Recovering Passwords by Measuring Residual Heat

Read Time:1 Minute, 6 Second

Researchers have used thermal cameras and ML guessing techniques to recover passwords from measuring the residual heat left by fingers on keyboards. From the abstract:

We detail the implementation of ThermoSecure and make a dataset of 1,500 thermal images of keyboards with heat traces resulting from input publicly available. Our first study shows that ThermoSecure successfully attacks 6-symbol, 8-symbol, 12-symbol, and 16-symbol passwords with an average accuracy of 92%, 80%, 71%, and 55% respectively, and even higher accuracy when thermal images are taken within 30 seconds. We found that typing behavior significantly impacts vulnerability to thermal attacks, where hunt-and-peck typists are more vulnerable than fast typists (92% vs 83% thermal attack success if performed within 30 seconds). The second study showed that the keycaps material has a statistically significant effect on the effectiveness of thermal attacks: ABS keycaps retain the thermal trace of users presses for a longer period of time, making them more vulnerable to thermal attacks, with a 52% average attack accuracy compared to 14% for keyboards with PBT keycaps.

“ABS” is Acrylonitrile Butadiene Styrene, which some keys are made of. Others are made of Polybutylene Terephthalate (PBT). PBT keys are less vulnerable.

But, honestly, if someone can train a camera at your keyboard, you have bigger problems.

News article.

Read More

Information overload, burnout, talent retention impacting SOC performance

Read Time:48 Second

While most security teams believe that security operations centers (SOCs) play a pivotal role in cybersecurity programs, several challenges are impacting SOC performance within businesses, according to a new report. Among these are information overload, worker burnout, and talent retention. The data comes from cybersecurity firm Devo following an independent survey of global SOC leaders (553) and staff members (547), and it adds evidence to reports of security operations becoming harder for teams to perform.

SOC teams face numerous pain points, leaders and staff consider quitting

In its 2022 Devo SOC Performance Report, the firm discovered that SOC professionals experience significant challenges while performing their duties as SOC leaders and their teams wrestle with several ongoing issues that hamper performance. What’s more, Devo’s findings suggest that some of the key SOC complications facing organizations date back to the start of the global COVID-19 pandemic in early 2020.

To read this article in full, please click here

Read More

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Read Time:32 Second

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution.

Read Time:42 Second

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.

Adobe ColdFusion is a web-application development computing platform.
Adobe Acrobat Reader software is a trusted standard for viewing, printing, signing, sharing and annotating PDFs.
Adobe Commerce connects shopping experiences across channels, add new brands and sites, expand into new geographies – all from one platform.
Adobe Dimension is a 3D rendering and design software.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

12 Essential ways to improve your website security

Read Time:5 Minute, 20 Second

This blog was written by an independent guest blogger.

In today’s digital age, a business website is essential for success. Not only does it provide potential customers with information about your products or services, but it also allows you to connect and engage with them directly.

However, simply having a website is not enough. To ensure that your site is effective and safe, you need to make sure that it has all the necessary security features. In this article, we will discuss twelve security features that every business website must have.

 1. Auto-update enabled for plugins and software

One of the simplest but most effective security measures you can take, especially if you’re looking to protect your WordPress site, is to ensure that all your plugins and software are up-to-date. Outdated software is one of the most common ways that attackers gain access to websites. By keeping everything up to date, you can help to prevent vulnerabilities from being exploited.

You can usually enable auto-updates for most plugins and software from within their setting’s menus. For WordPress sites, there is also a plugin called Easy Updates Manager that can help you to keep everything up to date with ease.

2.  A strong password policy

A strong password policy is the first step to protecting your website from malicious actors. By requiring strong and unique passwords, you can make it significantly more difficult for attackers to gain access to your site. You need to ensure that your website’s backend is well protected and that only authorized users have access. To do this, you should consider using a password manager to generate and store strong passwords for your site. You definitely should not be using the same password for multiple sites.

3. Two-factor authentication

Two-factor authentication (2FA) is an important security measure that you should consider implementing for your website. 2FA adds an extra layer of security by requiring users to provide two pieces of information before they can access your site. This could include a password and a one-time code that is generated by an app on your phone. 2FA can help to prevent attackers from gaining access to your site, even if they have your password.

4.  A secure socket layer (SSL) certificate

An SSL certificate is a must-have for any website that wants to protect their users’ information. SSL encrypts the communications between your website and your users’ web browsers. This means that even if an attacker was able to intercept the communication, they would not be able to read it. SSL also provides authentication, which means you can be sure that your users are communicating with the intended website and not a fake site set up by an attacker.

Increasingly, having things like HTTPS and an SSL certificate are part of Google’s ranking metrics and will help your website’s SEO. If you aren’t making an effort to protect your visitors and users (the people who give you their sensitive credit card information), they may take their business elsewhere.

5. A web application firewall (WAF)

A web application firewall (WAF) is a piece of software that sits between your website and the internet. It filters traffic to your site and blocks any requests that it considers to be malicious. WAFs can be very effective at stopping attacks such as SQL injection and cross-site scripting (XSS).

6. Intrusion detection and prevention systems (IDPS)

Intrusion detection and prevention systems (IDPS) are designed to detect and prevent attacks on your website. IDPS systems can be either host-based or network-based. Host-based IDPSs are installed on the servers that host your website. They monitor traffic to and from the server and can detect and block attacks. Network-based IDPSs are installed on your network and monitor traffic to and from your website. Both types of IDPS can be effective at stopping attacks, but they have different strengths and weaknesses.

7. Security logging and monitoring

Security logging and monitoring is a critical security measure for any website. By logging all activity on your site, you can track down any malicious activity and take appropriate action. You should also monitor your logs regularly to look for any unusual activity.

8. A secure hosting environment

A secure hosting environment is essential for any website. Your host should provide a secure server with up-to-date security patches. They should also have experience in hosting websites and be able to provide you with expert support if you need it. Things like DDOS protection and backups are also important considerations. Denial of service attacks are on the rise, and website owners need to be prepared. Who your hosting provider is makes a difference.

9. Regular security scans

Regular security scans are a vital part of website security. Scans can help you to identify vulnerabilities on your site so that you can fix them before they are exploited by attackers. There are many different types of security scans, such as web application scans, network scans, and malware scans.

10. Malware scanning and removal

Malware is a serious threat to any website. Malicious code can be used to steal sensitive information, deface your site, or even take it offline. It’s important to regularly scan your website for malware and remove any that is found.

11. Spam protection

Spam is a major problem for many websites. It can clog up your comment sections, contact forms, and even your website’s database. There are a number of ways to combat spam, such as using CAPTCHA codes and requiring registration for comments. Akismet is a popular WordPress plugin that does an excellent job of stopping spam.

12. Informed employees

One of the most important security measures you can take is to educate your employees about website security. They should know how to spot a phishing email, what to do if they suspect their computer has been infected with malware, and how to keep their passwords secure. You should also have a clear policy in place for what to do in the event of a security breach.

Conclusion

There are a number of security measures that every website should take. By implementing these measures, you can help to protect your site from attack and keep your data safe. Additionally, it’s important to educate your employees about website security and have a clear policy in place for dealing with security breaches.

Read More

Why CISO roles require business and technology savvy

Read Time:45 Second

Of all the crazy postings that advertise for CISO jobs, the one asking for a CISO to code in Python was probably the most outrageous example of the disconnect about a CISO’s role, says Joe Head, CISO search director at UK-based search firm, Intaso. This was a few years ago, and one can only guess that the role had been created by a technologist who didn’t care about or didn’t understand the business—or, inversely by a businessperson who didn’t understand enough about technology.

In either case, the disconnect is real. However, Head and other experts say that when it comes to achieving the true, executive role and reporting to the CEO and board, business skills rule. That doesn’t mean, however, that most CISOs know nothing about technology, because most still start out with technology backgrounds.

To read this article in full, please click here

Read More

China’s attack motivations, tactics, and how CISOs can mitigate threats

Read Time:32 Second

A new report published by Booz Allen Hamilton provides detailed insight into global cyber threats posed by the People’s Republic of China (PRC). The China Cyber Threat Report outlines Beijing’s chief motivations for carrying out cyberattacks or espionage, the key tactics it employs, and provides strategies for CISOs to help their organizations to better identify and prepare for PRC cyber campaigns.

Security, sovereignty, development: key PRC cyberattack motivators

The report identifies three “core interests” over which China is willing to authorize offensive cyber operations if threatened, related to the nation’s political system, territory, and economy:

To read this article in full, please click here

Read More

Top considerations when choosing a multi-factor authentication solution

Read Time:1 Minute, 10 Second

Passwords clearly are not enough to protect networks. Any security guidance will tell you that multi-factor authentication (MFA) is a key method to keep attackers out. But what type of MFA should your firm deploy? Choosing multi-factor tokens and tools depends on your firm, your needs, and how attackers are likely to target your firm. Planning ahead will minimize deployment and migration issues when new tokens or new phones are issued.

These are the most important considerations when choosing an MFA solution.

Know what the MFA solution will and will not protect

You have several decisions to make when deciding what MFA tool to use. First, review how the tool protects your network. Often when adding MFA to existing on-premises applications, it may not fully protect your organization from some attacks. Case in point is the recent Exchange Server zero-day attack. MFA in this situation did not protect servers. At least one victim used on-premises Exchange Server with a third-party MFA application. While it protected parts of the authentication process, it did not protect Outlook Web Access (OWA), which uses basic authentication. MFA didn’t protect that part of the site, so the attackers could go around MFA and attack the servers. Consider exactly what the MFA solution you choose protects, then review what authentication processes are still exposed.

To read this article in full, please click here

Read More