New MOVEit Transfer Vulnerability Under Active Exploitation - Patch ASAP!
30,000 websites at risk: Check yours ASAP! (800 Million Ostriches Canβt Be Wrong.)
The post WordPress Plugin Supply Chain Attack Gets Worse appeared first on Security Boulevard.
A report from the Government Accountability Office (GAO) highlighted an urgent need to address critical cybersecurity challenges facing the nation.
The post GAO Urges Action to Address Critical Cybersecurity Challenges Facing U.S. appeared first on Security Boulevard.
In the first quarter of 2024, nearly half of all security incidents our team responded to involved multi-factor authentication (MFA) issues, according to the latest Cisco Talos report.
The post Misconfigured MFA Increasingly Targeted by Cybercriminals appeared first on Security Boulevard.
Google has disrupted over 175,000 YouTube and Blogger instances related to the Chinese influence operation Dragonbridge.
The post Google Disrupts More China-Linked Dragonbridge Influence Operations appeared first on SecurityWeek.
The post The Check Point Challenge: Safeguarding Against the Latest CVE appeared first on Votiro.
The post The Check Point Challenge: Safeguarding Against the Latest CVE appeared first on Security Boulevard.
Organizations face an overwhelming number of vulnerabilities and threats. The traditional approach has been to prioritize exposuresβidentifying and addressing the most critical vulnerabilities first. However, this method, while logical on the surface, has significant limitations. At Veriti, we advocate for a different strategy:Β prioritizing actions. By focusing on remediations rather than merely cataloging exposures, we believe [β¦]
The post Prioritizing Exposures vs. Prioritizing ActionsΒ appeared first on VERITI.
The post Prioritizing Exposures vs. Prioritizing ActionsΒ appeared first on Security Boulevard.
Freed from the shackles of always demanding a technical background, the CISO can concentrate on building a diverse team comprising multiple skills.
The post Gaining and Retaining Security Talent: A Cheat Sheet for CISOs appeared first on SecurityWeek.
Some expressed concern about a rise in hybrid attacks by Russia β including allegations of election interference, cyberattacks and sabotage.
The post The EU Targets Russiaβs LNG Ghost Fleet With Sanctions as Concern Mounts About Hybrid Attacks appeared first on SecurityWeek.
Today, CISA, in partnership with the Federal Bureau of Investigation, Australian Signals Directorateβs Australian Cyber Security Centre, and Canadian Cyber Security Center, released Exploring Memory Safety in Critical Open Source Projects. This guidance was crafted to provide organizations with findings on the scale of memory safety risk in selected open source software (OSS).
This joint guidance builds on the guide The Case for Memory Safe Roadmaps by providing a starting point for software manufacturers to create memory safe roadmaps, including plans to address memory safety in external dependencies which commonly include OSS. Exploring Memory Safety in Critical Open Source Projects also aligns with the 2023 National Cybersecurity Strategy and corresponding implementation plan, which discusses investing in memory safety and collaborating with the open source communityβincluding the establishment of the interagency Open Source Software Security Initiative (OS3I) and investment in memory-safe programming languages.
CISA encourages all organizations and software manufacturers to review the methodology and results found in the guidanceΒ to:
To learn more about taking a top-down approach to developing secure products, visit CISAβs Secure by Design webpage.
CISA has added three new vulnerabilities to itsΒ Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited VulnerabilitiesΒ established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See theΒ BOD 22-01 Fact SheetΒ for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation ofΒ Catalog vulnerabilitiesΒ as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet theΒ specified criteria.
The P2Pinfect worm targeting Redis servers has been updated with ransomware and cryptocurrency mining payloads.
The post P2Pinfect Worm Now Dropping Ransomware on Redis Servers appeared first on SecurityWeek.
Rate limiting is a well-known technique for limiting network traffic to web servers, APIs, or other online services. It is also one of the methods available to you for blocking DDoS attackers from flooding your system with requests and exhausting network capacity, storage, and memory.Β You typically define rate-limiting rules in your Web Application Firewall [β¦]
The post 6 Tips for Preventing DDoS Attacks Using Rate Limits appeared first on Security Boulevard.
The tragedy of the commons is a concept in economics and ecology that describes a situation where individuals, acting in their own self-interest, collectively deplete a shared resource. In simpler terms, it's the idea that when a resource is available to everyone without restriction, some individuals tend to overuse it, leading to its eventual depletion and harming everyone in the long run. In the case of Maven Central, we are experiencing an unwitting tyranny by the few.
The post Maven Central and the tragedy of the commons appeared first on Security Boulevard.
More than 100,000 websites are affected by a supply chain attack injecting malware via a Polyfill domain.
The post Polyfill Supply Chain Attack Hits Over 100k WebsitesΒ appeared first on SecurityWeek.
Multiple vulnerabilities have been addressed in ADOdb, a PHP database abstraction layer library. These vulnerabilities could cause severe security issues, such as SQL injection attacks, cross-site scripting (XSS) attacks, and authentication bypasses. The Ubuntu security team has released updates to address them in various versions of Ubuntu, including Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu [β¦]
The post Critical ADOdb Vulnerabilities Fixed in Ubuntu appeared first on TuxCare.
The post Critical ADOdb Vulnerabilities Fixed in Ubuntu appeared first on Security Boulevard.
Containerized applications offer several advantages over traditional deployment methods, making them a powerful tool for modern application development and deployment. Understanding the security complexities of containers and implementing targeted security measures is crucial for organizations to protect their applications and data. Adopting specialized security practices, such as Linux live kernel patching, is essential in maintaining [β¦]
The post Navigating Security Challenges in Containerized Applications appeared first on TuxCare.
The post Navigating Security Challenges in Containerized Applications appeared first on Security Boulevard.
Source: www.databreachtoday.com β Author: 1 Artificial Intelligence & Machine Learning , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime New Report Urges Public-Private Collaboration to Reduce Chemical, Nuclear AI Risks Chris Riotta (@chrisriotta) β’ June 25, 2024 Β Β The U.S. federal government warned that artificial intelligence lowers the barriers to conceptualizing and conducting [β¦]
La entrada US DHS Warns of AI-Fueled Chemical and Biological Threats β Source: www.databreachtoday.com se publicΓ³ primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.databreachtoday.com β Author: 1 Artificial Intelligence & Machine Learning , Governance & Risk Management , Next-Generation Technologies & Secure Development Companies Eager for Tools Are Putting AIβs Transformative Power Ahead of Security Rashmi Ramesh (rashmiramesh_) β’ June 25, 2024 Β Β Oh, no β not all Ollama administrators have patched against the βProbllamaβ flaw. [β¦]
La entrada Patched Weeks Ago, RCE Bug in AI Tool Still a βProbllamaβ β Source: www.databreachtoday.com se publicΓ³ primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.databreachtoday.com β Author: 1 Healthcare , Industry Specific , Standards, Regulations & Compliance John Riggi of the American Hospital Association on HHSβ Upcoming Cyber Regulations Marianne Kolbasuk McGee (HealthInfoSec) β’ June 25, 2024 Β Β John Riggi, national cybersecurity and risk adviser, American Hospital Association White House efforts to ratchet up healthcare sector cybersecurity [β¦]
La entrada Why New Cyber Penalties May Strain Hospital Resources β Source: www.databreachtoday.com se publicΓ³ primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.databreachtoday.com β Author: 1 3rd Party Risk Management , Cybercrime , Fraud Management & Cybercrime More Victims of Campaign Against Data Warehousing Platform Snowflake Come to Light Mathew J. Schwartz (euroinfosec) β’ June 25, 2024 Β Β Attention Neiman Marcus shoppers: Your contact information may be for sale on a criminal forum. (Image: Shutterstock) [β¦]
La entrada Luxury Retailer Neiman Marcus Suffers Snowflake Breach β Source: www.databreachtoday.com se publicΓ³ primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.databreachtoday.com β Author: 1 Immutable backups are essential in the fight against ransomware, and businesses should put protections in place to ensure attackers canβt alter or delete them. Acronis President Gaidar Magdanurov said data protection firms must address the threat of ransomware by implementing immutable storage and exposing APIs for seamless integration with security [β¦]
La entrada Securing Data With Immutable Backups and Automated Recovery β Source: www.databreachtoday.com se publicΓ³ primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Malwarebytes Premium has maintained its long-running, perfect record in protecting users against online threats by blocking 100% of the malware samples deployed in the AV Lab Cybersecurity Foundationβs βAdvanced In-The-Wild Malware Test.β
For its performance in the May 2024 evaluation, Malwarebytes Premium also received a certificate of βExcellence.β
According to AV Lab, such certificates βare granted to solutions that are characterized by a high level of security,Β with a rating of at least 99% of blocked threats in the Advanced In-The-Wild Malware Test.β
Every two months, the cybersecurity and information security experts at AV Lab construct a series of tests to compare cybersecurity vendors against the latest malware that is currently being used by adversaries and threat actors.
For the May evaluation, AV Lab tested 521 unique malware samples against 13 cybersecurity products. Malwarebytes Premium Security detected 521/521 malware samples, with a remediation time of 44 secondsβwell below the 52-second average determined by AV Lab in its most recent testing.
Three cybersecurity vendors failed to block 100% of malware tested: ESET, F-Secure, and Panda.
To ensure that AV Labβs evaluations reflect current cyberthreats, each round of testing follows three steps:
Malwarebytes is proud to once again achieve a 100% score with AVLabβs Advanced In-The-Wild Malware Test, a trusted resource that proves our commitment to user safety.
This move has been coming for a long time.
The Biden administration on Thursday said itβs banning the company from selling its products to new US-based customers starting on July 20, with the company only allowed to provide software updates to existing customers through September 29. The banβΒthe first such action under authorities given to the Commerce Department in 2019Ββfollows years of warnings from the US intelligence community about Kaspersky being a national security threat because Moscow could allegedly commandeer its all-seeing antivirus software to spy on its customers.
Several vulnerabilities patched recently in Siemens Sicam products could be exploited in attacks aimed at the energy sector.
The post Siemens Sicam Vulnerabilities Could Facilitate Attacks on Energy Sector appeared first on SecurityWeek.
Exploitation attempts targeting CVE-2024-5806, a critical MOVEit Transfer vulnerability patched recently, have started.
The post Exploitation Attempts Target New MOVEit Transfer Vulnerability appeared first on SecurityWeek.
McLean, United States of America, 26th June 2024, CyberNewsWire
The post FireTail Unveils Free Access for All to Cutting-Edge API Security Platform appeared first on Security Boulevard.
Red Teaming security assessments aim to demonstrate to clients how attackers in the real world might link together various exploits and attack methods to reach their objectives.
The post Stepping Into the Attackerβs Shoes: The Strategic Power of Red Teaming (Insights from the Field) appeared first on Security Boulevard.
By introducing a mobile device management (MDM) platform into the existing infrastructure, administrators gain the ability to restrict sideloading on managed devices.
The post EU Opens the App Store Gates: A Call to Arms for MDM Implementation appeared first on Security Boulevard.
Many organizations today use a jump server (also known as jump box or jump host) as the intermediary device to access a remote network securely. It is the go-to solution for remote administration of servers and devices and for development and testing environments. It is also commonly used to control vendor access to an organizationβs internal systems and to meet compliance in certain industries.
While this is definitely a step up in security from using VPNs, jump server can sometimes create a false sense of security because there still exists security risks and loopholes.
In this blog post, we will first explore the security benefits and risks of a jump server. Finally, we will unveil strategies to mitigate those security risks.Β
Top 5 Security Benefits of a Jump Server
Top 5 Security Risks of a Jump Server
How to Mitigate Jump Server Security Risks Using Best Practices
Mamori Adds Two Additional Layers of Security to Your Jump Host
When access is centralized, it is easy monitor and manage who access their network, ensuring all access to protected networks are authorized. Centralized access also simplifies managing permissions and security policies. while also making it easier to monitor and log activities.
With centralized access, monitoring traffic and logging activities are simplified. Jump servers also allow session recording, session timeout, and the ability terminate sessions to enhance control and security.
Jump servers should be isolated from the internet and shouldnβt be able to browse the intranet. This reduces the attack surface and adds a layer of defense against external threats.
By limiting direct access to critical systems and databases, jump servers minimize the risk of unauthorized access from any unauthorized sources.
User activity and traffic passing through the controlled central access point can be logged and recorded, which helps meet regulatory.
A compromised jump server can jeopardize the entire network. Also, a compromised user account, a privileged user, or an infected device can jeopardize the entire system and database the jump server protects.
A simple jump server contains a Windows Server with RDP and user accounts from Active Directory. Additional setup and tools can be used to create more secure policies. In some cases, coding and debugging is required, which makes it difficult to add additional security policies.
A misconfigured architecture can completely bypass the jump server and access privileged resources, as indicated in the image below with the non-privileged resource. If the non-privileged resource is compromised, then the privileged resource can be accessed, bypassing the jump server. Because privileged resources are usually databases, many mistakenly think that jump server protects the database. Although jump servers do protect database access (in a way), it is NOT database security, as youβll see later in this article.
Above: Workstation can circumvent access to privileged resources when the security architecture is misconfigured. Image source: Improsec.
Running outdated software on the jump server is known to expose the jump server to vulnerabilities. Default and weak passwords should be changed, and strong authentication policies should be enforced.
Disgruntled or malicious employees who have access can cause data loss and data breaches. Although all traffic can be monitored, jump servers by default lack the ability immediately respond to insiders who are mass downloading or deleting data.
Simply put, the easiest and simplest way to mitigate jump server security risks is to implement security best practices on your jump server. However, that is easily said than done.
Here at Mamori.io, we make it extremely easy to implement jump server security best practices (including ransomware prevention and cybersecurity best practices).
Below lists the jump server security best practices and how they mitigate the security risks mentioned earlier.
2FA adds another layer of security even when your password is compromised, or if youβre using default password.
Security Risk Mitigated: Credentials Management, Database Security
Mamoriβs Approach: Mamori.io uses a zero-trust approach that assumes your password has already been compromised. Every access is secured by MFA, from accessing the network using Zero Trust Network Access (ZTNA) to accessing the database using our Database Privileged User Access (DB PAM) via SSO. Even certain operations within the database, such as mass deleting data, can be authorized to certain individuals and secured using 2FA.
Regularly patching and updating the software and operating system on the jump server is the quickest and easiest way to close security gaps against known vulnerabilities and exploits.
Security Risk Mitigated: Outdated Software
Mamoriβs Approach: Even if an external threat uses a known vulnerability to compromise your jump server, your critical resources and database can still be protected by database privileged access controls secured by 2FA.
Only grant access to those who need access. Enforce role-based access so users have the minimal necessary permissions (least-privileged access). This limits the number of potential attack vectors and reduces insider threats.
Security Risk Mitigated: Setup Complications, Misconfigured Architecture and Database Security, Insider Threats
Mamoriβs Approach: Mamori provides Privileged Access Management (PAM) to limit jump server access to only those who need access. Once the user connects to the database or privileged resource, Mamori provides Database Privileged Access Management (DB PAM) to limit the userβs access to resource, his visibility (eg. data masking) and the types of operations (eg. read, write, delete, etc.) the user can perform onto those resources.
Comprehensive logging and monitoring allow for the detection of suspicious activities and help with IT audits and compliance. Logging and monitoring also facilitates forensic analysis post-incident, enhancing the overall security posture.
Security Risk Mitigated: Insider Threats, Incident Response
Mamoriβs Approach: At Mamori, we believe logging and monitoring is NOT comprehensive if users are able to share accounts. That is why we use a zero-trust approach, where the user, device, location, (and more) needs to be authenticated for access and for certain database operations. Thus, when each session is monitored, logged, and recorded, we ensure that each session can easily be traced back and be used as forensics or incident response.
Strong password policies, such as password complexity, regular changes, and restricting reuse, make it harder for attackers to guess or crack passwords. This strengthens the first line of defense against unauthorized access.
Security Risk Mitigated: Credentials Management and weak passwords
Mamoriβs Approach: We encourage the use of strong password policies, but we emphasize on Two Factor Authentication (2FA). Thatβs because we use a zero-trust approach, where we assume every password is already compromised or will be compromised one day.
Jump servers should only have access to select servers. One practice is to isolate the jump server from other parts of the network, which limits the potential damage of the jump server is compromised. Segmenting a network prevents attacks from moving laterally across the network to access other critical systems.
Security Risk Mitigated: Setup Complications, Misconfigured Architecture
Mamoriβs Approach: Mamori uses Zero Trust Network Access (ZTNA) to microsegment a network. The microsegmented network can then be used for the jump server to ensure an isolated, secure environment.
Mamori ensures that only the right user with the right permission has access to the jump server using the following modules and features:
Zero Trust Network Access (ZTNA) β Before a user gets connects to the network, the userβs device and identity is verified using 2FA. Other security policies, such as access restrictions by IP address, can also be enforced.
Privileged Access Management (PAM) β Once a user connects onto the network, policies set forth in the PAM module will restrict or allow that userβs access to the jump server.
After a person connects onto a jump server, the following Mamori modules and features ensure that the person can only view, access, and perform operations that is needed to do his job:
Database Privileged Access Management (DB PAM) β Once a user connects onto a database via a jump server, DB PAM will determine what resources the user has access to and what database operations the user can execute.
SQL Firewall β DB PAM can create rules and privileges on what SQL commands a user can run. You can choose to block all SQL commands or allow specific types of SQL commands.
Data Privacy Policies β You can easily create policies such as data masking policies, who has access to which tables, rows, or columns, and how users can work with those data.
By default, jump servers do not allow you to control uploads and downloads to and from the jump server. When someone needs to upload or download, admins might choose to share passwords, or create a new account with excess privileges that is to be a forgotten account β both of which introduce considerable security risks.
With Mamoriβs PAM features, you can set permissions that allow what user(s) is able to upload, download, or do both from the jump server. Permission include having the user request access on-demand, limit access by IP address, or setting a time frame where the user account is granted access. This is another form of securing access that improves both security and workflow efficiency.
Unlike the configuring a jump server, using Mamori requires no coding. We offer a simple dashboard and user interface that even the most non-technical users can create security policies that can mitigate the security risks of your jump server.
By understanding the benefits and addressing the risks associated with jump servers, you can enhance the security of your network while maintaining efficient, controlled, and secure access to critical systems. If you have further questions or need assistance in securing your jump server, feel free to reach out for a detailed consultation.
Schedule a demo with Mamori.io or request your free trial. If youβre a small business with fewer than 20 users, you can use Mamori.io for free.
The post Understanding and Mitigating Jump Server Security Risks appeared first on Security Boulevard.
SANTA CLARA, Calif., June 26, 2024 β At the 16th Information Security Forum and 2024 RSAC Hot Topics Seminar held on June 7, 2024, Richard Zhao, Chief Operating Officer of International Business at NSFOCUS, presented the new picture of cybersecurity in the post-cloud era with his professional insights. Key Highlights Richardβs speech focused on three [β¦]
The post Efficiency is Key to Cybersecurity in the Post-Cloud Era appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
The post Efficiency is Key to Cybersecurity in the Post-Cloud Era appeared first on Security Boulevard.
Snowflakes has become the latest corporate victim in a cyberattack but how it is playing out is a little different than many breaches.
The post Snowflake Breach appeared first on Security Boulevard.
See how DataDome learns about proxy networks from bots as a service, how BaaS can be detected, and what kind of IP addresses are behind BaaS.
The post Proxies as a Service: How to Identify Proxy Providers via Bots as a Service appeared first on Security Boulevard.