FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Friday, September 29, 2023

VMware customers anxious about ransomware threats

VMware has recently made headlines on Google News due to ransomware attacks targeting the company. This development has left its customers feeling uneasy and prompted them to search for alternative products that are more secure.

The increasing licensing costs have only intensified the quest for alternative virtualization software. Customers are now grappling with the perception that the expenses associated with VMware outweigh the benefits. In fact, a staggering 77% of respondents have expressed reservations about entering into future agreements with the software giant.

VergeIO, a company that has dedicated resources to investigating the impact of rising costs associated with VMware software, has revealed in its report that renewal quotes and licensing agreements based on a “Per-Core” model are expected to decline in the coming year. The growing expenditure on this software is causing additional strain on annual IT budgets.

Remarkably, the quality of customer support provided by VMware has also come under scrutiny, with 66% of users expressing dissatisfaction with the current technical support. They feel that the service levels offered by customer support leave much to be desired.

Furthermore, a significant 70% of survey participants admitted that the rising costs were anticipated, especially after VMware officially announced its acquisition by Broadcom in April 2022.

Now, the burning question is whether VMware customers can swiftly find a suitable replacement.

Unfortunately, it’s not that simple. The Palo Alto-based company offers computer software compatible with MS Windows, Linux, and MacOS that is renowned for its excellence and compatibility with in-house hardware. This reputation persists even after VMware garnered attention for the Log4shell vulnerability, which was exploited by the Lazarus hacking group early this year.

The post VMware customers anxious about ransomware threats appeared first on Cybersecurity Insiders.


September 29, 2023 at 08:23PM

A Roadmap to Launch Your Career in Network Security

In today’s digital age, the importance of network security has never been greater. With cyber threats evolving at an alarming pace, skilled professionals in the field of network security are in high demand. If you’re interested in protecting critical data, thwarting cyberattacks, and ensuring the integrity of computer networks, a career in network security could be a rewarding and impactful choice. Here’s a roadmap to help you get started:

1. Build a Strong Educational Foundation:
•    Earn a Bachelor’s Degree: While not always mandatory, a bachelor’s degree in a related field such as Computer Science, Information Technology, or Cybersecurity can open doors and provide a solid foundation.
•    Consider a Master’s Degree: Pursuing a master’s degree in Cybersecurity or Information Assurance can deepen your knowledge and increase your competitiveness in the job market.

2. Gain Fundamental IT Skills:

•    Learn Networking Basics: Understanding how computer networks function is crucial. Familiarize yourself with concepts like TCP/IP, routing, switching, and subnetting.

•    Master Operating Systems: Gain proficiency in various operating systems, including Windows, Linux, and macOS.

3. Obtain Relevant Certifications:
•    CompTIA Security+: This entry-level certification provides a solid introduction to network security concepts.
•    Certified Information Systems Security Professional (CISSP): As you progress, consider this globally recognized certification for information security professionals.
•    Certified Ethical Hacker (CEH): Understanding the mindset of hackers is essential for securing networks.
•    Certified Information Security Manager (CISM): Ideal for those aspiring to manage security teams and strategies.

4. Develop Technical Skills:
•    Learn Firewalls and Intrusion Detection Systems (IDS): These tools are fundamental to network security.
•    Study Encryption: Understanding encryption protocols and algorithms is crucial for securing data in transit.
•    Explore Virtualization and Cloud Security: As organizations increasingly rely on the cloud, knowledge of cloud security becomes indispensable.
•    Practice Hands-On Networking: Set up your own home lab to experiment with net-work configurations and security measures.

5. Gain Practical Experience:
•    Internships: Look for internship opportunities in IT departments or cybersecurity firms to gain hands-on experience.
•    Entry-Level Positions: Start as a network administrator, system administrator, or help desk technician to build practical skills.

6. Stay Informed and Network:
•    Continuous Learning: The world of cybersecurity is ever-changing. Stay updated on the latest threats, technologies, and best practices.
•    Network: Attend industry conferences, join cybersecurity forums, and connect with professionals in the field. Networking can lead to job opportunities and valuable in-sights.

7. Specialize:
•    Choose Your Path: Network security offers various specializations, such as penetration testing, security analysis, or security architecture. Determine your niche and focus your efforts accordingly.

8. Build a Portfolio:
•    Create Projects: Develop personal or open-source projects that demonstrate your skills. Document these projects in a portfolio to showcase to potential employers.

9. Seek Employment:

•    Apply for Entry-Level Positions: Look for roles like Network Security Analyst, Junior Security Consultant, or Security Administrator.

•    Consider Certifications: Some organizations may require certifications as prerequisites for certain positions.

10. Maintain Ethical Standards:
•    Ethical Hacking: If you’re involved in penetration testing or ethical hacking, always adhere to ethical and legal guidelines.

11. Stay Committed to Learning:
•    Cybersecurity is a lifelong journey: The threat landscape evolves continually, so staying up-to-date is essential.

In the realm of network security, dedication and a commitment to ongoing learning are key. Starting a career in this field may require time and effort, but the rewards in terms of job satisfaction and the opportunity to protect critical systems and data are well worth it. Remember that each step you take, from education to certification and hands-on experience, brings you closer to a successful career in network security.

The post A Roadmap to Launch Your Career in Network Security appeared first on Cybersecurity Insiders.


September 29, 2023 at 10:42AM

Canada govt websites disrupted by Cyber Attacks from India

Numerous government websites in Canada experienced performance issues and error messages due to a cyber-attack orchestrated by the India Cyber Force. Federal intelligence agencies have expressed concerns that these attacks could escalate in severity over the upcoming weeks, coinciding with escalating tensions between the Trudeau and Modi administrations.

The genesis of this conflict can be traced back to the Canadian Prime Minister’s allegations against the government led by Shri Narendra Modi. These allegations accused the Modi government of orchestrating the assassination of a prominent Khalistan leader on foreign soil. Modi and his administration vehemently denied these claims.

In response to these accusations, a hacking group based in India, known as the Indian Cyber Force, initiated cyber-attacks on Canada’s national infrastructure. They signaled their intent to continue these intense attacks in the days ahead.

The Canadian Armed Forces’ website bore the brunt of these attacks, with the hackers successfully rendering the portal inaccessible for a period exceeding three hours. This raised eyebrows as military computer networks are typically separate from other government websites. The synchronized disruption across all these platforms was both unexpected and alarming.

Canada’s Defense Minister, Bill Blair, confirmed the incident involving the Canadian Armed Forces and attributed it to a distributed denial-of-service attack (DDoS). In this type of attack, hackers flood a web portal with fraudulent traffic, effectively preventing genuine users from accessing it and causing significant disruptions.

S. Jaishankar, India’s Minister of External Affairs, denied claims that the attack had been instigated by Indian intelligence agencies. However, he refrained from commenting on the potential involvement of a cyber organization with ties to the BJP government.

Meanwhile, the Prime Minister’s Office in Canada is closely monitoring the situation and engaging in diplomatic efforts to stay abreast of developments.

The post Canada govt websites disrupted by Cyber Attacks from India appeared first on Cybersecurity Insiders.


September 29, 2023 at 10:35AM

Thursday, September 28, 2023

Digital identity: Dispelling the myths

Digital identities have had a significant impact on the way we interact, transact, and explore the world around us. However, there is still a limited understanding of what they are and the benefits they have.

In our latest piece for Computer Fraud & Security Magazine, we addressed some of the common misunderstandings around digital IDs, and outlined the potential for enhanced security, efficiency, and simplicity across the digital landscape. Here’s a flavour of some of the key takeaways…

  • Anyone can use them – not just digital natives: Contrary to popular belief that digital identities are exclusively for the tech-savvy, they boast an incredibly user-friendly interface. From a smartphone’s digital wallet, credentials and identity data can be easily pre-loaded, activated via biometric authentication (e.g., facial recognition or fingerprint scanning), and presented as a QR code for swift verification.
  • They’re highly secure and private: With robust biometric authentication and encryption layers, digital wallets provide multi-layered security, guarding your data from unauthorised access. Likewise, with passwords being an outdated form of authentication for online systems, biometrics provide a more resilient means of proving that you are who you say you are.
  • They’re a frictionless and efficient way to prove who you are: The current identity verification landscape is highly fragmented, with various platforms, services and systems complicating user experience. Digital identities offer a seamless solution by centralising authentication, sparing people the hassle of retrieving many different forms of identification from both digital and physical sources.
  • You only need to share the bare minimum of information: While your digital ID may securely host a wealth of information about you, it takes a more granular and controlled approach to data sharing. It will only reveal essential details necessary for specific transactions, and always based on the consent of the user, safeguarding your privacy.
  • They have the potential to be used anywhere: Industries spanning finance, retail, travel, voting, real estate, law enforcement, and online services are embracing the concept of digital IDs. They all hold different forms of identity, from driving licences to boarding passes, qualifications, loyalty cards, and employment status. These all are very different use cases, but all would operate under the same principles.

By building a better understanding of digital IDs, we can accelerate their rollout and maximise their potential to enhance everyday processes.

Learn more here: https://www.thalesgroup.com/en/markets/digital-identity-and-security/digital-id

 

The post Digital identity: Dispelling the myths appeared first on Cybersecurity Insiders.


September 28, 2023 at 09:09PM

Cyber Attack paralysis IT operations at Volkswagen

Volkswagen (VW) manufacturing operations in Germany faced a significant disruption due to a cyberattack that targeted its IT infrastructure. Suspicions have arisen, pointing towards proactive Russian hackers, possibly in response to Germany’s vocal support for Ukraine and its reduced reliance on oil and energy exports. This incident has raised concerns about the potential for a Distributed Denial of Service (DDoS) attack in the near future.

According to the business publication Handelsblatt, the cyberattack has had a noticeable impact on car production, particularly at VW factories in Osnabruck, Zwickau, Dresden, and Emden. However, Volkswagen, known for its robust business continuity planning, is expected to recover from this incident within a matter of hours.

It’s worth noting that the cyberattack also affected Volkswagen’s subsidiary, Audi, as their email services were disrupted.

This incident bears a resemblance to a similar event in 2021 when Volkswagen fell victim to a data breach, allowing hackers to pilfer data associated with three million consumers. Additionally, a few months prior to this cyberattack, Level One Robotics, a company that supplies commercial robots to the German automaker, suffered a digital assault that exposed sensitive information not only about the victim but also other automakers.

It’s important to highlight that Volkswagen, the electric vehicle manufacturer at the center of this incident, has not officially confirmed the cyberattack. According to a Twitter update, the tech disruption may have been caused by an IT outage stemming from a potential misconfiguration error.

The post Cyber Attack paralysis IT operations at Volkswagen appeared first on Cybersecurity Insiders.


September 28, 2023 at 08:34PM

Wednesday, September 27, 2023

Johnson Controls hit by Dark Angels Ransomware

The Dark Angels ransomware gang, active since May 2022, has reportedly set its sights on VMware ESXi servers within the premises of Johnson Controls International (JCI). The cyberattack initially targeted JCI’s Asian offices and subsequently spread to several subsidiary brands, including York, Tyco, Luxaire, Coleman, Ruskin, Grinnel, and Simplex.

Johnson Controls, a renowned manufacturer of industrial equipment such as fire safety and security systems, has launched an investigation into the extent of the attack’s impact on its network. The company has assured stakeholders that it will provide more comprehensive details early next week.

As a result of the disruption, a portion of JCI’s systems is currently offline, and the company is actively exploring strategies to mitigate associated risks. Frustrated customers of York have taken to Twitter to express their discontent, as they are unable to access the status of their booked HVAC equipment and processing systems.

Notably, the Dark Angels ransomware group is infamous for demanding a minimum ransom of $51 million and is recognized for offering a VMware ESXi encryptor, sourced from the Babuk and Ragnar ransomware variants.

In the case of Johnson Controls, Dark Angels reportedly exfiltrated approximately 27 terabytes of corporate data, setting the stage for a double extortion attack in the future. The company acknowledged this breach in its Form 8-K filing with the SEC and disclosed its collaboration with its cyber insurance provider and experts to address the situation.

The course of action Johnson Controls will ultimately take in response to the hackers’ demands remains uncertain. However, the company’s website warns that certain customer-accessed applications may experience downtime, and those affected will receive formal notifications.

The post Johnson Controls hit by Dark Angels Ransomware appeared first on Cybersecurity Insiders.


September 28, 2023 at 10:02AM

Lawsuit against MGM and Ceasars Entertainment Ransomware Attack

A lawsuit has been initiated against two prominent gaming entities due to their failure to safeguard the personal identifiable information of their customers, resulting in a substantial potential penalty, possibly amounting to millions of dollars. The legal action revolves around MGM Resorts International and Caesars Entertainment, both of which fell victim to a highly sophisticated file-encrypting malware attack towards the end of last week.

Currently, it has come to light that two separate lawsuits have been filed in connection with the MGM cyber-attack, while Caesars Gaming company is contending with three legal actions, one of which was freshly filed just last Friday.

The identity of the culprits behind the security breaches at both companies remains shrouded in mystery. However, a hacking group known as “VX-Underground” has made allegations that the ALPHV, also known as the BlackCat ransomware group, played a role in the incident, managing to exfiltrate a portion of data from the compromised servers.

Collaborating closely, the Nevada Gaming Control Board and the FBI have launched an investigation into this cyber incident. Their findings are expected to be presented in a report due early next month.

In a positive turn of events, MGM Resorts and Hotels have successfully resolved the situation, restoring their systems to normalcy after a 10-day shutdown. It remains unclear whether they acquiesced to the hackers’ demands or relied on their business continuity plan to restore applications and data to their usual state.

As for Caesars, the company has not yet issued an official statement regarding the matter.

It’s important to note that in both incidents, the attackers gained access to the systems by obtaining network login credentials through a Vishing attack perpetrated against an unsuspecting employee. Consequently, businesses are urged to adopt a comprehensive approach to cybersecurity, emphasizing the importance of awareness training for their staff to guard against such threats, which can potentially target any organization at least once a year.

The post Lawsuit against MGM and Ceasars Entertainment Ransomware Attack appeared first on Cybersecurity Insiders.


September 27, 2023 at 08:20PM

Cyber Attacks Arising from Microsoft Office Software

In today’s digital age, Microsoft Office has become a staple in offices and homes worldwide, facilitating communication, productivity, and document management. However, this widespread usage has also made MS Office software a prime target for cyber-criminals.

Cyber attacks arising from Microsoft Office software have gained prominence in recent years, posing significant threats to individuals, organizations, and governments alike. This article delves into the evolving landscape of cyber attacks associated with MS Office software and explores ways to mitigate these threats.

The Microsoft Office Suite Vulnerabilities

Macro-Based Attacks: One of the most common methods used by cyber criminals is the exploitation of macros within Office documents. Macros are scripts that automate tasks, but they can also be used maliciously to deliver malware. Users are often tricked into enabling macros, unknowingly infecting their systems.

Malicious Email Attachments: Cyber criminals frequently send phishing emails with malicious Office attachments. These attachments may contain malware or lead to malicious websites designed to steal sensitive information.

Malicious Links: MS Office documents can include embedded links that direct users to malicious websites. Clicking on these links can result in drive-by downloads or the installation of malware.

Fileless Attacks: Modern cyber attacks often exploit vulnerabilities in MS Office applications themselves. These fileless attacks don’t rely on traditional malware files, making them harder to detect.

 Zero-Day Exploits: Cybercriminals search for and exploit vulnerabilities in Office software that haven’t yet been patched by Microsoft. These zero-day exploits are highly sought after and can be used to compromise systems before patches are available.

Mitigating MS Office Software Cyber Threats

Keep Software Updated: Regularly update Microsoft Office software to patch known vulnerabilities and reduce the risk of falling victim to zero-day exploits.

Disable Macros: Disable macros by default in Office documents and only enable them from trusted sources. Educate users on the risks associated with enabling macros.

Beware of Email Attachments: Exercise caution when opening email attachments, especially if they come from unknown or unexpected sources. Verify the legitimacy of the sender before opening any Office files.

Email Filtering: Implement robust email filtering systems that can identify and quarantine suspicious emails containing Office attachments.

User Education: Educate employees, family members, or colleagues about the dangers of phishing emails and the importance of safe email and document handling practices.

Security Software: Install reputable antivirus and anti-malware software to detect and mitigate threats arising from MS Office documents.

 Network Segmentation: Implement network segmentation to isolate critical systems from potential threats originating from Microsoft Office software.

Conclusion

Microsoft Office software remains an essential tool for productivity and collaboration, but its widespread use has made it a prime target for cyber-criminals. To safeguard against cyber attacks originating from MS Office, users and organizations must stay vigilant, keep software up to date, and educate themselves about the evolving threat landscape. By adopting a proactive approach to cybersecurity, individuals and organizations can minimize the risks associated with this ubiquitous software suite and protect their valuable data from cyber threats.

The post Cyber Attacks Arising from Microsoft Office Software appeared first on Cybersecurity Insiders.


September 27, 2023 at 11:20AM

Indian government reports Security Vulnerabilities in Apple devices

The Indian government has released a report highlighting security vulnerabilities in Apple devices. The Computer Emergency Response Team of India (CERT-IN) has issued an urgent alert, identifying security threats affecting a range of Apple products, including iPhones, iPads, Apple Watches, iMacs, MacBooks, and the Safari Browser. These vulnerabilities stem from software flaws.

CERT-IN, operating under the Ministry of Electronics and Information Technology (MeitY), previously exposed vulnerabilities in the Google Android Operating System.

On CERT-India’s official website, a CIVN-2023-0275 notification warns that hackers can exploit a security validation certificate flaw in the Security Code Component. This allows them to execute malicious code and gain privileged access control, bypassing all security protections through crafted requests.

Additionally, a flaw was discovered in Apple’s Kernel, enabling the execution of instruction code between the device’s software and hardware.

Regarding the Safari browser, errors in Apple’s WebKit left browsers exposed to multiple vulnerabilities.

The following software versions have been identified as vulnerable to these threats:

    1. Apple macOS Monterey Versions released before 12.7
    2. Apple macOS Ventura Versions released before 13.6
    3. Apple WatchOS Versions released before 9.6.3
    4. Apple WatchOS Versions released before 10.0.1
    5. Apple iOS Versions before 16.7 and iPadOS Versions before 16.7
    6. Apple iOS Versions before 17.0.1 and iPadOS Versions before 17.0.1
    7. Apple Safari versions before 16.6.1

In response to this news, Apple has stated that all the vulnerabilities identified by CERT have already been addressed. It now falls upon users to ensure their devices are updated with the latest software fixes.

Furthermore, Apple has issued emergency security patches for iOS/iPadOS 17 and WatchOS 10 to address zero-day vulnerabilities that could potentially expose devices to spyware. While Apple hasn’t provided detailed information about the spyware or the extent of the damage it may have caused, it acknowledged Maddie Store of Google’s Threat Analysis Group and Bill Marczak of Citizen Lab, based at the University of Toronto’s Munk School, for discovering the vulnerabilities.

Note: According to a Telegram resource, the fix was issued to counter the ‘Predator’ spyware developed by Intellexa of Egypt.

The post Indian government reports Security Vulnerabilities in Apple devices appeared first on Cybersecurity Insiders.


September 27, 2023 at 11:13AM

Tuesday, September 26, 2023

Top 3 Priorities for Today’s CISO: Safeguarding the Digital Frontier

Jaye Tillson, Field CTO at Axis Security

In an era where cyber threats are evolving at an alarming pace, the role of a Chief Information Security Officer (CISO) has never been more critical. Today, CISOs are the guardians of an organization’s digital assets, and in this role are facing a very daunting task–they are being called to protect sensitive data, maintain customer trust, and ensure business continuity. With an ever-expanding threat landscape, the ability to deliver on these three fronts has never been more challenging. As a result, it’s essential for CISOs to establish clear priorities to navigate these turbulent waters successfully.

In my role, I have the opportunity to meet regularly with security professionals from a variety of businesses all over the globe. Over the past six months in particular, that includes some extremely informative discussions with a sizeable group of CISOs. In this article, I wanted to share what I believe are the top three priorities that are at the forefront of their agenda.

Cyber Resilience

Today we are all operating in an interconnected world and many of the CISOs I spoke to believe that it’s not a matter of ‘if’ but ‘when’ a cyberattack will occur. It’s hard to argue with their view. Taking that viewpoint into account, their focus was on building cyber resilience within their organizations. For them, this meant preparing for, responding to, and recovering from cyber incidents effectively. Here are some key strategies that they are considering:

  • Incident Response Plan: Develop and regularly update a comprehensive incident response plan. Once this has been shared throughout the organization, make sure that all employees are aware of their roles and responsibilities during a cyber incident. From there, it’s imperative to put this plan to the test. This includes conducting regular drills and simulations to gauge the plan’s effectiveness and, if necessary, adjusting it as needed.
  • Data Backups and Recovery: Even with the best plan, data loss is always a possibility, especially since it is no longer housed in a single, central location. These CISO’s touched on the need to implement a robust data backup and recovery processes to minimize any data loss in case of a breach. This includes verifying the integrity of backups regularly and storing them securely offline to prevent ransomware attacks.
  • Threat Intelligence: Invest in threat intelligence tools and services to stay informed about emerging threats and vulnerabilities. These CISOs widely agreed that having regular access to this information would help them proactively defend against attacks.
  • Employee Training: No matter how many solutions you invest in and the simulations you conduct, human error still remains a significant factor in security breaches. In fact,  Verizon’s 2022 Data Breaches Investigations Report (DBIR) found that 82 percent of data breaches involve a human element. According to the DBIR, this includes incidents “in which employees expose information directly (for example, by misconfiguring databases) or by making a mistake that enables cyber criminals to access the organization’s systems.” Findings like this reinforce why these CISOs state it’s essential to conduct regular cybersecurity awareness training for all employees. The goal of these efforts is simple–ensure that everyone across the businesses fully understands the importance of security best practices.

Zero Trust

Many of the CISOs felt that the traditional perimeter-based security model is no longer sufficient to protect their business against modern threats. These solutions were effective when their we focused on protecting everyone within a castle and moat (i.e., the corporate office)/ But we don’t work in castles anymore.

For this group there is widespread agreement that the answer is to adopt a Zero Trust approach to secure their organization’s digital assets. Zero Trust operates on the principle of “never trust, always verify,” and it requires a fundamental shift in how security is implemented. Their priorities were:

  • Identity and Access Management (IAM): Implement strict IAM policies to ensure that users and devices are authenticated and authorized before accessing any resources. This includes the use multi-factor authentication (MFA) wherever possible.
  • Micro-Segmentation: Divide the network into micro-segments to limit lateral movement for potential attackers. With micro-segmentation, each individual segment should have its own access controls and monitoring mechanisms.
  • Continuous Monitoring: Because security threats never sleep, businesses must employ continuous monitoring solutions that track user and device behavior, detect anomalies, and trigger alerts for suspicious activities in near real-time.
  • Application Security: Ensure that all applications, whether on-premises or in the cloud, are secure by design. In addition, regularly assess and update the business’s security posture to mitigate vulnerabilities.

Regulatory Compliance

As data privacy regulations continue to evolve worldwide, compliance is a significant concern for many of the CISOs, and with good reason. Non-compliance often leads to hefty fines and reputational damage. Just ask Amazon which in 2021 incurred an $877 million fine for breaches of the GDPR.  To address this priority, the CISOs intended to:

  • Stay Informed: Stay up-to-date with the latest data privacy regulations, such as GDPR, CCPA, NIS2, or any other relevant laws based on their organization’s geographic footprint and industry.
  • Data Protection: Implement robust data protection measures, including encryption, access controls, and data retention policies, to ensure compliance with regulatory requirements.
  • Third-party Risk Management: Evaluate and monitor the security practices of third-party vendors and partners to ensure they meet compliance standards, as their actions can impact their organization’s compliance status.
  • Documentation and Reporting: Maintain thorough records of security measures, audits, and compliance activities and be prepared to provide documentation to regulatory authorities if required.

Conclusion

As the digital landscape becomes increasingly complex and volatile, these CISOs knew they would be facing the formidable challenge of safeguarding their organizations against a barrage of cyber threats.  What was clear through my conversations is they all felt that by prioritizing cyber resilience, adopting Zero Trust, and ensuring regulatory compliance, they could build a robust security posture that not only protects their organization’s sensitive data but also strengthens customer trust and ensures business continuity in an ever-changing cybersecurity landscape. They also acknowledged that their role was seen as pivotal in the modern business world and that these top priorities should be their guide in securing the digital frontier.

Image by gpointstudio on Freepik

The post Top 3 Priorities for Today’s CISO: Safeguarding the Digital Frontier appeared first on Cybersecurity Insiders.


September 26, 2023 at 09:18PM

Top Five Steps to Elevate Your Data Security Posture Management and Secure Your Data

By Karthik Krishnan, CEO of Concentric.ai

October is Cybersecurity Awareness Month, and every year most tips for security hygiene and staying safe have not changed. We’ve seen them all – use strong passwords, deploy multi-factor authentication (MFA), be vigilant to spot phishing attacks, regularly update software and patch your systems. These are great recommended ongoing tips and are as relevant today as they’ve ever been. But times have changed and these best practices can no longer be the bare minimum.

The sheer number of threats to your data — both external and internal — are increasing exponentially, so maintaining a robust data security posture is paramount. From a data protection standpoint, perhaps the most difficult challenge to address is that business-critical data worth protecting now takes so many different forms. Intellectual property, financial data, business confidential information, PII, PCI data, and more create a very complex environment. 

Traditional data protection methods, like writing a rule to determine what data is worth protecting, are not enough in today’s cloud-centric environment. And think about how easy it is for your employees to create, modify and share sensitive content with anyone. Your sensitive data is constantly at risk from data loss, and relying on employees to ensure that data is shared with the right people at all times is ineffective.

In fact, according to the 2023 Verizon Data Breach Investigations report, 74% of all breaches involve the human element — either via social engineering error, privilege misuse, or use of stolen credentials. Concentric AI’s own 2023 Data Risk Report research reports that, on average, each organization had 802,000 data files at risk due to oversharing — that’s 402 files per employee. The risk to data is enormous.

As Cybersecurity Awareness Month approaches, it’s is a good reminder that data security posture management (DSPM) is  critical for organizations to implement for visibility into actionable insights on how to mitigate data security risk. DSPM empowers organizations to:

•   Identify all sensitive data

•   Monitor and identify risks to business-critical data

•   Remediate and protect that information

The following Data Security Posture Management (DSPM) checklist elements combined with new initiatives for Cybersecurity Awareness Month can help you create a comprehensive five-step guide through Awareness, Action and What You Need to Know:

1. Data Sensitivity: The Foundation of Security

Awareness: It is critical to be able to discover and identify your at-risk data. Knowing where your sensitive data resides is the first step in securing it. 

Action: Host workshops and webinars to educate employees about the types of sensitive data (PII, IP, etc.) in your organization, and why it’s crucial to protect them.

What You Need to Know: Understanding the types of data you’re handling can make a huge impact. Employees should be aware of what constitutes sensitive data and the risks associated with mishandling it. Workshops can cover topics like data classification, secure handling of PII, and the importance of data encryption.

2. Contextual Awareness: More Than Just Data Types

Awareness: Organizations must be able to understand the context of their data. Data is not just about types but also about the context around it.

Action: Use real-world examples to show how data can be misused if taken out of context. Encourage employees to think before they share.

What You Need to Know: Context matters. Data that seems harmless can become a security risk when placed in a different context. Employees need to be aware of and trained to consider the broader implications of the data they handle, including how it interacts with other data and systems.

For example, consider an employee’s first name. On its own, a first name like “John” seems harmless. But combined with other pieces of data such as a last name, email address, or office location, it can be used to craft a convincing phishing email. Imagine if you receive an email that addresses you by your full name and references your specific office location or recent company activities. It would appear legitimate and could trick an unsuspecting employee into revealing sensitive information or clicking on a malicious link.

3. Risk Assessment Drills: Preparing for the Worst

Awareness: Organizations need to understand where there is risk to sensitive data in order to protect it. Knowing the vulnerabilities can help in crafting better security policies.

Action: Conduct mock drills to simulate scenarios where sensitive data might be at risk due to inappropriate permissions or risky sharing. This happens far more often than you think.

What You Need to Know: Mock drills can help employees understand the real-world implications of data breaches. These drills can simulate phishing attacks, unauthorized data sharing, and even insider threats. The key is to help employees understand the importance of following data security protocols. Hint: while employees need to know these implications, your organization should be leveraging solutions that reduce the burden on employees.

4. Permission Audits: Who Has Access? 

Awareness: It is very important for organizations to be able to track and understand data lineage and permissions. Knowing who has access to what data is crucial.

Action: Dedicate a week to auditing and correcting data permissions across all platforms. Make it a company-wide initiative.

What You Need to Know: Regular audits of data permissions can prevent unauthorized or risky access to sensitive information. During Cybersecurity Awareness Month, make it a point to review and update permissions, ensuring that employees have access to only the data necessary to do their jobs. The principles of least privilege and zero trust are applicable here.

5. Actionable Insights: The Path Forward

Awareness: Finally, organizations need to be able to take action and remediate any risk. Proactive measures can significantly reduce the risk of a data breach.

Action: Share weekly insights on the company’s data risk posture. Highlight any successful remediations as well as areas that need attention.

What You Need to Know: Transparency is key. Sharing insights about the company’s data risk posture can empower employees to take individual actions that contribute to the organization’s overall security. Celebrate the wins, but also highlight any underlying risks that need to be mitigated.

Cybersecurity Awareness Success: Combining security awareness with robust DSPM

Cybersecurity is a shared responsibility, and Cybersecurity Awareness Month is the perfect time to reinforce this message. Combining data security awareness with robust DSPM is key for keeping data secure.

All organizations can achieve a strong level of data security via a solid cybersecurity awareness program, and by following tips and best practices in order to minimize the impact of a data breach. Having the best of both worlds is achievable with a security-aware workforce and a robust DSPM solution.

 

Image by Freepik

The post Top Five Steps to Elevate Your Data Security Posture Management and Secure Your Data appeared first on Cybersecurity Insiders.


September 26, 2023 at 09:04PM

Obtain career boost in 2024 with these 10 cybersecurity certifications

The software industry is in a constant state of flux, and staying competitive requires continuous skill enhancement through the acquisition of the latest and most sought-after certifications. To elevate your career prospects in 2024, consider pursuing one or more of the following certifications, ensuring your pay scale continues to rise:

1.) Systems Security Certified Practitioner (SSCP): This certification validates your advanced technical skills in monitoring and administering an organization’s IT infrastructure. ISC2 issues this intermediate-level security certificate, and the exam fee is $263, plus additional costs. To sit for this exam, you must have at least 18 months of prior experience in the IT security field.

2.) CompTIA Security+: This certification provides fundamental knowledge for IT professionals in cybersecurity, covering laws and regulations related to cyber risks and compliance, as well as incident response in cloud, mobile, and IoT environments. To be eligible for this $400+ exam, you need IT admin or system admin experience.

3.) GIAC Security Certification: Tailored for individuals with information systems and networking backgrounds, this certification costs between $1000 and $1300. Prerequisites include completing a GIAC Security course and having three years of experience in Information Security.

4.) CISSP (Certified Information Systems Security Professional): This advanced certification from ISC2 is essential for roles such as security executive, security manager, and security practitioner. To qualify for this certification, you must have five years of experience in security and risk management, asset security, security architecture and engineering, communication and network security, security assessment and testing, software development security, and identity and access management. The cost is approximately $800.

5.) CISA (Certified Information Systems Auditor): Offered by ISACA, this certification is ideal for those aspiring to become cybersecurity auditors. CISA equips you to evaluate security vulnerabilities, assess the authenticity of the security framework, and report compliance irregularities. Candidates must have five years of experience in information security auditing, control, and assurance, with an exam cost of around $760.

6.) Certified Ethical Hacker (CEH): EC-Council offers this certification, which validates skills related to penetration testing, attack detection, and prevention. CEH candidates will lawfully learn how to identify security flaws by simulating organization hacking. Completing this certification costs approximately $1200, and you must have at least five years of experience in information security and obtain training from a reputable institution.

7.) CompTIA Advanced Security Practitioner: This certification is designed for experienced security professionals such as security engineers and senior security architects. It covers topics like governance, risk management, compliance, architecture, security engineering, and cryptography. The exam fee is around $512.

8.) Certified Information Security Manager (CISM): Offered by ISACA at a cost of about $760, this certification is particularly beneficial for moving into team lead positions. Previous experience is required.

9.) System Security Certified Practitioner (SSCP): This ISC2 certification is geared towards individuals who want to manage IT security systems and controls. It costs $260, and candidates should have a master’s degree in cybersecurity to take the exam.

10.) GIAC Certified Incident Handler: This certification assesses a candidate’s ability to resolve cybersecurity incidents using their skills, knowledge, and experience. It’s beneficial for those looking to qualify for digital crime investigations and costs approximately $960.

These certifications are your gateway to staying competitive in the ever-evolving software industry. Choose the ones that align with your career goals and current skill set to ensure your career continues to thrive in 2024 and beyond.

The post Obtain career boost in 2024 with these 10 cybersecurity certifications appeared first on Cybersecurity Insiders.


September 26, 2023 at 08:28PM

Email inboxes are vulnerable to sophistication driven cyber attacks

In today’s digital world of communication, a vast amount of information is stored and processed through email communication. This includes sensitive data related to financial transactions, healthcare, professional endeavors, and personal conversations with loved ones.

Consider this scenario: a malicious hacker gains access to email credentials through phishing techniques and subsequently takes control of the victim’s email account. This precarious situation opens the door to a range of potential threats. The hacker can manipulate the email account to divert important messages to their own malicious accounts or configure settings to automatically delete critical emails or direct them to the spam folder.

For instance, picture a hacker seizing control of a corporate email account and tailoring the inbox to flag keywords associated with financial transactions and confidential information, diverting these crucial communications to unauthorized email addresses. Alternatively, the hacker might exploit the compromised account to impersonate the account holder and send deceptive messages to colleagues, urging them to divulge the company’s administrative credentials.

Cybersecurity firm Barracuda has issued a stark warning, emphasizing the urgent need for corporate entities to fortify their email networks against increasingly sophisticated cyberattacks. Once an attacker gains control of an email account, the abuse of its inbox capabilities commences. The implementation of Artificial Intelligence (AI) technology has further exacerbated the situation, enabling attackers to swiftly identify and target sensitive emails with relative ease.

In a recent incident in the United Kingdom, a cybercriminal demonstrated a high degree of cunning by executing these activities discreetly, evading detection by in-house anti-malware solutions. This threat is not exclusive to the UK and may also be lurking within the email networks of American corporations.

To combat such threats, it is imperative to employ robust security measures such as multi-factor authentication to safeguard email accounts. Additionally, vigilance in monitoring sent and draft folders can help detect unauthorized access and potential threats, mitigating the risk to a significant extent.

It is essential to note that many cyber insurance policies in the United Kingdom do not cover losses resulting from malware spread through corporate emails. This highlights the importance of companies proactively defending their networks against threats to avoid costly consequences.

The post Email inboxes are vulnerable to sophistication driven cyber attacks appeared first on Cybersecurity Insiders.


September 26, 2023 at 10:32AM

Monday, September 25, 2023

Medusa Ransomware Strikes Philippines’ PhilHealth, Demands $300,000 Ransom

In a recent cyberattack, the Philippine Health Insurance Corporation, commonly known as PhilHealth, fell victim to the notorious Medusa Ransomware. This malevolent intrusion has left the government agency grappling with a demand of $300,000 (equivalent to P 17.038 million) to regain access to their compromised database and ensure the deletion of stolen data residing on their servers.

Acknowledging the severity of the situation, the Department of Information and Communications Technology (DICT) of the Philippines has confirmed the authenticity of the incident. DICT’s IT experts are actively engaged in remediation efforts to mitigate the damage.

The extent of data stolen remains uncertain at this point, as it is unclear whether the perpetrators have extracted a portion of the information to exert additional pressure on PhilHealth staff. Emmanuel Ledesma, the President and CEO of PhilHealth, has reassured the public that the matter is under the vigilant scrutiny of Philippine health officials. Further developments regarding this incident are expected to surface in the near future.

A communication channel linked to the Medusa Ransomware group revealed that the data breach occurred in August of this year. The ransom demand serves a triple purpose: to obtain a decryption key, erase the data siphoned prior to encryption, and provide a copy of the stolen data to the victim.

It is worth noting that in the case of double extortion attacks involving file-encrypting malware, there is no guarantee that hackers have truly deleted the pilfered data stored on their servers. There is a significant risk that this data could be sold to third parties, including marketing firms, for illicit gains. Consequently, engaging in negotiations, striking deals with hackers, and paying ransoms may often prove futile.

Instead, a more prudent approach involves initiating backup recovery processes to regain access to encrypted information. Additionally, it is advisable to enlist the expertise of forensic professionals to monitor potential misuse of the stolen data.

Moving forward, it is imperative for organizations to adopt proactive measures to thwart ransomware attacks. Prevention remains the most effective strategy, as safeguarding critical data is paramount in the ever-evolving landscape of cyber threats.

It is noteworthy that the Philippine Health Insurance Corporation is a government-sponsored insurance scheme exempt from taxation. It is owned and operated by the Philippines’ Department of Health, functioning as an egalitarian initiative where the financially privileged contribute to the insurance coverage of the less fortunate, ensuring healthcare access for all.

The post Medusa Ransomware Strikes Philippines’ PhilHealth, Demands $300,000 Ransom appeared first on Cybersecurity Insiders.


September 25, 2023 at 08:34PM

Understanding and Safeguarding against QR Code Phishing Attacks aka Quishing

QR code phishing also known as ‘Quishing’ is a cyberattack that leverages Quick Response (QR) codes to deceive individuals into revealing sensitive information or taking malicious actions. QR codes are two-dimensional barcodes that can store various types of data, including website URLs, contact information, and text. Cyber-criminals use these codes to disguise their malicious intent.

Here’s how QR code phishing typically works:

Distribution: Attackers distribute QR codes through various means, such as emails, SMS messages, social media, or physical printouts. These QR codes may appear legitimate and may be accompanied by enticing offers, discounts, or urgent messages to lure victims.

Scanning: Victims scan the QR code using their smartphone or QR code scanner app, believing it to be a harmless link or promotion.

Redirect: Once scanned, the QR code redirects the victim to a malicious website or landing page designed to mimic a legitimate site. This fake website often closely resembles a well-known brand, a banking portal, or an e-commerce platform.

Phishing: On the fake website, victims are prompted to enter sensitive information, such as login credentials, credit card details, or personal identification information. Some QR code phishing attacks might also prompt victims to download malicious files or apps.

Data Theft or Malware Installation: Attackers collect the entered information for illegal purposes, such as identity theft or financial fraud. In some cases, malware may be installed on the victim’s device, allowing the attacker to gain further access and control.

To protect yourself from QR code phishing:

a.) Verify the Source: Only scan QR codes from trusted sources. Be cautious of QR codes received via unsolicited emails, text messages, or social media.

b.) Inspect the URL: Before providing any sensitive information, review the URL displayed after scanning the QR code. Ensure it matches the legitimate website of the organization in question.

c.) Use a QR Code Scanner with Security Features: Some QR code scanner apps have built-in security features that can check URLs for authenticity and flag potential threats.

d.) Enable Two-Factor Authentication (2FA): Whenever possible, enable 2FA on your accounts to add an extra layer of security, making it harder for attackers to gain access even if they obtain your credentials.

e.) Keep Your Device Secure: Regularly update your smartphone’s operating system and apps to patch vulnerabilities that attackers might exploit.

f.) Educate Yourself: Stay informed about common phishing tactics, including QR code phishing, to recognize and avoid potential threats.

g.) Report Suspected Phishing: If you encounter a suspicious QR code or website, report it to relevant authorities or the organization being impersonated.

QR code phishing is a relatively new form of cyberattack, and attackers are constantly evolving their techniques. Staying vigilant and exercising caution when scanning QR codes is crucial to protect your personal and financial information from potential threats.

The post Understanding and Safeguarding against QR Code Phishing Attacks aka Quishing appeared first on Cybersecurity Insiders.


September 25, 2023 at 10:49AM

Trending Ransomware News headlines on Google

Investigation Deepens into MGM Resorts Hack and Caesars Entertainment Ransomware Attack

Recent developments in the ongoing investigation into the MGM Resorts hack and the Caesars Entertainment ransomware attack have shed new light on the culprits behind these cybercrimes. Law enforcement agencies working on the case have revealed that the individuals responsible for these attacks are likely to be between the ages of 17 and 22. This revelation is substantiated by the research findings of Unit 42, the cybersecurity division of Palo Alto Networks.

The sequence of events that led to these cyberattacks commenced with a deceptively simple phone call. The attackers managed to persuade senior staff members to divulge their login credentials, thereby gaining unauthorized access to the corporate networks of these major gaming and casino giants. What’s particularly intriguing about these hackers is that they appear to be quite young, possibly as young as 17, and their voices were identified as being native English speakers. They were tasked with infiltrating these networks through a technique known as Vishing, which involves manipulating individuals over the phone.

As the Scattered Spider group, also known as UNC3944, breached the systems of two of the world’s largest gaming and casino corporations, concerns are mounting about the evolving sophistication of cyber threats in the future.

RANSOMEDVC Claims to Infiltrate Sony Corporation Computer Network

A ransomware group known as RANSOMEDVC has allegedly infiltrated the computer networks of Sony Corporation with the aim of acquiring valuable intelligence and exfiltrating sensitive information for later sale on the dark web.

Interestingly, RANSOMEDVC has refrained from making any ransom demands to the victimized Sony Systems firm. Instead, they intend to monetize their ill-gotten gains by selling the stolen data on the dark web to turn a profit.

In a show of their intent, the ransomware group has released the initial batch of stolen data, including PDFs and screenshots, as evidence of their capabilities. They claim that the senior management of the Japanese conglomerate has shown no interest in negotiating with the criminals regarding the data breach, leaving them with no recourse but to profit from the sale of the compromised information. This decision is motivated by the belief that the stolen data could yield substantially more revenue than any potential ransom payment.

Russian LockBit Ransomware Targets The Weather Network Servers

In a surprising and unprecedented move, the Russian-speaking ransomware group known as LockBit has issued a threat to release data associated with “The Weather Network” if their ransom demands are not met. This notorious group has a history of targeting corporate and government networks. However, this marks their first reported breach of a server network belonging to a weather reporting organization. Further details on this incident are eagerly awaited as the situation unfolds.

The post Trending Ransomware News headlines on Google appeared first on Cybersecurity Insiders.


September 25, 2023 at 10:34AM

Friday, September 22, 2023

FBI and CISA issue Cyber Alert against Snatch Ransomware

When it comes to the world of cybersecurity, the FBI and CISA have a reputation for issuing timely alerts, especially when the threat severity is high. Their latest warning revolves around the notorious Snatch ransomware-as-a-service gang.

In their advisory, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) shed light on Snatch, a ransomware-as-a-service operation that has been active since 2018. Over the years, Snatch has honed in on various sectors, including software, U.S. defense, food, and agriculture.

This criminal syndicate has garnered notoriety by executing high-profile attacks on entities such as South Africa’s Department of Defense, the City of Modesto in California, Saskatchewan Airport in Canada, and London’s Briars Group, among others.

What sets Snatch apart is its menacing practice of double extortion. In addition to encrypting victim data, they manage to acquire stolen data from other ransomware gangs. They then issue a chilling ultimatum to their victims: comply with their ransom demands or witness their sensitive data being exposed on an extortion blog.

One particularly intriguing aspect of Snatch is its technical prowess. The malware is designed to force infected Windows systems into Safe Mode before encrypting files. This clever tactic hinders the timely detection of the malware by anti-malware solutions.

Notably, Snatch has recently taken a deviation from its established pattern. It is now showing a keen interest in targeting non-American companies operating within the United States, with a pronounced focus on entities from the Asian continent. This shift underscores the evolving nature of cyber threats in an increasingly interconnected world.

The post FBI and CISA issue Cyber Alert against Snatch Ransomware appeared first on Cybersecurity Insiders.


September 22, 2023 at 08:21PM

Cisco acquires Splunk for $28 billion

Cisco, a prominent player in the networking industry, has recently completed a significant acquisition by purchasing cybersecurity solutions provider Splunk for a substantial sum of $28 billion. This announcement was made public through the company’s PR division, shedding light on the transformative impact this move will have on their threat detection capabilities and revenue growth.

Splunk is renowned for its ability to help organizations achieve digital resilience, and Cisco intends to harness the technology acquired from this acquisition to bolster the security of its users’ digital environments.

In today’s rapidly evolving digital landscape, businesses are increasingly embracing digitalization. To effectively navigate the overwhelming influx of data and safeguard data integrity against cyber threats, companies are actively seeking solutions that streamline data management and protection.

According to Cisco’s annual report for 2022, the big data market is projected to reach a staggering $400 billion by 2030, largely fueled by advancements in generative AI. To address the diverse needs of various markets while prioritizing security, Cisco has strategically chosen to simplify the complexities associated with AI security challenges through its acquisition of technology from Splunk.

It’s worth noting that Cisco had initially considered acquiring SentinelOne, but ultimately decided to withdraw from the deal due to concerns related to the calculation of annualized recurring revenue. This raised doubts within the networking giant about the software technology’s potential revenue generation post-acquisition.

The decision to pull out had a significant impact on the shares associated with SentinelOne, resulting in a sharp 35% decline from their value at the end of the previous week. This abrupt withdrawal occurred because the current market capitalization of SentinelOne was locked at $4.9 billion, which fell considerably short of Cisco’s estimated value of $8 billion for the deal.

The post Cisco acquires Splunk for $28 billion appeared first on Cybersecurity Insiders.


September 22, 2023 at 11:39AM

Thursday, September 21, 2023

WEBINAR: PCI DSS 4.0 Compliance – Tips and Best Practices to Avoid Last-Minute Panic

Join the webinar ‘PCI DSS 4.0 Compliance – Tips and Best Practices to Avoid Last-Minute Panic‘ live on September 26.

While the deadline for compliance with the Payment Card Industry Data Security Standard (PCI DSS) 4.0 requirements isn’t until March 31, 2024, organizations that allow those remaining months to fly by without adequate preparation may face last-minute PCI panic and penalties. The best approach is to steadily reach critical milestones, so you’ll be fully prepared when the deadline arrives.

Join Steven Sletten, Principal Systems Engineer with Fortra’s Tripwire, and Holger Schulze, Founder of Cybersecurity Insiders, for a look at:

– What is changing in the PCI 4.0 update
– How to avoid surprises by streamlining your timeline into a prioritized roadmap
– How to expertly tackle each of the requirements in time.

By starting early, you will be on the right path to making the transition a success.

Save your spot

The post WEBINAR: PCI DSS 4.0 Compliance – Tips and Best Practices to Avoid Last-Minute Panic appeared first on Cybersecurity Insiders.


September 22, 2023 at 06:12AM

Bringing Authentication Security Out of the Dark Ages

Cyber threats have grown increasingly sophisticated in recent years, with an expanding attack surface, today’s hybrid work environment and new vulnerabilities introduced by the IoT are a few of the challenges. Despite this evolving landscape, most organizations have yet to modernize their authentication security to effectively prevent password-based attacks and related vulnerabilities. With the most recent DBIR finding that compromised credentials are behind more than 50% of breaches, it’s imperative that companies act now to bolster authentication security.

To understand more about this issue, Enzoic recently commissioned a survey of over 480 cybersecurity professionals. The State of Authentication Security Report underscores that—despite the passwordless hype—username and password combinations remain the primary authentication mechanism, with nearly 70% of companies utilizing this method. By contrast, only 12% of organizations are deploying passwordless strategies.

Legacy Approaches Weakening Password Security

Unfortunately, many companies are failing to evolve password management to reflect the current threat landscape. What’s more, the majority of those surveyed continue to follow legacy practices that have actually been found to weaken credential security.

For example, 74% of companies require forced resets every 90 days or less. Not only does this generate more work for employees and IT alike, it also fails to align with NIST’s updated password policy recommendations. The latter, along with Microsoft and other leading organizations, have found that employees typically select easy-to-remember credentials or swap out one letter or character when faced with frequent resets—resulting in a weak credential that threat actors can easily exploit.

The Dark Web Dilemma

Password reuse is another problem contributing to authentication security challenges, with Google finding that employees reuse a single password an average of 13 different times. The volume of breaches means that the Dark Web has become a treasure trove of this information; hackers can easily find and obtain lists of compromised credentials to fuel ongoing password-based attacks.

Our research highlights that most companies are aware of this vulnerability, with 84% of respondents concerned about weak and compromised passwords. However, many fail to grasp the extent of the threat—46% estimate that less than 1/5 of their passwords could be found on the Dark Web, while another 26% are unsure what percentage might be available there.

The Case for Credential Screening

This underscores the importance of modernizing authentication security to incorporate screening for compromised credentials—something that less than half of the respondents in our survey are currently doing. Enzoic helps companies protect against this threat by screening password and username combinations against its proprietary database of billions of exposed credentials. We maintain the latter using a combination of proprietary automated processes, submitted contributions, and research from our threat intelligence team. Because our database is automatically updated multiple times per day, organizations can be assured that their password security reflects the latest breach intelligence.

Another key benefit of our credential screening solution is that it eliminates the IT helpdesk burden of frequent resets and other legacy approaches while offering a more frictionless user experience. Because the screening happens automatically in the background, non-compromised users gain efficient access to their accounts and services. Should a compromise be detected, organizations can automate their response with a range of actions, including the immediate disabling of the account in question.

The Path Forward

While there are many unknowns in cybersecurity, there is one universal truth: hackers will continually hunt for new ways to exploit companies for financial gain and other nefarious purposes. With the DBIR and other studies repeatedly pointing to compromised credentials as a common threat vector, it’s imperative that organizations act today and shore up authentication security.

You can read more about this issue and other findings from the State of Authentication Security Report here.

The post Bringing Authentication Security Out of the Dark Ages appeared first on Cybersecurity Insiders.


September 21, 2023 at 11:49PM

​​​​​​​Beyond the firewall: Navigating SaaS security challenges

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Introduction:

In today’s digital age, businesses have witnessed a profound shift in how they operate. Software-as-a-Service (SaaS) solutions have become the backbone of many organizations, offering flexibility and scalability. While firewalls remain an essential part of cybersecurity, securing your digital assets in the SaaS realm is a multifaceted challenge. This article explores why investing in a firewall is only the beginning of your SaaS security journey and offers insights into a holistic approach to safeguarding your digital landscape.

The firewall’s vital role:

Firewalls are the sentinels of your network, guarding against unauthorized access, malware, and threats. They establish a secure perimeter around your organization, serving as the initial defense against external dangers.

Why firewalls alone fall short in the SaaS era:

Cloud migration:

SaaS applications thrive in the cloud, offering unprecedented advantages. This means your data and operations may no longer be confined to your corporate network, rendering traditional firewall-centric security less effective.

Proliferation of endpoints:

The traditional network perimeter has dissolved as employees utilize various devices and networks to access SaaS applications. This multitude of endpoints makes relying solely on firewalls inadequate.

Data’s complex journey:

SaaS applications handle vast amounts of sensitive data, often stored in remote data centers. Protecting data at rest and in transit within these centers requires specialized measures beyond the firewall’s scope.

Strategies to enhance SaaS security:

Access control and identity management:

Implement robust access control and identity management solutions. Ensure only authorized users can access your SaaS applications, incorporating multi-factor authentication (MFA) for an added layer of security.

Data encryption:

Employ data encryption for both data in transit and at rest. Most SaaS providers offer encryption features, but it’s essential to understand their encryption protocols and their alignment with your security needs.

Regular audits and compliance:

Conduct regular audits of your SaaS applications and providers to ensure compliance with industry standards and data protection regulations, such as GDPR or HIPAA. Verify that your vendors adhere to robust security practices.

Security Information and Event Management (SIEM):

Implement SIEM solutions for real-time visibility into your SaaS applications. These tools centralize security monitoring and facilitate incident response by detecting anomalies and potential breaches.

Data Loss Prevention (DLP):

Deploy DLP solutions to prevent data leaks and unauthorized sharing of sensitive information within your SaaS applications. These tools scan and classify data, enforcing policies to protect critical assets.

Security awareness training:

Invest in continuous security awareness training for your employees. Educated users are your first line of defense against phishing attacks and social engineering threats.

Collaboration with vendors and partners:

Vendor security assessments:

Collaborate closely with your SaaS providers to conduct thorough security assessments. Seek transparency concerning their security practices, incident response plans, and data protection measures.

Security Service Level Agreements (SLAs):

Negotiate and establish security SLAs with your SaaS vendors. Define expectations for security incident response times, data backup, and disaster recovery.

Regular updates and patch management:

Stay informed about security updates and patches for your SaaS applications. Ensure that your vendors promptly address security vulnerabilities.

Conclusion: Strengthening your SaaS security posture:

While a firewall remains a fundamental component of your cybersecurity strategy, it’s essential to recognize that safeguarding your organization’s digital assets in the SaaS world requires a multifaceted approach. Embrace a combination of access control, encryption, monitoring, and ongoing collaboration with SaaS vendors to build a robust SaaS security posture.

As the SaaS landscape continues to evolve, so too must your security strategy to adapt and mitigate emerging threats effectively. In the ever-changing world of cybersecurity, staying vigilant and proactive is your best defense.

The post ​​​​​​​Beyond the firewall: Navigating SaaS security challenges appeared first on Cybersecurity Insiders.


September 21, 2023 at 09:09PM

Cyber Attack on International Criminal Court for arresting Russia Vladimir Putin

In March of this year, the International Criminal Court (ICC) based in The Hague made headlines by issuing an arrest warrant against Russian President Vladimir Putin. The allegations against Putin revolve around accusations of committing atrocities against innocent Ukrainian citizens under the guise of war. In response to this significant move by the ICC, a group of state-funded cyber-criminals has initiated a series of cyberattacks on the ICC, reportedly with the aim of pilfering sensitive documents.

These cyberattacks, which began at the close of last week, are still ongoing and continue to disrupt the court’s servers in The Hague. High-ranking officials have suggested that these attacks will persist until the United Nations Security Council helps withdraw the arrest warrant against Putin.

For context, The Hague serves as the capital city of South Holland and is home to both the International Criminal Court and the International Court of Justice. These institutions are tasked with investigating and adjudicating cases related to crimes against humanity, war crimes, genocide, and border disputes.

The Dutch government has responded swiftly to this situation, launching a comprehensive inquiry to determine the origins of these cyberattacks. Suspicion firmly points toward foreign involvement, prompting the Netherlands to seek the assistance of the Netherlands National Cyber Security Centre (NCSC) and the Ministry of Justice and Security.

It’s worth noting that the ICC holds the authority to investigate digital attacks stemming from war crimes. In this case, the court not only issued an arrest warrant against Putin but also imposed sanctions on the nation under his leadership.

Ironically, such warrants and related actions often come across as mere symbolic gestures to the public and the media. To date, no national leader has been successfully prosecuted on foreign soil.

Important to mention, the group behind these cyberattacks is known as “Killnet,” and it is widely believed to be a pro-Russian hacking group with a mission to disrupt critical infrastructure in adversary nations. Their primary goal is to create political instability in the targeted nation by disrupting its national infrastructure.

The post Cyber Attack on International Criminal Court for arresting Russia Vladimir Putin appeared first on Cybersecurity Insiders.


September 21, 2023 at 08:21PM

Wednesday, September 20, 2023

T Mobile app customers experience data security concerns

Users of the T-Mobile App have recently encountered an unsettling phenomenon, with their account information displaying the personal data of other users. This concerning breach includes sensitive information such as credit card details, billing history, physical addresses, credit balances, and their affiliations with the telecommunications company.

As the issue gained traction, a number of users sought assistance from T-Mobile’s customer service. However, some expressed dissatisfaction with the customer care response and turned to platforms like Twitter and Reddit to vent their frustration. Their primary concern was the security of their personal data in light of this alarming situation.

Acknowledging the incident, T-Mobile confirmed its awareness and revealed that its engineering team was diligently working to rectify the data leak. This subsidiary of Germany’s Deutsche Telekom AG assured that further details would be shared with the media once forensic experts officially determined the extent of the breach.

From a technical perspective, this incident may not qualify as a traditional data breach. Nevertheless, the inadvertent sharing of one user’s information with another can have serious repercussions, particularly if such data were to fall into the hands of malicious actors.

It’s worth noting that T-Mobile has faced cybersecurity challenges in the past. In 2021, the company fell victim to a sophisticated cyberattack that compromised the personal data of over 100 million customers, including dates of birth and home addresses. A similar data breach occurred in January 2023, affecting more than 37 million customers and resulting in the unauthorized exposure of social security numbers.

As an update, after approximately four hours, the situation appears to be under control as reported by the Telekom operator. Nonetheless, the incident serves as a stark reminder of the importance of robust cybersecurity measures in safeguarding user information.

The post T Mobile app customers experience data security concerns appeared first on Cybersecurity Insiders.


September 21, 2023 at 10:34AM

Eco-hacks: The intersection of sustainability and cyber threats

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Environmental sustainability is more important than ever before for organizations across all sectors. Sustainability concerns including geopolitics, future-focused developments, advanced ESG reporting, and building sustainability into supply chains going forward are all significant trends shaping businesses in 2023 and beyond. 

While the shift towards environmental sustainability is a worthy pursuit no matter the industry, the trend towards adopting new technologies that provide more sustainability and eco-friendliness can have some unintended consequences on the realm of cybersecurity. 

Today we can see many hybrid endeavors that combine both cutting-edge technology and green, eco-friendly initiatives to create long-term ecologically sustainable solutions for businesses in all fields. But since these collaborations tend to utilize new technology, they may not provide the kind of advanced-level cybersecurity protocols needed to secure these endeavors against cyberattacks, resulting in unintended consequences: an increase in cyber vulnerabilities. 

In this article, we will take an in-depth look at the enhanced cybersecurity risks presented by certain sustainability and tech initiatives. Then we will explore best practices intended to keep businesses cyber secure as they transition to new, more environmentally friendly modes of operation and production. 

1. The unexpected cybersecurity risks of going green

While new green technology rollouts provide highly visible, obvious benefits, contributing to the important global cause of sustainability, the cybersecurity underpinnings that run in the background are easy to ignore but no less significant. There is a subtle interdependence between new green tech and expanded cybersecurity risks.

2. New developments in green technology

New developments in green technology are vast and wide-ranging, offering revolutionary potential to cut down on harmful greenhouse gas emissions. By some estimates, Green IT can contribute to reducing greenhouse gas emissions by ten times more than it emits. Green coding focuses on creating more energy efficient modes of engaging computational power that can be applied to everything from virtual reality gaming devices in development to cloud computing. 

Sustainable data collection centers aim to reduce carbon and greenhouse gas emissions by finding alternative methods of collecting data that require less energy. 

Smart city technology, such as IoT-enabled power grids, smart parking meters, and smart traffic controls, can utilize predictive capabilities to ensure that urban infrastructures are running at optimal energy levels, reducing resource and energy waste and improving city living experiences. Similarly, smart HVAC systems can respond to global climate change issues by managing the internal temperature of buildings using smart regulators that reduce energy waste and carbon emissions, while still heating or cooling buildings. 

All of these innovations are building towards a more sustainable future by reducing our need for harmful fossil fuel consumption, managing power usage across the energy grid, and creating more sustainable alternatives to existing technologies for transportation, waste management, entertainment, and more. But each of these new technologies also presents a broader risk level that could threaten the foundations of urban cores. 

3. New green tech risks

One of the main risks introduced by all of this new sustainable technology is the expanded attack surface. Sustainable smart city adjustments, for example, operate within broad networks of interconnected devices. Each individual device can communicate and receive data from other devices, but individual devices are often poorly protected. 

So bad actors may be able to access sensitive data or broader urban infrastructure network systems by infiltrating one poorly protected device. IoT networks rely on a combination of hardware, software, third-party developments, and urban networks to run smoothly- a complex combination that is hard to regulate, protect, and control. This is especially true as older, poorly protected gadgets communicate with the latest high-tech citywide smart systems, creating inherent security vulnerability weak spots that can be easily exploited by bad actors.  

In the energy field, meanwhile, interconnected power systems using new sources of power, such as wind, solar, and energy efficient battery power, run through software-optimized systems that provide an efficient mode of distributing energy and conducting system-wide changes. But in the wrong hands, this consolidated ease of access could lead to widespread damages, with the centralized sustainable power controls becoming weapons of manipulation and chaos. 

Social engineering attacks can also have serious effects on complex interdependent urban systems, as phishing attacks can provide access to restricted systems, networks, or other sensitive data. Successful social engineering attacks provide opportunities for exploitation and manipulation of citywide systems through the installation of malware, spyware, and ransomware. Humans are susceptible to simple errors, and a convincing phishing attack can lead to immediate consequences, such as cutting off access to power throughout the region, rerouting transportation lines or traffic lights, disabling smart security systems, or other actions that can have broad damaging effects across a huge area. 

4. Green cyber-attacks

According to Reuters, E.ON, Europe’s largest energy grip operating company, has observed a significant spike in cyber-attacks in recent years, as has Norwegian clean energy company Hydro. Because the clean energy world is more decentralized, it presents more opportunity for cyber attackers to target small energy or communications hubs.

In Ukraine, for example, Russian operatives enacted cyberattacks on the Ukrainian satellite communication network, resulting in the remote shutdown of security monitors at German wind energy company Enercon. The attack shut down over 5,800 wind turbines at the German company, revealing high stakes vulnerabilities intrinsic to new Green technologies. 

5. Best practices to remain cyber-secure as you go green

Becoming aware of the enhanced risk potential of green technology is key to developing appropriate security measures that can mitigate risks and protect sensitive networks and data. Companies can provide necessary security by deploying advanced level security measures, monitoring risk factors, and enabling comprehensive threat response and prevention plans to proactively deal with the impact of impending cyberattacks- and prevent widespread damages. 

6. Deploy high tech security solutions

One of the key features of every new technology should be creating a resilient infrastructure through a combined protective plan that includes threat detection, incident response protocols, and proactive data protection. For new green tech developments, organizations will need to provide comprehensive security that can block against phishing, unauthorized network access, ransomware, spyware, malware, denial-of-service attacks, and a host of other cyberattack methodologies. 

Implementing zero-trust security regulations is a good strategy for preventing unauthorized log-ins across the board, and this security method can be applied to all devices and networks within an interconnected system. Zero-trust security is more secure than multi-factor authentication since it assumes that every log-in attempt is unauthorized until proven otherwise. This makes it an effective strategy for external attack surface management, or the mitigation of risks and vulnerabilities that are associated with an organizations’ external facing assets, such as its network infrastructure or website. 

In addition, AI and machine learning-enabled security systems, such as cloud-based SIEM systems, draw from a comprehensive knowledge base of collaborative input to provide enhanced cybersecurity coverage across devices and network systems. Cloud-based SIEM systems continuously monitor user behavior, seeking out any unusual, potentially suspicious activity, and can therefore detect anomalous behaviors that might slip through the notice of other security protections. 

7. Follow national security regulations

Compliance with national cybersecurity standards and rules is another significant step towards ensuring that new green technology has sufficient base-level protective measures in place. In order to remain compliant with national security regulations, organizations have to assess their own security gaps and vulnerabilities, providing security patches and proof of regular security updates. 

Additional regulatory compliance requirements include encryption of sensitive data, which can prevent unwanted access to sensitive data, and comprehensive cybersecurity incident response plans which are necessary for mitigating the damages of any successful cyber-attacks. General employee and staff cybersecurity training also keeps organizations compliant with government regulations- and ensures that employees are aware of the risks and signs of phishing and social engineering cyber-attack attempts. 

8. Continuously monitor the dark web

Using dark web monitoring tools to continuously monitor the dark web can be a powerful strategy for identifying likely threats, bad actors, and hacking plots. In terms of cybersecurity management and upkeep, monitoring the dark web provides insight into whether or not an organization has already, unknowingly, been the victim of a cyberattack in which their sensitive data is already being leaked on the dark web. 

When sensitive information such as employee addresses or client financial details are floating around on the dark web, it is clear that there has been a serious security breach enacted on an organization. So consistent monitoring can go a long way towards mitigating the damages of successful cyberattacks. 

9. Final thoughts

Climate resilience and cyber resilience need to be inextricably linked going forward if we are to create a truly sustainable, interconnected world. Sustainability initiatives that utilize the latest and greatest in new technology need to include abundant provisions for cybersecurity, regarding cybersecurity with equal significance as the environmental impact of the technology itself. 

Measures like managing external attack surfaces, ensuring that devices and systems are code compliant with national security regulations, enacting high tech cybersecurity protective measures, and consistently monitoring the dark web can help reduce the impact and risk of cyberattacks on all sustainable tech devices and systems. With ample protections in place, developers can continue to roll out new green technologies that will provide radical solutions for making a more sustainable world.

The post Eco-hacks: The intersection of sustainability and cyber threats appeared first on Cybersecurity Insiders.


September 21, 2023 at 09:45AM