Normal view
WordPress Plugin Supply Chain Attack Gets Worse
30,000 websites at risk: Check yours ASAP! (800 Million Ostriches Canβt Be Wrong.)
The post WordPress Plugin Supply Chain Attack Gets Worse appeared first on Security Boulevard.
GAO Urges Action to Address Critical Cybersecurity Challenges Facing U.S.
A report from the Government Accountability Office (GAO) highlighted an urgent need to address critical cybersecurity challenges facing the nation.
The post GAO Urges Action to Address Critical Cybersecurity Challenges Facing U.S. appeared first on Security Boulevard.
Misconfigured MFA Increasingly Targeted by Cybercriminals
In the first quarter of 2024, nearly half of all security incidents our team responded to involved multi-factor authentication (MFA) issues, according to the latest Cisco Talos report.
The post Misconfigured MFA Increasingly Targeted by Cybercriminals appeared first on Security Boulevard.
Google Disrupts More China-Linked Dragonbridge Influence Operations
Google has disrupted over 175,000 YouTube and Blogger instances related to the Chinese influence operation Dragonbridge.
The post Google Disrupts More China-Linked Dragonbridge Influence Operations appeared first on SecurityWeek.
Diverse Cybersecurity Workforce Act Offers More Than Diversity Benefits
The Check Point Challenge: Safeguarding Against the Latest CVE
The post The Check Point Challenge: Safeguarding Against the Latest CVE appeared first on Votiro.
The post The Check Point Challenge: Safeguarding Against the Latest CVE appeared first on Security Boulevard.
'Snowblind' Tampering Technique May Drive Android Users Adrift
Prioritizing Exposures vs. Prioritizing ActionsΒ
Organizations face an overwhelming number of vulnerabilities and threats. The traditional approach has been to prioritize exposuresβidentifying and addressing the most critical vulnerabilities first. However, this method, while logical on the surface, has significant limitations. At Veriti, we advocate for a different strategy:Β prioritizing actions. By focusing on remediations rather than merely cataloging exposures, we believe [β¦]
The post Prioritizing Exposures vs. Prioritizing ActionsΒ appeared first on VERITI.
The post Prioritizing Exposures vs. Prioritizing ActionsΒ appeared first on Security Boulevard.
Gaining and Retaining Security Talent: A Cheat Sheet for CISOs
Freed from the shackles of always demanding a technical background, the CISO can concentrate on building a diverse team comprising multiple skills.
The post Gaining and Retaining Security Talent: A Cheat Sheet for CISOs appeared first on SecurityWeek.
- SecurityWeek
- The EU Targets Russiaβs LNG Ghost Fleet With Sanctions as Concern Mounts About Hybrid Attacks
The EU Targets Russiaβs LNG Ghost Fleet With Sanctions as Concern Mounts About Hybrid Attacks
Some expressed concern about a rise in hybrid attacks by Russia β including allegations of election interference, cyberattacks and sabotage.
The post The EU Targets Russiaβs LNG Ghost Fleet With Sanctions as Concern Mounts About Hybrid Attacks appeared first on SecurityWeek.
- US-CERT Current Activity
- CISA and Partners Release Guidance for Exploring Memory Safety in Critical Open Source Projects
CISA and Partners Release Guidance for Exploring Memory Safety in Critical Open Source Projects
Today, CISA, in partnership with the Federal Bureau of Investigation, Australian Signals Directorateβs Australian Cyber Security Centre, and Canadian Cyber Security Center, released Exploring Memory Safety in Critical Open Source Projects. This guidance was crafted to provide organizations with findings on the scale of memory safety risk in selected open source software (OSS).
This joint guidance builds on the guide The Case for Memory Safe Roadmaps by providing a starting point for software manufacturers to create memory safe roadmaps, including plans to address memory safety in external dependencies which commonly include OSS. Exploring Memory Safety in Critical Open Source Projects also aligns with the 2023 National Cybersecurity Strategy and corresponding implementation plan, which discusses investing in memory safety and collaborating with the open source communityβincluding the establishment of the interagency Open Source Software Security Initiative (OS3I) and investment in memory-safe programming languages.
CISA encourages all organizations and software manufacturers to review the methodology and results found in the guidanceΒ to:
- Reduce memory safety vulnerabilities;
- Make secure and informed choices;
- Understand the memory-unsafety risk in OSS;
- Evaluate approaches to reducing this risk; and
- Continue efforts to drive risk-reducing action by software manufacturers.
To learn more about taking a top-down approach to developing secure products, visit CISAβs Secure by Design webpage.
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to itsΒ Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
- CVE-2022-24816 GeoSolutionsGroup JAI-EXT Code Injection Vulnerability
- CVE-2022-2586 Linux Kernel Use-After-Free Vulnerability
- CVE-2020-13965 Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited VulnerabilitiesΒ established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See theΒ BOD 22-01 Fact SheetΒ for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation ofΒ Catalog vulnerabilitiesΒ as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet theΒ specified criteria.
P2Pinfect Worm Now Dropping Ransomware on Redis Servers
The P2Pinfect worm targeting Redis servers has been updated with ransomware and cryptocurrency mining payloads.
The post P2Pinfect Worm Now Dropping Ransomware on Redis Servers appeared first on SecurityWeek.
6 Tips for Preventing DDoS Attacks Using Rate Limits
Rate limiting is a well-known technique for limiting network traffic to web servers, APIs, or other online services. It is also one of the methods available to you for blocking DDoS attackers from flooding your system with requests and exhausting network capacity, storage, and memory.Β You typically define rate-limiting rules in your Web Application Firewall [β¦]
The post 6 Tips for Preventing DDoS Attacks Using Rate Limits appeared first on Security Boulevard.
Maven Central and the tragedy of the commons
The tragedy of the commons is a concept in economics and ecology that describes a situation where individuals, acting in their own self-interest, collectively deplete a shared resource. In simpler terms, it's the idea that when a resource is available to everyone without restriction, some individuals tend to overuse it, leading to its eventual depletion and harming everyone in the long run. In the case of Maven Central, we are experiencing an unwitting tyranny by the few.
The post Maven Central and the tragedy of the commons appeared first on Security Boulevard.
Polyfill Supply Chain Attack Hits Over 100k WebsitesΒ
More than 100,000 websites are affected by a supply chain attack injecting malware via a Polyfill domain.
The post Polyfill Supply Chain Attack Hits Over 100k WebsitesΒ appeared first on SecurityWeek.
Critical ADOdb Vulnerabilities Fixed in Ubuntu
Multiple vulnerabilities have been addressed in ADOdb, a PHP database abstraction layer library. These vulnerabilities could cause severe security issues, such as SQL injection attacks, cross-site scripting (XSS) attacks, and authentication bypasses. The Ubuntu security team has released updates to address them in various versions of Ubuntu, including Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu [β¦]
The post Critical ADOdb Vulnerabilities Fixed in Ubuntu appeared first on TuxCare.
The post Critical ADOdb Vulnerabilities Fixed in Ubuntu appeared first on Security Boulevard.
Navigating Security Challenges in Containerized Applications
Containerized applications offer several advantages over traditional deployment methods, making them a powerful tool for modern application development and deployment. Understanding the security complexities of containers and implementing targeted security measures is crucial for organizations to protect their applications and data. Adopting specialized security practices, such as Linux live kernel patching, is essential in maintaining [β¦]
The post Navigating Security Challenges in Containerized Applications appeared first on TuxCare.
The post Navigating Security Challenges in Containerized Applications appeared first on Security Boulevard.
Cyber Attackers Turn to Cloud Services to Deploy Malware
Identity Crime Reports Drop 16% Annually but Job Scams Surge
Buying a VPN? Hereβs what to know and look for
- Cybersecurity News and Magazine
- BianLian Ransomware Targets Better Business Bureau, US Dermatology Partners
BianLian Ransomware Targets Better Business Bureau, US Dermatology Partners
BianLian Ransomware Attack: Critical Details Β
The first organization targeted by hackers was Better Business Bureau (BBB), which is a private, nonprofit organization founded in 1912 in Arlington, Virginia. The firm maintains a massive database of accredited and non-accredited businesses, providing ratings based on several factors. The Better Business Bureau has a revenue of $430.6 Million. [caption id="attachment_79001" align="alignnone" width="1259"] Source: X[/caption] The threat actor claims to have accessed 1.2 TB of organization data, including accounting, budget, and financial data; contract data and NDAs; files from the CFO's computer; operational and business files; and email and PST archives. The group has also disclosed sensitive information such as the names, personal email addresses, and phone numbers of BBBβs CEO, vice president, chief accreditation officer, and chief activation officer. The other organization that has allegedly fallen victim to the ransomware group is US Dermatology Partners. The organization, with a revenue of $213.7 Million, is one of the premier dermatology practitioners in the USA, caring for over two million patients annually. [caption id="attachment_79002" align="alignnone" width="1259"] Source: X[/caption] The hackers claimed to have accessed 300 GB of organization data, including personal data, accounting and budget information, financial data, contract data and NDAs, and employee profiles.Potential Impact of BianLian Ransomware Attack
If proven, the potential consequences of this ransomware attack could be critical as the accounting and financial details of both these firms could be leaked. The organizations should take appropriate measures to protect the privacy and security of the stakeholders involved. Financial data breaches can lead to identity theft, financial fraud, and a loss of trust among clients, potentially jeopardizing the companyβs standing in the industry. Currently, details regarding the extent of the BianLian ransomware attack, data compromise, and the motive behind the cyber assault remain undisclosed. Despite the claims made by BianLian, the official websites of the targeted companies remain fully functional. This discrepancy has raised doubts about the authenticity of the BianLian groupβs assertion. To ascertain the veracity of the claims, The Cyber Express has reached out to the officials of the affected organizations. As of the writing of this news report, no response has been received, leaving the ransomware attack claim unverified.History of BianLian Ransomware Group Attacks
BianLian, aΒ ransomwareΒ group, has been targeting critical infrastructure sectors in the U.S. and Australia since June 2022. They exploitΒ RDP credentials, use open-source tools for discovery, and extort data via FTP or Rclone. FBI, CISA, and ACSC advise implementing mitigation strategies to prevent ransomware attacks. Initially employing aΒ double-extortion model, they shifted to exfiltration-based extortion by 2023. According to a report by Β BlackBerry, BianLian ransomware showcases exceptional encryption speed and is coded in the Go programming language (Golang). This sophisticated approach has enabled the group to strike multiple organizations, leaving a trail of unverified claims in its wake. Earlier in 2024, the groupΒ targeted companies such as North Star Tax and Accounting, KC Pharmaceuticals, Martinaire. In its attack on MOOver, the group claimed to have accessed a staggering 1.1 terabytes of the firmβs data. Subsequently,Β Northeast Spine and Sports MedicineΒ also found themselves on the list of victims. All these claims, similar to the recent attack, remain unverified. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it.Β The Cyber ExpressΒ assumes no liability for the accuracy or consequences of using this information.- CISO2CISO.COM & CYBER SECURITY GROUP
- US DHS Warns of AI-Fueled Chemical and Biological Threats β Source: www.databreachtoday.com
US DHS Warns of AI-Fueled Chemical and Biological Threats β Source: www.databreachtoday.com
Source: www.databreachtoday.com β Author: 1 Artificial Intelligence & Machine Learning , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime New Report Urges Public-Private Collaboration to Reduce Chemical, Nuclear AI Risks Chris Riotta (@chrisriotta) β’ June 25, 2024 Β Β The U.S. federal government warned that artificial intelligence lowers the barriers to conceptualizing and conducting [β¦]
La entrada US DHS Warns of AI-Fueled Chemical and Biological Threats β Source: www.databreachtoday.com se publicΓ³ primero en CISO2CISO.COM & CYBER SECURITY GROUP.
- CISO2CISO.COM & CYBER SECURITY GROUP
- Patched Weeks Ago, RCE Bug in AI Tool Still a βProbllamaβ β Source: www.databreachtoday.com
Patched Weeks Ago, RCE Bug in AI Tool Still a βProbllamaβ β Source: www.databreachtoday.com
Source: www.databreachtoday.com β Author: 1 Artificial Intelligence & Machine Learning , Governance & Risk Management , Next-Generation Technologies & Secure Development Companies Eager for Tools Are Putting AIβs Transformative Power Ahead of Security Rashmi Ramesh (rashmiramesh_) β’ June 25, 2024 Β Β Oh, no β not all Ollama administrators have patched against the βProbllamaβ flaw. [β¦]
La entrada Patched Weeks Ago, RCE Bug in AI Tool Still a βProbllamaβ β Source: www.databreachtoday.com se publicΓ³ primero en CISO2CISO.COM & CYBER SECURITY GROUP.
- CISO2CISO.COM & CYBER SECURITY GROUP
- Why New Cyber Penalties May Strain Hospital Resources β Source: www.databreachtoday.com
Why New Cyber Penalties May Strain Hospital Resources β Source: www.databreachtoday.com
Source: www.databreachtoday.com β Author: 1 Healthcare , Industry Specific , Standards, Regulations & Compliance John Riggi of the American Hospital Association on HHSβ Upcoming Cyber Regulations Marianne Kolbasuk McGee (HealthInfoSec) β’ June 25, 2024 Β Β John Riggi, national cybersecurity and risk adviser, American Hospital Association White House efforts to ratchet up healthcare sector cybersecurity [β¦]
La entrada Why New Cyber Penalties May Strain Hospital Resources β Source: www.databreachtoday.com se publicΓ³ primero en CISO2CISO.COM & CYBER SECURITY GROUP.
- CISO2CISO.COM & CYBER SECURITY GROUP
- Luxury Retailer Neiman Marcus Suffers Snowflake Breach β Source: www.databreachtoday.com
Luxury Retailer Neiman Marcus Suffers Snowflake Breach β Source: www.databreachtoday.com
Source: www.databreachtoday.com β Author: 1 3rd Party Risk Management , Cybercrime , Fraud Management & Cybercrime More Victims of Campaign Against Data Warehousing Platform Snowflake Come to Light Mathew J. Schwartz (euroinfosec) β’ June 25, 2024 Β Β Attention Neiman Marcus shoppers: Your contact information may be for sale on a criminal forum. (Image: Shutterstock) [β¦]
La entrada Luxury Retailer Neiman Marcus Suffers Snowflake Breach β Source: www.databreachtoday.com se publicΓ³ primero en CISO2CISO.COM & CYBER SECURITY GROUP.
- CISO2CISO.COM & CYBER SECURITY GROUP
- Securing Data With Immutable Backups and Automated Recovery β Source: www.databreachtoday.com
Securing Data With Immutable Backups and Automated Recovery β Source: www.databreachtoday.com
Source: www.databreachtoday.com β Author: 1 Immutable backups are essential in the fight against ransomware, and businesses should put protections in place to ensure attackers canβt alter or delete them. Acronis President Gaidar Magdanurov said data protection firms must address the threat of ransomware by implementing immutable storage and exposing APIs for seamless integration with security [β¦]
La entrada Securing Data With Immutable Backups and Automated Recovery β Source: www.databreachtoday.com se publicΓ³ primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Malwarebytes Premium stops 100% of malware during AV Lab test
Malwarebytes Premium has maintained its long-running, perfect record in protecting users against online threats by blocking 100% of the malware samples deployed in the AV Lab Cybersecurity Foundationβs βAdvanced In-The-Wild Malware Test.β
For its performance in the May 2024 evaluation, Malwarebytes Premium also received a certificate of βExcellence.β
According to AV Lab, such certificates βare granted to solutions that are characterized by a high level of security,Β with a rating of at least 99% of blocked threats in the Advanced In-The-Wild Malware Test.β
Every two months, the cybersecurity and information security experts at AV Lab construct a series of tests to compare cybersecurity vendors against the latest malware that is currently being used by adversaries and threat actors.
For the May evaluation, AV Lab tested 521 unique malware samples against 13 cybersecurity products. Malwarebytes Premium Security detected 521/521 malware samples, with a remediation time of 44 secondsβwell below the 52-second average determined by AV Lab in its most recent testing.
Three cybersecurity vendors failed to block 100% of malware tested: ESET, F-Secure, and Panda.
To ensure that AV Labβs evaluations reflect current cyberthreats, each round of testing follows three steps:
- Collecting and verifying in-the-wild malware: AVLab regularly collects malware samples from malicious and active URLs, testing the malware samples to understand their impact to networks and endpoints.
- Simulating a real-world scenario in testing: To recreate how a real-life cyberattack would occur, AVLab uses the Firefox web browser to engage with the known, malicious URLs collected in the step prior. In the most recent test, AVLab emphasized the potential for these URLs to be sent over instant messaging platforms, including Discord and Telegram.
- Incident recovery time assessment: With the various cybersecurity products installed, AVLab measures whether the evaluated product detects a malware sample, when it detects a sample, and how long it took to detect that sample. The last metric is referred to as βRemediation Time.β
Malwarebytes is proud to once again achieve a 100% score with AVLabβs Advanced In-The-Wild Malware Test, a trusted resource that proves our commitment to user safety.
Dark Web Actors Reveals New Banking Trojan Sniffthem
Dark Web Actors Reveals Banking Trojan Sniffthem
[caption id="attachment_78990" align="alignnone" width="1906"] Source: Dark Web[/caption] Another key feature of Sniffthem is its credit card grabber capability, allowing it to stealthily capture credit card details through the injection of fake web pages. This method operates covertly, ensuring that the theft of financial data goes unnoticed by users and security measures alike. Moreover, the trojan supports a wide range of web browsers including Firefox, Google Chrome, Edge, and Yandex, ensuring compatibility across various user environments. To evade detection, the banking trojan Sniffthem employs crypters, enhancing its stealth and persistence on infected systems. These crypters cloak the trojan's code, making it difficult for antivirus programs and security defenses to detect and remove the malware effectively. Oliver909 demonstrated the trojan's functionalities through a video shared on the forum, showcasing its management panel and user interface designed for seamless control over malicious activities. In terms of pricing, oliver909 offers Sniffthem on a subscription basis, setting a monthly rate of USD 600. This pricing strategy positions Sniffthem as a lucrative option within the cybercriminal marketplace, appealing to threat actors looking to capitalize on financial fraud opportunities.Technical Insights into Sniffthem Banking Trojan
Sniffthem's technical specifications highlight its sophistication and potential impact on cybersecurity. The Sniffthem banking trojan operates persistently as a hidden process, evading detection and maintaining a covert presence on infected systems. Its integration with a web-based management panel allows threat actors to efficiently control compromised devices and orchestrate malicious activities remotely. Furthermore, Sniffthem's compatibility with a wide array of browsersβ64 in totalβhighlights its versatility and ability to infiltrate diverse user environments. This capability extends its reach across various sectors, with a particular focus on the BFSI (Banking, Financial Services, and Insurance) industry where financial transactions and sensitive data are prime targets. The emergence of Sniffthem signifies a heightened threat to organizations and individuals alike, particularly within the financial sector. To mitigate risks associated with banking trojans like Sniffthem, cybersecurity best practices are essential. Organizations should prioritize regular software updates, endpoint protection, and employee training to recognize and respond to phishing attempts effectively. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.- Cybersecurity News and Magazine
- BSNL Data Breached Yet Again? Millions of Users Face Risk of SIM Card Cloning, Financial Fraud
BSNL Data Breached Yet Again? Millions of Users Face Risk of SIM Card Cloning, Financial Fraud
Exploring Claims of BSNL Data Breach
The BSNL data leak was first disclosed by an Indian firm, Athenian Tech, in its threat intelligence report. According to the report, a threat actor, operating under the alias βkiberphant0mβ, leaked a significant amount of sensitive data affecting millions of users. The threat actor posted this information on the data hack site BreachForums and shared samples of the breach to legitimize the claim. Overall, around 278GB of sensitive information could be compromised. The hacker also posted details of call log samples which leaked sensitive information like mobile numbers of users, the date and duration of calls, and the amount charged for the call in Indian Rupees. The call log samples were being leaked in two sets: one for the month of May 2024 and another from 2020. This indicates that the data breach was a recent attack raising questions over the security checks in place at BSNL. The threat actor was selling the alleged stolen data for $5,000. The steep price tag could indicate the significant value of the stolen data which is sensitive. The Cyber Express has yet to verify the authenticity of the recent BSNL data breach and has contactedΒ the organization for an official response. Β This article will be updated based on their response.Potential Implications of BSNL Data Breach
- SIM Cloning and Identity Theft: Cloning a SIM involves creating a duplicate card that has the same IMSI and authentication keys, thus making it easy for the attackers to intercept messages/ calls, gain access to peopleβs bank accounts, and embezzle their finances.
- Privacy Violations: Identity theft means that one can gain unauthorized access to the individualsβ communication and breaches.
- Financial and Identity Theft: Illegal operations can defeat protective procedures in the financial portfolios, which entail substantial monetary losses and cases of identity theft.
- Targeted Attacks and Scams: The user could be exposed to major security risks and could be vulnerable to phishing schemes and other social engineering attacks, exploiting their trust in BSNL.
Second BSNL Data Breach in Less Than Six Months
If the data theft claims are proven, it would be the second instance of a cyberattack on BSNL in less than six months. In December 2023, a threat actor known as βPerellβ claimed access to critical information about fiber and landline users of BSNL. The dataset contained about 32,000 lines of data allegedly impacting over 2.9 million users. However, BSNL did not validate the claims back then. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it.Β The Cyber ExpressΒ assumes no liability for the accuracy or consequences of using this information.The US Is Banning Kaspersky
This move has been coming for a long time.
The Biden administration on Thursday said itβs banning the company from selling its products to new US-based customers starting on July 20, with the company only allowed to provide software updates to existing customers through September 29. The banβΒthe first such action under authorities given to the Commerce Department in 2019Ββfollows years of warnings from the US intelligence community about Kaspersky being a national security threat because Moscow could allegedly commandeer its all-seeing antivirus software to spy on its customers.
'ChamelGang' APT Disguises Espionage Activities With Ransomware
Siemens Sicam Vulnerabilities Could Facilitate Attacks on Energy Sector
Several vulnerabilities patched recently in Siemens Sicam products could be exploited in attacks aimed at the energy sector.
The post Siemens Sicam Vulnerabilities Could Facilitate Attacks on Energy Sector appeared first on SecurityWeek.
Exploitation Attempts Target New MOVEit Transfer Vulnerability
Exploitation attempts targeting CVE-2024-5806, a critical MOVEit Transfer vulnerability patched recently, have started.
The post Exploitation Attempts Target New MOVEit Transfer Vulnerability appeared first on SecurityWeek.
FireTail Unveils Free Access for All to Cutting-Edge API Security Platform
McLean, United States of America, 26th June 2024, CyberNewsWire
The post FireTail Unveils Free Access for All to Cutting-Edge API Security Platform appeared first on Security Boulevard.
- Security Boulevard
- Stepping Into the Attackerβs Shoes: The Strategic Power of Red Teaming (Insights from the Field)
Stepping Into the Attackerβs Shoes: The Strategic Power of Red Teaming (Insights from the Field)
Red Teaming security assessments aim to demonstrate to clients how attackers in the real world might link together various exploits and attack methods to reach their objectives.
The post Stepping Into the Attackerβs Shoes: The Strategic Power of Red Teaming (Insights from the Field) appeared first on Security Boulevard.
EU Opens the App Store Gates: A Call to Arms for MDM Implementation
By introducing a mobile device management (MDM) platform into the existing infrastructure, administrators gain the ability to restrict sideloading on managed devices.
The post EU Opens the App Store Gates: A Call to Arms for MDM Implementation appeared first on Security Boulevard.
Understanding and Mitigating Jump Server Security Risks
Many organizations today use a jump server (also known as jump box or jump host) as the intermediary device to access a remote network securely. It is the go-to solution for remote administration of servers and devices and for development and testing environments. It is also commonly used to control vendor access to an organizationβs internal systems and to meet compliance in certain industries.
While this is definitely a step up in security from using VPNs, jump server can sometimes create a false sense of security because there still exists security risks and loopholes.
In this blog post, we will first explore the security benefits and risks of a jump server. Finally, we will unveil strategies to mitigate those security risks.Β
TABLE OF CONTENTS
Top 5 Security Benefits of a Jump Server
Top 5 Security Risks of a Jump Server
How to Mitigate Jump Server Security Risks Using Best Practices
Mamori Adds Two Additional Layers of Security to Your Jump Host
Top 5 Security Benefits of a Jump Server
1. Central Access Point for Easy Management
When access is centralized, it is easy monitor and manage who access their network, ensuring all access to protected networks are authorized. Centralized access also simplifies managing permissions and security policies. while also making it easier to monitor and log activities.
2. Easy Monitoring and Session Management
With centralized access, monitoring traffic and logging activities are simplified. Jump servers also allow session recording, session timeout, and the ability terminate sessions to enhance control and security.
3. Reduce Attack Surface from external threats
Jump servers should be isolated from the internet and shouldnβt be able to browse the intranet. This reduces the attack surface and adds a layer of defense against external threats.
4. Reduced Exposure
By limiting direct access to critical systems and databases, jump servers minimize the risk of unauthorized access from any unauthorized sources.
5. Simplifying Audit and Compliance
User activity and traffic passing through the controlled central access point can be logged and recorded, which helps meet regulatory.
Top 5 Security Risks of Jump Server
1. Single Point of Failure
A compromised jump server can jeopardize the entire network. Also, a compromised user account, a privileged user, or an infected device can jeopardize the entire system and database the jump server protects.
2. Setup Complications
A simple jump server contains a Windows Server with RDP and user accounts from Active Directory. Additional setup and tools can be used to create more secure policies. In some cases, coding and debugging is required, which makes it difficult to add additional security policies.
3. Misconfigured Architecture and Database Security
A misconfigured architecture can completely bypass the jump server and access privileged resources, as indicated in the image below with the non-privileged resource. If the non-privileged resource is compromised, then the privileged resource can be accessed, bypassing the jump server. Because privileged resources are usually databases, many mistakenly think that jump server protects the database. Although jump servers do protect database access (in a way), it is NOT database security, as youβll see later in this article.
4. Outdated Software and Credentials Management
Running outdated software on the jump server is known to expose the jump server to vulnerabilities. Default and weak passwords should be changed, and strong authentication policies should be enforced.
5. Insider Threats and Incident Response
Disgruntled or malicious employees who have access can cause data loss and data breaches. Although all traffic can be monitored, jump servers by default lack the ability immediately respond to insiders who are mass downloading or deleting data.
How to Mitigate Jump Server Security Risks Using Best Practices
Simply put, the easiest and simplest way to mitigate jump server security risks is to implement security best practices on your jump server. However, that is easily said than done.
Here at Mamori.io, we make it extremely easy to implement jump server security best practices (including ransomware prevention and cybersecurity best practices).
Below lists the jump server security best practices and how they mitigate the security risks mentioned earlier.
1. Implement Two-Factor Authentication (2FA)
2FA adds another layer of security even when your password is compromised, or if youβre using default password.
Security Risk Mitigated: Credentials Management, Database Security
Mamoriβs Approach: Mamori.io uses a zero-trust approach that assumes your password has already been compromised. Every access is secured by MFA, from accessing the network using Zero Trust Network Access (ZTNA) to accessing the database using our Database Privileged User Access (DB PAM) via SSO. Even certain operations within the database, such as mass deleting data, can be authorized to certain individuals and secured using 2FA.
2. Regular Updates and Patch
Regularly patching and updating the software and operating system on the jump server is the quickest and easiest way to close security gaps against known vulnerabilities and exploits.
Security Risk Mitigated: Outdated Software
Mamoriβs Approach: Even if an external threat uses a known vulnerability to compromise your jump server, your critical resources and database can still be protected by database privileged access controls secured by 2FA.
3.Β Enforce Role-Based Access
Only grant access to those who need access. Enforce role-based access so users have the minimal necessary permissions (least-privileged access). This limits the number of potential attack vectors and reduces insider threats.
Security Risk Mitigated: Setup Complications, Misconfigured Architecture and Database Security, Insider Threats
Mamoriβs Approach: Mamori provides Privileged Access Management (PAM) to limit jump server access to only those who need access. Once the user connects to the database or privileged resource, Mamori provides Database Privileged Access Management (DB PAM) to limit the userβs access to resource, his visibility (eg. data masking) and the types of operations (eg. read, write, delete, etc.) the user can perform onto those resources.
4.Β Ensure Comprehensive Logging and Monitoring
Comprehensive logging and monitoring allow for the detection of suspicious activities and help with IT audits and compliance. Logging and monitoring also facilitates forensic analysis post-incident, enhancing the overall security posture.
Security Risk Mitigated: Insider Threats, Incident Response
Mamoriβs Approach: At Mamori, we believe logging and monitoring is NOT comprehensive if users are able to share accounts. That is why we use a zero-trust approach, where the user, device, location, (and more) needs to be authenticated for access and for certain database operations. Thus, when each session is monitored, logged, and recorded, we ensure that each session can easily be traced back and be used as forensics or incident response.
5.Β Enforce Strong Password Policies
Strong password policies, such as password complexity, regular changes, and restricting reuse, make it harder for attackers to guess or crack passwords. This strengthens the first line of defense against unauthorized access.
Security Risk Mitigated: Credentials Management and weak passwords
Mamoriβs Approach: We encourage the use of strong password policies, but we emphasize on Two Factor Authentication (2FA). Thatβs because we use a zero-trust approach, where we assume every password is already compromised or will be compromised one day.
6.Β Segmenting the Network
Jump servers should only have access to select servers. One practice is to isolate the jump server from other parts of the network, which limits the potential damage of the jump server is compromised. Segmenting a network prevents attacks from moving laterally across the network to access other critical systems.
Security Risk Mitigated: Setup Complications, Misconfigured Architecture
Mamoriβs Approach: Mamori uses Zero Trust Network Access (ZTNA) to microsegment a network. The microsegmented network can then be used for the jump server to ensure an isolated, secure environment.
Mamori Adds Two Additional Layers of Security to Your Jump Host
Layer 1: Securing Access to the Jump Server
Mamori ensures that only the right user with the right permission has access to the jump server using the following modules and features:
Zero Trust Network Access (ZTNA) β Before a user gets connects to the network, the userβs device and identity is verified using 2FA. Other security policies, such as access restrictions by IP address, can also be enforced.
Privileged Access Management (PAM) β Once a user connects onto the network, policies set forth in the PAM module will restrict or allow that userβs access to the jump server.
Layer 2: Securing Access from the Jump Server to Your Databases
After a person connects onto a jump server, the following Mamori modules and features ensure that the person can only view, access, and perform operations that is needed to do his job:
Database Privileged Access Management (DB PAM) β Once a user connects onto a database via a jump server, DB PAM will determine what resources the user has access to and what database operations the user can execute.
SQL Firewall β DB PAM can create rules and privileges on what SQL commands a user can run. You can choose to block all SQL commands or allow specific types of SQL commands.
Data Privacy Policies β You can easily create policies such as data masking policies, who has access to which tables, rows, or columns, and how users can work with those data.
Bonus Layer: Controlling Uploads and Downloads from Jump Server
By default, jump servers do not allow you to control uploads and downloads to and from the jump server. When someone needs to upload or download, admins might choose to share passwords, or create a new account with excess privileges that is to be a forgotten account β both of which introduce considerable security risks.
With Mamoriβs PAM features, you can set permissions that allow what user(s) is able to upload, download, or do both from the jump server. Permission include having the user request access on-demand, limit access by IP address, or setting a time frame where the user account is granted access. This is another form of securing access that improves both security and workflow efficiency.
Deploy Both Layers Using a Simple Dashboard with No Coding Required
Unlike the configuring a jump server, using Mamori requires no coding. We offer a simple dashboard and user interface that even the most non-technical users can create security policies that can mitigate the security risks of your jump server.
Conclusion
By understanding the benefits and addressing the risks associated with jump servers, you can enhance the security of your network while maintaining efficient, controlled, and secure access to critical systems. If you have further questions or need assistance in securing your jump server, feel free to reach out for a detailed consultation.
Schedule a demo with Mamori.io or request your free trial. If youβre a small business with fewer than 20 users, you can use Mamori.io for free.
The post Understanding and Mitigating Jump Server Security Risks appeared first on Security Boulevard.
Efficiency is Key to Cybersecurity in the Post-Cloud Era
SANTA CLARA, Calif., June 26, 2024 β At the 16th Information Security Forum and 2024 RSAC Hot Topics Seminar held on June 7, 2024, Richard Zhao, Chief Operating Officer of International Business at NSFOCUS, presented the new picture of cybersecurity in the post-cloud era with his professional insights. Key Highlights Richardβs speech focused on three [β¦]
The post Efficiency is Key to Cybersecurity in the Post-Cloud Era appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
The post Efficiency is Key to Cybersecurity in the Post-Cloud Era appeared first on Security Boulevard.
Snowflake Breach
Snowflakes has become the latest corporate victim in a cyberattack but how it is playing out is a little different than many breaches.
The post Snowflake Breach appeared first on Security Boulevard.
Proxies as a Service: How to Identify Proxy Providers via Bots as a Service
See how DataDome learns about proxy networks from bots as a service, how BaaS can be detected, and what kind of IP addresses are behind BaaS.
The post Proxies as a Service: How to Identify Proxy Providers via Bots as a Service appeared first on Security Boulevard.
Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware
Practical Guidance For Securing Your Software Supply Chain
Fake Law Firms Con Victims of Crypto Scams, Warns FBI
Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping
New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites
New Medusa Android Trojan Targets Banking Users Across 7 Countries
- Cybersecurity News and Magazine
- AzzaSec Reveals Advanced Windows Ransomware Builder, Threatens Cybersecurity