Login
Social news community site Reddit announced on Monday that it has hired Allison Miller as Chief Information Security Officer (CISO) and VP of Trust.
Miller joins Reddit from Bank of America where she most recently served as SVP Technology Strategy & Design, and had been overseeing technology design and engineering delivery for the bank’s information security organization. She previously held technical and leadership roles at Google, Electronic Arts, Tagged/MeetMe, PayPal/eBay, and Visa.
According to a blog post announcing Miller’s hire, she will be tasked expanding trust & safety operations and data security, and redesigning Reddit’s trust frameworks and transparency efforts.
Miller has already started in the role and reports directly to Reddit CTO Chris Slowe.
She has a B.S. in Economics from the University of Pennsylvania and a Master of Business Administration from the University of California at Berkeley.
Reddit has been operating for more than 16 years, and announced a $250 million Series E funding round earlier this month.
The company says more than 50 million users visit the site daily.
Copyright 2010 Respective Author at Infosec IslandSoftware development platform GitHub announced on Wednesday that it has hired Mike Hanley as its new Chief Security Officer (CSO).
Hanley joins GitHub from Cisco, where he served as Chief Information Security Officer (CISO). He arrived at Cisco via its $2.35 billion acquisition of Duo Security in 2018.
“As the largest global network of developers, GitHub is also crucial to supply chain security, giving developers the tools and knowledge to secure software following major breaches like SolarWinds,” a spokesperson told SecurityWeek.
“As a security practitioner, this is also an exciting transition for me as much of the security community, and many of my favorite security projects, live on GitHub, like CloudMapper, stethoscope, GoPhish, and osquery,” Hanley wrote in a blog post. “I couldn’t be more excited to help secure the platform that’s made these influential projects possible and expanded their reach in incredible ways.”
GitHub, which Microsoft acquired for $7.5 billion in 2018, said last year that it had paid out a total of more than $1 million through its bug bounty program on HackerOne, where it has no maximum reward limit for critical vulnerabilities.
News of Hanley’s hire is one of several prominent industry moves announced this week, as Reddit announced that former Bank of America security executive Allison Miller would be its new CISO, and stock trading firm Robinhood has hired veteran cybersecurity practitioner Caleb Sima as Chief Security Officer.
Copyright 2010 Respective Author at Infosec Island
Join Intel on Wednesday, March 10, at SecurityWeek’s Supply Chain Security Summit, where industry leaders will examine the current state of supply chain attacks. Hear Intel’s experts discuss the need for transparency and integrity across the complete product lifecycle, from build to retire.
Into the Spotlight: Is Supply Chain Ready for the Magnifying Glass?
Listen in on a live conversation with Intel’s Jackie Sturm, corporate vice president of Global Supply Chain Operations, and Tom Garrison, vice president and general manager of Client Security Strategy & Initiatives. They will discuss the benefits of cybersecurity and transparency across the digital supply chain, and share their insights on what it means to be prepared in 2021.
The session will be moderated by Camille Morhardt, director of Security Initiatives & Communications at Intel.
When: 8-8:45 a.m. PST, Wednesday, March 10, 2021
Where: https://register.securityweek.com/supply-chain-security-summit
Registration: Free
About Intel: Intel (Nasdaq: INTC) is an industry leader, creating world-changing technology that enables global progress and enriches lives. Inspired by Moore’s Law, we continuously work to advance the design and manufacturing of semiconductors to help address our customers’ greatest challenges. By embedding intelligence in the cloud, network, edge and every kind of computing device, we unleash the potential of data to transform business and society for the better. To learn more about Intel’s innovations, go to newsroom.intel.com and intel.com.
Copyright 2010 Respective Author at Infosec IslandThe Cloud Security Alliance (CSA) has released new Crypto-Asset Exchange Security Guidelines, a set of guidelines and best practices for crypto-asset exchange (CaE) security.
Drafted by CSA’s Blockchain/Distributed Ledger Working Group, the document provides readers with a comprehensive set of guidelines for effective exchange security to help educate users, policymakers, and cybersecurity professionals on the pros and cons of further securing cryptocurrency exchanges, including both Decentralized Exchanges (DEX) and hosted wallets at cloud-based exchanges, OTC desks, and cryptocurrency swap services.
Cryptocurrency exchanges are increasingly becoming targets of hackers. For instance, in December 2020, cryptocurrency exchange Exmo “detected suspicious withdrawal activity” to the tune of more than $10 million.
CSA's document includes a model that identifies the 10 top threats to crypto exchanges, plus a reference architecture and set of security best practices for the end-user, exchange operators, and auditors. Also covered are security control measures across a wide area of administrative and physical domains.
“As the digital assets industry evolves and matures, crypto-asset exchanges increasingly cover areas that were, for decades, the sole dominion of long-established financial service institutions,” said Bill Izzo, co-chair of CSA’s Blockchain/Distributed Ledger Working Group. “It’s our hope that this document will provide a roadmap for those tasked with ushering new and existing financial services organizations into the future in a controlled and secure manner.”
The Crypto-Asset Exchange Security Guidelines can be downloaded here.
Copyright 2010 Respective Author at Infosec IslandSocial media giant Facebook today announced that it took action against two groups of hackers originating from Palestine that abused its infrastructure for malware distribution and account compromise across the Internet.
One of the dismantled networks was linked to the Preventive Security Service (PSS), one of the several intelligence services of Palestine, while the other was associated with Arid Viper, an established threat actor in the Gaza region.
The two clusters of activity, Facebook says, were not connected to one another, as one was focused on domestic audiences, while the other primarily targeted Palestinian territories and Syria, but also hit Turkey, Iraq, Lebanon and Libya.
As part of the shutdown operation, Facebook took down accounts, blocked domains, sent alerts to people who were targeted, and released malware hashes to the public.
“The groups behind these operations are persistent adversaries, and we know they will evolve their tactics in response to our enforcement,” Facebook says.
The PSS-linked activity originated in the West Bank and focused on targets outside Palestine, employing social engineering to lure individuals into clicking on malicious links and getting infected with malware.
Targets included journalists, opponents of the Fatah-led government, human rights activists, the Syrian opposition, Iraqi military, and other military groups.
An in-house built Android malware family associated with the operation masqueraded as a chat application and collected device metadata, call logs, text messages, contacts, and location, and only rarely exhibited keylogging capabilities. All data was sent to mobile app development platform Firebase.
The group also employed the publicly available Android malware family SpyNote, offers remote access to devices, and deployed publicly available Windows malware, such as NJRat and HWorm. Fake and compromised accounts were used to build trust in targeted individuals.
Also referred to as Desert Falcons, and DHS, Arid Viper has been active for more than half a decade and is likely closely connected to the Molerats APT. The newly observed activity, Facebook says, targeted government officials in Palestine, members of the Fatah party, students, and security forces.
The threat actor employed a large infrastructure of more than one hundred websites that hosted iOS and Android malware, were designed for phishing, or functioned as command and control (C&C) servers.
“They appear to operate across multiple internet services, using a combination of social engineering, phishing websites and continually evolving Windows and Android malware in targeted cyber espionage campaigns,” Facebook says.
As part of the observed activity, the adversary used custom-built iOS surveillanceware dubbed Phenakite and tricked users into installing a mobile configuration profile for the malware to be effective. The malware was packed inside a Trojanized, fully-functional chat application and could direct victims to phishing pages for Facebook and iCloud.
While the app could be installed without jailbreak, the malware did require one to elevate privileges and access sensitive user information. The publicly available Osiris jailbreak tool was used for this purpose.
Arid Viper also employed Android malware that resembled FrozenCell and VAMP and which required installation of apps from third-party sources. Variants of the Micropsia malware family were also used.
The distribution of malware relied on social engineering, with 41 attacker-controlled phishing sites used to distribute the Android malware, and a 3rd party Chinese app development site employed for the delivery of iOS malware.
Facebook says that, for roughly two years, it has been in contact with industry partners to share information about the discovered activity and proceed with the identification and blocking of the threat actors.
Related: Facebook Removes 14 Networks Fueling Deceptive Campaigns
Related: Facebook Says Hackers 'Scraped' Data of 533 Million Users in 2019 Leak
Related: Facebook Disrupts Chinese Spies Using iPhone, Android Malware
Copyright 2010 Respective Author at Infosec IslandWhile the concept of Zero Trust was created 10 years ago, the events of 2020 thrust it to the top of enterprise security agendas. The COVID-19 pandemic has driven mass remote working, which means that organizations’ traditional perimeter-based security models were broken up, in many cases literally overnight. For the foreseeable future, an organization's network is no longer a single thing in one location: it is everywhere, all of the time. Even if we look at organizations that use a single data center located in one place, this data center is accessed by multiple users on multiple devices.
With the sprawling, dynamic nature of today’s networks, if you don’t adopt a Zero-Trust approach, then a breach in one part of the network could quickly cripple your organization as malware, and especially ransomware, makes it way unhindered throughout the network. We have seen multiple examples of ransomware attacks in recent years: organizations spanning all sectors, from hospitals, to local government and major corporations, have all suffered large-scale outages. Put simply, few could argue that a purely perimeter-based security model makes sense anymore.
Five Practical Steps
So how should organizations go about applying the Zero Trust blueprint to address their new and complex network reality? These five steps represent the most logical way to achieve Zero-Trust networking, by finding out what data is of value, where that data is going and how it's being used. The only way to do this successfully is with automation and orchestration.
1. Identifying and segmenting data
This is one of the most complicated areas of implementing Zero-Trust, since it requires organizations to figure out what data is sensitive.
Businesses that operate in highly regulated environments probably already know what that data is, since the regulators have been requiring oversight of such data. Another approach is to separate systems that humans have access to from other parts of the environment, for example parts of the network that can be connected to by smartphones, laptops or desktops. Unfortunately, humans are often the weakest link and the first source of a breach, so it makes sense to separate these types of network segments from servers in the data center. Naturally, all home-user connections into the organization need to be terminated in a segregated network segment.
2. Mapping the traffic flows of your sensitive data and associate them to your business applications
Once you’ve identified your sensitive data, the next step is knowing where the data is going, what it is being used for and what it is doing. Data flows across your networks. Systems and users access it all the time, via many business applications. If you don’t know this information about your data, you can’t effectively defend it.
Automated discovery tools can help you to understand the intent of your data - why is that flow there? What is the purpose? What data is it transferring? What application is a particular flow serving? With the right tooling, you can start to grow your understanding of which flows need to be allowed. Once you have that, you can then get to the Zero-Trust part of saying “and everything else will not be allowed.”
3. Architecting the network
Once you know what flows should be allowed (and then everything else deserves to be blocked), you can move onto designing a network architecture, and a filtering policy that enforces your network’s micro-perimeters. In other words, architecting the controls to make sure that only legitimate flows are allowed.
Current virtualization technologies allow you to architect such networks much more easily than in the past. Software-defined networking (SDN) platforms within data centers and public-cloud providers all allow you to deploy filters within the network fabric – so placing the filtering policies anywhere in your networks is technically possible. However, actually defining the content of these filtering policies: the rules governing the allowed flows – is where the automatic discovery really pays off
After going through the discovery process, you are able to understand the intent of the flows and can place boundaries between the different zones and segments. This is a balancing act between how much control you want to achieve and how secure you want to be. With many tiny islands of connectivity or micro-segments, you have to think about how much time you want to invest in setting that up and managing it over time. Discovering intent is a way to make this simple because it helps you decide where to logically put these segments.
4. Monitoring
Once the microsegments and policies are deployed, it’s essential to monitor everything. This is where visibility comes into its own. The only way to know if there is a problem is by monitoring traffic across the entire infrastructure, all the time.
There are two important facets to monitoring. Firstly, you need continuous compliance. You don’t want to be in a situation where you only check you are compliant when the auditors drop in. This means that you need to be monitoring configurations and traffic all the time, and when the auditor does come, you can just show them the latest report.
Secondly, organizations have to make the distinction between the learning phase of monitoring, and the enforcement stage. In the discovery’s learning phase, you are monitoring the network to learn all the flows that are there and to annotate these with their intent. This allows you to see what flows are necessary before writing the policy rules. There comes a point, however, where you have to stop learning, and decide that any flow that you haven’t seen is an anomaly which you will block by default. This is where you can make the big switch from a default ‘allow’ policy to a default ‘deny,’ or organizational ‘D-Day.’
At this stage, you can switch to monitoring for enforcing purposes. From then on, any developer who wants to allow another flow through the data center will have to file a change request and get permission to have that connectivity allowed.
5. Automate and orchestrate
Finally, the only way you will ever get to D-day is with the help of a policy engine, the central ‘brain’ behind your whole network policy. Without this, you have to do everything manually across the entire infrastructure every time there is a need for a change.
Your policy engine, enabled by automation orchestration, is able to compare any change request against what you have defined as your legitimate business connectivity requirements. If the additional connectivity being requested is in line with what is defined as acceptable use, then it should move ahead with Zero-Touch, in a fully automated manner. This can be achieved with deployment of necessary updates to the filters in minutes. Only requests that fall outside the guidelines of acceptable use need to be reviewed and approved by human experts.
Once approved (automatically or after review), a change needs to be deployed. If you have to deploy a change to potentially hundreds of different enforcement points, using all kinds of different technologies, each with their own intricacies and configurations, this change request process is almost impossible to do without an intelligent automation system.
Focus on business outcomes, rather than security outcomes
Removing the complexity of security enables real business outcomes, since processes become faster and more flexible without compromising security or compliance. Right now in many organizations, even with the limited segmentation that they have in place already, pushing through a change post ‘D-Day’ is very slow – sometimes taking weeks to get through the approval stage on the security side because there is a lot of manual work involved. Micro-segmentation can make this even more complex.
However, using the steps I’ve outlined here to automate Zero Trust practices means that the end-to-end time from making a change request to deployment and enforcement goes down to one day, or even a few hours – without introducing risk. Put simply, automation means organizations spend less time and budget on dealing with managing their security infrastructure, and more on enabling the business. That’s a true win-win situation.
About the author: Professor Avishai Wool is the CTO and Co-Founder of AlgoSec.
Copyright 2010 Respective Author at Infosec IslandFireEye (NASDAQ: FEYE) on Monday launched FireEye XDR, a unified platform designed to help security operations teams strengthen threat detection, accelerate response capabilities, and simplify investigations.
The FireEye XDR platform provides native security protections for Endpoint, Network, Email, and Cloud with a focus on improving organizations’ capabilities for controlling incidents from detection to response. FireEye Helix unifies the security operations platform by providing next-generation security incident and event management (SIEM), security orchestration, automation and response (SOAR), and correlation capabilities along with threat intelligence powered by Mandiant.
“Our XDR platform translates insight to action across more than 600 security technologies," said Bryan Palma, EVP of FireEye Products.
FireEye’s Helix native cloud design provides an improved analyst experience allowing for the seamless integration of disparate security tools regardless of vendor or data source. FireEye’s XDR platform is best suited for enterprise and mid-market security operations teams that are increasingly at risk from cyber attacks due to an array of factors including sophistication of threats, suboptimal security tool management, and personnel shortages.
[ Related: XDR is a Destination, Not a Solution ]
Over the next few quarters, FireEye says that it plans to introduce new features to the FireEye XDR platform including enhanced Endpoint cloud capabilities, FireEye Helix upgraded dashboards and threat graphing capabilities, additional support for leading third-party security tools, and continued integration with the Mandiant Advantage platform which includes Automated Defense.“Forward-thinking security and risk leaders are looking to defend their enterprises in ways that can reduce complexity and upfront investment, while at the same time speeding the time it takes to detect and respond to pervasive threats,” said Jon Oltsik, Senior Principal Analyst and ESG Fellow. “Leveraging an approach to XDR built on threat intelligence can help security leaders improve efficacy and avoid becoming the next headline.”
The FireEye XDR Platform is available now and includes FireEye Helix and any combination of FireEye products including Endpoint, Network, Email, and Cloud delivered via cloud subscription licenses with per user or by data consumption options.
Copyright 2010 Respective Author at Infosec Island
FreshRSS