US Marine accused of waging cyber sextortion campaign against young women in California

Read More

Unsecured data of 80,000 ISOC members discovered on Microsoft Azure blob repository

Read More

Two US Senators claim that the CIA has been running an unregulated — and almost certainly illegal — mass surveillance program on Americans.

The senator’s statement. Some declassified information from the CIA.

No real details yet.

Read More

Endpoint detection and response (EDR) can only take you so far in identifying Log4j exploit attempts. Here’s why dynamic checks are needed to uncover vulnerable versions of Log4j.

When the Log4j vulnerability was disclosed at the tail end of 2021, it caused many IT teams to put down their well earned eggnog and cast a concerned look at their environment. Unfortunately, understanding what was vulnerable to this newly disclosed flaw was far more difficult than simply pulling an accurate inventory of Log4j instances, with the troublesome library often harder to track down than a Playstation 5.

Using an endpoint agent, for example endpoint detection and response (EDR), or a credentialed scan to identify Log4j instances will only get you so far. Like many Java libraries, Log4j is often bundled into “Fat Jars” (Jar files that include all external dependencies) or inserted directly into the source code as a way of shading the library versions to lessen the probability of conflicts. Simply asking “Do you have Log4j installed?” isn’t going to give you a very clear understanding of where you’re vulnerable.

But “EDR will block attempts to exploit Log4j!” I hear you all cry out in delight. Not so fast. An attacker could easily stay within the Java Virtual Machine (JVM), away from the prying eyes of the EDR process monitors; blocking outbound calls from a server is going to end badly. The idea of hiding nefarious activity within the Java virtual machine isn’t new, but all the top EDR vendors have been slow to address this rather large chink in their armor. EDR can stop breaches (as long as they’re not Java based).

In order to deal with the Log4j detection issue, Tenable released a whole new approach to assessment within hours of the legendary flaw being announced. Put simply, our dynamic checks fired a Java Naming and Directory Interface (JNDI) query into targets that instructed any systems vulnerable to Log4j to send a unique token to a Tenable hosted system that the scanner could look up to see if a message had been received. This approach ensured we’d be able to more easily uncover vulnerable versions of Log4j across a multitude of ports and protocols, because the only tokens being sent would be from those systems that had the flawed library somewhere within the stack or application code.

And we saw a lot of those unique tokens being sent to Tenable. Days after disclosure, we were seeing over 1,400 new tokens … EVERY SECOND and one in 10 assets assessed by Tenable were vulnerable.

In the case of Log4j, a false negative could mean a system is left vulnerable due to a poor assessment. Relying on endpoint detection to block exploitation is nowhere near enough of a defense, leading to a surefire foothold for any enterprising attacker. Tenable is investing significant effort in ensuring we continue to lead the market in detecting Log4Shell across the ever growing list of applications and protocols that are vulnerable.

Learn more

Read the technical whitepaper for more information on the new approach to identifying Log4j via the dynamic plugins
VIsit our landing page to keep up to date with all the log4j news
Read the blog, Assess Log4Shell Like an Attacker with Tenable’s Dynamic Detections

Read More

Reported scams surged by 17% in the final quarter of 2021 in the UK, while attempted scams increased by 70% over the same period

Read More

This blog was written by an independent guest blogger.

Microservices architecture is a convenient way to silo different software services compared to traditional software architecture and design. However, with multiple microservices communicating amongst each other – the attack surface of the network is greatly increased.

The security of such a system depends on the security of all the services. Any deviation in the system’s security ultimately undermines the integrity of the entire network. The number of vulnerabilities in a network based on microservices architecture can quickly grow from several to thousands of individual links depending on the number of services and how they communicate together.

This article will examine edge security in the context of microservices deployments and how APIs and API gateways set up at the edge can be used to secure service-to-service communications in a zero-trust environment.

A quick rundown on microservices

There is no single definition for what qualifies as a microservice. However, over time developers and industry standards have accepted a few key ideas. Microservices function similarly to how WordPress plugins provide a variety of siloed services on a website.

First, services in a microservice architecture typically communicate amongst one another on a network using protocols like HTTP. One advantage to utilizing a microservices architecture is that it greatly enhances the speed of your entire network. These services are then organized based on their function and developed independently of one another (and are also independently deployable). 

Why microservices security is vital

Ensuring that your microservices architecture is secure is essential. Hackers can use phishing scams to steal credentials and break into your network. So, if you build a network that has only a single point of security, you may find that a single breach can give hackers access to any number of services within your entire network.

Outdated software can easily lead to network vulnerabilities. By establishing a system to secure each microservice you can prevent hackers from spreading their reach if they manage to crack into a single service.

Defining a Zero-Trust environment

A zero-trust environment in a cybersecurity context means the elimination of trust between individual parts of a digital system, which would otherwise expose those parts to security vulnerabilities. Although some connections are obvious, cybersecurity consultation can help you assess how vulnerable your network is. 

Essentially, by siloing a network’s set of services and then eliminating their ability to trust one another we can increase security. If you find that you are unable to remove trust in your microservices architecture, the least you can do is minimize trust between services. Often businesses that have had their internal security breached, have had to seek reputation management services to protect their brand.

Another way to think of it is like this: your network represents a house that is full of rooms and each room is a service. Eliminating trust means locking all the doors to each room and then requiring a key every time a user wants to open that door.

Establishing security in service-to-service communications

How do we go about creating this security? Typically, when a microservices architecture is used, HTTP or gRPC are used to communicate in real-time. Apache Kafka and RabbitMQ are also examples of other communication protocols for applications. In order to secure these messages, we need to make sure that requests from a client application not only pass through security at the edge, but also internally.

How to build reliable authentication and authorization using mTLS

One way to make sure that access between services is secure is to implement authentication between services using Mutual Transport Layer Security (mTLS). However, in order to increase security, requests must be validated at the edge of the microservice and not just the edge of the network.

Each microservice then validates the certificate of the calling microservice and determines whether the certificate itself and the certificate’s issuer are trusted. Once the microservice has identified the caller, the microservice performs an authorization based only on the authentication credentials provided. This will check whether the caller is even able to do what it is requesting.

One way to enhance open source security and increase authentication and authorization speed is to utilize a proxy component that is deployed alongside the microservices. The proxy then intercepts all the calls that are placed to and from the microservice and prevents them from accessing the microservice directly.

Cryptographically safe methods for passing user context among microservices

The next step is to ensure that user context is passed securely between microservices. It’s important to ensure your network is secure, but also to ensure that communications intra-network are also secure.

The most common way this system works is by placing an API gateway at the edge of the microservices architecture deployment. The API gateway checks and validates user context corresponding to the application that made the call. Typically, the calling application can run the API just by itself, or for another user.

In either case, the API gateway acts like a sluice to regulate the flow of user context calls. When carrying these calls, the best way to cryptographically carry them is by using a JSON Web Token (JWT).

At the edge of the microservice, the JWT will be validated to make sure that it comes from a trusted issuer. Then, when one microservice communicates to another, the calling microservice can either feed the validated JWT to the new service or exchange it for a new JWT by communicating with another security token service that the recipient microservice trusts.

This way, one microservice could have an independent security token service separate from another verification service. This double-redundancy further strengthens the security of your services.

Once the end-microservice has verified the JWT, it can authorize the calling user based on the credentials that the JWT carries. Like with authentication and authorization, a proxy component intercepts these requests that come in and out of the microservice.

A functioning microservices security framework

Your entire network is only as secure as its weakest link. Every day businesses leave their data unprotected and vulnerable to hackers. Securing your microservices through multiple layers of security is one way to minimize these attack vectors. However, even if you take all of these steps it’s still important to consider threat detection and monitoring services.

Upgrade the security of your microservices architecture and consider where your vulnerabilities are in order to prevent unauthorized access to one microservice bleeding through to your other services. When you develop microservices as silos remember to utilize proxies and silo the security of the services by using JWT and mTLS. Your end goal should be to minimize trust, or if possible, establish a zero-trust environment.

Read More

SEC cracks down in novel regulatory action

Read More

CrowdStrike report warns that threat actors are getting smarter at evasion

Read More