What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-14 19:54:44 | Incomplete Fix for Apache Struts 2 Vulnerability (CVE-2021-31805) Amended (lien direct) | FortiGuard Labs is aware that the Apache Software Foundation disclosed and released a fix for a potential remote code execution vulnerability (CVE-2021-31805 OGNL Injection vulnerability ) that affects Apache Struts 2 on April 12th, 2022. Apache has acknowledged in an advisory that the fix was issued because the first patch released in 2020 did not fully remediate the issue. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also released an advisory on April 12th, 2022, warning users and administrators to review the security advisory "S2-062" issued by Apache and upgrade to the latest released version as soon as possible. Why is this Significant?This is significant because Apache Struts is widely used and successfully exploiting CVE-2021-31805 could result in an attacker gaining control of a vulnerable system. Because of the potential impact, CISA released an advisory urging users and administrators to review the security advisory "S2-062" issued by Apache and upgrade to the latest released version as soon as possible.On the side note, an older Struts 2 OGNL Injection vulnerability (CVE-2017-5638) was exploited in the wild that resulted in a massive data breach of credit reporting agency Equifax in 2017.What is Apache Struts 2?Apache Struts 2 is an open-source web application framework for developing Java web applications that extends the Java Servlet API to assist, encourage, and promote developers to adopt a model-view-controller (MVC) architecture.What is CVE-2021-31805?CVE-2021-31805 is an OGNL injection vulnerability in Struts 2 that enables an attacker to perform remote code execution on a vulnerable system. The vulnerability was originally assigned CVE-2020-17530, however CVE-2021-31805 was newly assigned to the vulnerability as some security researchers found a workaround for the original patch released in 2020.The vulnerability is described as "some of the tag's attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation."What Versions of Apache Struts are Vulnerable to CVE-2021-31805?Struts 2.0.0 - Struts 2.5.29 are vulnerable.Struts 2.0.0 and 2.5.29 were released in 2006 and 2022 respectively. Has the Vendor Released a Patch for CVE-2021-31805?Yes, Apache released a fixed version (2.5.30) of Apache Struts 2 on April 12th, 2022.Users and administrators are advised to upgrade to Struts 2.5.30 or greater as soon as possible.Has the Vendor Released an Advisory?Yes, Apache released an advisory on April 12th, 2022. See the Appendix for a link to "Security Bulletin: S2-062".What is the Status of Coverage?FortiGuard Labs provides the following IPS coverage for CVE-2020-17530, which applies for CVE-2021-31805:Apache.Struts.OGNL.BeanMap.Remote.Code.Execution | Data Breach Vulnerability Guideline | Equifax Equifax | |
 |
2021-09-09 10:25:08 | Jenkins discloses attack on its Atlassian Confluence service (lien direct) | The open source automation server Jenkins has disclosed a successful attack on its Confluence service. Attackers abused an Open Graph Navigation Library (OGNL) injection flaw – the same vulnerability type involved in the notorious 2017 Equifax hack – capable of leading to remote code execution (RCE) in Confluence Server and Data Center instances. Rated CVSS […] | Hack Vulnerability Guideline | Equifax Equifax | |
 |
2021-01-12 11:00:00 | Why cybersecurity awareness is a team sport (lien direct) |
Image Source
This blog was written by an independent guest blogger.
Cybersecurity may be different based on a person's viewpoint. One may want to simply protect and secure their social media accounts from hackers, and that would be the definition of what cybersecurity is to them. On the other hand, a small business owner may want to protect and secure credit card information gathered from their point-of-sale registers and that is what they define as cybersecurity.
Despite differences in implementation, at its core, cybersecurity pertains to the mitigation of potential intrusion of unauthorized persons into your system(s). It should encompass all aspects of one’s digital experience--whether you are an individual user or a company.
Your cyber protection needs to cover your online platforms, devices, servers, and even your cloud storage. Any unprotected area of your digital journey can serve as an exploit point for hackers and cyber criminals intent on finding vulnerabilities.
People assume that it is the responsibility of the IT Department to stop any intrusion. That may be true up to a certain point, cybersecurity responsibility rests with everyone, in reality.
Cybersecurity should be everybody’s business.
The cybersecurity landscape is changing. With 68% of businesses saying that their cybersecurity risks have increased, it is no wonder that businesses have been making increased efforts to protect from, and mitigate attacks.
During the height of the pandemic, about 46% of the workforce shifted to working from home. We saw a surge in cybersecurity attacks - for example, RDP brute-force attacks increased by 400% around the same time.
This is why cybersecurity must be and should be everybody’s business. According to the 2019 Cost of Cybercrime Study, cyberattacks often are successful due to employees willingly participating as an internal actors or or employees and affiliates carelessly clicking a link by accident.
Sadly, it is still happening today. Unsuspecting employees can be caught vulnerable and cause a corporate-wide cyberattack by opening a phishing email or bringing risks into the company’s network in a BYOD (Bring Your Own Device) system.
Just a decade ago, Yahoo experienced a series of major data breaches, via a backdoor to their network system established by a hacker (or a group of hackers). Further digital forensic investigation shows the breach started from a phishing email opened by an employee.
Another example was Equifax when it experienced a data breach in 2017 and was liable for fines amounting to $425 million by the Federal Trade Commission (FTC).
Companies continue to double up on their investments in cybersecurity and privacy protection today to ensure that incidents like these do not happen to their own networks. But a network is only as strong as its weakest link. Hackers continue to innovate, making their attacks more and mo |
Ransomware Data Breach Malware Vulnerability Guideline | Equifax Equifax Yahoo Yahoo | |
|
2019-05-15 13:00:00 | Critical Cyber Security features that your business needs to survive (lien direct) |
_(1).jpg)
Recent statistics show that 60% of businesses are forced to suspend operations after a cyber-attack are never able to reopen for business. This is largely due to revenue lost due to downtime as well as damage to the company’s reputation. The good news is that most of these threats can be mitigated with reliable cybersecurity. When it comes to cyberattacks, time is of the essence. Businesses should install systems that will enable them to detect potential threats so as to respond in a timely manner. One of the recommended solutions is a combination of services and products from AT&T Cybersecurity, which provides edge-to-edge protection to enable businesses stay ahead of threats.
Data Breach Prevention
Data breaches happen when cyber criminals successfully attack systems that hold sensitive information. In the case of businesses, this may include crucial information such as employee and customer records. The exfiltration of such data outside organizational boundaries can lead to costly fines and massive monetary losses. This is evident by the fining of Equifax after it experienced a breach that exposed data belonging to 146 million people. However, businesses can employ standard security software such as antivirus and intrusion detection systems to defend against data leakages by monitoring sensitive files and data transfers.
Phishing prevention
Phishing involves the use of digital messages by cyber criminals to steal credit card information, user logins and other types of sensitive data. Cases of phishing attacks have been on the rise and any business on the web can be targeted. As more businesses are aware of the risks posed by suspicious emails and links, hackers have upped the ante by using machine learning to distribute malicious messages with the aim of targeting frail businesses.
Sensitive data can also be compromised by third parties, such as partners and contractors. Businesses should employ effective strategies for finding partners and contractors so as to reduce security risks posed by them. Employee training, installation of security systems and updating of all software are essential methods to greatly reduce phishing attacks.
.jpg)
Ransomware prevention & detection
For many businesses around the world, ransomware can be a nightmare. The average ransomware attack costs a company a whopping $133,000. Cyber criminals make use of malicious software to encrypt a victim’s data and then demand ransoms in order to decrypt the data. Paying these ransoms doesn’t always guarantee access, since criminals cannot be trusted and so businesses should take measures to avoid such situations. One of the measures is to use updated security software, have a good backup and restore plan and also to train employees on how to avoid emails that may carry ransomware.
The importance of cybersecurity cannot be stressed enough. Companies have been reduced to rubble because of inadequate security to their systems. Cyber criminals are |
Ransomware Guideline | Equifax | ★★★★ |
|
2019-04-12 13:00:00 | Things I hearted this week 12th April 2019 (lien direct) |
Hello again to another weekly security roundup. This week, I have a slightly different spin on the roundup in that the net has been slightly widened to include broader technology topics from more than just this last week. However, all of the articles were written by ladies. With that, let’s dive straight in.
A beginner's guide to test automation
If you’re new to automated testing, you’re probably starting off with a lot of questions: How do I know which tests to automate? Why is automated testing useful for me and my team? How do I choose a tool or framework? The options for automated testing are wide open, and you may feel overwhelmed.
If so, this is a great article on how to get started.
A Beginner's Guide to Test Automation | Sticky Minds
.jpg)
All roads lead to exploratory testing
When I’m faced with something to test – be it a feature in a software application or a collection of features in a release, my general preference is weighted strongly towards exploratory testing. When someone who doesn’t know a great deal about testing wants me or my team to do testing for them, I would love to educate them on why exploratory testing could be a strong part of the test strategy.
All roads lead to exploratory testing | Womentesters
While on the topic of testing
Testing Behaviours — Writing A Good Gherkin Script | Medium, Jo Mahadevan
Single-page, server-side, static… say what?
An emoji-filled learning journey about the trade-offs of different website architectures, complete with gifs, diagrams, and demo apps.
If you’ve been hanging around the internet, trying to build websites and apps, you may have heard some words in conversation like static site or server-side rendered (SSR) or single-page app (SPA).
But what do all of these words mean? How does each type of application architecture differ? What are the tradeoffs of each approach and which one should you use when building your website?
Single-Page, Server-Side, Static… say what? | Marie Chatfield
If, like me you enjoyed this post by Marie, check out some of her other posts which are great. Quick plug to Protocol-andia: Welcome to the Networking Neighborhood. A whimsical introduction to how computers talk to each other, and what exactly your requests are up to.
Strengthen your security posture: start with a cybersecurity framework
The 2017 Equifax data breach is expected to break all previous records for data breach costs, with Larry Ponemon, chairman of the Ponemon Institute, estimating the final cost to be more than $600 million.
Even non-enterprise-level organizations suffer severe consequences for data breaches. According to the National Cyber Security Alliance, mid-market companies pay more than $1 million in post-attack mitigation, and the average cost of a data breach to an SMB is $117,000 per incident. While estimates vary, approximately 60% of businesses who suffer a breach are forced to shut down business within 6 months.
It is mor |
Guideline Prediction | Equifax APT 39 | |
 |
2019-03-11 15:30:00 | US Senators Slam Equifax, Marriott Executives For Massive Data Breaches (lien direct) | It has been reported that Equifax appeared before the United States Senate yesterday to discuss what the company has learned from one of the largest data breaches to hit corporate America. Last night, the Senate released a report on how Equifax handled its data security leading up to the data breach. The report details that they “neglected” cybersecurity ahead of the devastating … The ISBuzz Post: This Post US Senators Slam Equifax, Marriott Executives For Massive Data Breaches | Guideline | Equifax | |
|
2018-10-19 13:00:00 | Things I Hearted this Week, 19th October 2018 (lien direct) |
It’s been another eventful week in the world of cyber security. So let’s just jump right into it.
NCSC has Been Busy
NCSC collaborated with Australia, Canada, New Zealand, UK, and the USA to give us a report that highlights which publicly-available tools criminals are using to aid their cyber crimes.
Joint report on publicly available hacking tools | NCSC
The agency also commented on how it keeps criminals at bay by stopping on average 10 attacks on the government per week.
NCSC also published its Annual Review 2018 - the story of the second year of operations at the National Cyber Security Centre.
Targeting Crypto Currencies
It is estimated that cryptocurrency exchanges suffered a total loss of $882 million due to targeted attacks in 2017 and in the first three quarters of 2018. According to Group-IB experts, at least 14 crypto exchanges were hacked. Five attacks have been linked to North Korean hackers from Lazarus state-sponsored group, including the infamous attack on Japanese crypto exchange Coincheck, when $534 million in crypto was stolen.
Targeted attacks on crypto exchanges resulted in a loss of $882 million | HelpNet Security
Twitter Publishes Data on Iranian and Russian Troll Farms
In an attempt to try and be more proactive in dealing with misinformation campaigns, Twitter has published its Elections Integrity dataset which includes attempted manipulation, including malicious automated accounts and spam. In other words it’s attempting to out - Iranian and Russian troll farms.
Twitter’s focus is on a healthy public conversation | Twitter
In light of this, it’s worth also revisiting this article by Mustafa Al-Bassam in which he researched UK intelligence doing the same thing targeting civilians in Iran.
British Spies Used a URL Shortener to Honeypot Arab Spring Dissidents | Motherboard
Equifax Engineer Sentenced
An Equifax engineer gets eight months for earning $75,000 from insider trading. He figured out he was building a web portal for a breach involving Equifax, which turned out to be the 2017 breach, and so decided to ride the stock drop.
Equifax engineer who designed breach portal gets 8 months of house arrest for insider trading | ZDNet
Mind the Skills Gap
(ISC)2 has released its 2018 global cyber security workforce study and it looks like the cyber security skills gap has widened to 3 million.
It’s worth bearing in mind that estimating the skills gap isn’t an eas |
Guideline | Equifax APT 38 | |
 |
2018-04-02 15:25:00 | Saks, Lord & Taylor Stores Hit by Data Breach (lien direct) | A data breach at Saks Fifth Avenue and Lord & Taylor stores in North America exposed customer payment card data, parent company Hudson's Bay Company (HBC) announced on Sunday. The hack, which also impacted its discount store brand Saks OFF 5TH, did not appear to affect HBC's e-commerce or other digital platforms. “We identified the issue, took steps to contain it, and believe it no longer poses a risk to customers shopping at our stores,” the announcement said. “We are working rapidly with leading data security investigators to get our customers the information they need, and our investigation is ongoing. We also are coordinating with law enforcement authorities and the payment card companies,” it added. According to cybersecurity research and threat intelligence firm Gemini Advisory, a cybercrime marketplace called JokerStash announced that over five million stolen credit and debit cards were for sale, which it says were likely stolen from HBC's stores. “In cooperation with several financial organizations, we have confirmed with a high degree of confidence that the compromised records were stolen from customers of Saks Fifth Avenue and Lord & Taylor stores,” Gemini said in a blog post, adding that the window of compromise was estimated to be May 2017 to present.” As of Sunday, roughly 125,000 records had been released for sale so far, Gemini said, with the “entire cache” expected to become available in the following months. HBC did not provide details on the number of customers/records impacted in the incident. “The Company is working rapidly with leading data security investigators to get customers the information they need, and the investigation is ongoing. HBC is also coordinating with law enforcement authorities and the payment card companies,” HBC said. “The details of how these cards were stolen remains unclear at this time, but it's important that we learn what happened so that others can work to prevent similar breaches," commented Tim Erlin, VP, product management and technology at Tripwire. "This appears to be the type of breach, through point-of-sale systems, that EMV is supposed to prevent, so we need to ask what happened here. Was EMV in use, and if so, how did the attackers circumvent it? | Guideline | Equifax | |
|
2018-03-26 15:27:02 | One Year Later, Hackers Still Target Apache Struts Flaw (lien direct) | One year after researchers saw the first attempts to exploit a critical remote code execution flaw affecting the Apache Struts 2 framework, hackers continue to scan the Web for vulnerable servers. The vulnerability in question, tracked as CVE-2017-5638, affects Struts 2.3.5 through 2.3.31 and Struts 2.5 through 2.5.10. The security hole was addressed on March 6, 2017 with the release of versions 2.3.32 and 2.5.10.1. The bug, caused due to improper handling of the Content-Type header, can be triggered when performing file uploads with the Jakarta Multipart parser, and it allows a remote and unauthenticated attacker to execute arbitrary OS commands on the targeted system. The first exploitation attempts were spotted one day after the patch was released, shortly after someone made available a proof-of-concept (PoC) exploit. Some of the attacks scanned servers in search of vulnerable Struts installations, while others were set up to deliver malware. Guy Bruneau, researcher and handler at the SANS Internet Storm Center, reported over the weekend that his honeypot had caught a significant number of attempts to exploit CVE-2017-5638 over the past two weeks. The expert said his honeypot recorded 57 exploitation attempts on Sunday, on ports 80, 8080 and 443. The attacks, which appear to rely on a publicly available PoC exploit, involved one of two requests designed to check if a system is vulnerable. Bruneau told SecurityWeek that he has yet to see any payloads. The researcher noticed scans a few times a week starting on March 13, coming from IP addresses in Asia. “The actors are either looking for unpatched servers or new installations that have not been secured properly,” Bruneau said. The CVE-2017-5638 vulnerability is significant as it was exploited by cybercriminals last year to hack into the systems of U.S. credit reporting agency Equifax. Attackers had access to Equifax systems for more than two months and they managed to obtain information on over 145 million of the company's customers. The same vulnerability was also leveraged late last year in a campaign that involved NSA-linked exploits and cryptocurrency miners. | Guideline | Equifax | |
|
2018-03-23 12:42:03 | Pwner of a Lonely Heart: The Sad Reality of Romance Scams (lien direct) | Valentine's Day is a special holiday, but for victims of romance scams it is a tragic reminder, not only of love lost, but financial loss as well. According to the FBI Internet Crime Complaint Center (IC3), romance scams accounted for $230 million in losses in 2016.
Men and women may jokingly refer to their significant other as their “partner in crime,” but when it comes to romance scams, this joke may become a sad reality. In additional to financial losses, many scammers may convince their victims to become money mules or shipping mules, directly implicating them in illegal behavior.
Recently, Agari researchers identified a woman in Los Angeles that has sent nearly half a million dollars to a scammer that she has never even met. Even worse, this woman knowingly cashes bad checks and fake money orders on his behalf. The FBI has warned her to stop, yet it is unlikely she will do so.
The victims of romance scams are typically women in their 40s to 50s, usually divorced or widowed and looking for a new relationship. They are targeted by scam artists on dating web sites, who have the ability to refine their searches for women that fit their target demographics.
The scam artists create profiles of charming and successful men to engage these lonesome women. Dating sites frequently ask what women are looking for in a partner, so it is easy for the scammer to say exactly what they need to seem like “Mr. Right.”
Once these scammers engage with their victims, there are an inevitable variety of excuses why they can't meet – claims of overseas military service or mission trips are common, and help to further cement the supposed righteousness of the scammer. After a few months of correspondence, the scammer will claim a supposed tragedy: a lost paycheck or medical fees are common – and request a small loan. The typical loss in these scams is $14,000, not to mention the considerable psychological damage – victims of romance scams frequently withdraw from their social circles, embarrassed by the stigma.
Even worse, such as the case of our anonymous victim, some of these scams can continue on for years, with frequent requests for financial support. Once trust is established with their victims, these scammers may also to begin to use them as “mules” to cash fake checks, make deposits, accept shipment of stolen goods, and more. In the case of our anonymous victim, her family has pleaded with her to stop sending her suitor more money, and the FBI has warned her that her behavior is illegal; and yet she persists.
|
Guideline | Equifax Yahoo | |
|
2018-03-21 01:24:01 | (Déjà vu) AMD Says Patches Coming Soon for Chip Vulnerabilities (lien direct) | AMD Chip Vulnerabilities to be Addressed Through BIOS Updates - No Performance Impact Expected
After investigating recent claims from a security firm that its processors are affected by more than a dozen serious vulnerabilities, chipmaker Advanced Micro Devices (AMD) on Tuesday said patches are coming to address several security flaws in its chips.
In its first public update after the surprise disclosure of the vulnerabilities by Israeli-based security firm CTS Labs, AMD said the issues are associated with the firmware managing the embedded security control processor in some of its products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.
CTS Labs, which was unheard of until last week, came under fire shortly after its disclosure for giving AMD only a 24-hour notice before going public with its findings, and for apparently attempting to short AMD stock. The company later made some clarifications regarding the flaws and its disclosure method.
CTS Labs claimed that a number of vulnerabilities could be exploited for arbitrary code execution, bypassing security features, stealing data, helping malware become resilient against security products, and damaging hardware.
“AMD has rapidly completed its assessment and is in the process of developing and staging the deployment of mitigations,” the chipmaker wrote in an update on Tuesday. “It's important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings.”
AMD said that patches will be released through BIOS updates to address the flaws, which have been dubbed MASTERKEY, RYZENFALL, FALLOUT and CHIMERA. The company said that no performance impact is expected for any of the forthcoming mitigations.
AMD attempte |
Guideline | Equifax | |
|
2018-03-20 20:26:04 | Virsec Raises $24 Million in Series B Funding (lien direct) | Virsec, a cybersecurity company that protects applications from various attacks, today announced that it has closed a $24 million Series B funding round led by tech investment firm BlueIO.
This latest funding round brings the total amount raised to-date by the company to $32 million. The company previously raised $1 million in seed funding and $7 million in a Series A funding round.
Virsec explains that its technology can protect applications by protecting processes in memory and pinpointing attacks in real-time, within any application. In more detail, the company explains that its Trusted Execution technology “maps acceptable application execution, and instantly detects deviations caused by attacks.”
“The battleground has shifted in cybersecurity and the industry is not keeping up,” said Atiq Raza, CEO of San Jose, California-based Virsec. “With our deep understanding of process memory, control flow, and application context, we have developed a revolutionary solution that stops attacks in their tracks, where businesses are most vulnerable – within applications and processes.”
Additional investors participating in the round include Artiman Ventures, Amity Ventures, Raj Singh, and Boston Seed Capital.
|
Guideline | Equifax | |
|
2018-03-20 19:50:00 | Cambridge Analytica Debacle -The Definition Of Breach (lien direct) |
Pretty much the motto of my profession is “word choice matters.” I say it a lot. It appears somewhere in the marginalia of pretty much everything I’ve ever edited. Words have denotation, and connotation. There are considerations for dialect, and for popular use.
It can be fiddly and annoying to be queried so; I get it. You know what you meant, and you grabbed the word in your head that, to you, meant that thing. One of the glories of having your work edited is that someone who isn’t you can hold up a mirror, to make sure that the word on the page means as close as possible to what you meant in your head, to the greatest number of people, no matter where they’re from or what language they natively speak. Here at AlienVault, we’ve had some great discussions about the differences in connotation in different words between our Irish speakers, who learned Hiberno-English (which gets the hyphen when none of the others do), Chinese speakers, who learned British English, and Americans, who learned American English with intense regional dialect (the Texans and the Californians are occasionally mutually unintelligible.)
But there’s one thing that none of us tolerate; the choosing of a word to deliberately mislead. When one works in fiction, one is used to the painting of pictures with words. When one chooses to work primarily in technology, it’s often because you’re way more comfortable with the nicely concrete, if entirely mutable. In technology, a thing is, or it is not. It’s variations on a theme of zeros and ones, no matter whether it’s software or hardware.
It is therefore maddening beyond belief when the unambiguous words of technology are used to mislead the non-technical public. I’m of course talking about the Cambridge Analytica debacle, which is being referred to across the media landscape as “a data breach.”
A data breach is when someone who is not authorized to handle specific information obtains access to that information. It’s a non-trivial failure of the security measures a responsible company or reasonable individuals would have in place. It implies wrongdoing, it implies malice, it implies a victim/attacker relationship.
But when data is harvested and used with the unknowing opt-in of thousands of people, that’s not a breach. There are no hackers here; just people who knew how to use freely-given personal data to manipulate not very technically astute people to some political end.
Lorenzo Franceschi-Bicchierai, as usual, gets it:
We’ve been regularly covering data breaches for years. No one hacked into Facebook’s servers exploiting a bug, like hackers did when they stole the personal data of more than 140 million people from Equifax. No one tricked Facebook users into giving away their passwords and then stole their data, like Russian hackers did when they broke into the email accounts of John Podesta and others through phishing emails.
Facebook obviously doesn't want the public to think it suffered a ma |
Guideline | Equifax Yahoo | |
|
2018-03-15 01:38:04 | Palo Alto Networks to Acquire CIA-Backed Cloud Security Firm Evident.io for $300 Million (lien direct) | Network security firm Palo Alto Networks (NYSE: PANW) on Wednesday said that it has agreed to acquire cloud security and compliance firm Evident.io for $300 million in cash.
Palo Alto Networks currently has several security offerings that cater to cloud environments, including its VM-Series virtualized next-generation firewalls, API-based security for public cloud services infrastructure, and Traps for host-based security.
Pleasanton, Calif.-based Evident.io's flagship Evident Security Platform (ESP) helps customers reduce cloud security risk by minimizing the attack surface and improving overall security posture. ESP can continuously monitor AWS and Microsoft Azure deployments, identify and assess security risks, provide security teams with remediation guidance, along with providing security auditing and compliance reporting by analyzing configurations of services and account settings against security and compliance controls.
“Once integrated with the Palo Alto Networks cloud security offering, customers will be able to use a single approach to continuous monitoring, comprehensive storage security, and compliance validation and reporting,” explained Tim Prendergast, CEO & Co-Founder of Evident.io.
Evident.io is backed by Bain Capital Ventures, True Ventures, Venrock, Google Ventures, and In-Q-Tel, the not-for-profit venture capital arm of the CIA.
The acquisition is expected to close during Palo Alto Networks fiscal third quarter, subject to satisfaction of customary closing conditions.
Evident.io's co-founders, Tim Prendergast and Justin Lundy, will join Palo Alto Networks.
|
Guideline | Equifax | |
|
2018-03-14 15:17:04 | Former Equifax CIO Charged With Insider Trading (lien direct) | The United States Securities and Exchange Commission (SEC) said it has charged Jun Ying, former chief information officer (CIO) of a business unit of Equifax, with insider trading in connection with the massive data breach disclosed in late 2017 that put millions of customers at risk. The SEC alleges that before Equifax's public disclosure of the breach in September 2017, Ying exercised all of his vested Equifax stock options and then sold the shares, taking proceeds of roughly $1 million. By selling his shares before public disclosure of the data breach, Ying avoided more than $117,000 in losses, the SEC says. According to the SEC's complaint, Jun Ying, who reportedly was next in line to be the company's global CIO, allegedly used confidential information provided to him by the company to conclude that Equifax had suffered a serious breach that exposed sensitive personal information of more than 148 million U.S. customers. The Atlanta-based company has been under fire for not explaining why it waited more than a month to warn affected customers about a risk of identity theft and fraud. Questions were also raised after four Equifax executives sold stock worth $1.8 million just prior to public disclosure of the hack. Equifax claimed that the execs had been unaware of the breach when they sold shares. “As alleged in our complaint, Ying used confidential information to conclude that his company had suffered a massive data breach, and he dumped his stock before the news went public,” said Richard R. Best, Director of the SEC's Atlanta Regional Office. “Corporate insiders who learn inside information, including information about material cyber intrusions, cannot betray shareholders for their own financial benefit.” Ying has been charged with violating the antifraud provisions of the federal securities laws and seeks repayment of ill-gotten gains plus interest, penalties, and injunctive relief. “Upon learning about Mr. Ying's August sale of Equifax shares, we launched a re | Guideline | Equifax | |
 |
2017-10-27 15:57:11 | NBlog October 27 - Equifax cultural issues (lien direct) |   Motherboard reveals a catalog of issues and failings within Equifax that seem likely to have contributed to, or patently failed to prevent, May's breach of sensitive personal information on over 145 million Americans, almost half the population.Although we'll be using the Equifax breach to illustrate November's awareness materials on privacy, we could equally have used them in this month's module on security culture since, according to BoingBoing:"Motherboard's Lorenzo Franceschi-Bicchierai spoke to several Equifax sources who described a culture of IT negligence and neglect, in which security audits and warnings were routinely disregarded, and where IT staff were unable to believe that their employers were so cavalier with the sensitive data the company had amassed."'A culture of IT negligence and neglect' is almost the opposite of a security culture, more of a toxic culture you could say. Workers who simply don't give a stuff about information security or privacy are hardly likely to lift a finger if someone reports issues to them, especially if (as seems likely) senior managers are complicit, perhaps even the source of the toxin. Their lack of support, leadership, prioritization and resourcing for the activities necessary to identify and address information risks makes it hard for professionals, staff members and even management |
Guideline | Equifax | |
|
2017-10-27 13:00:00 | Things I Hearted This Week – 27th October 2017 (lien direct) |
The role of marketing in cybersecurity
This is from an interview with Theresa Payton, former CIO of the White House, who offers interesting comments and observations around the role of marketing and why CMOs need to work closer with CISOs:
My pushback has been for some time that this is a wake-up call for the security side. The reason these colossal security systems don’t work is because we don’t design for humans. We design the perfect systems and then we claim that the users are making the mistakes.
The Equifax Breach: Former White House CIO Believes Marketers Need To Be Engaged In Cybersecurity | Forbes
Public speaking for academic economists
The title of this is probably the furthest thing you might expect from information security, but it made my list this week because it is actually very relevant. Just like academics, information security professionals often have to convey complex concepts to non-security professionals. This deck lays out a lot of very useful points that are worth bearing in mind.
Public speaking for academic economists | Dropbox link
Equifax woes continue
The UK financial regulator is stepping into the mess following the huge breach at Equifax. The regulator has said it is investigating the circumstances – and has the potential to fine or even revoke the company's right to operate in the UK.
UK financial regulator confirms it is probing Equifax mega-breach | The Register
Equifax under FCA investigation over data breach | The Telegraph
FCA launches probe into Equifax | Financial Times
Ghost of scammers
In a story that proves that nothing is sacred to scammers, a Louisiana-based funeral home had its email account taken over and scam emails sent out to customers and suppliers asking for money.
If a funeral home isn’t safe from hackers, who is?
Hackers Take Over Funeral Home's Email Account and Run Online Scams | Bleeping Computer
Google testing Android feature to hide DNS requests
Google has added support in Android for an experimental feature that will encrypt DNS requests and prevent network-level attackers from snooping on user traffic. This new feature is named "DNS over TLS," an experimental protocol currently receiving comments at the Internet Engineering Task Force (IETF), an Internet standards body.
Android getting “DNS over TLS” support to stop ISPs from knowing what websites you visit | XDA Developers
Google testing Android feature to hide DNS requests | Bleeping Computer
|
Guideline | Equifax | |
|
2017-10-18 13:00:00 | Streamline Incident Response with USM Anywhere and Jira (lien direct) | The recent data breach at Equifax is the latest cautionary tale for what can happen when the response to a threat lags behind the initial detection. The vulnerability that ultimately led to the breach was correctly identified, but the delay in patching the affected systems created a window of opportunity for attackers to exploit it. On this front, Equifax is not alone. According to the SANS 2017 Incident Response Survey, nearly half of the survey base reported that, on average, it takes more than 24 hours to contain a threat, and 82% reported a remediation time of one month or longer. There are many factors that can slow down an incident response process. Commonly, IT and security reside in different parts of the organization and may use different systems to track and prioritize work. Having to work across multiple ticketing workflow systems that are complex to integrate, redundant, or siloed by product can slow down or introduce errors into an incident response process. To help reduce time, complexity, and errors in kicking off incident response activities, we’ve brought AlienVault USM Anywhere closer together with Jira, a leading issue and project tracking software. Today, we’re announcing our newest AlienApp for Jira, instantly available to all USM Anywhere customers. The AlienApp for Jira helps close the gap between threat detection and incident response activities. With the AlienApp for Jira, you can open and track Jira issues directly from USM Anywhere, making it easy, fast, and efficient to monitor the lifecycle of your incident response activities, even across multiple security and IT teams. From any alarm, event, or vulnerability detected in USM Anywhere, you can create a new Jira issue that captures the relevant threat data needed for effective response, saving you time and effort. You can also automate the creation of new Jira issues in response to threats detected in USM Anywhere to further reduce the time between detection and resolution. By combining USM Anywhere with Jira, one of the most widely-used tools for both IT service organizations and software development teams, you can streamline your incident response activities and effectively reduce the time to resolution for security incidents. The Problem Returning to the Equifax example, let’s look at a simplified scenario of how a vulnerability moves from identification to remediation in many organizations. A regular network scan (usually off hours) identifies a critical vulnerability. The next day (and sometimes later), a security analyst reviews the scan results and identifies which machines need patching. The security analyst logs into a separate IT ticketing system and manually enters all of the relevant information about the vulnerability. The ticket is added to a long queue of requests for the IT team. The security analyst continually checks the ticketing system (and/or badgers his or her IT colleagues) to see the status of the request. Now, let’s look at the same scenario with USM Anywhere and Jira working in concert thanks to the AlienApp for Jira. A regular network scan (usually off hours) identifies a critical vulnerability. A USM Anywhere orchestration rule immediately responds to the new vulnerability by automatically creating an issue in Jira, including the relevant information about the vulnerability and the affected asset. The Jira issue is immediately triaged by the IT team and assigned. The security analyst arrives at work in the morning, checks USM Anywhere, and sees that the vulnerability has been identifie | Guideline | Equifax | |
|
2017-10-02 10:51:19 | NBlog October 2 - a 2-phase approach to bolster the security culture (lien direct) | We've just updated the NoticeBored website to describe the new awareness module on security culture and delivered the latest batch of security awareness materials to subscribers. Culture is a nebulous, hand-waving concept, hard to pin down and yet an important, far-reaching factor in any organization. The new module (the 63rd topic in our bulging security awareness portfolio) is essentially a recruitment drive, aimed at persuading workers to join and become integral parts of the Information Security function. The basic idea is straightforward in theory but in practice it is a challenge to get people to sit up and take notice, then to change their attitudes and behaviors. During September, we developed a two-phased approach:Strong leadership is critically important which means first convincing management (all the way up to the exec team and Board) that they are the lynch-pins. In setting the tone at the top, the way managers treat information risk, security, privacy, compliance and related issues has a marked effect on the entire organization. Their leverage is enormous, with the potential to enable or undermine the entire approach, as illustrated by the Enron, Sony and Equifax incidents.With management support in the bag, the next task is to persuade workers in general to participate actively in the organization's information security arrangements. Aside from directly appealing to staff on a personal level, we enlist the help of professionals and specialists since they too are a powerful influence on the organization - including management. October's awareness materials follow hot on the heels of the revised Information Security 101 module delivered in September. That set the scene, positioning information security as an essential part of modern business. Future modules will expand on different aspects, each one reinforcing the fundamentals ... which is part of the process of enhancing the security cu |
Guideline | Equifax | |
 |
2017-09-19 11:33:58 | Misleading headlines about Equifax\'s *earlier* hack (lien direct) |  |
Guideline | Equifax | |
 |
2017-09-16 18:39:05 | People can\'t read (Equifax edition) (lien direct) | One of these days I'm going to write a guide for journalists reporting on the cyber. One of the items I'd stress is that they often fail to read the text of what is being said, but instead read some sort of subtext that wasn't explicitly said. This is valid sometimes -- as the subtext is what the writer intended all along, even if they didn't explicitly write it. Other times, though the imagined subtext is not what the writer intended at all.A good example is the recent Equifax breach. The original statement says:Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers.The word consumers was widely translated to customers, as in this Bloomberg story:Equifax Inc. said its systems were struck by a cyberattack that may have affected about 143 million U.S. customers of the credit reporting agencyBut these aren't the same thing. Equifax is a credit rating agency, keeping data on people who are not its own customers. It's an important difference.Another good example is yesterday's quote "confirming" that the "Apache Struts" vulnerability was to blame:Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted. We know that criminals exploited a U.S. website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638.But it doesn't confirm Struts was responsible. Blaming Struts is certainly the subtext of this paragraph, but it's not the text. It mentions that criminals had exploited the Struts vulnerability, but don't actually connect the dots to the breach we are all talking about.There's probably reasons for this. While it's easy for forensics to find evidence of Struts exploitation in logfiles, it's much harder to connect this to the breach. While they suspect Struts, they may not actually be able to confirm it. Or, maybe they are trying to cover things up, where they feel failing to patch is a lesser crime than what they really did.It's at this point journalists should earn their pay. Instead rewriting what they read on the Internet, they could do legwork and call up Equifax PR and ask.The purpose of this post isn't to discuss Equifax, but the tendency of people to "read between the lines", to read some subtext that wasn't actually expressed in the text. Sometimes the subtext is legitimately there, such as how Equifax clearly intends people to blame Struts thought they don't say it outright. Sometimes the subtext isn't there, such as how Equifax doesn't mean it's own customers, only "U.S. consumers". Journalists need to be careful about making assumptions about the subtext. Update: The Equifax CSO has a degree in music. Some people have criticized this. Most people have defended this, pointing out that almost nobody has an "infosec" degree in our industry, and many of the top people have no degree at all. Among others, @thegrugq has pointed out that infosec degrees are only a few years old -- they weren't around 20 years ago when today's corporate officers were getting their degrees.Again, we have the text/subtext problem, where people interpret infosec degrees as being the same as computer-science degrees, the later of which have existed for decades. Some, as in this case, consider them to be wildly different. Others consider them to be nearly the same. |
Guideline | Equifax |
1
We have: 21 articles.
We have: 21 articles.
To see everything:
Our RSS (filtrered)
