One of the largest security threats that countries face is the breach of sensitive government systems and data. With the world constantly developing and undergoing digital transformation, the devices we all rely on for both our personal and work lives are increasingly manufactured in countries considered potentially or even actively hostile toward our national interests. The U.S. Department of Defense (DoD) took a step toward combating this threat by issuing an interim Rule. The new ruling amends the Federal Acquisition Regulation (FAR) to implement section 889 of the John S. McCain National Defense Authorization Act (NDAA). It went into effect on 13th August 2020 and addresses the new prohibition on the use of banned telecommunications equipment and services, while also clarifying the ban from 2019 on buying such equipment. The end goal is to combat the threat that potential cyber-attacks pose to our national security.  

In effect, the section 889 ban prohibits federal agencies from doing business with any entity that provides telecommunications and video surveillance services, or equipment that is manufactured or provided by certain companies or any subsidiaries or affiliates with known connections to China. Essentially, this Rule was put in place to prevent any efforts from threat actors to exfiltrate information and intellectual property that pose potential risks to the U.S. government and industry.  

There are five specific companies that fall under the category of ‘Prohibited Technology’. These restrictions are in place for the purpose of public safety, the security of government facilities, the physical security surveillance of critical infrastructure along with other national security purposes. More specifically the restrictions are aimed at the telecommunication equipment and services produced by Huawei Technologies, ZTE Corporation or any subsidiary or affiliate of both. Additionally, any video surveillance and telecommunications equipment and services produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company or Dahua Technology Company or any affiliates or subsidiaries are implicated. There are no exemptions for commercial item contracting and applies to all purchases regardless of the contract size or order. The Secretary of Defense also has the right to reject any working orders with any entity they believe to be owned or controlled by or connected to the government of a covered foreign country. 

What are the implications? 

The new ruling implicates a wide range of sectors and companies. It encompasses all sectors, including banking, healthcare, information technology, higher education, travel and transportation and applies to both federal and commercial business. While Section 889 is a U.S. Regulation, it extends far beyond U.S. borders, and even into people’s homes as any technology used by employees who work from home are not exempt.   

The Rule encompasses prime contractors along with their subcontractors, with the prime contractor holding the responsibility for both parties and extends to other contractual agreements that are connected to a government contract. It’s extremely important to note that this ruling doesn’t only impact contractors or suppliers that work directly for the DoD, GSA or NASA. As a matter of fact, there are three specific FAR clauses in place to implement these prohibitions which must be complied to.  

Under the FAR clauses, prime contractors must make a “reasonable inquiry” before submitting any offers for work regarding its own use of prohibited equipment or services. This inquiry is specifically “designed to uncover any information in the entity’s possession about the identity of the producer or provider of covered telecommunications equipment or services”. In addition to this, they must identify and report any previously undisclosed use of prohibited equipment or services within one day of identification. Any basic ordering agreements must contain a clause in which contractors are obligated to report any use of covered telecommunications equipment or services discovered during the performance of the contract, within 10 days. There is no specific requirement in regards to connectivity. As a matter of fact, any equipment may still be covered if it has the potential to transmit data when connected to the internet, even if it is installed on a closed network.  

Under the covered technology, any public and private organisation that deals with these agencies may be considered a contractor or subcontractor and, is therefore, implicated. Healthcare contractors, payors or providers paid by the U.S. government fall under this category as well. This includes contractors for the National Institutes of Health (NIH), the Defense Health Administration (DHA) and the Department of Veterans Affairs (VA). To complicate matters further, the definition of ‘use’ is ambiguous to say the least. The rule defines it as any use, “regardless of whether that use is under a Federal contract.” Consequently, both contractors and suppliers must be fully aware of the telecommunications and video surveillance services or equipment they work with.  Breaching a contract by failing to submit an accurate representation or to provide an acceptable product can lead to a cancellation or termination along with hefty fines.  

Planning on working with a U.S. Government Agency? 

 With the implications of the Section 889 ban extending far beyond the United States, any company that either already has a contract with a U.S. government agency or is planning to submit a proposal for work should be mindful of certain things. It is vital that a company reviews its IT asset inventory and supplier agreements before beginning to work with or for a U.S. government agency. They must determine whether they or any of their subcontractors use any equipment or services that fall under the category of “prohibited technology.” Along with this, contractors must build a “reasonable inquiry” regarding any banned equipment or services, and additionally have any documentation that supports this inquiry available. It is essential that companies identify equipment that can potentially be replaced or isolated from their contracted work.  

Finally, companies are advised to implement risk-based mechanisms that can help them comply with this rule. This includes alerting the authorities of any banned equipment that they used during contract performance.  

It is vital to protect the national security from any potential threats, which is why compliance with the Section 889 ban must be considered a priority. To avoid non-compliance, contractors must be aware of how their contractors and subcontractors could be affected by the new Rule and take extra measures to ensure their telecommunications services and equipment are up to date and don’t fall under the category of ‘prohibited technology’. U.S. businesses aren’t the only ones who will need to take extra precaution when working with third party vendors or manufacturers. Businesses beyond U.S. borders need to keep the section 889 ban in mind if they, or any of their subcontractors, plan on working with a U.S. government agency and ensure compliance to avoid penalties for non-compliance.  

The post Section 889: the US Regulation that extends far beyond the US appeared first on IT Security Guru.

Cybersecurity companies KnowBe4 and OneLogin have partnered with Security Serious in a bid to set a brand new Guinness World Records title for the Most views of a cyber security lesson video on YouTube in 24 hours. The record will be attempted on the 14th of October 2021, during European Cybersecurity Awareness Month and Security Serious Week, with the video available to view for a 24-hour period. This record has never been attempted before and will be an official Guinness World Records title if the minimum 1,500 views is met.

“We are absolutely thrilled to have both KnowBe4 and OneLogin help us attempt a new Guinness World Records title,” said lead organizer of Security Serious Week and founder of Eskenzi PR, Yvonne Eskenzi. “Security Serious Week is dedicated to making the online world safer and there is no better place to start than by getting the community together for what could be the biggest virtual cybersecurity training in the world. Despite the global limitations over the past 18 months, we always try and push the boat out; and this year, with the help of our sponsors, we are really offering the security community something fun and exciting to further the spread of cybersecurity awareness.”

Security Serious Week was started by Eskenzi PR and Smile on Fridays as part of the Security Serious initiative that takes place during European Cybersecurity Awareness Month in October each year.  Security Serious, which is in its seventh year, has developed into a series of fun, entertaining, informative events that get the industry together while also educating the general public to be more security savvy.

The Guinness World Records attempt will take place during this week on the 14th of October at 4 pm BST and will see KnowBe4 and OneLogin provide a 45-minute training session that will be live-streamed via YouTube. The training will be split into three parts, with KnowBe4 and OneLogin each providing expertise on a specific area relating to ransomware before opening the session for Q&A with the viewers. It will be short, to-the-point, and, most importantly, informative. The complete recording will then be made available on the Security Serious YouTube channel for a further 23 hours for security professionals around the world to view.

The target audience will be C-level execs, such as CISOs and CIOs, as well as system administrators and other security professionals in order to help them further security awareness within their own organizations. The aim is to bridge the gap between security professionals and the rest of the workforce.

With reports claiming the cost of ransomware to businesses will rise to $20 billion, and with 2021 already seeing many high-profile attacks, the workforce needs to be made aware of the severity of this threat. Therefore, the education provided is designed to help cybersecurity experts train non-security professionals in the working environment on how to prepare for a ransomware attack.

The training is open to all members of the public who must register in advance to have a chance to win an official Guinness World Records participation award! *.

“Given the dramatic rise in cybersecurity attacks around the world, building up organizations’ human firewalls with security awareness training has never been more critical. Being a part of setting a Guinness World Records title for a security awareness training session is such a thrill for KnowBe4, especially when we have the opportunity to partner with companies like OneLogin and Eskenzi PR to achieve such an accomplishment. We are very much looking forward to contributing to this record-setting event.” – Javvad Malik, lead security awareness advocate, KnowBe4.

“As the omnipresence of ransomware and other security incidents in our culture has shown us, there has never been a more important time to guide enterprises through the processes of planning for such an event. OneLogin is honored to have the opportunity to partner with KnowBe4 on this first-of-a-kind project and look forward to helping organizations across the globe to prepare for the worst security outcomes,” – Niamh Muldoon, Global Data Protection Officer at OneLogin.

To register, please click here: [https://www.eventbrite.ie/e/biggest-virtual-cybersecurity-lesson-tickets-166314899341]

To view the progress of the event, please click here: [https://www.securityserious.com/biggest-virtual-cybersecurity-lesson/]

The post Security Serious: Organizers aim to set new Guinness World Records® title for Viewership of an Online Security Lesson appeared first on IT Security Guru.

Armis, the unified asset visibility and security platform provider, has announced Desiree Lee as its new Chief Technology Officer (CTO) for Data, reporting directly to Nadir Izrael, co-founder and Global CTO at Armis. Lee’s appointment, the company says, reinforces its strategic commitment to ensuring total visibility of all assets and devices in its customers’ eco-systems. Armis allows clients to see all their associated devices, along with risk and behavioural profiles, delivering an ability to rapidly respond to threats and anomalies as they arise to improve cyber resiliency. 

Data is the lifeblood of any organisation and ensuring clients can get a 360 view of all the assets in their environment with their associated risk profiles is key to managing cyber risk. Armis is recognised as the #1 provider for unified asset visibility for IoT, IoMT, and OT/ICS devices and assets. Real-time depth and breadth of visibility are fundamental to truly protecting a modern firm from a cyber-attack. 

“Enterprises collect vast amounts of data about devices. Today, this data is spread across disparate systems in the environment. Armis correlates and normalizes this evolving dataset to provide real-time asset management and actionable security insights that incorporate device context and behaviour. In short, an enterprise’s data is better than the sum of its parts,” said Nadir Izrael, Co-Founder & Global CTO at Armis. “Desiree’s skills and expertise in this area are second to none. She will be leading our related industry solutions and development teams to further reinforce our award-winning capabilities and to enhance our unique data capture, processing, storage and utilization processes and systems.”   

Lee is a seasoned cybersecurity, network and data storage practitioner who has over 14 years’ experience working across enterprises, financial institutions and governmental authorities. She has led network, data, platform and SaaS projects. Prior to working at Armis, Lee worked with Guardicore, Skyport Systems, Hitachi Data Systems, Brocade and others. Most recently, Lee was Armis’ Senior Director for Solution Architecture on the east coast of the United States of America. 

Discussing her latest appointment, Lee said: “I very much look forward to bringing my experience driven by real-world customer use cases and projects to this new role, to ensure that we continue to provide even more value to our customers. The importance of data really can’t be overstated in its ability to bring clients new insights into their asset inventory and how that affects their cyber risk.”
 

The riskiest devices are the ones organisations can’t see, like unmanaged devices. An agentless, passive device security platform can break through that barrier, so they can see everything and protect virtually any device with confidence. Armis compares the real-time state and behaviour of each device on a network and in any environment to the “known good” baselines that are stored in its global Device Knowledgebase of over 1 billion devices (and growing).  

To learn more about Armis’ Device Knowledgebase, click here. 

The post Desiree Lee appointed as new CTO for Data at Armis appeared first on IT Security Guru.

Cloud security vendor Wiz, who also found a massive vulnerability in Microsoft Azure’s CosmosDB-managed database service recently, has found another security vulnerability in Azure that impacts Linux virtual machines. Users could end up with a little-known service called OMI installed as a byproduct of enabling any of several logging reporting and/or management options in Azure’s UI.

In the worst case scenario, the vulnerability in OMI could be used for remote root code execution— though in many cases, Azure’s on-by-default, outside-the-VM firewall will limit it to most customers’ internal networks only.

We asked security experts to comment on the vulnerability and provide advice:

The post Major Azure vulnerability discovered by security researchers at Wiz appeared first on IT Security Guru.

Small businesses (SMEs) form the backbone of the digital economy so it’s crucial that they can make the right kinds of security investments to protect themselves from cyber attacks.

However, the various frameworks to guide security investments are often too costly and difficult for SMEs to implement, and the potential of insurance and its financial incentives for cybersecurity has yet to be fully realised.

Consequently, the National Cybersecurity Centre (NSCS) and the Research Institute in Sociotechnical Cyber Security have supported year-long projects to explore how to tackle these challenges.

During this webinar, lead researchers of these projects will present their findings, and industry experts will also share their insights based on their experience of working with SMEs. The webinar will share practical advice and make original proposals to improve cybersecurity for SMEs.

Speakers include:

– Dr Yulia Cherdantseva, Lecturer in Cybersecurity, Cardiff University: Cybersecurity investment decision making: a best practice guide for SMEs

– Dr Jason Nurse, Senior Lecturer in Cybersecurity, Kent University: Cybersecurity incentives and the role of cyber insurance

– James Tootell, Investment Director, EOS Venture Partners

Be sure to tune in on Thursday, the 23^rd of September at 10am BST! You can register via the following link: https://zoom.us/webinar/register/WN_oiG8dJVXStqM9dpmrwgnqA

The post Cybersecurity Investment: Supporting SME decision making appeared first on IT Security Guru.

Lookout, Inc., an integrated endpoint-to-cloud security company, today announced the industry’s first Zero Trust access solution that dynamically adapts to changes in the risk levels of mobile endpoints and users as well as the sensitivity level of data. The solution is an expansion of Lookout Continuous Conditional Access (CCA), achieved by integrating the company’s Mobile Endpoint Security and Secure Access Service Edge (SASE) solutions. Lookout is the first SASE vendor to use native real-time device and user risk assessment to dynamically modify access and security policies from any mobile endpoint to any cloud or on-premises application.

People bypass perimeter-based security when using mobile devices and cloud apps to work from anywhere. To secure remote workers, organisations have traditionally relied on virtual private networks (VPNs), two-factor authentication and basic device security checks. The problem is these assessments are typically performed only at the time of access and are limited to whether an endpoint is managed and has antivirus enabled. Risk assessments must be performed continuously to identify new and changing app, device, network and phishing threats as well as anomalous user behavior to protect an organisation’s data based on it’s sensitivity level.

The Lookout Zero Trust access solution includes integrated data loss prevention (DLP) technology that provides insight into data sensitivity. By combining the risk assessment of devices and users with data sensitivity, organisations can now dynamically adapt access to protect apps and data rather than being limited to making blunt “yes” and “no” access decisions. With continuous risk assessment capabilities, data sensitivity insight and granular access policies, Lookout can dynamically modify data access with precision, such as redacting sensitive keywords, applying watermarks or encrypting the data so it is protected even when downloaded and distributed offline.

“With employees no longer inside office security perimeters, organisations must deploy Zero Trust-based access to safeguard their data,” says Aaron Cockerill, Chief Strategy Officer, Lookout. “In order to make smart access control decisions, organisations need better telemetry, including risk information on users, endpoints, networks and the applications they use, as well as the sensitivity of the data they access. With our Zero Trust access solution, Lookout customers have integrated access control with the ability to use all of this telemetry so that they can enable remote productivity without exposing their data to risk.”

With the integrated Lookout Security Platform that delivers Mobile Endpoint Security, Cloud Access Security Broker and Zero Trust Network Access solutions, Lookout CCA provides the following key benefits:

• Secure endpoint to cloud productivity: Employees can use mobile devices to access cloud apps and data without putting sensitive corporate data at risk. With continuous risk assessments of endpoints, users and data, Lookout CCA provides dynamic and granular access and security policies to any application, enabling an organisation to empower remote productivity – even to unmanaged devices – while remaining in full control of its data.
• Granular and dynamic policy enforcement: With full visibility into the endpoint and access infrastructure, Lookout CCA enables security teams to enforce  policies consistently and precisely. For example, an organisation can choose to deny download privileges and redact sensitive information when an employee uses a personal device and network it does not manage.
• Meet compliance requirements: With continuous risk assessment of mobile endpoints, users and data, Lookout gives organisations full visibility into what’s happening across their hybrid environment. As a result, whether it’s mobile malware or risky apps, data leakage or insider threats, organisations can efficiently detect and respond, ensuring they remain compliant with corporate policies and regulations.
• Simplify operations and reduce cost: Lookout CCA combines risk assessment, access and security technologies in a single platform. This means security teams have fewer tools to juggle and can streamline their operations to reduce costs and security gaps.

The post Lookout Delivers First Zero Trust Solution For Any App That Dynamically Adapts Based On Data Sensitivity And Continuous Risk Assessment Of Endpoints And Users appeared first on IT Security Guru.

Red Canary, a security ally for businesses, has recently announced a number of significant updates to its SaaS (Software-as-a-Service)-based Security Operations Platform. Companies of all sizes around the world already use the Red Canary solution to detect threats, respond to incidents and improve their security operations. The original platform offers customers effective MDR (Managed Detection and Response), which has the ability to run alongside other leading XDR platforms, creating a multi-layered security defence. The new expanded changes, however, will drastically improve the vendor’s capabilities for identity-based threat detection, alert management, automation and managed response, providing customers with more security and a better user-experience.

Why use a SaaS-based Security Operations platform?

With the surge in attacks and potential threats, security teams find themselves stretched thin, failing to keep up with the number of alerts coming in. MDR provides more than just security alert notifications, but also supports companies in their response and remediation process. This solution goes beyond solely pointing out a security issue and works toward creating a fix. Put simply: “Don’t you want someone who will solve the problem instead of just telling you there is one? It’s a more mature approach…”

In fact, the latest version of Red Canary’s new Security Operations Platform provides customers with:

• Vendor-neutral for MDR endpoints: Customers will receive Managed Detection and Response across all leading EDR products. This includes Microsoft Defender for Endpoint.
• EDR Migration tools: The new solution includes tools to ensure successful migrations, without impacting security operations or causing downtime.
• Platform-neutral MDR for infrastructure: This will offer a new threat detection service optimised for Linux production systems, regardless of where they are deployed. It allows customers who cannot deploy third-party EDR Linux agents, to use an MDR service without any issues, while also providing a higher standard of security when moving to the cloud.
• Account compromise detection: Red Canary’s platform includes new capabilities for account compromise detection. These use data from a customer’s Defender for Identity instance and applies behavioural analytics to detect suspicious or unusual patterns in account access.
• Integrated alert management and triage: Built-in workflow automations playbooks will help customers respond consistently and efficiently to potential threats.
• Risk reporting and benchmarking: Customers will be able to perform regular analyses and reports, relative to earlier periods, other companies in the same industry and organisations of similar size. As such, security leaders can report to their executive teams and boards on the effectiveness of their security controls and their impact on business risk.
• Managed remediation of incidents: With this, trained response engineers will provide customers with guidance, set up workflows, and perform response tasks to contain any lurking threats.

Chris Rothe, CPO and co-founder of Red Canary is proud to say that “[their] platform protected [their] customers from the biggest attacks in recent months,” especially “while organizations [were] increasingly under attack from ransomware and other threats. [Red Canary’s] people have extracted and curated new behaviour and attack patterns from thousands of engagements, and [have] embedded those in the expanded platform to better protect customers from harm.”

In addition, Red Canary announced the release of new packages for consulting firms and service providers. As a result of suffering a breach, companies have a tendency to seek out the help of Incident response consulting firms, who now struggle to support the growing number of clients. The new consulting solution is designed to consult firms during the incident response process instead of after it Is complete, taking the pressure off consulting firms and creating a smoother overall flow of process.

Mandana Javaheri, global head of security, compliance, and identity business development at Microsoft believes that: “Red Canary’s platform, providing MDR for endpoints and infrastructure, aligns to Microsoft’s security strategy. Customers who are investing in Microsoft 365 Defender and XDR platform can benefit from Red Canary’s MDR platform to increase effectiveness of their security operations.”

Using this type of solution will allow companies to feel safer in their security operations and take the pressure off their security teams. It will help scale down alerts and response-time and provide sufficient and efficient security to prevent data breaches and other large-scale attacks.

The post Red Canary Releases New Security Operations Platform appeared first on IT Security Guru.

This week, Cybereason and Smarttech247 have announced a partnership to enable joint customers to detect and end cyber-attacks on endpoints anywhere on their networks. With businesses today facing a constant barrage of cyber threats, including destructive ransomware attacks and other malicious activity, it is vital for organisations to be best prepared for the worst-case scenario. This partnership aims to do exactly that; reduce the risk of attack. The two companies will work toward reducing this risk and helping organisations better safeguard their most critical assets by employing award-winning AI-driven managed security services that include industry leading prevention, detection and remediation capabilities.

Raluca Saceanu, COO at Smarttech 247 believes that: “Cybereason is an established leader in endpoint protection and incident response. Because threat actors are emboldened, tenacious and determined to steal proprietary information and run double extortion scams to steal as much money as possible making our partnership timely.”

To conclude, Andy Philpott, General Manager, EMEA, Cybereason comments: “The technology exists to help organizations more effectively defend their organisations against advanced cyber attacks. It is critical for companies to deploy a mature security program that reduces risk and ensures business continuity making the joint Cybereason and Smarttech247 solution viable.”

Having access to both solutions from Cybereason and Smarttech247 will allow joint customers to deploy the highest level of security defence, equipping them with the ability to protect their vital assets and keep threat-actors out of their networks.

The post Cybereason and Smarttech247 announce Partnership to tackle advanced cyber threats appeared first on IT Security Guru.

Forbidden Stories, a Paris-based non-profit organisation that seeks to ensure the freedom of speech of journalists, recently announced that the Pegasus Project surveillance solution by the Israeli NSO Group selected 50,000 phone numbers for surveillance by its customers following a data leak. 

The NSO Group has always maintained that the purpose of the Pegasus Project was for governments to monitor terrorist activity. However, this recent story, if true, could suggest that the solution has been abused for a long period of time and used for other nefarious purposes.

As reported by Forbidden Stories, the leaked data suggests the wide misuse of Pegasus Project and a range of surveillance targets that include human rights defenders, academics, businesspeople, lawyers, doctors, union leaders, diplomats, politicians and several heads of states. The NSO Group continues to contend these assertions are based on wrong assumptions and uncorroborated theories. Whether these statements are true or false, they raise interesting considerations for enterprises and government organisations that have a requirement to protect the smartphones of employees who have access to sensitive information.

Pegasus Project is reported to provide NSO Group customers full control of target devices, which makes it a threat of interest. However, it is not the first mobile threat that organisations should be concerned about. In another contested case, SNYK suggested that the Sour Mint threat, a Software Development Kit (SDK) developed by the Chinese mobile ad platform provider Mintegral and used by more than 1,200 apps in the Apple App Store, was responsible for spying on users by activity logging URL-based requests through the app. It was reported that user activity is logged to a third-party server that could potentially include personally identifiable information (PII).

Where things get interesting with Sour Mint is its ability to evade defences by slipping through the Quality Assurance (QA) process of the Apple App Store, which goes to show that even the thoroughness of Apple’s processes were not sufficient to detect malicious code in the case of this threat.

So, with the rise of mobile threats such as Pegasus Project and Sour Mint, how should organisations defend against such threats?

For a long time, the consensus among many was that Mobile Device Management (MDM) solutions were adequate mobile fleet device protection since widely used mobile operating systems such as Apple iOS sandboxed applications. However, the development of Sour Mint and Pegasus Project demonstrate that simply securing the mobile fleet through MDM is insufficient since malicious code can potentially exist in approved sanctioned applications in application stores and zero-day vulnerabilities exist in popular mobile operating systems. Organisations that are serious about advanced threats need to go beyond MDM to prevent devices from being compromised and data from being exfiltrated.

The security world’s solutions to such threats are Mobile Threat Defence (MTD). Such solutions aim to prevent and detect advanced threats, such as malware, on iOS and Android devices. Gartner states that large-scale adoption of such solutions continues to be concentrated around highly regulated and high security sectors, and that organisations continue to primarily derive value from MTD solutions from an app-vetting and device vulnerability management.

From a security reporting perspective, there is a lot of value in such hygiene activity. However, neither app vetting nor vulnerability management (i.e. detecting and remediating known vulnerabilities) would be effective in blocking attacks such as Pegasus Project and Sour Mint.

Ultimately, the deployment of MTD solutions to block advanced threats comes back to the risk profile and cyber maturity within a given organisation. MTD is a control that would generally be deployed within organisations with a higher maturity level, so it’s important to get the basics right with app vetting and device vulnerability first before attempting to detect advanced threats.

For most organisations, the likelihood of being compromised by an advanced threat is low. However, those with information assets with a significant value should consider the use of MTD because where assets are of value, increased likelihood is sure to exist.

Emerging use cases envisage MTD as a component of zero-trust network access (ZTNA) architecture and of an extended detection and response (XDR) system for detection and response, which can serve as a pilot for unified endpoint security. This is in addition to the use of MTD for mobile phishing protection.

Contributed by Neil Lappage, Public Sector Solutions Lead at ITC Secure, Member of ISACA Emerging Technology Working Group

The post The Pegasus project: key takeaways for the corporate world appeared first on IT Security Guru.

The post Jenkins discloses attack on its Atlassian Confluence service appeared first on IT Security Guru.

Russian internet giant Yandex has been targeted in a massive distributed denial-of-service (DDoS) attack that started last week and and it reportedly continues this week, Bleeping Computer reports.

Russian media called the assault the largest in the history of Russian internet (RuNet), and that a US based company confirmed that the attack was ongoing.

The attack started over the weekend and while there are no further details about the type or size of the DDoS, Yandex is saying that Cloudflare web infrastructure security company confirmed the “record scale of the cyberattack.”

The post Russian publication Yandex says it is experiencing a “record scale” DDoS attack appeared first on IT Security Guru.

Being struck by ransomware has been compared to having a heart attack. It’s something that stalks everyone in theory and yet when it happens the shock of the experience is always a surprise. For the first seconds, minutes – and sometimes hours – organisations are on their own.

It’s a moment of unexpected trauma which many organisations find paralysing, something attackers plan for. This makes the attack’s effects even worse. Eventually a growing number call for help, valuing the experience of a service provider that’s seen others go through the same mill many times before.

One company on the end of some of those calls is AT&T and its Managed Security Services business unit. Director Bindu Sundaresan has first-hand experience of helping victims through the difficult day one. What advice would she give to anyone worried about this threat?

1. You tested the incident response plan, right?

“When a customer engages with us during a ransomware attack, it’s always a chaotic situation where the client’s ability to conduct business has completely stopped. This is typically the first time they’ve ever suffered an outage of such magnitude,” she says.

The first hit is to the IT team itself as a functioning unit. “Many times, the IT team feels it’s at fault for having had this happen to them, and that fear propagates across the team.” In her experience, the most important oversight is not that there is no incident response plan, but it’s not been properly stress tested, starting with the communication and decision-making chain of command. So, you need to regularly test your cybersecurity incident response plan, along with the humans and technology that will carry it out. You could get a false sense of security if your only testing comes from conversations in a meeting room with no pressure bearing down as your organization goes dark.

“Who is the ultimate decision maker for this incident? Often you see a bunch of people raise their hands, which is not ideal. My advice is that you can only have one person in charge of decision making.”

Just getting together some people from a third party MSSP doesn’t cut it. That company can’t make decisions for you – a company official must be in charge, ideally someone who’s seen a ransomware attack from the inside.  Communication isn’t just about the internal chain of command but who talks to external providers, partners, and law enforcement.

2. Thirty days of logging isn’t enough

The first question every victim wants answered when an attack happens is whether the attackers are still on the network and, if so, where they’ve hidden themselves. The first thing the IT team will reach for are logs which hopefully betray the fragments of their movement and tools techniques and procedures (TTPs).

The flaw in this is that logging doesn’t always capture enough data on default settings; for example, the last 30 days on an Active Directory (AD) controller. Sundaresan’s advice is to go beyond what is required for basic compliance and extend logging to several months at least on important servers. Only then will it be possible to discover the root of a compromise, essential to avoid a repeat incident.

“Attackers can be on your network for 230 days in some cases and the company’s logs only go back 30 days. That doesn’t work anymore.”

3. Where are the assets?

The next remediation task is patching, which turns out to be harder than it sounds. “More often than not, people don’t have an accurate asset inventory. If you don’t know what’s on your network there’s only so much we can do in terms of stopping propagation,” she says. “The moment you ask them whether it’s up to date, there’s often a silence.”

For attack recovery, the only meaningful asset inventory is one that functions in real time, adding an asset every time it is seen. Organisations can’t secure what they can’t see or don’t know about, including not only physical devices but cloud repositories, storage, applications, and every kind of servers.

Real-time asset discovery has been possible for years with online asset inventory engines offered as a service just one example of how this doesn’t have to be an onerous undertaking. This will sync with the organisation’s ServiceNow configuration management database (CMDB).

4. Backup is great – if it’s been tested

Every organisation mandates backups but not all backups are as useful should ransomware strike. According to Sundaresan, the first problem is that organisations don’t always test them. That means making pessimistic assumptions about the state of the network itself.

“Backup is a no-brainer, but you have to test it from the point of view of being able to bring the systems back up without access to certain resources.”

The traditional core of backup is the 3-2-1 format, where organisations make backups on different types of media in different locations, including offline and off-site. But if one of more of those is in some way disrupted – a connectivity issue caused by the attack, say – that strategy starts to show its frailty.

“Time and again organisations think they have tested the backup, but they haven’t tested it often enough under realistic conditions. Additionally, practicing recovery leads to discoveries of other weaknesses in your preparations.  Usually these are discovered in the quality of the backups, which in turn will lead to better backups for when you really need them” The simplest way to embed more thorough testing is, Sundaresan says, to make it someone’s responsibility.

5. Paying up isn’t an easy way out

Whether to pay a ransom has been a contentious issue from the earliest attacks a decade ago, and the issue seems no nearer being settled. Could paying a ransom simply invite future trouble?

“Our recommendation is not to pay because your chances of getting your data back are partial at best. More importantly, you’re giving them more ammunition to go after you.” Sundaresan’s other concern is that making payment part of the cybersecurity strategy risks undermining the sort of controls which might make this unnecessary in the first place.

“You might as well take that money and invest it in cybersecurity and reduce your risk exposure.”

6. DIY defence is obsolete

A major block for many smaller organisations has been marshalling the necessary investment and skills to defend themselves. But the DIY approach isn’t necessary in an era of MSSP services, argues Sundaresan. “When you need surgery, you go to a surgeon. You are doing yourself harm by thinking you have to do it all by yourself.”

Equally, she concedes, choosing an MSSP isn’t easy in a crowded market. Her advice is to look for a partner which can not only tell you what the problem is but fix it, too. But because that is changing quite rapidly as new attacks appear, that demands a provider able to show that it can invest and innovate over time.

The post Beating ransomware – 6 issues to solve before it strikes appeared first on IT Security Guru.

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, will be hosting KB4-CON EMEA (Europe, Middle East and Africa) on the 23rd of September 2021. The European virtual event is an extension of the highly successful KB4-CON US event, which the company says attracted over 10,000 registrants. The cybersecurity-focused event is designed for any CISO, security awareness training administrator and cybersecurity professional in the EMEA region. KB4-CON EMEA is a fully virtual event that will also feature special content for KnowBe4 customers and partners.

What’s on the KB4-CON agenda?

Mikko Hypponen, Chief Research Officer at F-Secure will deliver a talk entitled “The Internet: Best or Worst Innovation in Our Lifetime?” This session will cover how our global networks are being threatened by surveillance and crime, and how we can fix our technical, and human, problems.

“Today, cybersecurity failures are at an all-time high,” Hypponen said in a teaser video for the event. “With ransomware incidents, data breaches and data leaks, organisations need a comprehensive security awareness programme, which will bring security programmes an additional layer of security – the human layer.”

The audience will also experience a Fireside Chat with the world’s most famous hacker, Kevin Mitnick, who is also KnowBe4’s Chief Hacking Officer and KnowBe4’s Chief Information Officer, Colin Murphy. The pair will discuss the latest trends hackers are using to social engineer end users. At one point during his life, Kevin was the FBI’s most wanted hacker; and in this session, he will show the audience that it takes one to know one. Kevin will demo some of the most cutting-edge techniques used by today’s cyber criminals in order to better equip attendees to properly defend their organisations.

KB4-CON EMEA will be open to all security professionals from 10:00 a.m. – 1:30 p.m. GMT+1 on the 23^rd of September 2021. The afternoon sessions which will be reserved for KnowBe4 channel partners and customers will start at 2:00 p.m. and finish with a 5:00 p.m. happy hour. These sessions will focus on peer insights, product updates and best practices, as well as the future of workplace security.

“We are excited to bring KB4-CON to EMEA to address specific operational requirements for the region,” said KnowBe4 CEO, Stu Sjouwerman. “By bringing our partners and customers together, along with those who are not currently using our products, we have planned a day packed with insights on how to strengthen their organisations’ human firewalls by leading with a strong security culture.”

The full agenda for KB4-Con EMEA can be found here: https://www.knowbe4events.com/kb4-con-emea/agenda. Register here.

The post KnowBe4 hosts KB4-CON EMEA to help strengthen organisations’ Human Firewalls appeared first on IT Security Guru.

Did you know that over 80% of breaches involve brute force or lost and stolen credentials, and that over 70% of employees reuse passwords at work? Passwords are on your first line of defence against cyber-attacks and won’t be going away any time soon, getting this piece of the puzzle correct is foundational for cyber defence, the protection of your business and its data.

Live Demo: Supercharge Your Active Directory Password Policy

Join us for a 30-minute live demo of Specops Password Policy focusing on blocking weak passwords and creating compliant password policies.

Darren James, Technical lead at Specops will demonstrate how to:

• Block weak passwords and create a password dictionary containing potential passwords relevant to your organisation
• Apply Breached Password Protection to check against the latest leaked lists, including more than 2.5 billion leaked passwords.
• Create compliant password policies and simplify passwords for users
• Target password entropy and help users create stronger passwords in Active Directory

WATCH HERE!

Darren James – Technical Lead at Specops Software:

Darren has over 25 years of experience in IT, having worked as a consultant across many sectors and many different sizes of organizations from central/local governments, to retail and energy companies. He specializes in IT Security, Active Directory, Azure AD, and Group Policy.

He has worked at Specops for nearly 10 years and he’s been loving every minute!

The post Password Security – Now’s the time to get serious appeared first on IT Security Guru.

Gardaí have seized cyber infrastructure used by the cyber gang involved in the HSE cyber attack earlier this year. The operation is believed to have prevented more than 750 ransomware attacks, the Irish Times has reported.

The Garda-led operation targeted websites, domain names and servers used in the attacks, has been led by An Garda Síochána but also involved other international law enforcement agencies, including Interpol and Europol.

Garda Headquarters, in Phoenix Park, Dublin, on Sunday released information about the operation, saying it has been run by the Garda National Cyber Crime Bureau (GNCCB) and that it would also assist victims against whom attacks were already partially under way.

The post Irish Gardai clamp down on cyber gang that attacked HSE appeared first on IT Security Guru.

The US Cyber Command issued a warning that the Atlassian Corp. PLC’s Confluence software is being exploited on a large scale and that users should patch their installations immediately.

The vulnerability, formally named CVE-2021-26084, was revealed by Atlassian on Aug. 25 and was described as allowing an authenticated user to execute arbitrary code on a Confluence Server or data centre instance. It also said that Confluence Cloud customers are not affected.

The issue affects all versions of Confluence starting at 4.xx through most versions of 6.x.x and 7.x.x.

Customers that have upgraded to versions 6.13.23, 7.11.6, 7.12.5, 7.13.0, or 7.4.11 are not affected.

The post US Cyber Command issues warning on Atlassian Confluence software appeared first on IT Security Guru.

The IT Security Guru has paired up with Synopsys, a recognised leader in application security, to bring you the webinar, ‘How to Smartly Scale AppSec Testing’.

No matter what any blog or vendor says you know there is no silver bullet for application security. Complete one item on your to-do list, seven more things are there anxiously awaiting your attention. Since cloning yourself is out of the question, how are you scaling your AppSec program to keep up?

Join Khalid Damran, Head of Information Security Risk Department at the Bank of Palestine, and Frank Morris, Managing Director of Synopsys as they discuss how overwhelmed or understaffed organisations are scaling their AppSec testing. Topics covered include:

• How to handle elasticity in testing demand in a global skills shortage
• What happens when we share knowledge and experience more often
• Why feedback and continuous improvement matters

The webinar will be live online at 10am BST on the 29th of September and henceforth, available on demand.

Don’t miss out – register HERE now!

The post How to Smartly Scale AppSec Testing appeared first on IT Security Guru.

They say hard work is one of the core tenets of success. But, while a strong work ethic can undoubtedly get the job done, the efficiency and experience to guide hard work can go a long way. After all, even if you’re willing to work as hard as possible, it’s not easy to tackle a new industry without understanding how things work. Otherwise, you’ll be too preoccupied building a roadmap to notice your competitors leaving your business in the dust.

Understanding how to manoeuvre a company through stiff competition is one of the joys of startup management, even if it might be intimidating and overwhelming at the start. Learning how best to get the job done is about taking advantage of modern amenities and what technology offers. Here’s how to set your startup on the road to success.

Getting started with your primary website

If you want your company to be taken seriously, the first order of business is to develop a website worth visiting. The same thing goes for entrepreneurs looking to run an online store. The storefront is the most crucial part of business management, as it is where people will go if they click on the link.

The good news is that you do not need too much to make an effective website. As far as the professionals go, you can hire web design specialists to get the job done. When it comes to the overall direction, ensure that you take the minimalist route. A business website is most effective when it gets straight to the point and allows online users to get what they want without too many distractions. As a bonus, fewer accessories and widgets mean quicker loading times.

Search engine optimisation (SEO) is your friend

Once you have an optimised website, the next thing to do is to look into digital marketing strategies. For most startups, the ideal route is to get the help of an agency providing SEO packages like Ocere. It involves getting the attention of the most powerful search engine algorithms to rank higher on the search engine results page (SERP).

SEO is ideal for startups because it allows new companies to pace themselves and grow a robust, organic following. After all, too much popularity early on could lead to plenty of demand, something that can be problematic for inexperienced startup owners.

Keeping in touch with the latest trends

Knowledge is power, especially when it comes to managing a new company. So, keep an eye out for the latest technological breakthroughs, as there could be brand new apps and tools to help streamline your company. While you might not be able to use certain trends at the moment, there’ will come a time when you have both the resources and workforce to get the job done.

Running a company can be a challenge, especially if it’s a new company in a competitive industry. Manoeuvre through its many nuances with the tips above, and you’ll be on the road to success.

Contributed by Tom Parling, CEO, Ocere

The post Startup success: manoeuvring a competitive industry appeared first on IT Security Guru.

The US’ CYbersecurity Infrastructure Security Agency (CISA) has added signle-factor authentication (SFA) to its list of bad practices, which outlines exceptionally risky cybersecurity practices. The agency has specified that this low-security method of authentication is particularly dangerous when used to secure Critical Infrastructure or National Critical Functions.

The list also includes the use of unsupported/end-of-life software that can no longer be patched, and the use of known/default passwords and credentials.

“The presence of these Bad Practices in organizations that support Critical Infrastructure or NCFs is exceptionally dangerous and increases risk to our critical infrastructure, on which we rely for national security, economic stability, and life, health, and safety of the public,” the agency said in a post published on Monday.

The post CISA Bad Practices list updated to include single-factor authentication (SFA) appeared first on IT Security Guru.

Office 365 customers have been warned by Microsoft of an ongoing phishing campaign that abuses open redirects, an email sales and marketing tool that redirects a visitor to an untrusted site.

The post Microsoft warns of phishing campaign abusing ‘open redirects’ appeared first on IT Security Guru.