The Israeli identity-based cybersecurity provider Spera is exiting stealth mode to reveal a namesake offering with identity security posture management (ISPM) capabilities.

“Two of the most prominent identity-based attack vectors ­— stolen credentials and phishing—take the longest to detect and are most expensive to solve,” said Dor Fledel, co-founder and CEO of Spera. “Security professionals are really frustrated with the lack of tools for identity attack surface and risk management across their various environments. Spera provides visibility into enterprise identities and actions, where the biggest risks lie, and helps security teams rapidly improve security posture.”

To read this article in full, please click here

Read More

Cloud threat detection and response (CDR) vendor Skyhawk has announced the incorporation of ChatGPT functionality in its offering to enhance cloud threat detection and security incident discovery. The firm has applied ChatGPT features to its platform in two distinct ways – earlier detection of malicious activity (Threat Detector) and explainability of attacks as they progress (Security Advisor), it said.

Skyhawk said the performance elevation achieved by integrating the AI Large Language Model (LLM) that ChatGPT offers has been significant, according to the firm. It claims its platform produced alerts earlier in 78% of cases when adding Threat Detector and Security Advisor ChatGPT scoring functionality. The new capabilities are generally available to Skyhawk customers at no additional charge. The release comes as the furor surrounding ChatGPT and its potential impact on cybersecurity continues to make the headlines, with Europol the latest to warn about the risks of ChatGPT-enhanced phishing and cybercrime.

To read this article in full, please click here

Read More

Jenny Blessing and Ross Anderson have evaluated the security of systems designed to allow the various Internet messaging platforms to interoperate with each other:

The Digital Markets Act ruled that users on different platforms should be able to exchange messages with each other. This opens up a real Pandora’s box. How will the networks manage keys, authenticate users, and moderate content? How much metadata will have to be shared, and how?

In our latest paper, One Protocol to Rule Them All? On Securing Interoperable Messaging, we explore the security tensions, the conflicts of interest, the usability traps, and the likely consequences for individual and institutional behaviour.

Interoperability will vastly increase the attack surface at every level in the stack ­ from the cryptography up through usability to commercial incentives and the opportunities for government interference.

It’s a good idea in theory, but will likely result in the overall security being the worst of each platform’s security.

Read More

DarkBit, the group that claimed responsibility for a ransomware attack on Israel’s Technion university, is making good on its threat to sell the university’s data if the ransom went unpaid.

“The price of total bulk is 104 BTC (bitcoin) if anyone buys all of it at once,” said a message on DarkBit’s Telegram channel. It also offered data of individual faculties and departments at a prices ranging from 1 bitcoin (about $28,500) for civil and environmental engineering data to 40 bitcoins for data from the computer science department. 

The group added that it also had other Technion data available. “There are some other more wondering subdomains ready for sale if they don’t stop putting pressure on our colleagues,” the group said. 

To read this article in full, please click here

Read More

The breach was caused by a bug in an open-source library

Read More

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

“While defenders pursue the most powerful and advanced solutions they can find, the enemy needs only a single user with a bad password or an unpatched application to derail an entire defensive position.” This quote by Dr. Chase Cunningham from his book, “Cyber Warfare – Truth, Tactics, and Strategies,” seems a fitting way to begin the topic of cybersecurity battlegrounds.

Regardless of the techniques used, going big, expensive, and glossy – while potentially useful – doesn’t replace the need for a well-reasoned approach to securing assets founded on traditional activities and principles. Innumerable assets are housed behind APIs, and the widespread use of APIs means they are high-profile targets. Securing them is of the utmost importance.

Two historical books came to mind for this topic:

Art of War, by Sun Tzu
Book of Five Rings, by Miyamoto Musashi

I chose these two due to their applicability to the topic (oddly enough because they are less specific to modern security – something about their antiquity allows for a broader application).

After revisiting the books, I decided to take Musashi’s five (5) principles (scrolls; Earth, Water, Fire, Wind, and Void) and match them as best as possible with 5 of the numerous teachings from Sun Tzu. I then applied them to securing APIs in the growing cybersecurity arena where there are an increasing number of threat actors.

Musashi’s focus in the Earth Scroll is seeing the bigger picture. Practitioners need to know the landscape or the 30,000 ft view. Sun Tzu said, “The supreme art of war is to subdue the enemy without fighting.”

One needs to understand the nature of API attacks and attackers in securing APIs. One example of a common exploit category is Security Misconfiguration.

Some fundamental API security activities that can prevent attacks before they even get started including following an SDLC, implementing access control, deploying some form of edge protection, using continuous monitoring and alerting, and using appropriate architecture and design patterns.

API attackers are ruthless and relentless. Most criminals want an easy win and using good defense will fend off a high percentage of attacks.

Encryption is a must, both in transit and at rest. The enemy can be thwarted by not being able to use what was stolen.

It’s important to be experienced and flexible – or fluid – on an individual level, and that includes one’s role in the company. Sun Tzu said, “Be flexible.”

Gathering cyber threat intelligence (CTI) makes it possible to adapt to changing threats in real time. Intelligence gathering, even using Contextual Machine Learning (CML), means that one doesn’t depend on past information, hearsay, rumors, or peer information. Rely on as much clear, relevant, and current information as possible about threats and risks for one’s own company.

In addition to CTI, focus on a well-designed and tested incident response plan.

Intelligence and responding to incidents go a long way toward making company security agile and adaptable.

The Fire aspect is about the actual use of the weapons (tools) on the battlefield. Sun Tzu said, “The enlightened ruler lays his plans well ahead; the good general cultivates his resources.”

Now that the proper foundations have been built, it’s time to use the API tools that have been implemented.

Manage and maintain the API resources and identify the strengths and weaknesses of the API system, Ensuring secure authentication and authorization methods for API access.

Also, set fire to vulnerabilities through regular security testing. This should include vulnerability scanning and pentesting, if not red/blue/purple teaming, or even something like Chaos Monkey to test uptime (an oft-overlooked aspect of API security).

This is also interpreted as “Style.” Here, the goal is to study (not just passively observe) opponents. Sun Tzu said, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.”

For the modern day, we’ll expand this to studying how other companies have dealt with cybercrime and cyberattacks. One will improve by studying others based on facets such as industry, regulations, and org size.

It’s easy for a company to a) think it’s alone or b) believe it does better than anyone. This can lead to isolation. Org leaders have every reason to set their org apart – distinction is a major component in having a chance at creating a profitable, if not lasting, business. But there aren’t all that many ways to uniquely secure a business – phishing is phishing whether against an international enterprise or a local coffee shop; an API for a fintech org is much the same as an API for ice cream shop (the architectures available are only in a few flavors) – many people can use it and abuse it.

Intelligence sharing with other companies can be helpful in creating a secure community.

The idea here – also called Emptiness, is understood as “no mind.” This doesn’t mean that no brain activity is involved, but points more to intuition, awareness, and acting on instinct. Action doesn’t always require thinking things through, getting input from others, and planning something. Some things – whether by natural inclination or by training – are just second nature.

Sun Tzu said, “Utilize your strengths.”

Play to your strengths: individual, departmental, corporate. There’s no one else like you or your company.

Leverage the strengths of your API resources to enhance security. Make sure you know your tools in and out. Often, they’re expensive and very likely, they’re not used to full capacity.

Focus on continuous learning and improvement. This requires a team of individuals who work well together and are independently passionate about defending data.

This intuitiveness is not based on industry, spreadsheets, or data analysis but depends on relevant stakeholders’ individual and collective expertise. Often, it will be addressing many fronts at once, such as improved IR, developer training, choosing a platform that provides numerous API protections (while also avoiding a single point of failure), getting legal and compliance teams to determine next steps in the privacy regulation landscape, and performing regular incident response and disaster recovery exercises.

To paraphrase the classic ending of many of Musashi’s teachings, these ideas should be given careful and thorough reflection.

Read More

New principles designed to disrupt and limit a rapidly growing market

Read More

For many years, the Group Policy feature of Microsoft’s Windows has been the go-to solution for controlling workstations, providing deployment, and in general, making a network manageable by information professionals. It does, however, require a traditional domain with an Active Directory deployment — many users already have an Active Directory (AD) and will have an AD domain for many years into the future.

What if you didn’t have such a domain to deal with, or were starting over fresh with a totally distributed network linked together only by cloud connections? You would probably turn to Microsoft’s Intune, a cloud-based unified endpoint management service for both corporate and bring-your-own-device technology. Intune extends the functionality of some Active Directory features and that of the Microsoft Endpoint Configuration Manager to the Microsoft Azure cloud.

To read this article in full, please click here

Read More

Concerns about the reach of ChatGPT and how easier it may get for bad actors to find sensitive information have increased following Microsoft’s announcement of the integration of ChatGPT into Bing and the latest update of the technology, GPT-4. Within a month of the integration, Bing had crossed the 100 million daily user threshold. Meanwhile, GPT-4 improved the AI which now has better reasoning skills, is more accurate and has the ability to see images.

When ChatGPT was released in November 2022, hackers quickly jumped on the technology to help them write more convincing phishing emails and exploit code, but that was the old ChatGPT. According to Open AI, the new AI’s bar exam score rose from the 10% to 90%, its medical knowledge score went from 53% to 75%, its quantitative GRE score rose from 25% to 80%, and the list goes on.

To read this article in full, please click here

Read More