An advisory from the FBI and CISA says threat actors are deploying the Androxgh0st malware for victim identification and exploitation in target networks
Yearly Archives: 2024
Cybersecurity operations in 2024: The SOC of the future
This is part two of a three-part series written by AT&T Cybersecurity evangelist Theresa Lanowitz. It’s intended to be future-looking, provocative, and encourage discussion. The author wants to assure you that no generative AI was used in any part of this blog.
Part one: Unusual, thought-provoking predictions for cybersecurity in 2024
Part three: Four cybersecurity trends you should know for 2024
With the democratization of computing comes attack surface expansion. According to Gartner, 91% of businesses are engaged in some form of digital initiative, and 87% of senior business leaders say digitalization is a priority. 89% of all companies have already adopted a digital-first business strategy or are planning to do so.
The more digital the world becomes the greater the attack surface. This is simply a fact. Securing that ever-expanding attack surface is where we will see innovation.
The security operations center (SOC) must modernize to keep pace with the always-on and digital-first world delivered through innovations such as edge computing, AI, and IoT. The SOC of the future will need to expand to address:
Edge computing
Edge computing is happening all around us. Defined by three primary characteristics: software-defined, data-driven, and distributed, edge computing use cases are expanding to deliver business outcomes.
Edge computing is a sea-change in the world of computing.
As edge use cases deliver business value and competitive advantage, the technology changes – networks with lower latency, ephemeral applets, and a digital-first experience, are the requirements for all edge computing use cases.
Edge computing needs to be embraced and managed by the SOC. There are diverse endpoints, new software stacks, and a rapidly changing attack surface that needs to be mapped and understood.
In 2024, expect to see SOC teams, with roles that include security engineer/architect, security analyst, SOC manager, forensics investigator, threat responder, security analyst, and compliance auditor, begin to determine how edge computing needs to be secured. SOCs will explore various management activities, including understanding diverse and intentional endpoints, complete mapping of the attack surface, and ways to manage the fast-paced addition or subtraction of endpoints.
Application security
Without a doubt, we are living in a world built on software. Software is only as secure as the development requirements. Software controls our traditional applications that are still batch-based, sigh, and near-real-time edge interactions. Software is how the world works.
With innovations in computing, software is changing; it is no longer about graphical user interface (GUI) applications that require some keyboard input to produce output. Edge computing is taking software to the next level of sophistication, with non-GUI or headless applets becoming the norm.
While the software bill of materials (SBoM) requirements advance the cause of application security, edge computing and its reliance on functioning, performant, and secure software will make application security a necessity.
In 2024, expect to see software engineering practices emphasizing security emerge. Simply being able to write code will no longer be enough; developers will increase their sophistication and require more security expertise to complement their already deep skill sets. Educational institutions at secondary and university levels are already advancing this much-needed emphasis on security for developers and software engineering.
Data security
The next generation of computing is all about data. Applications, workloads, and hosting are closer to where data is generated and consumed. It’s all about a near-real-time, digital-first experience based on the collection, processing, and use of that data.
The data needs to be free of corruption to assist with making or suggesting decisions to the user. This means the data needs to be protected, trusted, and usable.
In 2024, expect data lifecycle governance and management to be a requirement for business computing use cases. Data security is something a SOC team will begin to manage as part of its responsibility.
Endpoints will expand to embrace new kinds of data capture
Endpoints are diversifying, expanding, and maturing. Industry analyst firm IDC projects the worldwide spending on IoT to surpass $1 trillion in 2026. The 2023 AT&T Cybersecurity Insights Report shows 30% of participants expanding their endpoints to include new diverse and intentional assets such as robots, wearables, and autonomous drones – while 48% use traditional endpoints such as phones, tablets, laptops, and desktops. Endpoints are critical to business.
Today, most SOCs offer some endpoint detection and response (EDR) or extended detection and response (XDR). However, how are SOC teams preparing to precisely identify the status, location, make, and model of this rapidly expanding world of endpoints?
In a world of computing comprised of diverse and intentional endpoints, SOC teams need to know the precise location of the endpoint, what it does, the manufacturer, whether the firmware is up to date, if the endpoint is actively participating in computing or if it should be decommissioned, and a host of other pieces of pertinent information. Computing is anywhere the endpoint is – and that endpoint needs to be understood at a granular level.
In 2024, expect startups to provide solutions to deliver granular details of an endpoint, including attributes such as physical location, IP address, type of endpoint, manufacturer, firmware/operating system data, and active/non-active participant in data collection. Endpoints need to be mapped, identified, and properly managed to deliver the outcomes needed by the business. An endpoint cannot be left to languish and act as an unguarded entry point for an adversary.
In addition to granular identification and mapping of endpoints, expect to see intentional endpoints built to achieve a specific goal, such as ease of use, use in harsh environments, and energy efficiency. These intentional endpoints will use a subset of a full-stack operating system. SOC teams must manage these intentional endpoints differently than endpoints with the full operating system.
Look for significant advancements in how SOCs manage and monitor endpoints.
Mapping the attack surface
The attack surface continues to expand. We continue to add diverse endpoints and new types of computing. As we add new computing, legacy computing is not retired – complexity and the attack surface continue to grow.
SOC teams of the future need to visually understand the attack surface. This sounds simple, but it isn’t easy to distill the complex into a simple representation.
In 2024, expect SOC teams to seek a way to easily map the attack surface and correlate relevant threat intelligence to the mapping. To effectively do this, other aspects of the SOC of the future will need to be realities.
I’ll be talking about this a lot more in 2024 as we endeavor to provide you with insights on how the industry is changing as we move forward. Bookmark our blog. There is a lot of great information coming in the months ahead.
Majorca Tourist Hotspot Hit With $11m Ransom Demand
Municipality of Calvià on the Spanish island of Majorca was hit by a ransomware attack last weekend
GitHub Rotates Credentials and Patches New Bug
GitHub urges customers to apply a new patch and take action if impacted by credential rotation
chromium-120.0.6099.224-1.fc38
FEDORA-2024-049f068a8c
Packages in this update:
chromium-120.0.6099.224-1.fc38
Update description:
update to 120.0.6099.224
High CVE-2024-0517: Out of bounds write in V8
High CVE-2024-0518: Type Confusion in V8
High CVE-2024-0519: Out of bounds memory access in V8
chromium-120.0.6099.224-1.fc39
FEDORA-2024-44b1f656a3
Packages in this update:
chromium-120.0.6099.224-1.fc39
Update description:
update to 120.0.6099.224
High CVE-2024-0517: Out of bounds write in V8
High CVE-2024-0518: Type Confusion in V8
High CVE-2024-0519: Out of bounds memory access in V8
USN-6538-2: PostgreSQL vulnerabilities
USN-6538-1 fixed several vulnerabilities in PostgreSQL. This update provides
the corresponding updates for Ubuntu 18.04 LTS.
Original advisory details:
Jingzhou Fu discovered that PostgreSQL incorrectly handled certain unknown
arguments in aggregate function calls. A remote attacker could possibly use
this issue to obtain sensitive information. (CVE-2023-5868)
Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying
certain SQL array values. A remote attacker could use this issue to obtain
sensitive information, or possibly execute arbitrary code. (CVE-2023-5869)
Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL
allowed the pg_signal_backend role to signal certain superuser processes,
contrary to expectations. (CVE-2023-5870)
DSA-5602-1 chromium – security update
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure. An exploit for CVE-2024-0519 exists in the wild.