Anyone who pays attention on April Fool’s Day has learned to think twice about the information they read, the links they receive and the people who try impersonating others. The irony, though, is that while we’re hypervigilant against these harmless pranks, malicious actors are trying to play the same types of tricks on us day in and day out. 

Phishing attacks, malicious links and social engineering are just a few of the tricks used by cybercriminals to obtain credentials and other valuable information. The data they steal can then be leveraged to do real harm to victims  or used as part of a larger cyberattack. As technology progresses, so are these cyber scammers who have learned to utilise AI chatbots and deep fake technology to make their attacks even more sophisticated.

Phishing attacks are the one of the most common attack vectors used by cybercriminals. This technique involves sending unsolicited emails or messages that appear to be from a reputable source, such as a bank, social media platform or online retailer, saying you need to take some sort of action. The messages typically contain a link that downloads malware onto your device or directs you to a fake website that looks like the real one. Once you enter your credentials or other sensitive information, the bad actors can use it to access your accounts or steal your identity.

When encountering a suspicious message, you should always check the sender’s email address, hover over any links to verify the URL and avoid providing sensitive information until you have confirmed the sender’s identity independently from the original message.

AI chatbots are another tool used by cybercriminals to trick people into revealing their sensitive information that are rapidly growing in popularity. These chatbots are programmed to mimic human conversation and are often used on social media platforms and messaging apps. Along with using AI to write their initial email or message, scammers can also use chatbots to continue a conversation. They may pose as a chatbot themselves or as customer support or other assistance. Meanwhile, they can ask the chatbot to write something that persuades you to give up your credentials or other sensitive information.

When dealing with an AI chatbot or other virtual messaging service, you should always think twice about what information you’re sharing and why the sender claims they need it. If a suspicious message is telling you to click a link or call a number, it may be directing you to the scammer. It’s best practice to navigate to a website or look up a phone number yourself.

Deep fakes are a relatively new tool used by cybercriminals to deceive people. Deep fakes are videos or images that have been manipulated to appear real but are actually fake. They may be used to impersonate celebrities, athletes or manipulate photos of people you know. Cybercriminals can use deep fake technology to impersonate someone you may know or trust to make a social engineering scam even more believable.

Social engineering is perhaps the most insidious method used by cybercriminals to obtain your sensitive information. This technique involves convincing people into revealing their credentials or other sensitive information through psychological manipulation. For example, a cybercriminal may impersonate a trusted individual or organisation and use fear or urgency to convince you to give up your personal and sensitive information.

To avoid falling victim to social engineering, you should always be cautious when dealing with anyone who asks for your information. Anytime a request seems suspicious, you should verify the identity of the person or organisation, even if it takes a little more time to do so.

Cybercriminals are constantly coming up with new and innovative ways to trick people into revealing their sensitive information. For example, some criminals may use fake job postings or online surveys to collect your information. Others may use fake websites or apps that appear legitimate but are actually designed to steal your credentials.

To protect yourself from cyberthreats, stay vigilant about the information you share online and take steps to secure your accounts. This includes using strong and unique passwords, enabling two-factor authentication whenever possible and avoiding clicking on links or downloading attachments from any unknown or suspicious source. 

The post For Cybersecurity, the Tricks Come More Than Once a Year appeared first on IT Security Guru.

New research by CybSafe found only 10% of workers remember all their cybersecurity training. This is exposing companies to cyber risk.

1000 US and UK office workers told CybSafe about their cybersecurity training. Half of employees get regular security training courses. A quarter of respondents get none.

Cybersecurity training does not include new technologies

The survey looked at the use of technologies implemented in the last few years.

The way we collaborate and communicate has changed. Cybersecurity training has not kept up with applications like Slack and Teams. Most security training is still delivered by web-based learning management systems.

Oftentimes, important security information is getting lost in the noise. Only half of the workers interviewed paid attention to emailed content (53%). Furthermore, 20% of employees said they cannot remember or find relevant cybersecurity information.

Missed opportunities for engagement

80% say they are likely to act on security advice provided on the platforms they use daily, such as Slack and Teams. 90% of respondents thought security nudges on instant messaging platforms would be valuable.

New technologies, new risk

Slack and Teams are an afterthought. 47% have received no training for employee communication applications. Workers are more likely to share login details in tools like Slack (14%), rather than email (12%).

Dr Jason Nurse, Director of Science and research, said: “Cybersecurity training needs to centre on people. It needs an understanding of new and emerging habits. It needs to centre on how people work. And it needs to use behavioural and data science to engage. Interventions made in a timely, convenient way have a real impact.”

“The way we communicate is changing. Cybercriminals are one step ahead,” said Oz Alashe MBE, CEO Of CybSafe.

“People want to be part of the solution for their organisations. Ineffective tick-box training does not work. Cybersecurity training needs a facelift. It needs to focus on people, their habits and behaviours. The right message, at the right time, on the right platform.  Data and behavioural science can help companies stay ahead of new threats.

“For too long cyber security has focused on employees working around their organisation. It’s time organisations adapt and centre around their people.”

The post Only 10% of workers remember all their cyber security training appeared first on IT Security Guru.

Today Salt Security have released the findings from their latest Salt Labs State of API Security Report, Q1 2023, which found that there has been a 400% increase in unique attackers (over 4800) in the last six months. The report makes it clear that attackers are getting wise to exploiting APIs – and they’re persistent. Attackers will try time and time again until something works. Last year’s report found that API attacks increased 681% in the last 12 months.

The report also found that 80% of attacks happened over authenticated APIs, making it a widespread problem for all. Given that it is one of the easiest types of attack to execute, it is no surprise that attackers are increasingly targeting this route into an organisation.

The State of API Security Report pulls data from a combination of nearly 400 survey responses and empirical data from Salt customers across a range of industries, company sizes, and job responsibilities. This year’s report, the company’s fifth, provides the deepest insights yet, including “in the wild” API vulnerability research from Salt Labs that demonstrates how respondents’ top concerns in API security manifest in real-world scenarios.

Key findings from the report include:

• API security has emerged as a significant business issue, not just a security problem, with 48% of survey respondents saying that API security has become a C-level discussion over the past year.
• The top two most valued API security capabilities are to stop attacks (44%) and identify PII exposure (44%). The ability to implement shift-left practices rated the lowest (22%).
• Vulnerabilities discovered in the wild represent a critical concern for small and large businesses alike.
• “Zombie” APIs followed by ATO top the list of API worries. In fact, 54% of respondents said outdated or “zombie” APIs are a high concern, up from 42% in the last quarter.

Data from the report shows that reliance on APIs is continuing to grow as they become ever more imperative to their organisation’s success. Simultaneously, APIs are becoming harder to protect as attacks increase exponentially and traditional tools and processes cannot stop them.  The findings from Salt Labs highlight why 2023 has been dubbed the “Year of API Security”.

The post New API Report Shows 400% Increase in Attackers appeared first on IT Security Guru.

Today, Cato Networks has been named the Leader in the Single-Vendor SASE Quadrant Analysis published in TechTarget.

“We’re honoured to be identified as the Leader in single-vendor SASE market,” says Shlomo Kramer, CEO and co-founder of Cato Networks. “Cato introduced the first worldwide SASE platform in 2016, four years before Gartner defined the term. Since then, we’ve continued to enhance and extend Cato SASE Cloud as recognized by this award.”

Why Single-Vendor SASE?

While SASE brings operational benefits to an organisation, the report notes that single-vendor SASE brings certain unique benefits, including:

• Enhanced security posture by reducing the complexity of security functions, enforcing a single security policy enterprise-wide, and minimising the attack surface.
• More efficient use of network and security personnel stemming from faster deployment times, reduced dependency on advanced networking and security skills and resources, removal of redundant activities, and a single security policy.
• Better user and system administrator experiences as performance issues like latency and jitter are easier to manage, end-to-end issue diagnosis is simpler, and there is a single warehouse for all event data and logs.

Why Cato?

According to the report, Cato SASE Cloud brings several unique strengths:

• A global cloud-native, single-pass engine is the right architecture for single-vendor SASE. It provides line-rate, security inspections, and optimised traffic worldwide for all company edges – sites, mobile users, and the cloud – even for encrypted traffic.
• Cato fully maintains the underlying infrastructure of Cato SASE Cloud freeing IT from common network and security operations, such as updating security signatures in response to the latest zero-day threat. The report notes that Cato frequently points to its low Time to Protect – how quickly an IPS signature is not just developed but put into action. For example, they protected their customers against Log4j in just 17 hours (versus days and weeks for many companies).
• Single management platform converges security and networking eliminating “swivel chair IT troubleshooting.” Cato’s Event screen is a good example of convergence, providing a single interface for seeing all networking and security event data for the past year.

About the Report

The SD-WAN Experts Single-Vendor SASE Quadrant Analysis evaluated seven vendors in what the authors term was an “MQ-like” analysis. Vendors were compared on their execution ability and their completeness of vision. The authors say they relied solely on publicly available information and tempered our theoretical analysis with our own real-world experience deploying SASE platforms.

The post Cato Networks Recognised as Leader in Single-Vendor SASE Quadrant Analysis appeared first on IT Security Guru.

As important as it is, cybersecurity awareness training might not seem like the most exciting thing in the world, but when it involves plots to rival your favourite network crime dramas, expertly crafted cinematography, and characters to root for? Naturally, it all feels a little bit different.  

Of course, we’re talking about the long-awaited return of KnowBe4’s network-quality video series The Inside Man. Back for its fifth season, the show, created and produced by Twist & Shout Communications (a KnowBe4 company) is now available to all diamond-level KnowBe4 subscribers.  

The Gurus were lucky enough to walk the red carpet alongside the show’s cast and crew last week at the Odeon Luxe Cinema, Leicester Square. A packed-out venue fit for an ambitious and industry-leading series that reunited some of our favourite characters. 

What To Expect This Season 

Season 5 of The Inside Man has big ambitions that echo, as always, real-world scenarios, genuine real-world threats, and plausible scenarios. If season 4 was a nod to 2021’s Colonial Pipeline ransomware attack, season 5 takes a stab at the more political side of cybercrime.  

The season’s antagonist, Cyrus, sums the season – and his intentions – up perfectly: ‘Money? You think this is about money? It’s about power… The power to know how people are going to react before they know themselves, to mould their thoughts, to shape their behaviour… The power to choose who wins an election, wins a war.’ 

Of course, this echoes similar themes that we see in the news frequently, with cyber influence operations becoming all the more common. In fact, just last year US military and intelligence officials announced that they were stepping up efforts to defend the electoral process from foreign influence.  

Whilst the show doesn’t go that far, it does dabble in using cyber influence to show the increasingly complex nature of highly personalised attacks. This season we find Mark, AJ, Fiona, Violent and Maurice approached by the security services to help fight against a remorseless adversary deploying vast resources of hacking powers to gain influence and power. From global corporation acquisition to insider threats within hospitals and healthcare, this is definitely the most eager (and high stakes) series of The Inside Man yet. 

Jim Shields, Creative Director of Twist & Shout Communications said: “In this season, we see many of these exciting plotlines finally come home to roost. Storylines for which we’ve spent two or three seasons laying the foundations. It’s powerful stuff, and the production team have excelled themselves as usual in bringing it to life. I’m unbelievably proud to be a part of this series.”   

Revolutionising Cyber Awareness Training 

For many years, KnowBe4 have been reshaping cybersecurity awareness. Perhaps the most obvious example of this is their willingness to invest in something truly different and, perhaps, revolutionary within its field. It’s clear that The Inside Man is an investment, with stunning sets, large productive value and 12-episode story arc. However, it pays off; the show has real, dedicated fans. In fact, three lucky superfans were invited to the premiere, with one having written a full-blown analysis of it. There’s nothing quite like it! 

“Security awareness training doesn’t have to be boring, nor should it,” says Stu Sjouwerman, CEO of KnowBe4. “‘The Inside Man’ is the most utilised training that KnowBe4 offers in the optional training category because it is highly captivating, and the production quality is more like a network-quality series than training.” 

What The Inside Man does so captivatingly is foreground the human element of cybercrime, with the adversaries not the stereotypical hooded hackers of yesteryear and our victims harrowingly human and relatable. From social engineering to passwords, to social media and deep fakes, this season of The Inside Man covers a lot of ground. Importantly, it reveals how easy it can be for an outsider to penetrate an organisation’s security controls and network. It’s awareness training that doesn’t feel like awareness training – and it’s not preachy either. 

The Verdict  

Season 5 of The Inside Man is well worth a watch. Whether or not you typically ‘enjoy’ cybersecurity awareness training, you can’t help but feel drawn to the show. It’s both educational and entertaining, and that’s pretty impressive.  

Education and awareness are at the heart of everything KnowBe4 does – and The Inside Man is no different, clearly. The Inside Man forces audiences to face safe (or otherwise) cybersecurity practises in an unusual (and rather fun) way. Ultimately, this passion project, beloved within its community, is something vendors should take notice of.  

You can watch the full series on The Inside Man microsite on the KnowBe4 platform if you are a diamond member. 

The post Back and Bigger Than Ever! The Inside Man Season 5 Takes a Stab at Power Hungry Adversaries appeared first on IT Security Guru.

Today, Outpost24 released a new report revealing the underground operation of Traffers, cybercriminal organisations reshaping the business of stolen credentials.

The Rising Threat of Traffers report, compiled by Outpost24’s Threat Intelligence team, KrakenLabs, provides a deep dive into the credential theft ecosystem, and encourages organisations to evaluate their security measures against these evolving threats.

Stolen credentials are a major problem for organisations, causing nearly 50% of all data breaches. While businesses are still trying to figure out how to fix the password problem, cyber criminals are organising, and innovating. The increased professionalization of cyber criminal groups, specifically the rise of Traffers, is the latest threat against businesses.

Traffers are highly organized cybercriminal groups. They spread different types of malware families with the goal of exfiltrating credentials or profit. To spread the malware as far and wide as possible, they have formed an industry-like structure of product and service providers, as well as dedicated market places, in the form of Telegram channels, to facilitate the sale of those credentials.

To increase their success rate, Traffers target their would-be victims by driving their internet traffic with Google and Facebook Ads to fraudulent content. Traffers have developed a business model that involve specific recruitment, training, and compensation, all of which distinguish them from other cybercriminals.

The price spike of information-stealing malware, the subscription models for accessing stolen credentials, and even the earnings of the Traffers themselves, are just some of the highlights in the report that demonstrate the increased activity and demand in the cybercriminal ecosystem.

Victor Acin, Head of the KrankenLabs at Outpost24, “credentials, and the tools used to steal them, are a commodity. With the growing trend of Initial Access Brokers (IABs) we know that criminal groups are willing to pay for services, which means they expect a bigger profit in return – that’s bad news for businesses.”

As the underground economy circulates, current security measures may fall behind. Organisations need to consider the Traffers attack chain to stay protected against the latest threats. The Rising Threat of Traffers report provides practical advice that can protect credentials, and help businesses avoid malware infections, in the way it is done by Traffers teams.

Outpost24’s KrakenLabs will continue to monitor these groups as part of their cyber threat intelligence solution, helping organizations improve their cyber security posture with real-time threat detection and faster remediation.

To read more about the report, please visit here. Last year, we reported that in the first half of the year, stolen credentials were involved in nearly half of data breaches.

The post New Research Examines Traffers and the Business of Stolen Credentials appeared first on IT Security Guru.

As cyber threats increase in frequency and complexity, organizations recognize the importance of having a Chief Information Security Officer (CISO) to protect their sensitive data and infrastructure. To succeed as a new CISO, it’s essential to clearly understand the organization’s security landscape, establish strong relationships with key stakeholders, and develop a comprehensive cybersecurity strategy that aligns with the organization’s business objectives. This guide will explore the key steps and strategies that new CISOs can take to build a successful cybersecurity program and effectively manage cyber risks.

Commit to Learning and Participation

As a CISO, you probably have an endless to do list of vital chores that can keep you preoccupied. FFor this reason, you may be cut off from your coworkers and superiors, limiting your exposure to strategic and operational information shared through informal channels such as one on ones, small group brainstorming sessions, and, yes, even boring meetings. Stay in touch with your mentor(s) as you make this shift. Having a clear idea of your challenges and working with a coach can help your CISO first 90 days and adjust more smoothly. Participate in the discussion to better understand the company’s goals, potential, and threats. 

Create Connections

Building productive relationships with employees and other divisions is crucial to your success as a chief information security officer. Coordinate early on with the major players by setting up a meeting schedule. Determine which divisions you will work with, such as legal, audit, risk, marketing, and sales. As a result, we will be better able to establish connections to facilitate the rollout of cybersecurity awareness campaigns and related policies. The CISO needs to work in tandem with other executives.

Analyze the Department

Examine how effective your present team is. Think about their experience, quirks, and how they’d fit in with the team dynamic. Examine the current staffing setup, discuss how positions’ responsibilities might be realigned or increased to meet your security objectives, and outline how this would benefit team members’ long term professional development.

Great leaders don’t just delegate responsibility; they also name their successors. Choose a reliable second in command within the first month. It’s not crucial to assign a specific individual to this role right once, but knowing whether or not the necessary skills are already present and need to be nurtured is critical. Who could step in to do your job if something went wrong? Consider who you already have on staff who may be groomed for the position or who you would need to hire from the outside.

Evaluate Your Tools

Your security approach will be as good as the tools you employ, which is why good tools are so crucial. Think about your organization’s security stack tools and why they were acquired. Determine how many resources each SOC team member needs to perform their duties, and be sure to document any complaints they may have properly. Consider how many of your security suite’s components are creaking in old age. Old tools often do more harm than good. Think about the business case for upgrading or replacing outdated software with cutting edge security features specifically designed to meet the demands of your company.

The duties and obligations of a CISO demand certain expertise, and the position itself demands much more. Meeting legal standards, assisting with company operations, and making business choices linked to IT security are just some of the activities and responsibilities a CISO may take on, depending on the industry or the organization’s size. Years of technical experience, team management skills, strong leadership abilities, and in-depth knowledge of industry related compliance standards and laws are just a few attributes needed to become a CISO and succeed.

The post How to Succeed As a New Chief Information Security Officer (CISO) appeared first on IT Security Guru.

The Covid-19 pandemic has changed the world significantly. Businesses have now realized that the world needs to be digitized. It is mainly why the trend of brick-and-mortar stores is nearly over and businesses are now switching to digital modes, creating websites and getting into e-commerce. 

Not just that, people have also realized the significance of social media platforms. During the Covid-19 pandemic when the entire world was in lockdown, social media platforms played a critical role in keeping the world connected. They not only helped you stay updated with your surroundings but also to stay connected with your loved ones. 

However, in all this fuss and mess, cybersecurity issues increased. Yes, cybersecurity has become a major concern, and sadly, it’s still overlooked. It affects everyone, including businesses and individuals; thus, everyone needs to be careful. Let’s talk about the significance of cybersecurity today and see how you can increase data security and privacy.

Why is Cybersecurity Important?

Cybersecurity is extremely important for both businesses and individuals. It can protect your personal and work data from all kinds of damage and theft. From industry and governmental information to intellectual property, personal information, protected health information (PHI), and personally identifiable information (PII), everything is covered with cybersecurity. 

Due to all these reasons, having a cybersecurity plan is a must, whether it’s for individual use or your business. Having a cybersecurity plan ensures that you remain protected against data breaches, phishing scams, and other cybercrimes. It works well against both residual risk and inherent risk.

That being said, different countries across the globe are now highlighting cybersecurity issues. One great example is GDPR that has enhanced the reputable damage of cyber-attacks and data leaks by making organizations working in the European Union to: 

• Anonymize user identity and data to increase privacy; 
• Ask for user consent before sending or receiving all kinds of information; 
• Hire a cybersecurity officer; and,
• Report data leaks and other security issues.

Ways to Improve Data Security and Privacy

Now that we’ve established how important cybersecurity is, let’s find out how we can improve data security and privacy. Thankfully, there are many ways to stay on the safer side. The following tips work for both businesses and individuals, so start practicing them today: 

Frequently Change Your Passwords

A common mistake most people make at home and work is not changing their passwords frequently and keeping the simplest password so that it could be remembered easily. One thing you should know here is that simple passwords are easier to crack; therefore, setting up a complex password is necessary. 

The second thing is you must change your passwords frequently, at least once a month. Whether it’s your personal or work email address, change the password every month. On top of that, turn on two factor authentication. You can connect it to your mobile number or any mobile application like YouTube. It will send you a confirmation message or OTP code every time you try to log in.

Use a VPN 

Using a VPN is essential when working with sensitive data or files. It can protect your personal or work-related files by providing you with complete anonymity. A VPN removes your IP address and switches your location. All you need to do is switch it on every time you connect to an internet network. 

For added security, I suggest you protect your entire network with a secure VPN router. Fortunately, thanks to the growing technology, many VPNs are available that provide safety to your entire network. Using one keeps filtering the traffic and ensures nobody gets to you via your location or IP address.

Avoid Using Public Wi-Fi 

As mentioned earlier, securing the entire network is better than securing your device. Adding to it, you must stick to your private internet connection and avoid using public Wi-Fi, especially when working on something sensitive or confidential. 

Public Wi-Fis get hacked easily and most of them ask for personal information like email address and contact number before providing you with an internet connection. Not to mention, they keep your personal data saved which can present a lot of problems.

The Takeaway 

Winding it up, I want you to know that it’s impossible to completely avoid the risks of cyber-attacks or hacking; however, if you keep taking the precautionary measures, you can successfully minimize those risks. Also, be sure to stay mindful when browsing the internet and don’t give out your personal information anywhere. 

The post The Importance of Data Security and Privacy for Individuals and Businesses in the Digital Age appeared first on IT Security Guru.

Cymulate, the leader in cybersecurity risk validation and exposure management, today released the company’s “2022 Cybersecurity Effectiveness Report” which analyzed the results of over a million security posture validation assessments, including 1.7 million hours of offensive cybersecurity testing within Cymulate’s production environments.

The report provides critical insights in global cybersecurity effectiveness, critical findings and top attack tactics, techniques, and procedures (TTPs). The report delves into the efficacy of different security controls, the most concerning threats as tested by organizations worldwide, and top cybersecurity best practices for 2023.

Report key takeaways include:

• Many organizations are testing for trending threats at the expense of ones they are more likely to experience – organizations are actively testing against threats seen in the news, likely from pressure to report on their exposure risk to emergent threats. This is a good, up to the point where it takes away from assessing threats and exposures that are more likely actively targeting the business. Businesses that used scheduled and full kill-chain testing demonstrated the broadest testing coverage and the most in- depth validation when they added advanced scenario testing to their programs.
• Known and cataloged industry-wide security issues remain unaddressed – 40% of the top 10 CVEs identified most by Vulnerability Management platforms were over two years old yet remain unpatched. A significant number of organizations are not testing against more widely recognized threats such as ProxyNotShell and Emotet that continue to persist and are apt to cause the most harm if not remediated.
  • The effectiveness of data protection measures has declined – jumping from 30 to 44 in 2022, the average data exfiltration risk score has worsened considerably. Network and Group Policies have had a positive impact on prevention of data exfiltration, which has driven attackers to resort to alternative exfiltration methods.
  • 92% of the top 10 exposures are related to domain and email security – in 2022, the top 10 exposures detected by Cymulate’s External
  Attack Surface Management (EASM) module showed most detected exposures were spread across domain security (59.3%) and email security (32.8%).
• Breach and Attack Simulation has had a significant positive impact on cyber resiliency.

When comparing the anonymized data between the first Endpoint Security assessment completed and the most recent assessments completed, significant improvements in risk reduction were seen when BAS testing was regularly performed. The improvements were seen consistently across customers of various industries and sizes.

“It’s understandable that organizations want to protect themselves against the major threats making headlines today,” said Carolyn Crandall, Chief Security Advocate for Cymulate. “But the findings of the Cybersecurity Effectiveness Report underscore the fact that many attackers aren’t using advanced new strategies— they’re continuing to find success using known tactics. Organizations need to shift their vulnerability management strategies to address these gaps by implementing Attack Surface Management tools for exposure assessment, Breach and Attack Simulation for security control efficacy validation, and Continuous Automated Red Teaming for more frequent penetration testing.”

“Organizations must understand their security posture to identify vulnerabilities and protect against cyber threats,” said David Neuman, senior analyst at TAG Cyber. “Cymulate’s release of findings from over one million security assessments and 1.7 million hours of testing provides valuable insights into common weaknesses and areas for improvement in cybersecurity. This data highlights the need for continuous security testing and risk assessments to stay ahead of emerging threats.”

The full Cymulate 2023 Cybersecurity Effectiveness Report can be found here.

Register for a webinar of the findings here.

The post Cymulate’s 2022 Cybersecurity Effectiveness Report reveals that organizations are leaving common attack paths exposed appeared first on IT Security Guru.

Software security company Synopsys have discovered a new remote code execution vulnerability (RCE) in the Pluck CMS system. Pluck is a content management system (CMS) implemented in PHP designed for setting up and managing your own website. Devised with ease of use and simplicity in mind, Pluck is best suited for running a small website.

Pluck CMS features an “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the user to upload JPEG, PNG, and GIF filetypes, which undergo a normalization process before being available on the site.

However, not is all as it seems within the system. As a result of a lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell.

Doing this leaves Pluck users – and the ecosystems they use the CMS to develop – vulnerable to attacks. A threat actor may choose to navigate to it directly to achieve RCE on the underlying web server. Administrator credentials for the Pluck CMS web interface are required to access the albums module feature, and are thus required to exploit this vulnerability. However, once these are acquired (which is entirely within a capable threat actor’s capabilities) they will have direct access.

After authenticating through the web interface, a threat actor would need to navigate to the albums module and create a sample album: Images uploaded to an album are subject to normalization via functions from the graphics library PHP-GD, preventing simple web-shell embedding techniques. However, it is possible to embed a web-shell into a JPEG image that will survive this normalization using the tool Jellypeg, create such a payload and upload it with an executable file extension (.php, .phar, etc.). Navigating to the uploaded file directly allows RCE.

The post Synopsys discover new vulnerability in Pluck Content Management System appeared first on IT Security Guru.

This week, Dole Food Company revealed that hackers behind a February ransomware attack have accessed the data of an undisclosed number of employees.

“In February of 2023, we were the victim of a sophisticated ransomware attack involving unauthorized access to employee information,” said Dole in a filing to the U.S. Securities and Exchange Commission (SEC) on Wednesday.

“Upon detecting the attack, we promptly took steps to contain the attack, retained the services of leading third-party cybersecurity experts and notified law enforcement.”

Jamie Akhtar, CEO & Co-Founder of CyberSmart commented “This story is a great illustration of the disruption a sophisticated ransomware attack can cause, particularly in a business with a lot of employees and sophisticated processes. It appears that the sheer number of staff Dole employs allowed the ransomware to spread like wildfire. However, it should also be said that Dole has handled the situation well. Despite some disruption, having a clear plan in place both for backup operations and notifying the relevant parties has allowed the company to minimise the damage.”

Jonathan Knudsen, head of global research at the Synopsys Cybersecurity Research Centre, added “In 2011, Marc Andreesen famously proclaimed, “Software is eating the world,” but a decade earlier Watts Humphrey beat him to the punch by saying, “Every business is a software business.”

“Software is the critical infrastructure of our time. Cyberattacks on food giant Dole are the latest illustration that software is the soft underbelly for our society. Cyberattacks on food, healthcare, energy, and every other critical infrastructure sector are a reminder that software risk is business risk. Organisations assess and manage risk from natural disasters, geopolitical turmoil, economic vicissitudes, and other types of hazards; savvy organisations recognize the risk posed by the software they use and take steps to minimise that risk.

“A holistic approach to security allows organisations to spend resources most effectively to reduce risk. This means ensuring that the processes for evaluating, procuring, configuring, operating, and maintaining software include security at every phase.

“Recognising that we cannot talk about software without also talking about security and risk is a vital first step toward building a better future.”

The post Dole confirms employee data was breached following February ransomware attack appeared first on IT Security Guru.

MyCena Security Solutions today announced the addition of a new feature to its MyCena Desk Center (MDC) platform, designed to stop credentials theft, fraud and social engineering in call centers, Business Process Outsourcing (BPOs) and customer service centers.

Customer service operations are a prime target for cybercriminals because they open the doors to millions of customers’ data.

Currently managers at call centers, BPOs and customer service centers give agents their passwords in clear text. The problem is once agents know the passwords, the organization no longer controls the life of those passwords, and these can be shared, sold, lost, social-engineered or phished without them knowing.

MyCena’s new solution addresses this challenge, as it removes security from the hands of employees and places it back in the hands of business leaders – where it belongs. MyCena’s latest feature allows operation managers to generate, manage and distribute encrypted passwords to all their agents, without the agents ever seeing, typing or knowing any of their passwords.

The solution makes targeting agents irrelevant for scammers, phishers and criminals. As agents no longer see or know the passwords to access data, they cannot write, type or share them by mistake or by intent, which significantly strengthens cybersecurity and data protection at the customer service center.

MyCena was the first cybersecurity company to identify the two key logic errors companies make internally that started the cycle of data breaches. First, companies allow each employee to make their own passwords to access their systems and data. Having given away control of access, they don’t know when passwords are phished, social engineered, shared, sold or reused in personal accounts. The majority of breaches – over 82% – use employees’ login credentials. That means 4 out of 5 breaches aren’t recognised as external threats by threat intelligence and detection tools, so they are completely missed.

The post MyCena Improves Customer Data Access Protection in Call Centers and BPOs appeared first on IT Security Guru.

New research released by Specops Software outlines the most common Fortune 500 company names that show up in compromised password data. The Specops research team analysed an 800 million password subset of the larger Breached Password Protection database to obtain these results. Among the top ten, popular household names like Coca-Cola (16,710 appearances), Starbucks (3,800 appearances) and McDonald’s (2,270 times) appear.

The most common Fortune 500 company to have been found among passwords in the subset was Williams, relating to Shermin Williams and/or Williams Sonoma. “Williams” appears over 72,000 times. The full list, which also includes Microsoft and Bank of America, can be found here.

The research focuses on Fortune 500 company names with more than 8 letters. Short company names naturally have more matches due to the short string of letters matching other words (e.g. while “GE” is a Fortune 500 company, looking for “ge” in compromised password data would match many unrelated phrases).

It is important to note that, despite the companies showing up in these lists, this in no way indicates that they’ve suffered a breach or that their specific passwords have been leaked.

Darren James, Senior Product Manager at Specops Software, explained the results further: “There are many reasons a company name can show up in a compromised password. Whether it’s because the company name overlaps with another word or a consumer is a big fan, the fact remains that these names are showing up within passwords on wordlists attackers are using to attack networks. Organisations would always be smart to block the use of their own organisation name in their users’ passwords with a custom dictionary.”

This research comes shortly after the release of the Specops annual Weak Password Report, which found that ‘password’ is still the most common term used by hackers to breach enterprise networks.

The post Fortune 500 Company Names Found in Compromised Password Data appeared first on IT Security Guru.

Apparently, the team at Ferrari may not have been up to speed with the latest ways to ensure your security is top priority. It was announced on Monday via a statement uploaded to their website that Ferrari was “recently contacted by a threat actor with a ransom demand related to certain client contact details”.

Ferrari then went on to say that it “will not be held to ransom” and that the best course of action was to inform their clients about the potential data exposure.

The Guru team reached out to some industry experts to understand their perspectives on the incident, and gain some valuable insights for companies looking to avoid this kind of incident in the future:

Christopher Handscomb, Solutions Engineer, EMEA, Centripetal:

“In today’s digital age, it’s becoming all too common for customer data to be breached & exfiltrated with alarming ease. This poses serious concerns for luxury good vendors and their clients alike.

From the company’s perspective, a data breach can result in severe reputational damage and even legal action, not to mention a loss of trust from consumers who may be reluctant to share their sensitive information again leading to an impact in sales.

On the other hand, consumers may find their personal information – including details on their wealth, status, employment, living arrangements, and more – shared with an unknown party, potentially leading to identity theft, financial fraud, or even physical harm.

The good news is that a rapidly growing number of cybersecurity experts are dedicated to defending against these malicious actors. However, companies must be proactive in their approach to securing essential infrastructure and safeguarding customer data.

It’s time for organisations to take a serious and proactive stance on cybersecurity before it’s too late.”

Brad Freeman, Director of Technology at SenseOn: 

“Like its cars, Ferrari is a highly sophisticated organisation with extensive research and development, racing, manufacturing and retail operations. However this complexity can provide more opportunities for an attacker to penetrate defences.The Ferrari data breach exposes the unique risk faced by high net worth individuals. This means compromised data may be worth significantly more than in a general data breach as attackers are likely to spend significant time crafting targeted attacks against its valuable clients.”

Michael White, technical director, and principal architect at the Synopsys Software Integrity Group:

 In this case it is not known whether any direct access to vehicles was involved in the attack, but this does highlight a notable concern for the future. The automotive industry is moving toward so-called ‘software defined vehicles’ (SDVs), meaning that many of the day to day driving experiences will rely upon extensive cloud hosted infrastructure and applications. The consequences of an attack in such an SDV environment would not just be leakage of data but in the worst case may even allow an attacker to manipulate functionality on the vehicle itself. This means that automotive OEMs such as Ferrari will need to place an increased focus on protecting so-called hybrid infrastructure, including web portals and mobile apps, from malicious attacks across the software supply chain.

Martin Jartelius, CSO at Outpost24:

“Largely as expected we see those incidents where an organization is pressured to pay as a means of silencing information on a breach, potentially leveraging the fear of GDPR fines as an element of extortion against organizations. As so far very little information is available it’s hard to determine what happened, but this does not appear to be a severe or remarkable event, it attracts more attention than it should due to the targeted organization’s brand than to the event itself.”

Javvad Malik, lead security awareness advocate at KnowBe4:

“Ransomware is a cyber pandemic that attacks all organisations regardless of size and vertical. It is why it’s important that all organisations need to put the pedal to the metal when it comes to ensuring they have the right cybersecurity controls in place. 

When it comes to ransomware, most attacks are successful through phishing, taking advantage of poor credentials, or by exploiting unpatched vulnerabilities. So as a bare minimum organisations should focus on these avenues of attack.”

The post Ferrari Data Breach: The Industry has its say appeared first on IT Security Guru.

The software of your business – and its protection – is crucial if you want to succeed in the business landscape. Around the world, as many as 30,000 businesses are hacked every day, with 64% of companies also experiencing a form of cyber attack. When it comes to small companies, too, 60% go out of business within six months of being targeted by a hacker. 

As system architecture increases in scale and complexity, however, it is becoming harder and harder for IT teams to keep track of every operation. Businesses can now exist in a multi-cloud environment which – although logical in terms of avoiding attacks – elevates the pressure on tracking and responding to any issues that take place. Businesses, therefore, have been searching for a single, good observability platform, allowing them to understand the internal states of their system with the ability to control unpredictability.

But what is observability, and why exactly is it crucial to your own business? In this article, we’ll take a look at the fundamentals of an observability platform, as well as the wide-ranging benefits for businesses operating in a diverse and complicated computing environment.

Observability Explained

The first thing to understand is that observability doesn’t necessarily refer to technology. This is a practice that involves a specific set of processes and tools that give a strong insight into a system. In terms of IT infrastructure, observability can measure the current state of a computer system based on the data that is generated, as well as logs, metrics and traces. 

The logs give knowledge on a sector of the codebase where a request was reached,as well as anything unusual in the processing of that request. They also capture attempts to access a codebase through the operating system itself. Metrics, on the other hand, provide measurements of the system’s characteristics, with traces providing visibility into code steps – for instance, demonstrating what service a request has negotiated before crashing. 

It does this through telemetry, which is derived from the endpoints and services of the computing environment. Within these environments, there are records of activity across every hardware, software and open-source tool, and through measuring logs, metrics and traces, observability strives to shed light on these environments so that your company can detect and solve any issues that might arise due to their complexity.

The Benefits Of Observability Explained

Of course, there are many benefits to this. For one, if your IT team is in control of each environment – with the ability to resolve discrepancies – then it keeps the system efficient, fast and reliable. This will also keep your customers happy. Slow systems – even outside of a multi-cloud environment – are enormously detrimental to a company, especially if customers are not provided with confidence in its security. 

This isn’t to say that problems won’t happen; observability – as mentioned previously – is not centred solely around technology, which means it won’t stop all the issues that might occur in a system. What it does, however, is speed up troubleshooting, reducing MTTA, MTTR and MTTI to ensure your systems are running smoothly. This, in turn, improves the end-user experience. Every business knows why customer satisfaction and loyalty are important, and this can be achieved in the software that you provide. 

As well as this – and potentially most importantly – observability helps your company detect vulnerabilities in authentication, as well as access control vulnerability, external dependency vulnerability and brute force attacks. By detecting these, you can shield yourself from hackers before they have even managed to find a way in. Once again, with a multi-cloud system being far more “open” and complicated, it is technically harder to barricade every aspect. As mentioned before, a large percentage of businesses that have been attacked go out of business within six months – financially motivated attacks have increased by 686% over the last eight years. For this reason, your company needs this visibility to be proactive rather than reactive, protecting yourself from its vulnerabilities before it’s too late.

Choosing Observability

Lastly, it is important to be aware of which observability platform to use. For any distributed system – or hybrid cloud – the chances of being the target of a cyber attack are high, meaning you need an observability platform that is suited to the complex system and can generate as much observable data as possible. 

As a company, you need to undertake as much research as possible to determine which platform is optimal for your specific system. A good way to tell if it’s right for you is by looking at the specific functions. For instance, it needs to be able to integrate all of your systems across each application stack, as well as capture real-time data and correlate them in a meaningful way. 

It also needs to be cost-effective. One of the reasons observability is growing more popular is due to the costs it can reduce for a company – as well as the time it takes to get to market – so it is important that you factor in the cost of observability itself. Above all, however, it should aid users with a strong, easy-to-use and secure interface, ensuring the experience is as smooth and dependable as possible.

The post What Is Observability, And Why Is It Crucial To Your Business? appeared first on IT Security Guru.

As information technology continues to evolve, more and more people are penetrating cyberspace. Most organizations, companies, individuals, and even governments are now doing their activities in the digital world. This allows them to enjoy great benefits such as instant access from anywhere, less usage costs, and worldwide reach.

A lot of internet users cannot imagine having a life without technology or access to e-ticket booking, e-commerce, online banking, the latest news, or getting in touch with their family and friends using online communication or through social media. But is it always safe to surf the internet? What type of threats could you possibly encounter? Can the risks be reduced with the help of virtual reality?

What is Virtual Reality?

Virtual Reality (VR) refers to the three-dimensional image developed by the computer or other types of devices. VR offers us with different types of objects and at the same time it can also depict various events. Virtual reality can either be fictional or based on real-world elements. 

How Does Immersive Technology Affect Cybersecurity?

Unfortunately, cyber threats continue to develop and yet there is a shortage of experts that can help in spreading awareness and fighting the growth of cyber threats. Based on the recent study, the rise of data breaches is caused by the lack of cybersecurity professionals, non-technical staff, as well as the lack of proper training. That is why it is important to ensure safety on multiple devices with a VPN. Immersive technology can greatly help in this problem since it can train staff and spread cybersecurity awareness. 

In fact, some companies have started to train their employees using AR and VR-based gamification. As a result, employees are now ready to face cyber threats and solve the issue. Using both AR and VR can help organizations in training their employees which can be beneficial and practical.

Use AR for Cybersecurity Training 

Using AR, you can provide your staff with an interactive educational learning platform that can be customized based on the learning needs of the individual. It allows employees to experience appropriate and realistic training. These are highly interactive programs that can help users in recognizing and mitigating cyber threats. Furthermore, since this is an interactive training, then it can help in encouraging employees to keep themselves engaged with the training.

Use VR for Cybersecurity Training 

Just like AR, VR can also help organizations in solving the problem of shortage in cybersecurity awareness and training. With the help of VR-based training programs, users will be able to experience prevailing cyber threats such as phishing by using a VR headset. As a result, users will be less vulnerable to these cyber threats. Immersive technology can also be valuable for those who are interested in having a career in cybersecurity. As a result, there will be more skilled cybersecurity professionals.

Does Immersive Technology Have Security and Privacy Risks?

Although immersive technology is very valuable to organizations in developing effective cybersecurity programs, these technologies also have some significant risks. The headsets or other devices that are used in immersive technology come with various sensors that gather information about the wearer. These AR/VR devices are capable of recording movements, sounds, and surroundings of the user. Keep in mind that this contains relevant information about the wearer.

This information can be valuable to advertisers, however, it could also pose a threat to cybercriminals who might intercept this valuable information. Furthermore, organizations that are using immersive technology for training their employees could access their telemetry data which can be used in monitoring their performance. As a result, this could potentially lead to privacy issues.

Since these AR/VR tools are very vulnerable, they come with the greatest risk. Just like any other IoT devices such as ChatGPT and Bard, these devices focus more on serving their purpose rather than protecting privacy. Hence, they become a vulnerable target for malware attacks. Since these devices are remotely activated, then your company will always be at risk.

Conclusion

As the popularity of VR and AR continues to rise, it is expected that more and more organizations will be seeking professionals that have working knowledge of immersive technologies and any other innovative technologies.

Ultimately, these immersive tools are geared towards the future, however, organizations must make sure that their staff are well versed on the challenges brought about by these virtual environments. These emerging technologies can greatly affect risk management recruitment.

The post How Emerging Trends in Virtual Reality Impact Cybersecurity appeared first on IT Security Guru.

If you can believe it, it’s been a decade since the annual European Cybersecurity Blogger Awards initially launched in 2013! That’s ten years of celebrating the bloggers, vloggers, podcasters and social media influencers who have played a fundamental role in shaping the cybersecurity community as well as educating the wider public. Organised by Eskenzi PR, and sponsored by KnowBe4 and Keeper Security, we are pleased to announce that the highly-anticipated awards are back this year and, once again, open for nominations.

Don’t forget to nominate your favourite blog/vlog/podcast to ensure they’re in the running (or if you think you deserve to make the shortlist, go ahead and put yourself forward)! Stand a chance to be named a winner alongside renowned blogging and podcast stars such as Troy Hunt, the creator of Have I Been Pwned, Graham Cluley, Carole Theriault and Geoff White.  

Head over to the following page to nominate: https://forms.gle/bqAemM6gBWVE1QPN6

Or for more information: https://www.eskenzipr.com/european-cybersecurity-blogger-awards/

We’ll be awarding worthy recipients titles such as The Noobs for best new blog/podcast, The Teacher for the best educational blog, the Tech Whizz for the best technical blog and the Best Social Media Account to Follow.

Nominations will close on Thursday, the 20th of April 2023. A shortlist will then be revealed, and opened to the public vote. We’ll tally these results and combine them with the judge’s top picks to determine the winners. Finally, the process will culminate at a live, in-person event at Tapa Tapa restaurant, next door to the ExCel Conference Centre, on the first evening of Infosecurity Europe (20th June 2023).

It’s bound to be a fun evening, with tapas on offer and drinks for all (thanks to our sponsors, it’s also completely free of charge!). So what are you waiting for, get nominating and save the date in your diary now.

The post Nominations are Open for 2023’s European Cybersecurity Blogger Awards appeared first on IT Security Guru.

The UK has announced a ban on TikTok on government phones, becoming the latest country to have banned the Chinese-owned video app over raised security concerns.

The microscope has been on TikTok in recent months and has come under increased scrutiny due to fear is that user data from the app owned by Beijing-based company ByteDance could end up in the hands of the Chinese government.

The ban is in place with immediate effect following a security review ordered by ministers and is part of a wider range of restrictions brought in for third-party apps on government devices. The strict measures have been brought in to improve cyber hygiene, protect sensitive data that government officials have access to as well to prevent location data harvesting.

In recent months, many countries have brought in law to ban TikTok from government-owned devices including the US, Canada and the European Commission.

When the announcement was made, the cybersecurity community was quick to provide thoughts and insight…

Javvad Malik, lead security awareness advocate at KnowBe4:

It appears as if the UK is following in the steps of the European unions ban on TikTok on government devices. Risk assessments need to be undertaken and any apps which pose a threat to the government should be removed. However, there is a lack of transparency in these efforts and no real indication is given as to the actual data which is collected by TikTok and who it is shared with and for which purposes. If we were to apply this principle to other social media sites, and mobile apps in general, then many of the apps would not pass this bar. If there is a political risk, then this should be stated so that others can make informed risk decisions too, rather than using the blanket term that is being done for cybersecurity reasons – because most apps will collect data and transmit it to third parties. 

Tom Davison, Senior Director Engineering International at Lookout:

The post TikTok to be banned from UK Government Phones appeared first on IT Security Guru.

When you think of cybersecurity threats, what comes to mind? If you pictured faceless criminals (or a team of them) in a dimly-lit headquarters working tirelessly to steal your most precious digital assets, you’re not alone. Yet, cybercrime doesn’t always look like a scene from a Hollywood movie.

Sometimes, cyber threats are closer to home, making them all the more surprising (and frustrating) for many organizations. They’re called insider threats, and you need to pay special attention to ensure you – and your data – don’t fall victim.

The threat landscape

Organizations are wise to prioritize cybersecurity strategy and adequate budgeting to protect their networks and valuable private data. Cybercrime is predicted to reach an alarming $10.5 trillion by 2025, making it a lucrative business venture for opportunistic criminals worldwide.

DDoS, SQL injections, supply chain attacks, DNS tunneling – all pervasive attacks that can arrive on your doorstep anytime. But your strategy is incomplete if you only secure the perimeter and do not address internal risks.

Insider threats are on the rise, and they’re particularly risky as they’re less often reported. Estimates state that over 70% of insider attacks never reach the headlines. As such, organizations cannot learn from their peers’ mistakes or oversights.

What is an insider threat?

Indisputably one of the most underestimated risks to organizations, insider threats are defined by CISA as “the potential for an insider to use their authorized access or understanding of an organization to harm that organization.”

Insider threats are, at their most basic, those that come from within your organization. End users with privileged access present unique risks to your network and data. Insider threats are particularly challenging to protect against as users may have access controls and particular familiarity with internal processes and procedures that enable them to navigate without raising suspicions. As such, insider attacks often go undetected until long after the breach.

Types of insider threats to look out for

Insider threats amount to attacks via employee user accounts. But that doesn’t always mean that a disgruntled employee or opportunistic bad seed is infiltrating the system and reaping the rewards. Sometimes, even the employee may not realize they’ve been a pawn in someone’s scheme until it’s too late.

Remember that insiders include third-party vendors, consultants, business partners, and others outside the organization with access to systems and networks.

Here are the two types of insider threats to be aware of:

Acts of negligence

Insider threats as a result of negligence are incidental. Naive or careless employees pose a significant threat to security, as it only takes one wrong decision to deliver information into the wrong hands.

Particular attacks include:

Phishing and spear phishing attacks, in which criminals purport to be a trusted source and solicit information from their target. Spear phishing attacks are particularly hazardous as attackers take time, do their research, and approach employees with a particularly well-informed demand under the guise of an official request.

CEO fraud is similar to spear phishing but takes things one step further by first gaining control of an email account of a c-suite employee. These requests are typically directed toward accounting departments to make sizeable financial transfers or payments.

Negligent behavior may not begin as an attack from an outsider. Instead, this can include taking physical devices to insecure places where they could fall into the wrong hands. In 2022, burglars stole a hard drive from a US Military analyst, exposing the personal details of more than 26 million veterans.

Acts of malicious intent

Unfortunately, sometimes the attacks originate on the inside. Disgruntled employees or contractors have been known to take advantage of their privileged access to reap personal rewards.

Malicious insiders may steal financial information, intellectual property (IP), or personally identifiable information (PII) they intend to trade for their financial benefit or use for competitive advantage. For example, after leaving the company in 2020, a former Google employee was jailed for taking trade secrets to Uber, his new employer. In 2019, an engineer breached Capital One’s systems and stole 100 million customer records and hundreds of thousands of social security numbers and bank details.

Keys to prevention

As leading data protection vendor Cyberhaven states, “Organizations must be able to address the risks from malicious insiders who intentionally steal sensitive data for personal reasons as well as users who can accidentally expose information due to negligence or simple mistakes.”

The key to mitigating risk is a proactive approach and a risk-aware culture. Consider these elements when designing your security strategy:

• Implement threat detection tools to detect non-standard behavior or access and risk assessments to identify areas of concern.
• Threat detection can also come via peer reports and employee diligence. Your organization should have a straightforward procedure for whistleblowing if employees are concerned about their peers’ behavior.
• User account administration is the best chance you stand against insider threats. Less privilege ensures employees have only the access required to perform their functions. Separation of duties guarantees no single user has access to all aspects of a system or process.
• Designing a risk-aware culture, including user training and education, is a first line of defense for preventing threats. Ensure cybersecurity is part of your organization’s day-to-day lexicon so that users know what to look out for and where to report risks when they arise.

Should an insider threat arise, ensure you do more than address the end user themselves. Insider threats point to where you can strengthen your systems or policies, regardless of whether the attack succeeds. Truly secure organizations regularly update their security approach to stay ahead of risks.

—

About the Author: Having spent her career in various capacities and industries under the “high tech” umbrella, Stefanie Shank is passionate about the trends, challenges, solutions, and stories of existing and emerging technologies. A storyteller at heart, she considers herself one of the lucky ones: someone who gets to make a living doing what she loves. Stefanie is also a writer for Bora.

The post Should Your Organization Be Worried About Insider Threats? appeared first on IT Security Guru.

Salt Security, the API security company, is working with Guild Education, the leader in opportunity creation for America’s workforce, to implement the Salt Security API Protection Platform to secure its growing application programming interface (API) ecosystem. Guild relies on APIs for the exchange of private and sensitive student, employer, and school data across its Career Opportunity Platform. With the Salt platform, Guild gains automatic and continuous API visibility, insights into potential data exposure, and API runtime protection to ensure the safety of its customers’ critical data.

“Guild supports workers, companies, and educational organisations to build new career opportunities and address increasing talent shortages. Keeping employee, employer, and school data secure has always been a top priority,” said Julie Chickillo, VP, head of security, Guild Education. “The visibility we get with Salt eliminates blindspots, allowing us to better protect the critical and personal information – including employer eligibility updates, student loan reimbursement data, and program applications – being shared via our APIs.”

Although Guild looked at other API security solutions, Salt provided the most actionable insights and the most mature platform. Leveraging the robust Salt API security platform, Guild gains:

• Discovery of shadow APIs – to ensure a complete and accurate API inventory and understand what unknown APIs might exist that could pose security risks 
• Attack prevention – the most proven algorithms in API security to pinpoint attacker reconnaissance activity, even drawn out over days and weeks, and stop attackers before they reach their objective
• API security testing – to gain vulnerability insights in pre-production, empowering the Guild development team to improve the security posture of its new APIs 

According to the Salt Security State of API Report, Q3 2022, over one third of organisations have experienced more than 100 attempted API attacks per month. Salt Security enables Guild to easily monitor and analyse all API traffic, maintaining an up-to-date view of their entire attack surface. 

The Salt Security platform enables organizations to catalogue their APIs, see where they expose sensitive data, detect and block API attackers, scan and test APIs, and provide remediation insights that developers can use to harden APIs and improve the security posture over time. Through its patented API Context Engine (ACE) architecture, the platform can identify the early indicators of an attack, stop attackers from advancing and turn attackers into penetration testers, leading to valuable feedback for security teams to identify and eliminate API vulnerabilities.

The post Guild Education controls API abuse with Salt Security appeared first on IT Security Guru.