Security Posts

Infocon: green

SANS Internet Storm Center, InfoCON: green - Mié, 2022/06/15 - 03:46
Microsoft June 2022 Patch Tuesday
Categorías: Security Posts

Follina gets fixed – but it’s not listed in the Patch Tuesday patches!

Naked Security Sophos - Mié, 2022/06/15 - 03:20
We tried it out to make sure, so you don't have to.
Categorías: Security Posts

Botched and silent patches from Microsoft put customers at risk, critics say

ArsTechnica: Security Content - Mié, 2022/06/15 - 02:27
Enlarge (credit: Drew Angerer | Getty Images) Blame is mounting on Microsoft for what critics say is a lack of transparency and adequate speed when responding to reports of vulnerabilities threatening its customers, security professionals said. Microsoft's latest failing came to light on Tuesday in a post that showed Microsoft taking five months and three patches before successfully fixing a critical vulnerability in Azure. Orca Security first informed Microsoft in early January of the flaw, which resided in the Synapse Analytics component of the cloud service and also affected the Azure Data Factory. It gave anyone with an Azure account the ability to access the resources of other customers. From there, Orca Security researcher Tzah Pahima said, an attacker could:Read 8 remaining paragraphs | Comments
Categorías: Security Posts

New Tool: dns-query-async.py

Didier Stevens - Mié, 2022/06/15 - 02:00
dns-query-async.py is a tool to perform DNS queries in parallel. This is the man page: Usage: dns-query-async.py [options] command file Program to perform asynchronous DNS queries accepted commands: gethost,getaddr Source code put in the public domain by Didier Stevens, no Copyright Use at your own risk https://DidierStevens.com Options: --version show program's version number and exit -h, --help show this help message and exit -m, --man Print manual -o OUTPUT, --output=OUTPUT Output to file (# supported) -s NAMESERVERS, --nameservers=NAMESERVERS List of nameservers (,-separated) -n NUMBER, --number=NUMBER Number of simultaneous requests (default 10000) -t TRANSFORM, --transform=TRANSFORM Transform input (%%) Manual: This tool performs asynchronous DNS queries. By default, it will perform 10000 queries simultaneously. The first argument is a command. There are 2 commands for the moment: gethost and getaddr The second argument is a filename: a text file containing the items to resolve. Use command getaddr to lookup the IP address of the hostnames provided in the input file. Example: dns-query-async.py getaddr names.txt Result: didierstevens.com,1,96.126.103.196 didierstevenslabs.com,1,96.126.103.196 Duration: 0.20s Use command gethost to lookup the hostnames of the IP addresses provided in the input file. Example: dns-query-async.py gethost ips.txt Use option -s to provide the name servers to use (comma separated list). Use option -n to change the number of asyncio workers (10000 default). Use option -t to transform the input list and perform lookups. For example, take list of subdomains/hostnames https://github.com/m0nad/DNS- Discovery/blob/master/wordlist.wl Issue the following command: dns-query-async.py -t %%.example.com getaddr wordlist.wl Result: 0.example.com,0,Domain name not found 009b.example.com,0,Domain name not found 01.example.com,0,Domain name not found 02.example.com,0,Domain name not found 03.example.com,0,Domain name not found 1.example.com,0,Domain name not found 10.example.com,0,Domain name not found 101a.example.com,0,Domain name not found The %% in %%.example.com is replaced by each hostname/subdomain in wordlist.wl and then resolved. Use option -o to write the output to a file. dns-query-async_V0_0_1.zip (http)
MD5: 5F4253B06EC0C6F6EC8E1DFDB1886164
SHA256: D06D776F7B0042EFD5BFAB5CE32EAFDF6FFB85F1C85BB227156638060B639D33
Categorías: Security Posts

Ransomware Group Debuts Searchable Victim Data

Krebs - Mar, 2022/06/14 - 21:53
Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally published any stolen victim data on the Dark Web. Today, however, the group began publishing individual victim websites on the public Internet, with the leaked data made available in an easily searchable form. The ALPHV site claims to care about people’s privacy, but they let anyone view the sensitive stolen data. ALPHV recently announced on its victim shaming and extortion website that it had hacked a luxury spa and resort in the western United States. Sometime in the last 24 hours, ALPHV published a website with the same victim’s name in the domain, and their logo on the homepage. The website claims to list the personal information of 1,500 resort employees, and more than 2,500 residents at the facility. At the top of the page are two “Check Yourself” buttons, one for employees, and another for guests. Brett Callow, a threat analyst with security firm Emsisoft, called the move by ALPHV “a cunning tactic” that will most certainly worry their other victims. Callow said most of the victim shaming blogs maintained by the major ransomware and data ransom groups exist on obscure, slow-loading sites on the Darknet, reachable only through the use of third-party software like Tor. But the website erected by ALPHV as part of this new pressure tactic is available on the open Internet. “Companies will likely be more concerned about the prospect of their data being shared in this way than of simply being posted to an obscure Tor site for which barely anyone knows the URL,” Callow said. “It’ll piss people off and make class actions more likely.” It’s unclear if ALPHV plans to pursue this approach with every victim, but other recent victims of the crime group include a school district and a U.S. city. Most likely, this is a test run to see if it improves results. “We are not going to stop, our leak distribution department will do their best to bury your business,” the victim website reads. “At this point, you still have a chance to keep your hotel’s security and reputation. We strongly advise you to be proactive in your negotiations; you do not have much time.” Emerging in November 2021, ALPHV is perhaps most notable for its programming language (it is written in Rust). ALPHV has been actively recruiting operators from several ransomware organizations — including REvilBlackMatter and DarkSide — offering affiliates up to 90 percent of any ransom paid by a victim organization. Many security experts believe ALPHV/BlackCat is simply a rebrand of another ransomware group — “Darkside” a.k.a. “BlackMatter,” the same gang responsible for the 2021 attack on Colonial Pipeline that caused fuel shortages and price spikes for several days last summer. Callow said there may be an upside to this ALPHV innovation, noting that his wife recently heard directly from a different ransomware group — Cl0p. “On a positive note, stunts like this mean people may actually find out that their PI has been compromised,” he said. “Cl0p emailed my wife last year. The company that lost her data still hasn’t made any public disclosure or notified the people who were impacted (at least, she hasn’t heard from the company.)”
Categorías: Security Posts

Murder suspect admits she tracked cheating partner with hidden AirTag

Naked Security Sophos - Mar, 2022/06/14 - 20:49
O! What a tangled web we weave, when first we practise to deceive.
Categorías: Security Posts

Microsoft Patch Tuesday for June 2022 — Snort rules and prominent vulnerabilities

Cisco Talos - Mar, 2022/06/14 - 20:47
By Chetan Raghuprasad. Microsoft released its monthly security update Tuesday, disclosing 55 vulnerabilities in the company’s firmware and software. One of these vulnerabilities is considered critical, 40 are listed as high severity, and the remainder is considered "moderate."  The most...

[[ This is only the beginning! Please visit the blog for the complete entry ]]
Categorías: Security Posts

Microsoft June 2022 Patch Tuesday, (Tue, Jun 14th)

SANS Internet Storm Center, InfoCON: green - Mar, 2022/06/14 - 20:44
This month we got patches for 60 vulnerabilities. Of these, 3 are critical, none previously disclosed, and none being exploited according to Microsoft. The highest CVSS this month (9.8) is associated with a Remote Code Execution (RCE) vulnerability affecting Windows Network File System (CVE-2022-30136). This vulnerability is not exploitable in NFSV2.0 or NFSV3.0. According to the advisory, disabling NFSV4.1 mitigates the vulnerability. The exploitability for this vulnerability is ‘More Likely’. Interestingly, last month (May/2022) we had a similar CVE affecting NFS (CVE-2022-26937) which, on the contrary, affected versions NFSV2.0 and NFSV3.0 and not NFSV4.1. A second critical vulnerability worth mentioning is an RCE on Windows Hyper-V (CVE-2022-30163). According to the advisory, “to exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code”. The attack complexity is high. The CVSS score for this vulnerability is 8.5. Although Follina's vulnerability CVE is not listed in June 2022 Patch Tuesday, the vulnerability advisory (CVE-2022-30190) recommends installing the June updates as soon as possible to fix the 0-day. Official Microsoft Guidance on CVE-2022-30190 is available at Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability – Microsoft Security Response Center. See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com. Description CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG) .NET and Visual Studio Information Disclosure Vulnerability %%cve:2022-30184%% No No Less Likely Less Likely Important 5.5 5.0 AV1 Video Extension Remote Code Execution Vulnerability %%cve:2022-30167%% No No Less Likely Less Likely Important 7.8 6.8 %%cve:2022-30193%% No No Less Likely Less Likely Important 7.8 6.8 Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability %%cve:2022-29149%% No No Less Likely Less Likely Important 7.8 7.0 Azure RTOS GUIX Studio Information Disclosure Vulnerability %%cve:2022-30180%% No No Less Likely Less Likely Important 7.8 7.0 Azure RTOS GUIX Studio Remote Code Execution Vulnerability %%cve:2022-30177%% No No Less Likely Less Likely Important 7.8 7.0 %%cve:2022-30178%% No No Less Likely Less Likely Important 7.8 7.0 %%cve:2022-30179%% No No Less Likely Less Likely Important 7.8 7.0 Azure Service Fabric Container Elevation of Privilege Vulnerability %%cve:2022-30137%% No No Less Likely Less Likely Important 6.7 6.0 Chromium: CVE-2022-2007 Use after free in WebGPU %%cve:2022-2007%% No No - - -     Chromium: CVE-2022-2008 Out of bounds memory access in WebGL %%cve:2022-2008%% No No - - -     Chromium: CVE-2022-2010 Out of bounds read in compositing %%cve:2022-2010%% No No - - -     Chromium: CVE-2022-2011 Use after free in ANGLE %%cve:2022-2011%% No No - - -     HEVC Video Extensions Remote Code Execution Vulnerability %%cve:2022-29111%% No No Less Likely Less Likely Important 7.8 6.8 %%cve:2022-22018%% No No Less Likely Less Likely Important 7.8 6.8 %%cve:2022-30188%% No No Less Likely Less Likely Important 7.8 6.8 %%cve:2022-29119%% No No Less Likely Less Likely Important 7.8 6.8 Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR) %%cve:2022-21123%% No No Less Likely Less Likely Important     Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS) %%cve:2022-21125%% No No Less Likely Less Likely Important     Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update) %%cve:2022-21127%% No No Less Likely Less Likely Important     Intel: CVE-2022-21166 Device Register Partial Write (DRPW) %%cve:2022-21166%% No No Less Likely Less Likely Important     Kerberos AppContainer Security Feature Bypass Vulnerability %%cve:2022-30164%% No No Less Likely Less Likely Important 8.4 7.3 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability %%cve:2022-30166%% No No Less Likely Less Likely Important 7.8 6.8 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability %%cve:2022-22021%% No No Less Likely Less Likely Moderate 8.3 7.2 Microsoft Excel Remote Code Execution Vulnerability %%cve:2022-30173%% No No Unlikely Unlikely Important 7.8 6.8 Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability %%cve:2022-30154%% No No Less Likely Less Likely Important 5.3 4.6 Microsoft Guidance on Intel Processor MMIO Stale Data Vulnerabilities ADV220002 No No Less Likely Less Likely       Microsoft Office Information Disclosure Vulnerability %%cve:2022-30159%% No No Less Likely Less Likely Important 5.5 4.8 %%cve:2022-30171%% No No Less Likely Less Likely Important 5.5 4.8 %%cve:2022-30172%% No No Less Likely Less Likely Important 5.5 4.8 Microsoft Office Remote Code Execution Vulnerability %%cve:2022-30174%% No No Less Likely Less Likely Important 7.4 6.4 Microsoft Photos App Remote Code Execution Vulnerability %%cve:2022-30168%% No No Less Likely Less Likely Important 7.8 6.8 Microsoft SQL Server Remote Code Execution Vulnerability %%cve:2022-29143%% No No Less Likely Less Likely Important 7.5 6.5 Microsoft SharePoint Server Remote Code Execution Vulnerability %%cve:2022-30157%% No No Less Likely Less Likely Important 8.8 7.7 %%cve:2022-30158%% No No Unlikely Unlikely Important 8.8 7.7 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability %%cve:2022-30160%% No No More Likely More Likely Important 7.8 6.8 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability %%cve:2022-30151%% No No Less Likely Less Likely Important 7.0 6.1 Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability %%cve:2022-30189%% No No Less Likely Less Likely Important 6.5 5.9 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability %%cve:2022-30131%% No No Less Likely Less Likely Important 7.8 6.8 Windows Container Manager Service Elevation of Privilege Vulnerability %%cve:2022-30132%% No No Less Likely Less Likely Important 7.8 6.8 Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability %%cve:2022-30150%% No No Less Likely Less Likely Important 7.5 6.5 Windows Desired State Configuration (DSC) Information Disclosure Vulnerability %%cve:2022-30148%% No No Less Likely Less Likely Important 5.5 4.8 Windows Encrypting File System (EFS) Remote Code Execution Vulnerability %%cve:2022-30145%% No No Less Likely Less Likely Important 7.5 6.5 Windows File History Remote Code Execution Vulnerability %%cve:2022-30142%% No No Less Likely Less Likely Important 7.1 6.2 Windows Hyper-V Remote Code Execution Vulnerability %%cve:2022-30163%% No No Less Likely Less Likely Critical 8.5 7.4 Windows Installer Elevation of Privilege Vulnerability %%cve:2022-30147%% No No More Likely More Likely Important 7.8 6.8 Windows Kerberos Elevation of Privilege Vulnerability %%cve:2022-30165%% No No Less Likely Less Likely Important 8.8 7.7 Windows Kernel Denial of Service Vulnerability %%cve:2022-30155%% No No Less Likely Less Likely Important 5.5 4.8 Windows Kernel Information Disclosure Vulnerability %%cve:2022-30162%% No No Less Likely Less Likely Important 5.5 4.8 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability %%cve:2022-30141%% No No Less Likely Less Likely Important 8.1 7.1 %%cve:2022-30143%% No No Less Likely Less Likely Important 7.5 6.5 %%cve:2022-30149%% No No Less Likely Less Likely Important 7.5 6.5 %%cve:2022-30153%% No No Less Likely Less Likely Important 8.8 7.7 %%cve:2022-30161%% No No Less Likely Less Likely Important 8.8 7.7 %%cve:2022-30139%% No No Less Likely Less Likely Critical 7.5 6.5 %%cve:2022-30146%% No No Less Likely Less Likely Important 7.5 6.5 Windows Media Center Elevation of Privilege Vulnerability %%cve:2022-30135%% No No Less Likely Less Likely Important 7.8 6.9 Windows Network Address Translation (NAT) Denial of Service Vulnerability %%cve:2022-30152%% No No Less Likely Less Likely Important 7.5 6.5 Windows Network File System Remote Code Execution Vulnerability %%cve:2022-30136%% No No More Likely More Likely Critical 9.8 8.5 Windows SMB Denial of Service Vulnerability %%cve:2022-32230%% No No Less Likely Less Likely Important     Windows iSCSI Discovery Service Remote Code Execution Vulnerability %%cve:2022-30140%% No No Less Likely Less Likely Important 7.1 6.2 --
Renato Marinho
Morphus Labs| LinkedIn|Twitter (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categorías: Security Posts

A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys

ArsTechnica: Security Content - Mar, 2022/06/14 - 19:00
Enlarge Microprocessors from Intel, AMD, and other companies contain a newly discovered weakness that remote attackers can exploit to obtain cryptographic keys and other secret data traveling through the hardware, researchers said on Tuesday. Hardware manufacturers have long known that hackers can extract secret cryptographic data from a chip by measuring the power it consumes while processing those values. Fortunately, the means for exploiting power-analysis attacks against microprocessors is limited because the threat actor has few viable ways to remotely measure power consumption while processing the secret material. Now, a team of researchers has figured out how to turn power-analysis attacks into a different class of side-channel exploit that's considerably less demanding. Targeting DVFS The team discovered that dynamic voltage and frequency scaling (DVFS)—a power and thermal management feature added to every modern CPU—allows attackers to deduce the changes in power consumption by monitoring the time it takes for a server to respond to specific carefully made queries. The discovery greatly reduces what's required. With an understanding of how the DVFS feature works, power side-channel attacks become much simpler timing attacks that can be done remotely.Read 9 remaining paragraphs | Comments
Categorías: Security Posts

Coinbase lays off 18 percent of staff as CEO says, “We grew too quickly”

ArsTechnica: Security Content - Mar, 2022/06/14 - 18:43
Enlarge / Coinbase CEO Brian Armstrong speaks during the Milken Institute Global Conference on May 2, 2022 in Beverly Hills, California. (credit: Getty Images | Patrick T. Fallon ) Cryptocurrency exchange Coinbase is laying off 18 percent of its staff, the company announced today. The layoffs will cut 1,100 workers at the largest crypto exchange in the US, leaving it with about 5,000 employees, Coinbase said in a Securities and Exchange Commission filing. "In the next hour every employee will receive an email from HR informing if you are affected or unaffected by this layoff," CEO Brian Armstrong wrote in a memo to staff that was posted on the company blog. Laid-off workers "will receive this notification in your personal email, because we made the decision to cut access to Coinbase systems for affected employees." The immediate cutoff from Coinbase systems was necessary because of "the number of employees who have access to sensitive customer information," Armstrong wrote. This was "the only practical choice, to ensure not even a single person made a rash decision that harmed the business or themselves," he wrote.Read 9 remaining paragraphs | Comments
Categorías: Security Posts

A Compilation of Known Conti Ransomware Themed Malicious and Fraudulent MD5s - An OSINT Analysis

I've decide to dig a little bit deeper and find an additional set of known malicious MD5s known to have been used by the Conti Ransomware gang in an attempt to assist fellow researchers and the security industry including U.S Law Enforcement on its way to track down monitor and prosecute the cybercriminals behind these campaigns based on data mined domains information obtained from the recently
Categorías: Security Posts

A Compilation of Conti Ransomware Gang BitCoin Transaction IDs - An OSINT Analysis

I've recently decided to take a deeper peek inside the Conti Ransomware Gang's known BitCoin transaction IDs using public sources and I've decided to come up with a compilation of known Conti Ransomware Gang's BitCoin transaction IDs for the purpose of assisting fellow researchers including the security industry and U.S Law Enforcement on its way to track down monitor and prosecute members of the
Categorías: Security Posts

Kaiser Permanente Exposes Nearly 70K Medical Records in Data Breach

Threatpost - Mar, 2022/06/14 - 13:08
Attackers gained access to private account details through an email compromise incident that occurred in April.
Categorías: Security Posts

Linux Malware Deemed ‘Nearly Impossible’ to Detect

Threatpost - Mar, 2022/06/14 - 12:55
Symbiote, discovered in November, parasitically infects running processes so it can steal credentials, gain rootlkit functionality and install a backdoor for remote access.
Categorías: Security Posts

Cómo ser "Máster en Seguridad Ofensiva" durante 2022-2023

Un informático en el lado del mal - Mar, 2022/06/14 - 06:01
El próximo 6 de Octubre de 2022 da comienzo el Máster en Seguridad Ofensiva del Campus Internacional de Seguridad, donde yo soy Mentor del programa de Másters. Tendrá una duración de un año, y acabará el 30 de Junio de 2023. Quedan pocas plazas ya para matricularse, así que os traigo la referencia para que ahora que está acabando el curso académico puedas irte de vacaciones sabiendo qué vas a hacer el curso que viene.

Figura 1: Cómo ser "Máster Universitario en Seguridad Ofensiva" durante 2022-2023
Esta formación es 100% online, y cuenta con libros de 0xWord - en concreto el libro de Ethical Hacking 2ª Edición de Pablo González y Hacking Web Technologies 2ª Edición de Amador Aparicio, Enrique Rando, Ricardo Martín, Pablo González y un servidor -, y Tempos de MyPublicInbox para contactar con todos los profesionales de seguridad informática, y hacking que haya en la plataforma por si te pueden ayudar en tu desarrollo profesional.

Figura 2: Profesorado del Máster en Seguridad Ofensiva
Por supuesto, tienes a todo el claustro de profesores de este Máster en Seguridad Ofensiva en la plataforma, por lo que puedes contactar con todos ellos, que además es un plantel espectacular con Pablo GonzálezCarmen Torrano, Pablo San Emeterio, Daniel Echeverri - escritor de los libros de Python para Pentesters 2ª Edición y Hacking con Python -, Ignacio Brihuega, Adrián Ramírez Correa, Juanjo Salvador - director académico del máster - y el David R. Sáez, CEO de Campus Internacional de Ciberseguridad. Así que puedes tener acceso a todos estos profesionales una vez haya terminado la formación y tener un contacto permanente con ellos.

Figura 3: Programa del Máster en Seguridad Ofensiva
El temario del curso está pensado en formar a profesionales con un perfil de hacking, pentesting, y, como su nombre indica, seguridad ofensiva. Así que se verán técnicas de ataque en redes, aplicaciones web, bases de datos, criptografía, procesos de ciberinteligencia, ethical hacking, y generación de exploits. Además, como se busca que la orientación el máster sea principalmente práctica, habrá muchos proyectos que realizar en cada módulo y un proyecto de fin de máster orientado al mundo profesional y al emprendimiento.

Figura 4: Libros de Ethical Hacking 2ª EdiciónHacking Web Technologies 3ª Edición en el máster.
Como he dicho, el curso dará comienzo el próximo día 6 de Octubre y si quieres ser parte del grupo que se va a formar en este curso académico 2022 - 2023 debes reservar cuanto antes tu plaza, porque el cupo es limitado. Así que entra en la web del Máster en Seguridad Ofensiva y pide información directamente desde el formulario.

¡Saludos Malignos!
Autor: Chema Alonso (Contactar con Chema Alonso)  


Sigue Un informático en el lado del mal RSS 0xWord
- Contacta con Chema Alonso en MyPublicInbox.com
Categorías: Security Posts

ISC Stormcast For Tuesday, June 14th, 2022 https://isc.sans.edu/podcastdetail.html?id=8048, (Tue, Jun 14th)

SANS Internet Storm Center, InfoCON: green - Mar, 2022/06/14 - 04:00
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categorías: Security Posts

Update: python-per-line.py Version 0.0.8

Didier Stevens - Mar, 2022/06/14 - 02:46
This new version adds option -l to provide a short list via an option, in stead of using a file. And there’s a Python 3 bug fix. python-per-line_V0_0_8.zip (http)
MD5: C7A61FE8FF701BC3A49CF7C093FB290D
SHA256: 63AEBD847D26A9B25F401D8734FBED646E7BB3F9DF2238EF49ACEAB2E1EF5AFA
Categorías: Security Posts

Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

Webroot - Lun, 2022/06/13 - 21:51
The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this environment means our present and future generations need to understand the importance of being aware of the benefits and risks of an interconnected world. Establishing a cyber resilient mindset is the first step towards navigating and thriving in this digital-first world. Cyber resilience is the continuous access to personal and business information, even in an era of unprecedented cyber threats. This mindset is especially relevant for children, given their ongoing interaction with the online world through existing and emerging social media platforms, gaming sites and learning avenues. As the usage and reliance on technology to educate and entertain increases, so too does the risk of being exposed to threats. That’s why it’s so important for families to develop good cyber resilience habits while engaging online. Cyber Resilience patch program To help instill cyber awareness, the Girl Scouts of Greater Chicago and Northwest Indiana (GSGCNWI) and OpenText have collaborated to create a Cyber Resilience patch program to empower the Girl Scouts of today for leadership in a digital world tomorrow. This partnership will help raise awareness of the dangers that exist online and the importance of becoming cyber resilient. The Cyber Resilience patch program provides Girl Scouts with the opportunity to engage in fun and educational hands-on activities that ignite awareness and create better online behaviors. The aim of the program is to educate Girl Scouts through lessons that focus on simulations of existing and emerging threats, how to safely preserve important files and memories and what to look out for when browsing online. General tips for children and parents Staying resilient against ongoing threats means adopting important ways of protecting our personal information.
  • Password integrity: Develop a password that is difficult to predict. Use a password generator, enable two-factor authentication (2FA) as much as possible and don’t reuse passwords from multiple logins. 
  • Back up personal data: Your photos and videos are precious. If you don’t secure them, you may lose them. Backing up your files means having a second copy available if something happens to your laptop, tablet or phone.
  • Invest in security awareness training: Engaging in real-world simulations will help increase your cyber know-how.
Building a better future through cyber resilience Creating leaders of tomorrow who are empowered and cyber aware begins with establishing cyber resilience today. Families and children should be working towards a better, more agile understanding of the risks to our personal information. Protecting the photos, videos and files that matter to us is important. Keeping our personal identities safe is vital. OpenText remains committed to not only helping organizations find value in their data but also bolstering female leadership and diversity. The partnership between OpenText and GSGCNWI will help instill the importance of developing cyber safe behaviors now and for the future. The post Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience appeared first on Webroot Blog.
Categorías: Security Posts

DevSecOps deploy and operate processes

AlienVault Blogs - Lun, 2022/06/13 - 12:00
In the previous article, we covered the release process and how to secure the parts and components of the process. The deploy and operate processes are where developers, IT, and security meet in a coordinated handoff for sending an application into production. The traditional handoff of an application is siloed where developers send installation instructions to IT, IT provisions the physical hardware and installs the application, and security scans the application after it is up and running. A missed instruction could cause inconsistency between environments. A system might not be scanned by security leaving the application vulnerable to attack. DevSecOps focus is to incorporate security practices by leveraging the security capabilities within infrastructure as code (IaC), blue/green deployments, and application security scanning before end-users are transitioned to the system. Infrastructure as Code IaC starts with a platform like Ansible, Chef, or Terraform that can connect to the cloud service provider’s (AWS, Azure, Google Cloud) Application Programming Interface (API) and programmatically tells it exactly what infrastructure to provision for the application. DevOps teams consult with developers, IT and security to build configuration files with all of the requirements that describe what the cloud service provider needs to provision for the application. Below are some of the more critical areas that DevSecOps covers using IaC. Capacity planning - This includes rules around autoscaling laterally (automatically adding servers to handle additional demand, elastically) and scaling up (increasing the performance of the infrastructure like adding more RAM or CPU). Elasticity from autoscaling helps prevent non-malicious or malicious Denial of Service incidents. Separation of duty – While IaC helps break down silos, developers, IT, and security still have direct responsibility for certain tasks even when they are automated. Accidentally deploying the application is avoided by making specific steps of the deploy process responsible to a specific team and cannot be bypassed. Principal of least privilege – Applications have the minimum set of permissions required to operate and IaC ensures consistency even during the automated scaling up and down of resources to match demand. The fewer the privileges, the more protection systems have from application vulnerabilities and malicious attacks. Network segmentation – Applications and infrastructure are organized and separated based on the business system security requirements. Segmentation protects business systems from malicious software that can hop from one system to the next, otherwise known as lateral movement in an environment. Encryption (at rest and in transit) – Hardware, cloud service providers and operating systems have encryption capabilities built into their systems and platforms. Using the built-in capabilities or obtaining 3rd party encryption software protects the data where it is stored. Using TLS certificates for secured web communication between the client and business system protects data in transit. Encryption is a requirement for adhering with industry related compliance and standards criteria. Secured (hardened) image templates – Security and IT develop the baseline operating system configuration and then create image templates that can be reused as part of autoscaling. As requirements change and patches are released, the baseline image is updated and redeployed. Antivirus and vulnerability management tools – These tools are updated frequently to keep up with the dynamic security landscape. Instead of installing these tools in the baseline image, consider installing the tools through IaC. Log collection – The baseline image should be configured to send all logs created by the system to a log collector outside of the system for distribution to the Network Operations Center (NOC) or Security Operations Center (SOC) where additional inspection and analysis for malicious activity can be performed. Consider using DNS instead of IP addresses for the log collector destination. Blue green deployment Blue green deployment strategies increase application availability during upgrades. If there is a problem, the system can be quickly reverted to a known secured and good working state. A blue green deployment is a system architecture that seamlessly replaces an old version of the application with a new version. Deployment validation should happen as the application is promoted through each environment. This is because of the configuration items (variables and secrets) that are different between the environments. Typically, validation happens during non-business hours and is extremely taxing on the different groups supporting the application. With a blue green deployment, the new version of an application can be deployed and validated during business hours. Even if there are concerns when end-users are switched over during non-business hours, fewer employees are needed to participate. Automate security tools installation and scanning Internet facing application attacks continue to increase because of the ease of access to malicious tools, the speed at which some vulnerabilities can be exploited, and the value of the data extracted. Dynamic Scanning Tools (DAST) are a great way to identify vulnerabilities and fix them before the application is moved into production and released for end-users to access. DAST tools provide visibility into real-world attacks because they mimic how hackers would attempt to break an application. Automating and scheduling the scanning of applications in a regular cadence helps find and resolve vulnerabilities quickly. Company policy may require vulnerability scanning for compliance with regulatory and standards like PCI, HIPPA or SOC. DAST for web applications focuses on the OWASP top 10 vulnerabilities like SQL injection and cross-site scripting. Manual penetration (PEN) testing is still required to cover other vulnerabilities like logic errors, race conditions, customized attack payloads, and zero-day vulnerabilities. Also, not all applications are web based so it is important to select and use the right scanning tools for the job. Manual and automatic scanning can also help spot configuration issues that lead to errors in how the application behaves. Next Steps Traditional deployments of applications are a laborious process for the development, IT, and security teams. But that has all changed with the introduction of Infrastructure as Code, blue-green deployments, and the Continuous Delivery (CD) methodology. Tasks performed in the middle of the night can be moved to normal business hours. Projects that take weeks of time can be reduced to hours through automation. Automated security scanning can be performed regularly without user interaction. With the application deployed, the focus switches to monitoring and eventually decommissioning it as the final steps in the lifecycle.
Categorías: Security Posts
Distribuir contenido