What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-08-24 17:11:00 | Anomali Cyber Watch: ProxyShell Being Exploited to Install Webshells and Ransomware, Neurevt Trojan Targeting Mexican Users, Secret Terrorist Watchlist Exposed, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT37 (InkySquid), BlueLight, Ransomware, T-Mobile Data Breach, Critical Vulnerabilities, IoT, Kalay, Neurevt, and ProxyShell. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Current Anomali ThreatStream users can query these indicators under the “anomali cyber watch” tag.
Trending Cyber News and Threat Intelligence
Microsoft Exchange Servers Still Vulnerable to ProxyShell Exploit
(published: August 23, 2021)
Despite patches a collection of vulnerabilities (ProxyShell) discovered in Microsoft Exchange being available in the July 2021 update, researchers discovered nearly 2,000 of these vulnerabilities have recently been compromised to host webshells. These webshells allow for attackers to retain backdoor access to compromised servers for further exploitation and lateral movement into the affected organizations. Researchers believe that these attacks may be related to the recent LockFile ransomware attacks.
Analyst Comment: Organizations running Microsoft Exchange are strongly encouraged to prioritize updates to prevent ongoing exploitation of these vulnerabilities. In addition, a thorough investigation to discover and remove planted webshells should be undertaken as the patches will not remove planted webshells in their environments. A threat intelligence platform (TIP) such as Anomali Threatstream can be a valuable tool to assist organizations ingesting current indicators of compromise (IOCs) and determine whether their Exchange instances have been compromised.
MITRE ATT&CK: [MITRE ATT&CK] Exploitation for Client Execution - T1203 | [MITRE ATT&CK] Web Shell - T1100 | [MITRE ATT&CK] Hidden Files and Directories - T1158 | [MITRE ATT&CK] Source - T1153
Tags: CVE-2021-34473, CVE-2021-34523, CVE-2021-31207, Exchange, ProxyShell, backdoor
LockFile: Ransomware Uses PetitPotam Exploit to Compromise Windows Domain Controllers
(published: August 20, 2021)
A new ransomware family, named Lockfile by Symantec researchers, has been observed on the network of a US financial organization. The first known instance of this ransomware was July 20, 2021, and activity is ongoing. This ransomware has been seen largely targeting organizations in a wide range of industries across the US and Asia. The initial access vector remains unknown at this time, but the ransomware leverages the incompletely patched PetitPotam vulnerability (CVE-2021-36942) in Microsoft's Exchange Server to pivot to Domain Controllers (DCs) which are then leveraged to deploy ransomware tools to devices that connect to the DC. The attackers appear to remain resident on the network for several |
Ransomware Malware Tool Vulnerability Threat Patching Cloud | APT 37 | |
 |
2021-08-18 09:06:00 | Critical Bug Could Allow Remote Snooping Via Millions of Devices (lien direct) | CISA urges prompt patching of ThroughTek vulnerability | Patching | ||
 |
2021-08-17 09:00:00 | Fortinet delays patching zero-day allowing remote server takeover (lien direct) | Fortinet has delayed patching a zero-day command injection vulnerability found in the FortiWeb web application firewall (WAF) until the end of August. [...] | Vulnerability Patching | ||
 |
2021-08-10 21:12:58 | Microsoft Patch Tuesday, August 2021 Edition (lien direct) | Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. The software giant warned that attackers already are pouncing on one of the flaws, which ironically enough involves an easy-to-exploit bug in the software component responsible for patching Windows 10 PCs and Windows Server 2019 machines. | Patching | ||
 |
2021-07-29 08:03:28 | More than 1 in 5 exploits sold on the Dark Web are over three years old (lien direct) | Recent Trend Micro research points to a big problem when it comes to keeping up with patching in legacy IT equipment. It found that nearly a quarter (22%) of exploits sold on cybercriminal underground are more than three years old, indicating the scale of threat from unpatched legacy vulnerabilities. Trend Micro has thus urged organisations to […] | Patching | ||
 |
2021-07-21 21:15:07 | CVE-2021-32761 (lien direct) | Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. | Vulnerability Patching | ||
 |
2021-07-12 10:00:00 | Back to the office… (lien direct) | As the world is starting to move out of lockdown, businesses are moving some of their workforce back into the office environment. Whilst their focus may be on the logistics of this and making the office environment ‘Covid-Safe’ for their employees, they also need to be cognisant of the potential security challenges facing them. Some areas that businesses should start to focus on are: Currency of critical security patches Any relaxation of endpoint administrative rights Identification of unauthorised network scans The problem During the pandemic, most corporate assets (laptops) have in effect been residing on home office networks, those being home or public Wi-Fi, with only their EDR solution and VPN protecting them from attack. For the last 18 months or so, these assets have been sharing their local network with potentially un-patched devices, being operated by individuals who may have been more concerned with the latency of MineCraft and downloading the latest gaming ‘feature packs’ from non-salubrious websites, than good cybersecurity hygiene. Combine this with the necessity of some IT Depts having had to relax their Corporate Policy on Remote Patching (due to bandwidth limitations of VPN) and Administration Rights on local assets (in order to install ‘that home printer driver’), if not revisited and reverted, can leave a significant exposure. Early stakeholder buy-in This is essential, as without stakeholder support, any efforts to address these challenges will stall very quickly. The pandemic has put constraints on operating budgets for many businesses, so it is essential to be able to articulate these security challenges and ways in which to mitigate, clearly to stakeholders. Without this insight, it will be an uphill struggle to focus on these additional security requirements and obtain the budget to support them. Hopefully this article will provide the narrative to assist with that dialogue and highlight some of the concerns that pose a real threat to businesses. The human element Moving away from technology for a moment, and an area that is often overlooked by businesses, is how the employee has been managing their security hygiene, in the absence of localised IT support. In effect, they could have been making security decisions for over a year, as remote workforce. They have lacked the ability to prevent potential ‘odd behaviour on endpoints’ with peers. That ‘security pop-up’ message that they just clicked ‘yes’ to, or the attachment they opened, that appeared to ‘do nothing’, all of which can be the precursor activity of an attack. Threat actors have taken full advantage of this exposure, and there has been a marked increase in attacks focussed on Business Email Compromise (BEC) and phishing scams to name a few. A recent report by Gartner talks about how these threat actors have taken advantage of the changing working environments, both during and post pandemic, targeting the remote workforce with email and SMS campaigns pertaining to be from their local IT Support. Any breach in endpoint security of your remote workforce may be amplified exponentially once they return to the office and the threat actors are then able to get a foothold on the corporate network and start profiling internal architecture, in advance of for example, ransomware deployment. Businesses can start to address these risks as part of their return to office planning by taking a number of tactical steps. Controlled introduction Just like the way a business would rollout a new technology, it is always advisable to address any outstand | Ransomware Malware Vulnerability Threat Patching Guideline | ||
 |
2021-07-08 11:24:50 | Emails Offering Kaseya Patches Deliver Malware (lien direct) | IT management software maker Kaseya is still working on patching the vulnerabilities exploited in the recent ransomware attack, but some cybercriminals are sending out emails offering the patches in an effort to distribute their malware. | Ransomware Malware Patching | ||
 |
2021-07-07 04:45:00 | Security Think Tank: As offices reopen, address patching and \'build drift\' (lien direct) | IT management software maker Kaseya is still working on patching the vulnerabilities exploited in the recent ransomware attack, but some cybercriminals are sending out emails offering the patches in an effort to distribute their malware. | Patching | ||
|
2021-06-30 11:14:33 | Google Working on Patching GCP Vulnerability That Allows VM Takeover (lien direct) | A security researcher has disclosed the details of a vulnerability that can be exploited to take over virtual machines (VMs) on Google Cloud Platform. | Vulnerability Patching | ||
|
2021-06-29 16:29:00 | Anomali Cyber Watch: Microsoft Signs Malicious Netfilter Rootkit, Ransomware Attackers Using VMs, Fertility Clinic Hit With Data Breach and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, NetFilter, Ransomware, QBot, Wizard Spider, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Microsoft Signed a Malicious Netfilter Rootkit
(published: June 25, 2021)
Security researchers recently discovered a malicious netfilter driver that is signed by a valid Microsoft signing certificate. The files were initially thought to be a false positive due to the valid signing, but further inspection revealed that the malicious driver called out to a Chinese IP. Further research has analyzed the malware, dropper, and Command and Control (C2) commands. Microsoft is still investigating this incident, but has clarified that they did approve the signing of the driver.
Analyst Comment: Malware signed by a trusted source is a threat vector that can be easily missed, as organizations may be tempted to not inspect files from a trusted source. It is important for organizations to have network monitoring as part of their defenses. Additionally, the signing certificate used was quite old, so review and/or expiration of old certificates could prevent this malware from running.
MITRE ATT&CK: [MITRE ATT&CK] Code Signing - T1116 | [MITRE ATT&CK] Install Root Certificate - T1130
Tags: Netfilter, China
Dell BIOSConnect Flaws Affect 30 Million Devices
(published: June 24, 2021)
Four vulnerabilities have been identified in the BIOSConnect tool distributed by Dell as part of SupportAssist. The core vulnerability is due to insecure/faulty handling of TLS, specifically accepting any valid wildcard certificate. The flaws in this software affect over 30 million Dell devices across 128 models, and could be used for Remote Code Execution (RCE). Dell has released patches for these vulnerabilities and currently there are no known actors scanning or exploiting these flaws.
Analyst Comment: Any business or customer using Dell hardware should patch this vulnerability to prevent malicious actors from being able to exploit it. The good news is that Dell has addressed the issue. Patch management and asset inventories are critical portions of a good defense in depth security program.
MITRE ATT&CK: [MITRE ATT&CK] Exploitation for Client Execution - T1203 | [MITRE ATT&CK] Exploitation for Privilege Escalation - T1068 | [MITRE ATT&CK] Peripheral Device Discovery - T1120
Tags: CVE-2021-21571, CVE-2021-21572, CVE-2021-21573, CVE-2021-21574, Dell, BIOSConnect
Malicious Spam Campaigns Delivering Banking Trojans
(published: June 24, 2021)
Analysis from two mid-March 2021 spam campaignts revealed that th |
Ransomware Data Breach Spam Malware Tool Vulnerability Threat Patching | APT 30 | |
 |
2021-06-28 09:00:00 | Post-mortem of a SQL server exploit (lien direct) | Deep dive into how an attacker leveraged compromised credentials to infect multiple servers and spread laterally through the organization. This detailed threat find is an excellent use case for Autonomous Response and the importance of patching vulnerabilities. | Threat Patching | ||
|
2021-06-10 11:00:00 | Hackers can exploit bugs in Samsung pre-installed apps to spy on users (lien direct) | Samsung is working on patching multiple vulnerabilities affecting its mobile devices that could be used for spying or to take full control of the system. [...] | Patching | ||
|
2021-06-08 15:00:00 | Anomali Cyber Watch: TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations, Necro Python Bots Adds New Tricks, US Seizes Domains Used by APT29 and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, APT29, FluBot, Necro Python, RoyalRoad, SharpPanda, TeaBot and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations
(published: June 4, 2021)
Researchers at Palo Alto have identified a malware repo belonging to TeamTNT, the prominent cloud focused threat group. The repo shows the expansion of TeamTNTs abilities, and includes scripts for scraping SSH keys, AWS IAM credentials and searching for config files that contain credentials. In addition to AWS credentials, TeamTNT are now also searching for Google Cloud credentials, which is the first instance of the group expanding to GCP.
Analyst Comment: Any internal only cloud assets & SSH/Privileged access for customer facing cloud infrastructure should only be accessible via company VPN. This ensures attackers don’t get any admin access from over the internet even if keys or credentials are compromised. Customers should monitor compromised credentials in public leaks & reset the passwords immediately for those accounts.
MITRE ATT&CK: [MITRE ATT&CK] Permission Groups Discovery - T1069
Tags: AWS, Cloud, Credential Harvesting, cryptojacking, Google Cloud, IAM, scraping, TeamTnT, Black-T, Peirates
Necro Python Bots Adds New Tricks
(published: June 3, 2021)
Researchers at Talos have identified updated functionality in the Necro Python bot. The core functionality is the same with a focus on Monero mining, however exploits to the latest vulnerabilities have been added. The main payloads are XMRig, traffic sniffing and DDoS attacks. Targeting small and home office routers, the bot uses python to support multiple platforms.
Analyst Comment: Users should ensure they always apply the latest patches as the bot is looking to exploit unpatched vulnerabilities. Users need to change default passwords for home routers to ensure potential malware on your personal devices don’t spread to your corporate devices through router takeover.
MITRE ATT&CK: [MITRE ATT&CK] Scripting - T1064 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] Process Injection - T1055 | [MITRE ATT&CK] Input Capture - T1056 | [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] Remote Access Tools - T1219
Tags: Bot, botnet, Exploit, Monero, Necro Python, Python, Vulnerabilities, XMRig
New SkinnyBoy Ma |
Ransomware Malware Vulnerability Threat Patching Guideline | APT 29 APT 28 | |
|
2021-06-07 10:55:52 | Attacks Exploiting VMware vSphere Flaw Spotted One Week After Patching (lien direct) | A critical vulnerability affecting VMware vCenter Server, the management interface for vSphere environments, is being exploited in the wild. Attacks started roughly a week after VMware announced the availability of patches. | Vulnerability Patching | ★★ | |
|
2021-06-02 20:15:07 | CVE-2021-32625 (lien direct) | Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer (on 32-bit systems ONLY) can be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix for CVE-2021-29477 which only addresses the problem on 64-bit systems but fails to do that for 32-bit. 64-bit systems are not affected. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the `redis-server` executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command. | Patching | ||
 |
2021-06-01 00:00:00 | Prioritizing Patching is Essential for Network Integrity (lien direct) | Fortinet continues to communicate urging those customers that have not implemented the resolution to immediately implement patches that were made for CVE-2018-13379, CVE-2019-5591, and CVE-2020-12812. Read more.
|
Patching | ||
|
2021-05-28 10:00:00 | Asymmetrical threats in Cybersecurity (lien direct) | Security and defense theory are inextricably entwined. Consider medieval castles. They were designed as a defensive mechanism that provided security to those within, most of whom were simply civilians hiding behind the walls for protection from invaders. Within cybersecurity, multiple concepts from defense and war theory can be applied to better address the cyber risks facing organizations. In fact, the term Bastion Host refers to a Bastion which has very militaristic connotations. In previous posts, the concepts of security cycle theory, attacker motivations, and threat adaptation have been explored. Another critical concept is that of asymmetric threats. The terms Asymmetrical Warfare or Asymmetrical Threats can be summarized simply as the asymmetry that exists between two adversaries and the tactics used by the weaker adversary to render the strengths of the stronger adversary moot. It is rare, though mathematically possible, to have parity between adversaries. Consider team sports, as an example. While not security nor defense related, there are indeed two adversaries playing a game against each other. Each side will have advantages and disadvantages. Within security and defense, it is a bit more profound. Consider the US Military for a moment. Since the end of World War II, which is often thought of as the start of US hegemony, the United States has arguably fielded the most powerful conventional military in the history of the world. Despite this fact, the US has struggled in conflicts in Vietnam, Somalia, and most recently in Iraq, and Afghanistan. In each of these theaters it was groups of lesser trained, less well-equipped insurgents that created significant challenges to the US military. The US is not alone in this dubious distinction of struggling against militarily weaker opponents. The powerful Prussian military was defeated by a much weaker opponent, France, under the command of Napoleon, and in 1989, the Soviet Union was defeated by the Afghanistan resistance movement after 10 years of bloody guerilla war. If Prussia and the USSR were militarily superior to their foes, how did they end up losing their respective wars? The losses were largely due to the application of what we now term asymmetrical warfare. In a basic sense Asymmetrical Warfare applies to the strategies and tactics employed by a militarily weaker opponent to gain advantage of vulnerabilities in the stronger opponent therefore rendering the advantages moot. As an example, few military forces on the planet would face the US military in open combat in a Mahanian naval battle or with the US in a linear, kinetic tank battle. As can be seen by the US routing of the Iraqis tank forces during the Battle of Medina Ridge in Desert Storm, doing so would lead to near certain defeat. If an inferior military opponent cannot fa | Ransomware Vulnerability Threat Patching Guideline | ||
|
2021-05-25 07:42:34 | Latest MacOS patch sees fix for zero-day screenshot malware (lien direct) | Apple has released its macOS Big Sur 11.4 that expands support for external GPUs, fixes bugs in Safari and more. In addition, this update also makes the system more secure by patching an exploit that let sneaky malware take screenshots without the user being aware. Jamf, an Apple-focused mobile device management company, reported that the […] | Malware Patching | ||
|
2021-05-20 10:00:00 | What is a trusted advisor? …and why do I need one? (lien direct) | Organizations today, even those not related to "tech", all have a need for cybersecurity. Regardless of your industry vertical, if you have email, a website, a phone system, or even just have people using computers, cybersecurity is needed at some level or another to protect your ability to do business. Strategy first What is your cybersecurity strategy? Every organization has unique needs, regulatory requirements, budgets, and priorities. Every organization needs to go through the process to understand each of these and create a roadmap for how they are going to protect themselves. There are many varieties of security products/technologies out there. Understanding what your organization needs is a daunting task. And just buying the technology doesn't suddenly make your organization protected. It needs to be implemented and maintained, it needs to integrate with other technologies and processes, and it needs to address your organization's needs without itself becoming an impediment to doing business. Do you outsource or do this in-house? Planning your next 2-3 years means you are making purchasing decisions and process changes that are aligned together to build a solid program and lowering the risk that your organization will be in the headlines for the wrong reasons. This is where using trusted advisors can help. What is a trusted advisor? Trusted advisors come in many different roles depending on your needs. They might be: An assessor that comes in and helps identify gaps (e.g. lack of consistent patching on servers) and helps you determine how to close them. Someone that helps you get your organization aligned to specific security frameworks or regulations (e.g. HIPAA/HITRUST, PCI, ISO 27002, NIST CSF) for compliance and the ability to win contracts from Fortune 500 companies. An individual that supports a CISO or Director of Security helping out as a sounding board to flesh out ideas and help identify costs and risks. They may even help you write the business case and draft the initial presentation you give to your board or manager to ensure adequate funding. Someone who acts as an educator and can help you prepare for an external audit, review and enhance training curriculum, and help people understand their roles, especially in organizations where people wear many hats (e.g., help define expectations) Unlike a technologist (someone who helps implement a technology, e.g., install and maintain a firewall), a trusted advisor works holistically to help align technologies and a cybersecurity program: That firewall needs to be updated; do you need a documented process? Should you send out an email to users that their login screen will look a little different? Is now a good time to change the architecture and move into the cloud? The value of trusted advisors is that they are people that have done it before and bring experience to the table. They have already seen the bumps and potholes and help you anticipate and navigate around them. They have worked with organizations of all sizes and have multiple tools in their toolkit to help innovate, administer and coordinate your security program to fit your organization. How do you choose a trusted advisor? These are features of a trusted advisor that you should consider: Ability to utilize other subject matter experts. No single individual will have an unlimited skillset. Your Trusted Advisor should have resources available to them to help provide deep knowledge. They should be working in your best interests. While vendors have fantastic advisors for sizing and implementing their product, there may be some concern that a recommendation is likely to benefit their organization more than yours. For an advisor to be trusted, you should feel confident that their recommendations are based solely on your needs. Ability to learn about and understand you | Patching | ||
|
2021-05-04 16:15:07 | CVE-2021-29478 (lien direct) | Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command. | Patching | ||
|
2021-05-04 16:15:07 | CVE-2021-29477 (lien direct) | Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command. | Patching | ||
|
2021-05-04 15:25:00 | Anomali Cyber Watch: Microsoft Office SharePoint Servers Targeted with Ransomware, New Commodity Crypto-Stealer and RAT, Linux Backdoor Targeting Users for Years, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Data Theft, Backdoor, Ransomware, Targeted Ransomware Attacks and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Python Also Impacted by Critical IP Address Validation Vulnerability
(published: May 1, 2021)
Researchers have recently discovered that a bug previously discovered in netmask (a tool to assist with IP address scoping) is also present in recent versions of Python 3. The bug involves the handling of leading zeroes in decimal represented IP addresses. Instead of interpreting these as octal notation as specified in the standard, the python ipaddress library strips these and interprets the initial zero and interprets the rest as a decimal. This could allow unauthenticated remote attackers to perform a number of attacks against programs that rely on python's stdlib ipdaddress library, including Server-Side Request Forgery (SSRF), Remote File Inclusion (RFI), and Local File Inclusion (LFI).
Analyst Comment: Best practices for developers include input validation and sanitization, which in this case would avoid this bug by validating or rejecting IP addresses. Additionally regular patch and update schedules will allow for rapid addressing of bugs as they are discovered and patches delivered. Proper network monitoring and policies are also an important part of protecting against these types of attacks.
Tags: CVE-2021-29921, python
Codecov Begins Notifying Affected Customers, Discloses IOCs
(published: April 30, 2021)
Codecov has disclosed multiple IP addresses as IOCs that were used by the threat actors to collect sensitive information (environment variables) from the affected customers. The company disclosed a supply-chain breach on April 15, 2021, and has now begun notifying customers. The breach went undiscovered for 2 months, and leveraged the Codecov Bash Uploader scripts used by a large number of projects.
Analyst Comment: In light of the increasing frequency and sophistication of supply chain attacks, companies should carefully audit, examine, and include in their threat modelling means of mitigating and detecting third party compromises. A resilient and tested backup and restore policy is an important part of the overall security strategy.
Tags: North America, Codecov, supply chain
FBI Teams up with ‘Have I Been Pwned’ to Alert Emotet Victims
(published: April 30, 2021)
The FBI has shared more than 4.3 million email addresses with data breach tracking site Have I Been Pwned. The data breach notification site allows you to check if your login credentials may have been compromised by Emotet. In total, 4,324,770 email addresses were provided which span a wide range of countries and domains. The addresses are actually sourced from 2 separate corpuses of data obtained by the agencies.
Analyst Comment: Frequently updated endpoint detection policies as well as network security |
Ransomware Data Breach Malware Tool Vulnerability Threat Patching Guideline | ||
 |
2021-04-23 12:58:34 | Are You Targeting These Risky Red Zone Vulnerabilities? (lien direct) |  Modern software development is full of security risk. Factors like lingering security debt, insecure open source libraries, and irregular scanning cadences can all impact how many flaws dawdle in your code, leading to higher rates of dangerous bugs in susceptible and popular languages. For example, we know from State of Software Security v11 that PHP has a high rate (nearly 75 percent) of cross-site scripting flaws on initial scan, which is also the most common type of open source code vulnerability across nearly every language. It???s a dangerous one.
CRLF injection ??? which is commonly seen in Java and JavaScript ??? can lead to maliciously manipulated web applications if a threat actor is able to inject a CRLF sequence into an HTTP stream. CRLF injection is dangerous and appears in a sizeable 65 percent of applications with a flaw on initial scan, posing a decent risk to apps written in Java and JavaScript if left unchecked.
 ???
But not all flaws are so high-risk for common languages; Information Leakage, for example, is most often seen in .NET, PHP, and Java, typically stemming from a lack of secure code training. To stay one step ahead of even the low-risk (and high-risk) flaws, developers need to be armed with the right knowledge and tools so that they can produce more secure code to reduce the chance of a breach ??? whether low risk or in the danger zone.
 ???
Understanding how flaws impact programming languages across the board is crucial to preventing them. Take note of which languages tend to carry the most high-risk flaws first; whether or not yours in the mix, it???s a good idea to brush up on secure coding best practices and try your hand at hacking and patching real applications with Veracode Security Labs.
You can???t fake it when it comes to security: hands-on-keyboard education is critical to jumping these (and other) hurdles as you create innovative applications. If you want to keep data safe and squash these risky bugs, you have to think like an attacker and avoid flaw-filled curveballs in the future.
To learn more about which vulnerabilities are in the danger zone (and how to go about preventing them), check out our infosheet here. |
Vulnerability Threat Patching Guideline | ||
|
2021-04-23 09:34:12 | Reporting Live From Collision Conference 2021: Part Two! (lien direct) |  If you caught part one of our recap series on this year???s Collision conference, you know we covered a roundtable talk hosted by Veracode???s own Chris Wysopal. The talk focused on the risks of AI and machine learning, delving into discussions of how to manage the security aspects of these future-ready technologies ???ツ?especially when it comes down to consumer privacy.ツ?
Chris also had the opportunity to host a session of his own, covering the critical aspects of modern application security and the reasons that organizations need to get serious about security-minded approaches to their code. Here???s what we learned.ツ?
Secure from the top down
Chris began his session Secure From the Top Down by noting that, today, it???s important to think about application and product security through the eyes of the developer or the builder. With so many applications running in the cloud and so many devices connected to the Internet of Things (IoT), Chris pointed out that the attack surface for threat actors is growing exponentially and that everyone building and deploying technology needs to consider the risks moving forward.
Connected devices are everywhere, Chris said, but they???re not typically behind a firewall. Normally, these devices are connected to 5G or Wi-Fi. According to Chris, this means devices essentially need to secure themselves and all of the connection points where they talk to other devices or they pose a security risk.ツ?
Further, everything is connected through APIs today. ???We used to have big, monolithic software packages with one big block of code,??? Chris said. ???Today, we have a lot of small devices; even with applications running in the cloud, they???re built with microservices and are talking to each other through APIs.??? This is a way an attacker can exploit a device or an application, and means the builders of today need to improve the security around their APIs for a more secure tomorrow.
It???s already a problem; Chris pointed out in his session that, according to the 2020 Verizon Data Breach Investigations Report, 43 percent of breaches come from single page applications. Developers working on building these single page apps need to be more considerate with their security.ツ?
Looking ahead at trends
Time is the biggest competitor for most organizations, according to Chris, and there are three main trends that are going to impact product security moving forward: ubiquitous connectivity, abstraction and componentization, and hyperautomation of software delivery.ツ?
Ubiquitous connectivity
While this involves the rise of APIs and IoT devices, what it really comes down to is that each piece of software connected through the network and APIs must think about securing itself. ???Each code that is exposing an API needs to think about how it will authenticate, encrypt, and secure itself from all |
Data Breach Threat Patching | ||
 |
2021-04-22 00:00:00 | Trend Micro Encourages Patching Of Old Vulnerability (lien direct) | Trend Micro released patches last year to address known vulnerabilities. Since that time, an attempt was observed to leverage on of these vulnerabilities in a single unpatched system.
|
Vulnerability Patching | ||
|
2021-04-15 04:11:00 | How Windows patching leaves security exposed (lien direct) | Trend Micro released patches last year to address known vulnerabilities. Since that time, an attempt was observed to leverage on of these vulnerabilities in a single unpatched system.
|
Patching | ||
|
2021-04-12 16:48:40 | Unearthing the \'Attackability\' of Vulnerabilities that Attract Hackers (lien direct) | Vulnerability management is largely about patch management: finding, triaging and patching the most critical vulnerabilities in your environment. Each aspect of this process presents its own problems. | Patching | ||
 |
2021-04-09 15:50:00 | Canonical announces enterprise support for Kubernetes 1.21 from the cloud to the edge (lien direct) | Latest update includes support for N-2 releases and extended security maintenance and patching for N-4 releases in the stable release channel. | Patching | Uber | |
 |
2021-04-07 22:15:38 | How a VPN vulnerability allowed ransomware to disrupt two manufacturing plants (lien direct) | Patching in industrial settings is hard. Ransomware shutting down production is harder. | Ransomware Vulnerability Patching | ||
|
2021-04-03 00:00:00 | Patch and Vulnerability Management (lien direct) | At Fortinet, we are on a constant journey with our customers to best protect and secure their organizations. Read to learn more about the importance of patching and vulnerability management.
|
Vulnerability Patching | ||
 |
2021-03-24 18:39:26 | Microsoft Exchange Servers See ProxyLogon Patching Frenzy (lien direct) | Vast swathes of companies were likely compromised before patches were applied, so the danger remains. | Patching | ||
 |
2021-03-23 18:00:09 | Malicious Life Podcast: Inside the HAFNIUM Microsoft Exchange Attacks (lien direct) |
The recent HAFNIUM attacks hit tens of thousands of organizations' Microsoft Exchange servers around the globe. Now, an array of other threat actors are leveraging the residual webshells on victim systems to launch new attacks against organizations who thought patching the Microsoft vulnerabilities would have been enough to be protected. |
Threat Patching | ||
|
2021-03-23 14:00:00 | Anomali Cyber Watch: APT, Malware, Vulnerabilities and More. (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: BlackRock, CopperStealer, Go, Lazarus, Mirai, Mustang Panda, Rust, Tax Season, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Bogus Android Clubhouse App Drops Credential-Swiping Malware
(published: March 19, 2021)
Researchers are warning of a fake version of the popular audio chat app Clubhouse, which delivers malware that steals login credentials for more than 450 apps. Clubhouse has burst on the social media scene over the past few months, gaining hype through its audio-chat rooms where participants can discuss anything from politics to relationships. Despite being invite-only, and only being around for a year, the app is closing in on 13 million downloads. The app is only available on Apple's App Store mobile application marketplace - though plans are in the works to develop one.
Analyst Comment: Use only the official stores to download apps to your devices. Be wary of what kinds of permissions you grant to applications. Before downloading an app, do some research.
MITRE ATT&CK: [MITRE ATT&CK] Remote File Copy - T1105
Tags: LokiBot, BlackRock, Banking, Android, Clubhouse
Trojanized Xcode Project Slips XcodeSpy Malware to Apple Developers
(published: March 18, 2021)
Researchers from cybersecurity firm SentinelOne have discovered a malicious version of the legitimate iOS TabBarInteraction Xcode project being distributed in a supply-chain attack. The malware, dubbed XcodeSpy, targets Xcode, an integrated development environment (IDE) used in macOS for developing Apple software and applications. The malicious project is a ripped version of TabBarInteraction, a legitimate project that has not been compromised. Malicious Xcode projects are being used to hijack developer systems and spread custom EggShell backdoors.
Analyst Comment: Researchers attribute this new targeting of Apple developers to North Korea and Lazarus group: similar TTPs of compromising developer supply chain were discovered in January 2021 when North Korean APT was using a malicious Visual Studio project. Moreover, one of the victims of XcodeSpy is a Japanese organization regularly targeted by North Korea. A behavioral detection solution is required to fully detect the presence of XcodeSpy payloads.
MITRE ATT&CK: [MITRE ATT&CK] Remote File Copy - T1105 | [MITRE ATT&CK] Security Software Discovery - T1063 | [MITRE ATT&CK] Obfuscated Files or Information - T1027
Tags: Lazarus, XcodeSpy, North Korea, EggShell, Xcode, Apple
Cybereason Exposes Campaign Targeting US Taxpayers with NetWire and Remcos Malware
(published: March 18, 2021)
Cybereason detected a new campaig |
Ransomware Malware Tool Threat Patching Medical | APT 38 APT 28 | |
|
2021-03-16 16:56:26 | Exchange Cyberattacks Escalate as Microsoft Rolls One-Click Fix (lien direct) | Public proof-of-concept (PoC) exploits for ProxyLogon could be fanning a feeding frenzy of attacks even as patching makes progress. | Patching | ||
|
2021-03-16 15:07:00 | An Intelligence-Driven Approach to Extended Detection and Response (XDR) (lien direct) | Threat detection isn’t getting any easier. Today’s threat actors are escalating the number of attacks they launch, going after more targets, using increasingly sophisticated techniques, and achieving their goals through surreptitiousness – not notoriety. With more than 2,000 security vendors catalogued and organizations reporting an average of 45 security solutions deployed, why aren’t we any closer to solving the threat detection gap? To answer this question, we first need to ask, what are we trying to achieve? For years now, we have known that the “whack-a-mole” approach of detecting discrete threats is at best a stopgap for the next inevitable attack. At a high level, most would likely agree that the always-shifting nature of adversaries, emergence of new vulnerabilities and exploits, and the all-menacing “zero day” leads to the continued proliferation of incidents ranging across data breaches, ransomware, and cyberespionage, etc. As soon as we close one door to attackers, they find and open another. This has always been the case. There’s more to this though. We think some of the answer can be found in the failure to fully optimize and connect existing tools, processes, and people to give them broader visibility over traffic and threats moving in and out of their networks while seamlessly layering in detection and response capabilities. As we were told in a recent discussion with an industry analyst, “We’ve reached an inflection point.” Enterprises know that the resources needed to greatly improve their security operations exist, they are now hungry to start using them to their maximum potential.” In other words, “We know the goods are available, how do we start using them to better find and neutralize the bad actors?” Enter Extended Detection and Response (XDR) You may have noticed lately that XDR is white hot in the security world. Scores of vendors are entering the fray — ranging across small startups to established 800-pound gorillas. Dozens of industry analysts are quickly validating XDR as more than just a buzzword, with Garter adding XDR to the “innovation trigger” on the newly created Security Operations Hype Cycle. As a long-time member of the security technology community, I can add that while we have certainly seen enthusiasm for trends at different periods, the level that XDR is generating reminds me of three other significant movements that changed the course of computing and security. The first was for Security Event and Information Management (SIEM), which I experienced during my time as a founder at ArcSight. The second was during the “big data” era. The third was for “cloud,” which in many ways has been reinvigorated due to COVID. XDR: What is it? Multiple definitions exist. We think of XDR as an architecture and in terms of how enterprises can leverage it to maximize the performance of their overall security investment (people, technologies, services) to take action against threats at the fastest possible speed. As leaders in the threat intelligence market and with deference to the essential role that global threat intelligence plays in accelerating detection and response, we offer up the following working definition: Organizations that run on top of XDR architectures are able to move closer to managing their security infrastructure as an integrated, unified platform. With XDR, Security Operations Centers (SOCs) can break silos to converge all security data and telemetry collected and generated by security technologies they’ve deployed (tech that includes firewalls, EDR, CASB, SIEM, SOAR, TIP etc.). With this information, they can generate strategic threat intelligence that empowers | Vulnerability Threat Patching Guideline | ||
 |
2021-03-15 02:00:20 | How Quickly Are We Patching Microsoft Exchange Servers? (lien direct) | Telemetry data from Expanse's attack surface management platform details how quickly organizations are patching Microsoft Exchange Servers. | Patching | ||
|
2021-02-26 22:15:19 | CVE-2021-21309 (lien direct) | Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the “CONFIG SET proto-max-bulk-len� to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways. | Patching | ||
|
2021-02-25 18:25:39 | Research shows that a lack of attention is being paid to patching vulnerabilities and something has to be done about it (lien direct) | Edgescan, a full-stack vulnerability management service, has just released their Vulnerability Stat Report for 2021, and it's confirmed that 2020 really was as bad as we all thought it was. The stats report reveals a number of alarming statistics and trends from 2020, taking a deep-dive into vulnerability metrics from known vulnerabilities (CVE), Malware, Ransomware […] | Ransomware Vulnerability Patching | ||
 |
2021-02-12 13:30:00 | Why Every Company Needs a Software Update Schedule (lien direct) | Software without the most recent patch is like an unlocked door for threat actors. They know the openings are there and can just walk in. But patching and a software update schedule can make sure that door stays locked. Applying patches isn’t difficult. Click a few buttons, reboot and you are good to go. Even […] | Threat Patching | ||
 |
2021-02-04 19:20:06 | Google: Better patching could have prevented 1 in 4 zero‑days last year (lien direct) | Vendors should fix the root cause of a vulnerability, rather than block just one path to triggering it, says Google | Patching | ||
 |
2021-02-03 22:23:40 | Google: Proper patching would have prevented 25% of all zero-days found in 2020 (lien direct) | A quarter of all the zero-days exploited in the wild in 2020 were variations of previously patched vulnerabilities. | Patching | ||
|
2021-01-26 12:06:18 | Did You Read Our Most Popular 2020 Blog Posts? (lien direct) |  What was top of mind for your peers regarding AppSec in 2020?
Yes, we realize no one really wants a 2020 retrospective ??? who wants to look back at that mess? But we are going to carry on with our annual look-back at our most popular blogs from the previous year. We always gain a lot of insight with this exercise ??? we find out what resonated with security professionals and developers, uncover trends, and learn what people have questions or concerns about. We hope you find this valuable too.
So what were the hot AppSec topics in 2020? Topping the list: Developer security training, best practices made practical, open source security, technical details on vulnerabilities, and, of course, the sudden shift to remote work and a digital world last March. Did you catch all these popular blog posts?
Developer security training
Our new Security Labs offering was a hot topic last year. Clearly, training developers on secure coding is a requirement and a concern for many. If you want to see what Security Labs is all about, check out the Community Edition. Developers can use it to learn to code securely by hacking and patching real apps, at no cost.
Announcing Veracode Security Labs Community Edition
Stay Sharp and Squash Security Debt With Veracode Security Labs
Our survey report with ESG covered some of the pain points organizations are facing regarding security training, and blogs on that topic were in our most-viewed list as well.
16% of Orgs Require Developers to Self-Educate on Security
How 80% of Orgs Can Overcome a Lack of Training for Developers
Best practices for the rest of us
Our guide on AppSec best practices vs. practicalities and its associated blog were among our most-read content pieces last year. Highlighting not only what to strive for, but also where to start, with application security seemed to resonate with many.
Best Practices and Practical Steps to Guide Your AppSec Journey
Securing open source code
As with the past several years, open source security was one of the most popular topics. The first open source edition of our annual State of Software Security report got a lot of attention in 2020. Take a look at the report to get the results of our analysis of 351,000 external libraries in 85,000 apps. We unearthed some really interesting data about the number of dependencies in open source libraries, and about challenges and best practices in securing them.
Announcing Our State of Software Security: Open Source Edition
Breaking Down Risky Open Source Libraries by Language
Details on vulnerabilities and secure coding
Blogs that take a technical deep dive into particular vulnerabilities typically resonate with our audience, and last year was no exception. Our blog posts on spring view manipulation vulnerability and preventing sensitive data exposure got a lot of attention in 2020.
Write Code That Protects Sensit |
Vulnerability Patching | ||
|
2021-01-19 11:00:00 | We are better together: AT&T USM Anywhere and Digital Defense Frontline (lien direct) |
An enterprise needs an evolving view of its environment. What does normal look like? What are the weak spots? What is the impact of the threat to your environment?
Detecting the threat after collecting the right data is the first step. From there, the impact of the threat really matters; otherwise, security teams may be chasing after too many issues.
Recently, we have taken a major step in this customer-driven journey by releasing our first Advanced AlienApp that tightly integrates asset, vulnerability and threat data. Our new Advanced AlienApp for Digital Defense includes Digital Defense Frontline Vulnerability Manager (Frontline VM™) and Frontline Advanced Threat Sweep (Frontline ATS™). Joining our suite of existing Advanced AlienApps, Frontline is the first Alien App to offer additional asset discovery, correlation and de-duplication of dynamic assets, on-demand vulnerability scanning, passive malware detection and security risk trend analysis and reporting.
USM Anywhere with the AlienApp for Frontline also provides orchestration actions to help streamline incident response activities and to get even deeper visibility into the assets on the network and their respective vulnerabilities.
Digital Defense Frontline
The Frontline platform is a multi-tenant, cloud-native SaaS platform that supports both agent and agent-less scanning of assets through advanced fingerprinting, which leads to a lightweight customized scan that is often used for on-demand and real-time scanning of assets with minimal performance impact. More importantly, Frontline’s highly customized scanning means a false positive rate |
Malware Vulnerability Threat Patching Guideline | ||
|
2021-01-15 14:57:40 | Microsoft Reminds Organizations of Upcoming Phase in Patching Zerologon Vulnerability (lien direct) | Microsoft this week published a reminder for organizations that a February 9 security update will kick off the second phase of patching for the Zerologon vulnerability. | Vulnerability Patching | ||
|
2021-01-13 22:45:03 | CDPR CEO blames “in-game streaming” for Cyberpunk\'s console problems (lien direct) | Native next-gen versions pushed back to second half of 2021 amid patching work. | Patching | ||
|
2021-01-13 06:01:00 | What is a vulnerability management program and should your business have one? (lien direct) | This blog was written by a third party author. The rapid rate of change in attack methods and techniques in today’s cybersecurity landscape has made the keeping of an environment secure increasingly more difficult, causing many to fall into a dangerous state of simply reacting to current threats. Organizations that are serious about the state of their cybersecurity readiness are seeking to proactively look for those vulnerable applications, operating systems, and platforms within the network environment that cybercriminals would otherwise exploit to gain access, elevate privilege, laterally move, establish persistence, and carry out actions to a malicious end. One tenet of a comprehensive proactive security strategy is that of vulnerability management. Vulnerability management is commonly defined as “the practice of identifying, classifying, remediating and mitigating vulnerabilities.” Unlike patching based on security thresholds such as Common Vulnerability Scoring System (CVSS), vulnerability management is a continual process that seeks to intelligently prioritize the response to daily identified vulnerabilities before an attacker attempts to exploit them, keeping the organization as secure as possible. What is a Vulnerability Management Program? A Vulnerability Management Program is a risk-based, established continuous process within the organization designed to address the need to identify and remediate vulnerabilities. It leverages a team of members spanning across multiple departments including security, IT, AppSec, and DevOps; tools such as asset management, vulnerability scanning, and vulnerability assessment solutions, as well as a means to update the potentially wide range of disparate operating systems, applications, appliances, and devices involved. The pillars of vulnerability management A Vulnerability Management Program generally consists of just four basic pillars: Discovery – Having an understanding of every potential source of vulnerability including laptops, desktops, servers, firewalls, networking devices, printers, and more serves as the foundation for any solid Vulnerability Management Program. Identification – Using a vulnerability scanning solution, those systems and devices under management are scanned, looking for known vulnerabilities and correlating scan findings with said vulnerabilities. Reporting / prioritization – This step is a bit more complex than I’m going to cover here. Keeping in mind that you may have thousands of potential vulnerabilities (depending on the size and complexity of your environment), there will no doubt be varying factors that will determine which discovered vulnerabilities take priority over others. But in this step, those on the Vulnerability Management Program team will need to assess the identified vulnerabilities and determine priority. Response/remediation – It should be noted first that the remediation step isn’t always “patch it.” In some cases, there isn’t a patch and so the remediation actions utilize some kind of compensating control. Part of the process of remediating involves re-testing – whether via another vulnerability scan or penetration test. A framework for building a program in-house Providing you have ample staffing and internal expertise, it is possible to implement a Vulnerability Management Program in-house. As previously implied, it will take a team of folks who are responsible for the various parts of the organization that are impacted by both vulnerability scans and the resultant patching and/or remediation. Building a framework is also going to take some dedicated time to build, test, and adjust to meet your organization’s specific needs. A myriad of software solutions will be needed (whose list will be influenced by your industry/vertical’s individ | Vulnerability Patching | ||
|
2021-01-12 15:14:33 | Veracode Named a Leader in The Forrester Wave: Static Application Security Testing, Q1 2021 (lien direct) |  If you???re looking to start or optimize an AppSec program in 2021, the Forrester WaveTM report is a good place to begin your research. The report not only details essential elements of AppSec solutions, but also ranks 12 static application security testing (SAST) vendors based on their current offering, strategy, and market presence.
Development speeds and methods are changing and the requirements for a SAST solution are evolving as well. Forrester notes that SAST providers need to build their security solutions into the software development lifecycle (SDLC); integrate them into the CI/CD pipeline; protect new architectures like containers; and provide accurate, actionable results.
To help development teams and security and risk professionals identify the industry???s foremost SAST providers, Forrester conducted a 28-criterion evaluation. The research and analysis identified Veracode as a leader among SAST providers. The Forrester report noted, ???For firms looking for an enterprise-grade SAST tool, Veracode remains a top choice.???
The Forrester report specifically mentions, ???Veracode has invested in the developer experience.??? Veracode???s SAST offering is fully cloud-based and offers three different levels of scans that aid developers:
IDE Scan provides focused, real-time security feedback while the developer codes. It also helps developers remediate faster and learn on the job through positive reinforcement, remediation guidance, code examples, and links to Veracode application security (AppSec) tutorials.
Pipeline Scan happens in the build phase. It directly embeds into teams??? CI tooling and provides fast feedback on flaws being introduced on new commits. It helps answer the question, ???is the code my team is writing secure????
Policy Scan reviews code before production to ensure that applications are meeting policy compliance and industry standards. It helps answer the question, ???are my organization's applications secure????
Veracode also offers Security Labs, which trains developers to tackle evolving security threats by exploiting and patching real code. Through hands-on labs that use modern web apps, developers learn the skills and strategies that are directly applicable to their organization's code. Detailed progress reporting, email assignments, and a leaderboard encourage developers to continuously level up their secure coding skills.
We believe prioritization is another important strength for Veracode. As the Forrester report states, ?????ヲVeracode???s graphical representation of code flaws according to risk and ease of fix [are] unmatched in the market.??? In addition, the report states, ???References complimented Veracode's premium support,??? and Veracode is highly rated by customers for remediation guidance. As one customer stated, ???the relationship [with Veracode] really stands out.???
Learn more
Download The Forrester WaveTM: Static Application Security Testing, Q1 2021 report to learn more on what to look for in a SAST vendor and for more information on Veracode???s position as a Leader. |
Patching Guideline | ★★★★★ | |
|
2021-01-06 11:00:00 | IoT Cybersecurity Act successfully signed into law (lien direct) | This blog was written by an independent guest blogger. The IoT Cybersecurity Act, which aims to reduce the supply chain risk to the federal government arising from vulnerable IoT devices, was recently passed into law, and its effects are expected to carry over into private enterprise. Critics felt the law was long overdue: as found in the Nokia Threat Intelligence Report 2020, IoT devices are now responsible for 32.72% of all infections observed in mobile networks, representing an increase of 16.55% since 2019 alone. What threats can the rapid proliferation of IoT devices cause, and how is the new law dealing with them? 2020: A year of unprecedented cyber attacks 2020 has demonstrated the extent to which cyber criminals can quickly take advantage of major changes and crises taking place in the world. In a recent report, Fortinet warns that the introduction of edge devices will provide attackers with even more opportunity to wreak havoc via advanced threats. Over the past few years, traditional networks have been replaced with multiple-edge environments, IoT, WAN, remote center, and more. Fortinet adds that “while all of these edges are interconnected many organizations have sacrificed centralized visibility and unified control in favor of performance and digital transformation.” Cyber criminals will be harnessing the speed and scale that 5G will enable to target these environments at a more profound level. Main threats to security posed by connectivity Some of the biggest threats to cyber security include trojans seeking to target the edge, edge-enabled swarm attacks, smarter social engineering, and the possibility of ransoming OT edges. In the case of everyday users, the practical implications are endless. For instance, in the case of social engineering, attackers can use important contextual information about users’ daily routines and financial information to ransom, extort, and ca | Ransomware Threat Patching | ||
 |
2020-12-21 22:31:32 | Talos Vulnerability Discovery Year in Review - 2020 (lien direct) | While major attacks like ransomware and COVID-19-themed campaigns made headlines across the globe this year, many attacks were prevented through simple practices of finding, disclosing and patching vulnerabilities. Cisco Talos’ Systems Vulnerability Research Team discovered 231 vulnerabilities this year across a wide range of products. And thanks to our vendor partners, these vulnerabilities were patched […] | Ransomware Vulnerability Patching |
To see everything:
Our RSS (filtrered)
