Tenable’s Acquisition Of Cymptom: An “Attack Path-Informed” Approach to Cybersecurity

Read Time:3 Minute, 7 Second

Tenable’s recent acquisitions all had the same overarching goal: helping our customers gain better security insights across their cyberattack surface.

At our investor day in December 2021, Tenable CEO Amit Yoran and I outlined the vision of where we see Tenable and the vulnerability management market heading over the next few years. We focused on three main areas:

the need to extend vulnerability management (VM) everywhere;
the need to shift security left; and
the need to transform into a cyber data analytics platform.

To extend VM everywhere, we’ve aligned IT and critical infrastructure security through the acquisition of Indegy in 2019, predicting the capabilities and controls would converge. We took a giant leap forward when we acquired Alsid to help our customers understand the Active Directory flaws attackers will leverage to elevate privileges and laterally move once they’ve gained a foothold. Indeed, in a zero trust world, identity and access may still remain our most critical “vulnerability”

Late last year, we acquired Accurics to enable our customers to “shift left” to better understand security issues in Infrastructure as Code before they are deployed and to improve visibility of the running cloud. The importance of this visibility was demonstrated when Log4Shell was disclosed in December, causing cybersecurity teams everywhere to try and quickly understand how vulnerable they were to this black swan issue. In a world where cloud native applications change at the speed of code, security must move closer to the developers.

The three acquisitions we’ve made in the last three years, and the product enhancements we subsequently released, all had the same overarching goal of helping our customers gain better security insights across their cyberattack surface. The next step is to understand how vulnerabilities can create attack pathways leading to breach to help security teams effectively prioritize those issues that matter most and guide them on preemptively addressing those flaws before they are leveraged. We see attack path analysis to be for preventive cybersecurity what event correlation and analytics have become for the SIEM and XDR.

Enabling our customers to preemptively disrupt attack paths with the cyber data and analytics we provide leads us to the acquisition of Cymptom, which closed today. Founded in 2019, Cymptom has been focused on visually mapping out attack paths and prioritizing choke points that can be mitigated or remediated to reduce risk according to the MITRE ATT&CK framework.

Connecting the attack steps across everything with an IP address or running code in a unified platform is the only way security teams will be able to preemptively and effectively defend against the modern style of breaches we see today. Attackers don’t differentiate between web application mishaps, forgotten software patches, Active Directory accidents or misconfigured clouds, so why should defenders?

As we integrate Cymptom’s technology, research and expertise, Tenable’s solutions will become “attack path informed” to give our customers the insights they need to proactively reduce the probability of a breach with the least amount of effort. Our customers will be able to interact with our threat, vulnerability and exposure data in ways they’ve never been able to before. For the first time able to see the assets they protect from the viewpoint of a potential attacker, and the probable steps they’d take once an initial entrypoint has been found.

We’re incredibly thrilled to have Cymptom join Tenable and I can’t wait to work with our teams to integrate their innovative approaches to help our customers to see the steps attackers could take and prioritize preemptive action to turn attacks into attempts.

Learn more:

Attend the webinar: Tenable and Cymptom: Predict and Disrupt Attack Paths
Visit the landing page: Tenable Acquires Attack Path Visualization Company Cymptom

Read More

Social Media: How to Steer Your Family Clear of Cryptomining Malware

Read Time:4 Minute, 3 Second

It’s fun to jump on our favorite social media sites such as Facebook, Instagram, or LinkedIn and know we can quickly check in with friends and family, discover interesting content, and instantly connect with colleagues worldwide. The last thing on most of our minds when tapping our way into these familiar online communities is being the target of cybercrime. 

But it’s happening more and more.  

Last month, The Federal Trade Commission (FTC) described popular social media sites as “goldmines” for malicious attacks. The FTC revealed that more than one in four people who reported losing money to fraud in 2021 said it started on social media with an ad, a post, or a message. More than 95,000 people reported about $770 million in losses to fraud initiated on social media platforms in 2021. According to the FTC, those losses account for about 25 percent of all reported losses to fraud in 2021 and represent a stunning eighteenfold increase over 2017 reported losses. 

Dark Web Goes Mainstream

The social environment is a magnet for bad actors because people of every age and country flock there each day. The constant flow of conversation and content—and more importantly, the climate of trust—makes social networks juicy targets for cybercrime.  

The biggest motivation? The emerging digital security threat of cryptojacking (aka illegal cryptomining). Cryptojacking is illegally accessing another person’s computer power to mine cryptocurrency. Cybercriminals do this by getting a victim to click on a malicious link delivered via direct message, a news story, or an ad. Once clicked, that link loads crypto mining code on the victim’s computer or leads them to an infected website or online ad with JavaScript code that auto-executes once it’s loaded in the victim’s browser. Often the malware goes undetected, and the only way a victim might know their system has been compromised is that it may start performing more slowly.    

The Fallout 

While bad actors use social media platforms to distribute cryptomining malware, they also spread other malware types such as advertisements, faulty plug-ins, and apps that draw users in by offering “too good to be true” deals. Once clicked on, the malware allows cybercriminals to access data, create keyloggers, release ransomware, and monitor social media accounts for future scamming opportunities.  

Protecting Your Family  

Educate your family.

Be sure your kids understand the risks and responsibilities associated with device ownership. Consider putting time aside each week to discuss crucial digital literacy topics and ongoing threats such as cryptomining malware. Consider a “device check-in” that requires each person in your family to “check off” the following security guidelines.  

Use comprehensive security software.

To help protect your family devices from viruses, malware, spyware, and other digital threats entering social media sites, consider adding extra security to your family devices with McAfee Total Protection. 

Avoid sharing personal information online.

Avoid posting home addresses, full birth dates, employer information, school information, as well as exact location details of where you are.  

Keep software and operating systems up to date.

Install software updates so that attackers cannot take advantage of the latest security loopholes.  

Use strong passwords.

Select passwords that will be difficult for bad actors to guess and use different passwords for different programs and devices.  

Pay attention to device performance.

For a virus to solve cryptographic calculations required to mine cryptocurrency requires an enormous amount of computer processing power (CPUs). Cryptojacking secretly consumes a victim’s processing power, battery life, and computer or device memory. Look out for a decline in device processing speed. 

Avoid connecting with people you don’t know.

Be careful when accepting friend requests, direct messages, or clicking on links sent by someone you don’t know personally. This is one of the most popular ways cybercriminals gain access.  

Verify known friend requests and messages.

Be discerning even when a known friend sends you a second friend request claiming they’ve been hacked. Search known names on the platform for multiple accounts. Cybercriminals have been known to gather personal details of individuals, pose as that person, then connect with friend lists using familiar information to build trust with more potential victims.  

Report spam and suspicious accounts.

Be sure to report any fraudulent activity you encounter on social platforms to help stop the threat from spreading to other accounts, including friends and family who may be connected back to you. 

New scams and more sophisticated ways to steal data—and computer processing power for illegal cryptomining—surface daily. Staying in front of those threats and folding them into your family dynamic is one of the most powerful ways to give your kids the skills and security habits they will need to thrive in today’s digital world.   

The post Social Media: How to Steer Your Family Clear of Cryptomining Malware appeared first on McAfee Blog.

Read More

New quantum key distribution network resistant to quantum attacks

Read Time:38 Second

New research has revealed the full viability of a novel quantum key distribution (QKD) network for metropolitan areas that is resistant to quantum computing attacks. According to JPMorgan Chase, Toshiba and Ciena, the newly developed QKD network supports 800 Gbps encryption under real-world environmental conditions and can instantly detect and defend against quantum-enabled threats. In a claimed industry first, the network has also been demonstrated to secure a mission critical blockchain application, the firms stated.

Quantum key distribution network “first of its kind”

Under the leadership of JPMorgan Chase’s Future Lab for Applied Research and Engineering (FLARE) and global network infrastructure teams, researchers from all three organizations collaborated to achieve the following results:

To read this article in full, please click here

Read More

What you need to know about Log4Shell

Read Time:1 Minute, 4 Second

Photo by ThisIsEngineering from Pexels

Considered one of the largest exploitable vulnerabilities in history, Log4Shell affects many as Log4J is one of the most extensively used logging libraries. An issue that has existed for almost a decade but just recently was discovered, Log4Shell leaves companies vulnerable to the full extent of these attacks. AT&T Alien Labs blogged about the vulnerability back in December 2021, with more technical detail. The AT&T Managed Vulnerability Program (MVP) team helps customers strengthen their cybersecurity posture and resiliency, leaving them better equipped for events like Log4Shell.

Surprising to many, third-party libraries are not solely IT problems but can also impact operational technology (OT) and is needed for many OT functions. Because of that the manufacturing and critical infrastructure community has needed to focus more on addressing threats as they emerge. The Log4J vulnerability and others like it are not going away on their own, so the MVP team is constantly testing, monitoring, and deploying to ensure correct steps are being taken to mitigate future attacks. AT&T MVP’s partner, Tenable, dives deeper in their blog,”5 Steps that the OT Community Should Take Right Now,” focusing on how OT groups avoid ramification, encouraging proactiveness like the solutions provided by AT&T MVP.

Read More

Skyrocketing cryptocurrency bug bounties expected to lure top hacking talent

Read Time:29 Second

As high-stakes cryptocurrency and blockchain projects proliferate and soar in value, it’s no surprise that malicious actors were enticed to steal $14 billion in cryptocurrency during 2021 alone. The frantic pace of cryptocurrency thefts is continuing into 2022.

In January, thieves stole $30 million in currency from Crypto.com and $80 million in cryptocurrency from Qubit Finance. February started with the second-largest decentralize finance (DeFi) theft to date when a hacker exploited a token exchange bridge in Wormhole to steal $320 million worth of Ethereum.

To read this article in full, please click here

Read More

Sykyrocketing cryptocurrency bug bounties expected to lure top hacking talent

Read Time:29 Second

As high-stakes cryptocurrency and blockchain projects proliferate and soar in value, it’s no surprise that malicious actors were enticed to steal $14 billion in cryptocurrency during 2021 alone. The frantic pace of cryptocurrency thefts is continuing into 2022.

In January, thieves stole $30 million in currency from Crypto.com and $80 million in cryptocurrency from Qubit Finance. February started with the second-largest decentralize finance (DeFi) theft to date when a hacker exploited a token exchange bridge in Wormhole to steal $320 million worth of Ethereum.

To read this article in full, please click here

Read More

When the insider threat is the Commander in Chief

Read Time:42 Second

When the insider is the President of the United States, the mishandling and removal of information take on a different demeanor given the national security implications. The U.S. media has widely reported how the National Archives and Records Administration bird-dogged the return of missing presidential records, most recently 15 boxes of presidential papers that should have been directed to the National Archives when President Trump’s term ended on January 20, 2021.

It is alleged the 45th President of the United States directed the collection of materials to be placed into those boxes and forwarded to his Florida residence where they have sat for more than a year. It is also alleged that within some of these boxes were documents that carried the national security “secret” and “top secret” classifications.

To read this article in full, please click here

Read More

News, Advisories and much more

Exit mobile version