Identity-related crimes declined 16% annually in 2023 with the majority related to compromised credentials
Monthly Archives: June 2024
The US Is Banning Kaspersky
This move has been coming for a long time.
The Biden administration on Thursday said it’s banning the company from selling its products to new US-based customers starting on July 20, with the company only allowed to provide software updates to existing customers through September 29. The ban—the first such action under authorities given to the Commerce Department in 2019—follows years of warnings from the US intelligence community about Kaspersky being a national security threat because Moscow could allegedly commandeer its all-seeing antivirus software to spy on its customers.
The Ins and Outs of Cybersecurity Posture Assessment in 2024
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Whether you’re working with on-premises infrastructure, fully embracing the cloud, or running a hybrid solution, one thing is certain: a robust security posture is essential to safeguarding the environment. This article will explore today’s fundamentals of security posture assessment in both on-premises and cloud environments while briefly touching on the added complexities a hybrid setup will entail.
What Is Security Posture Assessment?
Before going any further, it is good to understand what security posture assessment really is and why knowing your security posture is essential to every organization. In short, a security posture assessment is a comprehensive evaluation of the currently utilized security measures safeguarding essential organizational data, processes to prevent breaches, and decisions to maintain business continuity. Any company should have a comprehensive assessment of its environment conducted at least annually.
These assessments are used to identify vulnerabilities in processes and systems, point out areas for improvement, and comprehensively assess the overall resiliency of the organization’s entire IT ecosystem. The main goal is to fully understand the current security level and be able to take the necessary steps to remediate possible issues.
Assessing On-Premises Security
With on-premises system management, all the responsibility falls on the local IT team, so they need to have a comprehensive view of the currently deployed hardware and software to be able to successfully secure both. Let’s go over the components of such an exercise:
● Asset inventory: It is imperative to know the total scope of the organization’s assets, including workstations, mobile devices, servers, network equipment, and all the software applications in use. This helps pinpoint outdated assets that either need to be removed from the environment or brought up-to-date with hardware or software upgrades.
● Patch management: New software vulnerabilities are being constantly unearthed, so prompt software updating and comprehensive patch management are instrumental in every environment. While it is a good idea to verify the stability of new updates first, automated patch management tools can help streamline this process.
● Network segmentation: Adversaries are always looking for opportunities for lateral movement in a network, so the isolation of systems and processes through network segmentation is an important step in limiting the potential damage a breach can cause.
All in all, the evaluation of on-premises security requires an all-around review of the physical and digital protections within the organization’s data centers. This additionally includes vetting firewalls, intrusion detection systems, and access controls to thwart unauthorized access. Regular security audits and penetration tests are crucial to identify and address vulnerabilities before they can be weaponized.
Assessing Cloud Security
Working with cloud-based solutions keeps growing in popularity, since it effectively outsources the underlying hardware management to the cloud service provider, lessening the burden on the local IT team.
This isn’t to say that there is no work to be done, and in some cases, using cloud-based systems will introduce additional potential security concerns. According to Gartner Research, the cloud security posture management market is forecast to increase to $3.32 billion by 2027, up from $1.06 billion as of 2022.
It is clear that with the growth, the potential for attacks and, as such, the demand for defensive action is also increasing. Here are the pillars of a security assessment centered around an organization’s cloud footprint:
● Cloud asset inventory: Just like with on-premises environments, it is crucial to be aware of all the cloud assets, whether those are virtual machines, hosted databases, or any other similar services. Thankfully, any cloud service provider worth its salt offers cloud-native tools for inventory management.
● Configuration management: Misconfigurations of cloud assets are a very common catalyst for security breaches, and it tends to be easy to overlook some settings that can have a large impact on the overall security of the environment. Once again, cloud service providers offer Cloud Security Posture Management (CSPM) tools to help automate these checks.
● Compliance frameworks: While compliance is an integral part of any environment, things can get even more complicated with cloud deployments. While with on-premises infrastructure, all assets and data reside in a specific geographic location, the cloud gives them the ability to spread across continents. While this is definitely a great thing in some instances, it is important to remember that compliance frameworks such as HIPAA, GDPR, and PCI DSS may put a lot of restrictions on where and how such deployments can be utilized.
As cloud adoption grows, prioritizing enterprise cloud security becomes essential to maintaining trust and operational integrity. It is also important to have a plan B in place for a worst-case scenario. A robust incident response plan can help organizations quickly detect and mitigate breaches, thereby shielding sensitive corporate data.
Assessing Hybrid Environments
Both on-premises and cloud environments have their pros and cons, and many organizations opt to leverage the best of both worlds by utilizing a hybrid environment. While there are many benefits to this approach, it also means that now the IT team has two very different environments to manage and monitor.
An OpsCompass study from 2021 found that 91% of organizations were working with multi- or hybrid-cloud environments, and nearly half of them have concerns with visibility, configuration drift, and other multi-environment difficulties. Here is the lowdown on the ways to tackle these nontrivial challenges:
● Security baselines: With the two environments working in tandem, it is important to make sure that they both follow the same security procedures and baselines. These baselines and processes should be clearly documented, reviewed, and updated regularly to make sure that they align with current industry standards and regulatory requirements.
● Security vulnerabilities via integration complexity: The seamless connectivity requirements between multiple environments happen over APIs, connectors, and other middleware, which adds a new potential attack vector that needs to be accounted for. A diverse technology stack that is constantly being updated can have parts that are easily forgotten unless appropriate procedures for asset and inventory monitoring are followed.
● Bridging the gap: Unified asset and operations management makes it easier for IT teams to maintain multiple environments with a single set of tools and processes to ensure a common set of governance and operations management practices. In addition, the automation of repetitive tasks across the whole hybrid environment can lead to better management efficiency and an overall increase in security due to reduced human error.
Enterprises must ensure seamless security measures across both on-premises and cloud platforms. In addition to the areas above, this spans unified identity and access management, data encryption, and consistent monitoring.
Endnote
Regardless of whether you are managing an on-premises, full-cloud, or hybrid environment, the security of the overall infrastructure is of utmost importance. While at times it might feel that finding and patching security vulnerabilities and tracking asset inventory is difficult, in today’s business environments, these are not mere pieces of computer equipment; they are the whole lifeblood of the company.
It is also worth remembering that organizations can seek to employ service providers that excel in security posture management and remediation to make sure that they are following all the best practices and staying compliant in the rapidly changing threat landscape.
Fake Law Firms Con Victims of Crypto Scams, Warns FBI
The FBI has urged cryptocurrency scam victims to be on the alert for fraudsters posing as lawyers
python-waitress-1.4.3-2.el8
FEDORA-EPEL-2024-5f44a7efc2
Packages in this update:
python-waitress-1.4.3-2.el8
Update description:
Backport upstream fix for CVE-2022-24761.
ZDI-24-883: Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zen Cart. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2024-5762.
USN-6850-1: OpenVPN vulnerability
It was discovered that OpenVPN incorrectly handled certain configurations
with multiple authentication plugins. A remote attacker could possibly use
this issue to bypass authentication using incomplete credentials.
DSA-5721-1 ffmpeg – security update
Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.
DSA-5722-1 libvpx – security update
It was discovered that multiple integer overflows in libvpx, a
multimedia library for the VP8 and VP9 video codecs, may result in
denial of service and potentially the execution of arbitrary code.
oci-cli-3.43.2-1.fc41 python-oci-2.128.2-1.fc41
FEDORA-2024-13270a731d
Packages in this update:
oci-cli-3.43.2-1.fc41
python-oci-2.128.2-1.fc41
Update description:
Update oci-cli to 3.43.2