BrandPost: Protecting Cloud Assets in 5 Steps with Micro-Segmentation

Read Time:42 Second

Whether a company utilizes a private, hybrid or public cloud infrastructure or offers cloud services to others, it is critical that each cloud instance and service be isolated to help minimize the risk of data compromise. In a traditional network, networking equipment and firewalls segment and isolate physical servers and other devices. However, to effectively isolate cloud instances, technologies like micro-segmentation are needed.

Micro-segmentation can help minimize damage caused by a compromised cloud asset. It can reduce the severity to a contained incident that can be remediated quickly versus an expansive data breach that spans multiple parts of the business, or numerous clients in a multi-tenant service. While proper implementation of micro-segmentation is vital, at a high-level view it can be summarized as a 5-step process.

To read this article in full, please click here

Read More

BrandPost: SD-WAN and Cybersecurity: Two Sides of the Same Coin

Read Time:44 Second

Software-defined wide area networking, or SD-WAN, is the next frontier for the network edge. Multiple analysts report that the SD-WAN market is in the billions of dollars, with an annual growth rate in the 25% to 35% range. Managed service providers and carriers globally are increasingly deploying managed SD-WAN services to reach new markets. Almost all networking and security vendors have SD-WAN offerings, complicating the decision when choosing an SD-WAN solution.

Security and WAN connectivity decisions have become a collaborative decision between the security and networking teams. Prior to this, enterprise networking teams were responsible for setting up connectivity to major company locations, while connections to branches and remote offices fell to the enterprise WAN manager. In the meantime, dedicated security teams were tasked with procuring, deploying, and managing firewalls.

To read this article in full, please click here

Read More

BrandPost: ZTNA: The New Way to Secure Remote Workers and the Cloud

Read Time:27 Second

Digital transformation, or DX, is driving enterprises worldwide to adapt their network and security strategies. Two key trends in particular have accelerated due to the pandemic: the adoption of cloud infrastructures, and the growth of a distributed workforce. Together, these trends have forced a restructuring of both networking and security. Now, enterprises need to deploy security services anytime, anywhere, across a diverse set of architectures and endpoints. Further, they need to control and secure the distributed workforce, internal resources and cloud infrastructures.

To read this article in full, please click here

Read More

USN-5395-2: networkd-dispatcher regression

Read Time:20 Second

USN-5395-1 fixed vulnerabilities in networkd-dispatcher. Unfortunately
that update was incomplete and could introduce a regression. This update
fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that networkd-dispatcher incorrectly handled internal
scripts. A local attacker could possibly use this issue to cause a race
condition, escalate privileges and execute arbitrary code.
(CVE-2022-29799, CVE-2022-29800)

Read More

Keeper Connection Manager : Privileged access to remote infrastructure with zero-trust and zero-knowledge security

Read Time:22 Second

Graham Cluley Security News is sponsored this week by the folks at Keeper Security. Thanks to the great team there for their support! The mass migration to distributed work presented IT and DevOps teams with new challenges as they were forced to perform infrastructure monitoring and management remotely. IT and DevOps personnel needed a secure, … Continue reading “Keeper Connection Manager : Privileged access to remote infrastructure with zero-trust and zero-knowledge security”

Read More

New attack surface management product takes full-stack aim at software supply chain threats

Read Time:23 Second

Software supply chains have become a tasty target for adversaries fueled by successful, high-profile attacks on companies like Solarwinds and Kaseya and open-source offerings like Log4j. Now a software applications security company seeks to address the problem with what it’s saying is the first attack surface management (ASM) product to address threats across the application full stack of APIs, cloud services, SDKs, and open-source software.

To read this article in full, please click here

Read More

This World Password Day, Here’s How a Password Manager Can Simplify Your Life

Read Time:5 Minute, 46 Second

Passwords: we entrust our most important data to these strings of letters, numbers, and special characters. So, we should make sure our passwords are words or phrases that we can easily remember, right? While this might be the most convenient option, there are more secure ways to digitally lock up your most sensitive personally identifiable information (PII). In celebration of World Password Day, we’re diving into how you can practice top-notch password security without compromising convenience.1  

The Nature of the Password 

Over the years, the password has remained a good first line of defense against cyberattacks. However, most of us tend to choose passwords based on memorable things from our lives, like family names or our pets’ birthdays. As it turns out, these details are easy for hackers to find on social media sites like Facebook or LinkedIn. It’s also human nature to opt for convenience, and for many people that means setting easy-to-remember and easy-to-guess passwords. Plus, out of convenience, people often reuse passwords across multiple accounts and services. The downside is that if one account becomes compromised, all accounts become compromised. 

As an alternative to single-word passwords, many security experts advocate for passphrases over passwords. Passphrases are longer strings of words and characters that are easier for you to remember and harder for nefarious software and cybercriminals to guess than random strings of upper and lowercase letters, numbers and symbols. But, according to a study, the average American internet user was projected to have 300 online accounts by 2022.2 Can you imagine memorizing 300 different passphrases? We can all agree that sounds pretty unrealistic, so users tend to look for other solutions.  

Do You Save Your Password in a Browser?  

If the answer is yes, you may want to reconsider, as there are several risks associated with this practice. Although it’s convenient to have your browser save your passwords, they tend to do a lousy job of safeguarding your passwords, credit card numbers and personal details, such as your name and address. 

Let’s take Google Chrome, for example. Unlike most dedicated password managers, Chrome doesn’t use a primary password to encrypt all your credentials. (Note that some browsers do use one, and are therefore more secure, though you’ll still need to trust your browser provider.) This makes your Chrome-stored passwords relatively weak to “local” attacks. For example, if someone gets hold of—or guesses—your Windows password, they can then see all the logins stored in your browser’s password manager. 

Another consideration to note is that the security of all your accounts is tied to your browser account’s security. Let’s say you use the sync option to make your credentials available on all your devices. This means that logins are stored in the cloud and, though encrypted, if someone manages to hack into your browser account, they will gain access to all your logins.  

Keep Your Accounts Secure Without Compromising Convenience 

What can you do to help ensure your online profiles are kept safe without spending hours managing a complex list of passwords? Here are some easy ways to lock down your digital life without sacrificing convenience:  

Use a password manager to store unique, complex passwords for all your accounts 

A password manager is a software application that stores your passwords and other sensitive information. You can install it on computers or mobile devices and store all passwords in an encrypted file (or database). The best option is to use a password manager like McAfee True Key to store and create strong, random passwords for each site you visit. You’ll have one primary password that grants access to the rest of them—ideally, a long and random passphrase that you can remember. Once everything is set up, it should be seamless. As you log in to new sites, the password manager will offer to save your credentials for later use. 

Turn on two-factor authentication for every site that offers it 

One of the best ways to protect your accounts against unauthorized access is to turn on two-factor authentication for every site that offers it. Using two-factor authentication means a site will prompt you for a unique security code, in addition to your password, whenever you log in to an account for which you have enabled this feature.  

Two-factor authentication adds an extra layer of security by requiring another form of identification after you enter your username and password. Some services send a temporary passcode over a text message. Others require the user to approve login attempts from new devices using an app. If someone steals your device or gains access to your account details, they’re out of luck unless they also have access to this second piece of information. Two-factor authentication is available on a wide range of websites and can help keep your accounts safe from would-be hackers, so you should always use it when available.  

Use a virtual private network (VPN) when out and about 

A VPN, or virtual private network, encrypts your data and masks your online behavior from snooping third parties. When you go to a website, your computer connects to the server where the site is hosted, and that website can see a certain amount of data about you and your computer. With a VPN, you connect to a private server first, which scrambles your data and makes it more difficult for digital eavesdroppers to track what you’re doing online. 

VPNs can provide users with greater peace of mind when on the go. Say you’re traveling on a business trip and need to connect to the Wi-Fi network provided by your hotel. Shifty characters often lurk on unprotected, free networks (such as those provided by hotels, coffee shops, airports, etc.) to lift PII from people handling sensitive emails, making banking transactions, or shopping online.  encrypts your online activity with bank-grade encryption to protect your data from prying eyes. With a premium paid plan, you can protect up to five devices at once and enjoy unlimited data protection.  

The Best of Both Worlds: Security and Convenience 

With your growing number of accounts all requiring passwords—emails, social media profiles, online banking—it’s no wonder that people tend to reuse passwords across multiple sites. This may be convenient, but it creates significant security risks if a suspicious actor manages to obtain one of your passwords and attempts to use it elsewhere. That’s why having strong passwords matters. 

Do yourself a favor and opt for a dedicated password manager that will auto-save and store your credentials for you, so you only have one password to remember. Who says security and simplicity can’t coexist?  

The post This World Password Day, Here’s How a Password Manager Can Simplify Your Life appeared first on McAfee Blog.

Read More

Onapsis Security Advisory 2022-0002: Denial of Service in SAP NetWeaver JAVA

Read Time:22 Second

Posted by Onapsis Research via Fulldisclosure on May 04

# Onapsis Security Advisory 2022-0002: Denial of Service in SAP NetWeaver
JAVA

## Impact on Business

This vulnerability can be used by an attacker to make a Denial of Service
to SAP Netweaver Java, making HTTP server unavailable during attack
execution.

## Advisory Information

– Public Release Date: 04/05/2021
– Security Advisory ID: ONAPSIS-2022-0002
– Researcher(s): Gaston Traberg

## Vulnerability Information

– Vendor: SAP
– Affected…

Read More