolen, or shared with unauthorized users, the information will remain private.
Reputable cloud service providers typically offer basic encryption features, but it may not be enough to secure all the gaps in your cybersecurity ecosystem. Cloud users should always implement additional encryption measures to ensure that data remains secure.
3. Multifactor authentication (MFA)
MFA is a process of validating user logins that requires multiple pieces of evidence to authenticate user identity. These additional identity factors can include answering security questions, entering an email or text confirmation code, biometrics, or logic-based exercises to assess the user’s credibility.
MFA is used to paint a unique picture of each user’s identity, making it even more difficult for hackers to log in with stolen or shared credentials. And it’s an absolute necessity for all cloud security strategies. Since data stored in the cloud is meant to be easily accessed via the internet, it’s important to ensure that each user’s identity is properly validated to avoid opening the door for anyone to come in.
4. DevSecOps
DevSecOps is a practice that involves shifting security to the left when it comes to the software development lifecycle. When security is built-in, applications perform better and reduce your risk of exposure.
DevOps and SecOps teams have been historically divided, but shifting left benefits everyone involved. With better collaboration come more robust tools with advanced features and a security-first mindset.
A security strategy that mitigates issues that occur during the development process can incorporate tools for automation implementations and security standards that create security barriers for engineers, ensuring that only secure configurations are used.
5. Cloud security posture management (CSPM)
Depending on your cloud provider, your connection may switch between hundreds or thousands of different networks in the public cloud. While this helps with speed and remote access, it can make achieving a secure environment harder. And you certainly can’t achieve a proactive cybersecurity approach manually.
Cloud security posture management (CSPM) uses automation to identify, mitigate, and repair vulnerabilities and exposures across cloud infrastructures. CSPM enables companies to establish a single source of truth in multi-cloud environments, automatically discover cloud resources and details, and identify misconfigurations, open ports, unauthorized changes, and other risks. Plus, CSPM helps businesses proactively detect threats and eliminate risks before an incident happens.
The bottom line
A well-planned and orchestrated cloud security posture is the best way to reduce exposure and secure your data in the cloud. Cloud security posture management alongside segmentation, encryption, MFA, and DevSecOps implementations help your business manage cybersecurity more effectively with a proactive approach. When an incident occurs, it’s already too late. Plan ahead and outsource cybersecurity services that empower your organization’s cybersecurity strategy.
37 hardware and firmware vulnerabilities: A guide to the threats
In January 2018, the entire computer industry was put on alert by two new processor vulnerabilities dubbed Meltdown and Spectre that defeated the fundamental OS security boundaries separating kernel and user space memory. The flaws stemmed from a performance feature of modern CPUs known as speculative execution and mitigating them required one of the biggest patch coordination efforts in history, involving CPU makers, device manufacturers and operating system vendors.
Meltdown and Spectre were certainly not the first vulnerabilities to result from a hardware design decision, but their widespread impact sparked the interest of the security research community into such flaws. Since then, many researchers, both from academia and the private sector, have been studying the low-level operation of CPUs and other hardware components and have been uncovering more and more issues.
Black Basta: New ransomware threat aiming for the big league
Many ransomware gangs have risen to the top over the years only to suddenly disband and be replaced by others. Security researchers believe many of these movements in the ransomware space are intentional rebranding efforts to throw off law enforcement when the heat gets too high. This is also the suspicion for Black Basta, a relatively new ransomware operation that saw immediate success in several months of operation. Some believe it has splintered off from the infamous Conti gang.
How a Venezuelan disinformation campaign swayed voters in Colombia
Ever since the Kremlin’s troll farm, the Internet Research Agency, targeted the American electorate during the 2016 U.S. presidential election with social media disinformation campaigns, nation-states across the globe have jumped into their own weaponized information campaigns to influence elections.
In 2019, the U.S. State Department issued a report addressing the rise of state-sponsored disinformation that looked at not only Russian influence campaigns but also Chinese, Iranian and North Korean disinformation efforts. According to the report, a growing number of nation-states, in pursuing geopolitical ends, “are leveraging digital tools and social media networks to spread narratives, distortions, and falsehoods to shape public perceptions and undermine trust in the truth.”
Suspected $3m Romance Scammer Extradited to Japan
DSA-5205 samba – security update
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,
print, and login server for Unix.