This week, 61 impacted versions of Apache Struts let off security advisories, a hacker publicly releases Jailbreak for iOS version 12.4, Chrome users ignoring warnings to change breached passwords, an unpatchable security flaw found in popular SoC boards, and a reward up to $30,000 for find vulns in Microsoft Edge dev and beta channels! In the expert commentary, we welcome Jason Wood, to discuss Ransomware and City Governments!
Β
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode230
Roman Sannikov, Recorded Future - https://www.youtube.com/watch?v=0kCZIX6a-6o
Β
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jessica Johnson and Amber Pedroncelli to discuss Hacker Halted and the Global CISO Forum! In the Leadership and Communications segment, 3 Traits Of Successful Entrepreneurs, 4 Ways To Gain Power And Use It For Good, 5 Reasons to Never Compromise on Punctuality, and more!
Β
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode140
To register for Hacker Halted, visit: https://securityweekly.com/hackerhalted and use the discount code HH19SW to get $100 off!
Β
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul is joined by John Strand and Matt Alderman to talk Enterprise News, in which ThreatConnect released Enhanced Integration with Flashpoint, ObserveIT unveils crowdsourced insider threat analytics solution, Thycotic launches automated solution for managing service accounts, and StackRox Kubernetes Security Platform is offered on the GCP! In our second segment, we air three pre-recorded interviews from BlackHat 2019 with Steve Laubenstein of CoreSecurity, Ian McShane from Endgame, and Peter Smith from Edgewise! In our final segment, we air two more pre-recorded interviews from BlackHat 2019 with Carsten Willems of VMRay and David Etue of BlueVoyant!
Β
Full Show Notes: https://wiki.securityweekly.com/ES_Episode150
Visit https://www.securityweekly.com/esw for all the latest episodes!
Β
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we present a Technical Segment sponsored by our partner DomainTools, on Deobfuscating JavaScript to investigate Phishing Domains! In our second segment, we welcome Richard Melick, Senior Technology Product Marketing Manager at Automox, to talk about why waiting to deploy critical patches makes you a bigger target! In our final segment, we air two pre recorded interviews from BlackHat USA 2019, with Roman Sannikov from Recorded Future and Ray Dimeo of Virsec!
Β
To learn more about Automox, visit: https://securityweekly.com/automox
To learn more about DomainTools, visit: https://securityweekly.com/domaintools
Full Show Notes: https://wiki.securityweekly.com/Episode617
Β
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Pawan Shankar, Senior Product Marketing Manager of Sysdig! In our second segment, we air two pre-recorded interviews with Azi Cohen, Co-Founder of WhiteSource, and Jeff Hudson, CEO of Venafi from BlackHat USA 2019!
Β
To learn more about Sysdig, visit: https://securityweekly.com/sysdig
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode74
Β
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, a hacker finds Instagram Account Takeover Flaw worth $10,000, a U.S. Judge orders Capital One hacker Paige Thompson to remain in prison, a vast majority of newly registered domains are malicious, and why half of all Social Media logins are fraud! In the expert commentary, Jason Wood joins us to discuss Building Your First Incident Response Policy: A Practical Guide for Beginners!
Β
Full Show Notes: https://wiki.securityweekly.com/HNNEpisode231
Visit https://www.securityweekly.com/hnn for all the latest episodes!
Β
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Tony Howlett, CISO at SecureLink, to talk about best practices to limit 3rd party risk! In the Leadership and Communications segment, The elements of a good company apology, 8 ways leaders delegate successfully, there's no shame in working on vacation, and more!
Β
Full Show Notes: https://wiki.securityweekly.com/BSWEpisode141
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Β
Follow us on Twitter: https://www.twitter.com/securityweek
Like us on Facebook: https://www.facebook.com/secweekly
Β
This week, Paul and Matt Alderman talk Enterprise News, to discuss 5 tips on how testers can collaborate with software developers, Imperva discloses a data breach affecting some firewall users, VMware unveils security enhancements in Virtual Cloud Network Offering, and how Veristor and Synack partner to apply Ethical Hackers and AI Technology! In our second segment, we air three pre-recorded interviews from BlackHat 2019 with Chris Kennedy from AttackIQ, Balaji Prasad of BlueHexagon, and Mike Weber of Coalfire! In our final segment, we air three more pre-recorded interviews from BlackHat 2019 with Brett Wahlin of Respond Software, Andrew Homer of Morphisec, and Mat Gangwer from Sophos!
Β
Full Show Notes: https://wiki.securityweekly.com/ES_Episode151
Visit https://www.securityweekly.com/esw for all the latest episodes!
Β
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
How secure is your organizationβs information? At any given moment, can a security leader look an executive in the eye and tell them how well business processes, projects and supporting assets are protected?Β Β
Security assurance should provide relevant stakeholders with a clear, objective picture of the effectiveness of information security controls. However, in a fast-moving, interconnected world where the threat landscape is constantly evolving, many security assurance programs are unable to keep pace. Ineffective programs that do not focus sufficiently on the needs of the business can provide a false level of confidence. Β
A Business-Focused Approach
Many organizations aspire to an approach that directly links security assurance with the needs of the business, demonstrating the level of value that security provides. Unfortunately, there is often a significant gap between aspiration and reality.
Improvement requires time and patience, but organizations do not need to start at the beginning. Most already have the basics of security assurance in place, meeting compliance obligations by evaluating the extent to which required controls have been implemented and identifying gaps or weaknesses.Β
Taking a business-focused approach to security assurance is an evolution. It means going a step further and demonstrating how well business processes, projects and supporting assets are really protected, by focusing on how effective controls are. It requires a broader view, considering the needs of multiple stakeholders within the organization.
Business-focused security assurance programs can build on current compliance-based approaches by:
A successful business-focused security assurance program requires positive, collaborative working relationships throughout the organization. Security, business and IT leaders should energetically engage with each other to make sure that requirements are realistic and expectations are understood by all.
A Change Will Do You Good
The purpose of security assurance is to provide business leaders with an accurate and realistic level of confidence in the protection of βtarget environmentsβ for which they are responsible. This involves presenting relevant stakeholders with evidence regarding the effectiveness of controls. However, common organizational approaches to security assurance do not always provide an accurate or realistic level of confidence, nor focus on the needs of the business.
Security assurance programs seldom provide reliable assurance in a dynamic technical environment, which is subject to a rapidly changing threat landscape. Business stakeholders often lack confidence in the accuracy of security assurance findings for a variety of reasons.
Common security assurance activities and reporting practices only provide a snapshot view, which can quickly become out of date: new threats emerge or existing ones evolve soon after results are reported. Activities such as security audits and control gap assessments typically evaluate the strengths and weaknesses of controls at a single point in time. While these types of assurance activities can be helpful in identifying trends and patterns, reports provided on a six-monthly or annual basis are unlikely to present an accurate, up-to-date picture of the effectiveness of controls. More regular reporting is required to keep pace with new threats.
Applying a Repeatable Process
Organizations should follow a clearly defined and approved process for performing security assurance in target environments. The process should be repeatable for any target environment, fulfilling specific business-defined requirements.
The security assurance process comprises five steps, which can be adopted or tailored to meet the needs of any organization. During each step of the process a variety of individuals, including representatives from operational and business support functions throughout the organization, might need to be involved.
The extent to which individuals and functions are involved during each step will differ between organizations. A relatively small security assurance function, for example, may need to acquire external expertise or additional specialists from the broader information security or IT functions to conduct specific types of technical testing. However, in every organization:
Organizations should:
AnΒ Ongoing Investment
In a fast-moving business environment filled with constantly evolving cyber threats, leaders want confidence that their business processes, projects and supporting assets are well protected. An independent and objective security assurance function should provide business stakeholders with the right level of confidence in controls β complacency can have disastrous consequences.
Security assurance activities should demonstrate how effective controls really are β not just determine whether they have been implemented or not. Focusing on what business stakeholders need to know about the specific target environments for which they have responsibility will enable the security assurance function to report in terms that resonate. Delivering assurance that critical business processes and projects are not exposed to financial loss, do not leak sensitive information, are resilient and meet legal, regulatory and compliance requirements, will help to demonstrate the value of security to the business.
In most cases, new approaches to security assurance should be more of an evolution than a revolution. Organizations can build on existing compliance-based approaches rather than replace them, taking small steps to see what works and what doesnβt.
Establishing a business-focused security assurance program is a long-term, ongoing investment.
About the author: Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include strategy, information technology, cyber security and the emerging security threat landscape across both the corporate and personal environments. Previously, he was senior vice president at Gartner.
Copyright 2010 Respective Author at Infosec IslandRecently, Capital One discovered a breach in their system that compromised Social Security numbers of about 140,000 credit card customers along with 80,000 bank account numbers. The breach also exposed names, addresses, phone numbers and credit scores, among other data.
What makes this breach even more disconcerting is Capital One has been the poster child for cloud adoption and most, if not all, of their applications are hosted in the cloud. They were one of the first financial companies - a very technologically conservative industry -- to adopt the cloud and have always maintained the cloud has been a critical enabler of their business success by providing incredible IT agility and competitive strengths.
So, does this mean companies should rethink their cloud adoption? In two words: hell o! The agility and economic value of cloud are intact and accelerating.Β Leading edge companies will continue to adopt the cloud and SaaS technologies. The breach does, however, put a finer point on what it means to manage security in the cloud.
So how do you avoid becoming the next Capital One? At Sumo Logic, we are fully in the cloud and work with thousands of companies who have (or are planning to) adopt the cloud. Our experience enables us to offer three strategies to our enterprise CISO/security teams:
1. Know the βshared securityβ principles in the cloud environment.
The cloud runs on a shared security model. If you are using the cloud and building apps in the cloud, you should know that your app security is shared between you (the application owner) and the cloud platform. .
Specifically, the cloud security model means that:
Hence, running in the cloud does not absolve you of managing the security of your application or its infrastructure, something all cloud enterprises should be aware of. It is also a good time to step up you security to invite ethical hacking on your services. At Sumo Logic, we have been running Bounties on our platform for two years using both HackOne and BugCrowd to open the kimono and gain trust from our consumers that we are doing everything possible to secure their data in the cloud.
Your call to action: Know the model. Know what you are responsible for (at the end of the day, almost everything!).
2. Know and use the cloud native security services
Some elements of cloud infrastructure and systems are opaque -- all cloud providers provide native security services to help you get control of access/security in the cloud. Itβs imperative enterprises in the cloud use these foundational services. In Sumo Logicβs third annual State of the Modern App Report, we analyzed the usage of these services in AWS and saw significant usage of these services.
Your call to action: Implement the cloud platform security services. They are your foundational services and help implement your basic posture.
3. Get a βcloudβ SIEM to mind the minder
A security information event management (SIEM) solution is like a radar system pilots and air traffic controllers use. Without one, enterprise IT is flying blind in regard to security. Todayβs most serious threats are distributed, acting in concert across multiple systems and using advanced evasion techniques to avoid detection. Without a SIEM, attacks are allowed to germinate and grow into emergency incidents with significant business impact.
Cloud security is radically different from traditional SIEMβs. There are many key differences:
While you consider a SIEM, consider one focused on new threats in the cloud environment, built in the cloud, for the cloud.
So, there you have it -- three strategies to preventing catastrophic cloud security issues. These strategies will not fix everything, but they are the best starting points to improve your security posture as you move to the cloud.
About the author: As Sumo Logic's Chief Security Officer, George Gerchow brings over 20 years of information technology and systems management expertise to the application of IT processes and disciplines. His background includes the security, compliance, and cloud computing disciplines.
Copyright 2010 Respective Author at Infosec IslandThis week, we present the Security News, to discuss how AT&T employees took bribes to plant malware on the companyβs network, how hackers could decrypt your GSM calls, 80 suspects charged with massive BEC scam, and how the passports and licenses of 300 people were leaked in New Zealand! In our second segment, we welcome back Corey Thuen, Co-Founder at Gravwell, to talk about analyzing custom log sources! In our final segment, we air a pre-recorded interview with Chris Hadnagy, Founder, CEO, and Chief Human Hacker at Social Engineer, LLC., to talk about the SEVillage Orlando 2020, and the mission and some info on the Innocent Lives Foundation!
Β
To learn more about Gravwell, visit: https://securityweekly.com/gravwell
Full Show Notes: https://wiki.securityweekly.com/Episode618
Visit https://www.securityweekly.com/psw for all the latest episodes!
Β
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
A newly discovered Android remote access Trojan (RAT) is specifically targeting users in Brazil, Kaspersky reports.Β
Called BRATA, which stands for Brazilian RAT Android, the malware could theoretically be used to target any other Android user, should the cybercriminals behind it want to. Widespread since January 2019, the threat was primarily hosted in Google Play, but also in alternative Android app stores.Β
The malware targets Android 5.0 or later and infects devices via push notifications on compromised websites, messages delivered via WhatsApp or SMS, or sponsored links in Google searches.
After discovering the first RAT samples in January and February 2019, Kaspersky has observed over 20 different variants to date, in Google Play alone, most posing as updates to WhatsApp.Β
One of the topics abused by BRATA is the CVE-2019-3568 WhatsApp patch. The infamous fake WhatsApp update had over 10,000 downloads in the official Android store when it was removed, KasperskyΒ says.
As soon as it has infected a device, BRATA enables its keylogging feature and starts abusing Androidβs Accessibility Service feature to interact with other applications.
The commands supported by the malware allow it to capture and send userβs screen output in real-time, or turn off the screen or give the user the impression that the screen is off while performing actions in the background.Β
It can also retrieve Android system information, data on the logged user and their registered Google accounts, and hardware information, and can request the user to unlock the device or perform a remote unlock.
Whatβs more, BRATA canΒ launch any application installed with a set of parameters sent via a JSON data file, send a string of text to input data in textboxes, and launch any particular application or uninstall the malware and remove traces of infection.
βIn general, we always recommend carefully review permissions any app is requesting on the device. It is also essential to install an excellent up-to-date anti-malware solution with real-time protection enabled,β Kaspersky concludes.Β
Related:Β Malware Found in Google Play App With 100 Million Downloads
Related:Β Researchers Discover Android Surveillance Malware Built by Russian Firm
Copyright 2010 Respective Author at Infosec Island