Security Boulevard

via the comic & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Celestial Event’ appeared first on Security Boulevard.

Along with 30,000+ of my closest friends, HYAS participated in both the Black Hat 2024 cyber security conference and others last week in Las Vegas.  There have been a lot of articles published on the main themes, focus, and top keywords of BlackHat 2024; Chris Needs, the VP of Product Management at HYAS, published a HYAS view on the conference, so I didn’t see a reason to publish yet another one.

Instead, let me talk more about what I think is vitally important but didn’t see. While everyone is talking about AI, both the applications of it and risk from it, ransomware and the latest techniques to detect and stop it, cloud security and other related topics, I unfortunately saw very little about a topic I am passionate about  – cyber resiliency.  The White House and the US Government are talking about it, other foreign governments are talking about it, key clients around the world are deploying it, why isn’t it a more obvious, front-and-center conversation?

Yes, Crowdstrike had a key message on the walk to the business hall about how we all need more resiliency, but even still it was not a major focus of their marketing messages at their booth. And I do need to give a special shout-out to World Wide Technology who does have people openly talking about this topic.  

Nevertheless, we continue to talk too much in general about stopping attacks at the four walls and “preventing breaches.”  It’s time to admit that attackers will continue to innovate and adapt their techniques and tactics, that the attack surface will constantly be changing and updating, that people will always be susceptible to deception and social engineering.  That doesn’t mean we give up – we clearly need to continue to focus on training employees to be observant and aware; we clearly need to do our best to protect organizations and their assets by keeping criminals out through the deployment of existing and new software solutions.  But we also need to recognize that it’s likely never going to be enough. A complete cyber security approach includes the acknowledgement and recognition that one needs to prepare for the eventual breach.  If we assume that a bad actor is already inside the network – what visibility exists to detect this and stop it, what controls will be able to prevent the attack from rapidly expanding and causing damage?

While some bad actors are laying low inside organizations for months, increasingly there are reports of data exfiltration and damage within hours of the initial breach.  Despite the ever-increasing dollars poured into keeping criminals out of the network and detecting their attempts to break in, they still are – who is talking about this and, more importantly, who is doing something about it?

There are many ways to achieve cyber resilience – one of them is through the deployment of Protective DNS. That’s just one of the reasons it’s recommended by CISA and the NSA, it’s a recommended part of a SASE architecture, and is being asked about in cyber insurance attestation questionnaires.  Furthermore, when it’s integrated into other components, like integrated directly into your EDR or XDR solution, the combination is more powerful than either component by itself and combines the ability to stop the criminal on the way in with an assurance you can still stop them in time if they break through.

At HYAS we tested this hypothesis, and simulated attacks and traffic to 492 malicious domains in real actual use from recent campaigns.  While EDR and XDR solutions in general excel at detecting errant behavior on the device or at the point of entry, HYAS Protect protective DNS excels at detecting the beaconing behavior and outbound communication to adversary infrastructure, the telltale signs or “digital exhaust” of a breach.

(HYAS internal study and results; EDR/XDR vendors anonymized)

We as an industry need to be talking more about this – the integration of various solutions to form a more complete and resilient approach.  Yes, there is obvious competition and not every vendor can or wants to integrate with every other vendor.  But only through the right partner integrations can we collectively add value to the end customer and client; only through the right integrations will we develop more complete solutions vs point products; only in this way will we actually be able to turn the tide or at least hold back the onslaught of attacks a bit, and change the game on the criminals.  

This is what we need to be talking about more as an industry.  And this is, what I fear, was unfortunately lacking this year at BlackHat.

Ready to step up your defensive game? We'd love to connect with you to transform your cybersecurity strategy from reactive to proactive.

The post A Gap in the Armor: What Was Missing from Black Hat 2024 appeared first on Security Boulevard.

KP♡TX PII: “General Motors has engaged in egregious business practices that violated Texans’ pri­vacy … in unthinkable ways,” rants state attorney general Ken Paxton (pictured).

The post Don’t Mess With Texas Privacy: AG Sues GM for $18 BILLION appeared first on Security Boulevard.

From the Federal Register:

After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+.

These algorithms are part of three NIST standards that have been finalized:

• FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard
• FIPS 204: Module-Lattice-Based Digital Signature Standard
• FIPS 205: Stateless Hash-Based Digital Signature Standard...

The post NIST Releases First Post-Quantum Encryption Algorithms appeared first on Security Boulevard.

Authors/Presenters:Ruben Recabarren, Bogdan Carbunar, Nestor Hernandez, and Ashfaq Ali Shafin,

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – Strategies and Vulnerabilities of Participants in Venezuelan Influence Operations appeared first on Security Boulevard.

There is an increased focus on how advances in artificial intelligence (AI) and machine learning (ML) can negatively impact network security.

The post How to Maximize Network Security With AI and ML appeared first on Security Boulevard.

DEF CON conference organizations are looking for volunteers to join a Franklin initiative to help secure critical infrastructure and school systems that lack the expertise required to defend themselves against cyberattacks.

The post DEF CON Calls for Cybersecurity Volunteers to Defend Critical Infrastructure appeared first on Security Boulevard.

The post Zero Compromise with Content Disarm and Reconstruction (CDR), Powered by Zscaler Browser Isolation and Votiro appeared first on Votiro.

The post Zero Compromise with Content Disarm and Reconstruction (CDR), Powered by Zscaler Browser Isolation and Votiro appeared first on Security Boulevard.

Google cybersecurity researchers confirm that the Iranian-sponsored APT42 threat group is being ongoing phishing campaigns against President Biden, Vice President Harris, and ex-President Trump in an attempt to influence the upcoming presidential elections.

The post Google: Iranian Group APT42 Behind Trump, Biden Hack Attempts appeared first on Security Boulevard.

A couple of weeks ago, Balbix was recognized as a Representative Vendor in the newly created Exposure Assessment Platforms (EAPs) category in the Gartner® Hype Cycle™ reports for Security Operations and Managing Operational Technology, 2024. In the report, Gartner mentioned that deploying “the EAP platform has high benefits, with 20-50% market penetration expected within 2-5 …

Read More

The post Balbix Recognized in Three 2024 Gartner® Hype Cycle™ Reports appeared first on Security Boulevard.

The recent Federal Communications Commission (FCC) settlement with TracFone Wireless, Inc. (TracFone) for $16 million highlights a critical vulnerability within the mobile telecommunications industry: API security. The investigation revealed unauthorized access to customer data through weaknesses in TracFone's mobile carrier APIs. This incident reminds mobile carriers to prioritize robust API security measures to safeguard customer data and ensure network integrity.

Mobile Carrier APIs: Essential Tools with Potential Risks

Mobile networks rely heavily on APIs to connect with partners, enable customer self-service features, and integrate with third-party applications. While these APIs offer valuable functionalities, they also introduce security risks. Here's a deeper dive into the factors contributing to API vulnerabilities within the mobile landscape:

• Complex Network Ecosystems: Mobile networks are intricate environments with numerous interconnected systems and APIs. Managing and securing these APIs effectively presents a significant challenge for security teams.
• Legacy Infrastructure: Some mobile operators may still utilize older infrastructure not designed with API security as a primary focus. These legacy systems might have inherent vulnerabilities that attackers can exploit.
• Third-Party Integration Landscape: Integrations with third-party applications, while offering additional features and functionality, add complexity to the security landscape. If those third parties have inadequate API security practices, it creates potential entry points for attackers.
• Evolving Threat Landscape: Cybercriminals constantly develop new methods to exploit API vulnerabilities. Traditional security solutions might struggle to keep pace with these ever-evolving threats.

Beyond Financial Penalties: The Devastating Impact of a Data Breach

A data breach involving mobile APIs can cascade, impacting the carrier and its customers. Here's a breakdown of the potential consequences:

• Compromised Customer Identity: Exposed customer information like names, addresses, Social Security numbers, and phone numbers can be used for fraudulent activities like identity theft. This can create significant hardship for customers and damage their financial standing.
• Financial Losses for Customers: Stolen account details can lead to financial fraud and direct customer losses. This can erode trust in the mobile carrier and cause customer churn.
• Regulatory Fines and Compliance Issues: Non-compliance with data security regulations like the FCC's safeguards rule can result in hefty fines. These fines can significantly impact a carrier's profitability.
• Reputational Damage: Data breaches can severely erode customer trust and damage the mobile carrier's reputation. Building trust can be long and arduous, potentially impacting customer acquisition and retention.

Salt Security: Proactive Defense for Mobile Network Security

Salt Security offers a comprehensive API security platform explicitly designed to address the unique challenges mobile carriers face. Our solution leverages advanced AI and machine learning to identify and prevent real-time API attacks. Here's how Salt Security empowers mobile carriers to fortify their networks:

• Comprehensive API Discovery and Inventory: Our platform goes beyond traditional methods to discover all APIs within your network, including potentially hidden "shadow APIs" that might be overlooked by manual processes. This complete visibility allows for a more holistic security approach.
• Real-Time API Attack Detection & Automated Threat Prevention: Salt Security's AI-powered platform continuously analyzes API traffic to identify real-time suspicious activity and potential breaches. This rapid detection lets you immediately act and prevent unauthorized access or data exfiltration attempts.
• Compliance Assurance: Salt Security helps ensure continuous compliance with industry regulations and security standards like the FCC's safeguards rule. This reduces the risk of regulatory fines and allows you to demonstrate your commitment to data security.

Prioritizing API Security: A Strategic Imperative for Mobile Carriers

The TracFone case illustrates the critical need for robust API security in the mobile telecommunications industry. By implementing a comprehensive API security solution like Salt Security, Tracfone would have been protected from and notified of the attacks that lead to PII exposure and unauthorized access to their APIs. In today's digital age, prioritizing API security is not just an option but a strategic imperative for mobile carriers.

If you would like to learn more about Salt and how we can help you on your API Security journey through discovery, posture management, and run-time threat protection, please contact us, schedule a demo, or check out our website.

The post TracFone Breach Underscores Critical Need for Mobile Carrier API Security appeared first on Security Boulevard.

Did you know that 75% of people are already using Generative AI (GenAI) at work? GenAI tools are defined as any artificial intelligence that can generate content such as text, images, videos, code, and other data using generative models, often in response to prompts. Examples include Open AI’s ChatGPT, GitHub’s Copilot, Claude, Dall-E, Gemini, and […]

The post Your Employees are Already Using GenAI. How Will You Communicate the Security Risks? appeared first on CybeReady.

The post Your Employees are Already Using GenAI. How Will You Communicate the Security Risks? appeared first on Security Boulevard.

Data breaches and privacy concerns are all too common today. That’s why the Australian Health Records and Information Privacy Act 2002 (HRIPA) is highly relevant. This legislation ensures that your privacy is rigorously protected when you share your medical history or undergo a procedure. HRIPA mandates strict protocols for healthcare providers, requiring them to handle […]

The post The Key Components of HRIPA Compliance appeared first on Centraleyes.

The post The Key Components of HRIPA Compliance appeared first on Security Boulevard.

The team at CyberSaint is thrilled to announce the latest additions and updates made to the CyberStrong solution. These latest updates will focus on reporting and remediation. To start off, we’ve made it easier to customize reporting with our latest changes to remediation reports. Additionally, we’ve implemented revisions to the RoSI calculations for enhanced risk analysis and introduced custom risk values and presets.

The post August Product Update appeared first on Security Boulevard.

Security is enhanced with the introduction of dynamic zero-trust security, a method that continuously assesses the security posture of devices and users on the network.

The post Beyond Zero-Trust: The Impact of Adaptive Micro-Segmentation on Network Security appeared first on Security Boulevard.

Currently accessing the free legacy DNS Blocklists (DNSBLs) via the Public Mirrors, and using GoDaddy's network? You'll need to make some minor changes to your email infrastructure. The changes are simple to implement, but if you fail to do so, you could find that at some point post-September 26th 2024, all or none of your email is blocked!

The post If you query the legacy DNSBLs via GoDaddy move to Spamhaus Technology’s free Data Query Service appeared first on Security Boulevard.

Stewart and Trey join us to talk about driving cybersecurity policies for the nation, what makes a good policy, what makes a bad policy, supply chain research and policies, and overall how we shape policies that benefit cybersecurity. Show Notes

The post BTS #36 - Supply Chain Policies - Stewart Scott, Trey Herr appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post BTS #36 – Supply Chain Policies – Stewart Scott, Trey Herr appeared first on Security Boulevard.

The search landscape is undergoing a seismic shift. Traditional search engines are being challenged by AI-powered platforms like Perplexity and SearchGPT. This new era promises more personalized, intuitive, and efficient information retrieval. Are you ready for the future of search?

The post The Future of Search: AI-Powered Transformation appeared first on Security Boulevard.

Authors/Presenters:uhong Nan, Sun Yat-sen University; Xueqiang Wang, University of Central Florida; Luyi Xing and Xiaojing Liao, Indiana University Bloomington; Ruoyu Wu and Jianliang Wu, Purdue University; Yifan Zhang and XiaoFeng Wang, Indiana University Bloomington

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – Are You Spying on Me? Large-Scale Analysis on IoT Data Exposure through Companion Apps appeared first on Security Boulevard.

The post 8 Must-Ask Questions for AI Security Vendors  appeared first on AI-enhanced Security Automation.

The post 8 Must-Ask Questions for AI Security Vendors  appeared first on Security Boulevard.