Security Boulevard

Cross-site scripting (XSS) vulnerabilities continue to be a major concern in today’s software landscape, despite being preventable. CISA and FBI have issued a Secure by Design alert to reduce the prevalence of these vulnerabilities. While XSS attacks have been around for years, they remain a persistent threat due to improper handling of user inputs in […]

The post CISA and FBI Issue Alert on XSS Vulnerabilities appeared first on TuxCare.

The post CISA and FBI Issue Alert on XSS Vulnerabilities appeared first on Security Boulevard.

A critical SAML authentication bypass flaw was recently identified in GitLab’s Community Edition (CE) and Enterprise Edition (EE). As of now, GitLab patches aiming to fix the flaw have been released; however, if the fixes had not been released, potential exploits of the flaw may have been detrimental. In this article, we’ll dive into the […]

The post GitLab Patches: Severe SAML Authentication Bypass Flaw Fixed appeared first on TuxCare.

The post GitLab Patches: Severe SAML Authentication Bypass Flaw Fixed appeared first on Security Boulevard.

Cybersecurity Awareness Month 2024: The Top Four Ways to Secure Our World
madhav
Tue, 10/01/2024 - 06:44

Cybersecurity Awareness Month is an international initiative that focuses on simple ways to protect ourselves, our families, and our businesses from online threats. The 2025 theme “Secure Our World” highlights the pervasiveness of digital technologies that enable connections across the globe and how straightforward, yet effective measures can have a lasting impact.

In a world where our digital lives are increasingly intertwined, every attack vector secured increases the safety of other connected people. And considering how connected we all are to our devices, networks, and the internet at large, this can be a lot of us.

Key Cybersecurity Practices to Implement 1. Use Strong Passwords and a Password Manager

Sadly, less than 40% of all online users use a distinct password for each account, according to the National Cybersecurity Alliance 2023 Oh Behave! report. Reused passwords give cybercriminals bonus access to other areas of a person’s digital life when they’ve only done the work to steal (or buy, or crack) a single credential. Aside from having a different login for each site, current wisdom (a la CISA) suggests that a strong password contains:

• At least 16 characters.
• Randomization, with a mix of letters, symbols, and numbers.
• Potentially a “passphrase” of 4-7 words, although randomization is recommended.

However, even strong and unique passwords have well-documented limitations and risks. As threat actors get savvier about targeting our access credentials, the industry is gradually moving away from passwords altogether and into a passwordless future. This means switching wholesale to other forms of authentication, which may leverage biometric data, PINs, patterns, and passkeys in place of passwords. With more and more platforms supporting passkeys and passwordless authentication, moving away from passwords is becoming easier and frictionless.

In either case – passwords or passwordless passkeys – a password manager is needed (here’s why). With the average person having to keep track of roughly 100 distinct credentials, it’s no wonder that nearly one-third of the internet uses a password manager to wrangle (and “remember”) them all.

2. Recognize and Report Phishing

According to the Thales 2024 Data Threat Report, phishing is the second fastest-growing attack. Phishing tactics are getting sneakier, thanks to AI, and it is more important than ever that employees be able to recognize their telltale signs. Now, AI-based campaigns can churn out word-perfect emails in any language, typically:

• Creating a sense of urgency (creating panic and short-circuiting your critical-thinking brain)
• Encouraging some unsolicited action (like “change your password now” or “download now”)
• Asking for some form of personal information (usually financial data, like in BEC scams)

However, the most effective way to enable people to spot and report phishing emails is to strengthen the “human firewall.” Businesses should invest in security awareness training programs not only for their employees but also for their families to establish a positive culture where everyone is invited to report mistakes, like clicking on a malevolent link.

3. Turn on Multifactor Authentication

Multifactor Authentication (MFA) is a required layer of security by many cloud service providers and even more everyday organizations. CISA, ENISA, and other global security agencies advise that everyone adopts it, as it provides additional layers of defense on top of just passwords alone (a text verification code, or a fingerprint, for example). There are various MFA options available:

• Phishing-resistant MFA is known by CISA as the “gold standard” and encompasses FIDO/WebAuthn authentication and Public Key Infrastructure (PKI)-based methods.
• App-based MFA methods increase security by sending a pop-up or “push” notification to the user’s phone, generating a one-time password (OTP), or using a token-based OTP.
• SMS or Voice MFA simply relies on sending the user a verification phone call or text.

Despite the importance and the variety of MFA methods, Thales 2024 DTR report shows that only 46% of the organizations use multi-factor authentication for more than 40% of their employees. It is essential to note that while phishing-resistant MFA is most effective against AI-enabled social engineering attacks, any form of MFA is much better than no MFA at all. In addition, there’s great business value behind adopting MFA. The Thales 2024 Digital Trust Index indicates that 81% of customers expect brands to offer MFA, which serves as a means to greater loyalty and trust.

4. Update Software: A Critical Defense, But Proceed with Caution

It is crucial that all employees know to accept and apply software updates every time the reminders come up because these are how vulnerabilities stay patched. One Ponemon report noted that 60% of breaches originated from unpatched vulnerabilities, making this simple practice even more vital.

Criminals have quickly embraced AI to spot and exploit even zero-day vulnerabilities. Interestingly, these unpatched gaps open the way for spreading disruptive ransomware attacks. However, businesses, especially in critical infrastructure settings, should patch their systems with caution and not out of fear. Although timely security updates are crucial, it is equally important to test those updates in a controlled environment before rolling them out to minimize the possibility of breaking critical systems.

A Little Goes a Long Way

The overall goal of the Cybersecurity Awareness Month celebration is to enhance data security—either personal or corporate data. As these highlighted methods show, it doesn’t have to be difficult to use or implement. In fact, keeping it simple will help you meet your users where they are and give them practical tools they can implement without reaching too far outside their comfort zones, which will increase the chances of engagement and long-term adoption.

Also, if you are a business, complement the above best practices with solutions that offer robust application and data protection to reduce the potential of a data breach. These solutions can provide a proactive compliment to employee security awareness efforts, letting you know where your data resides, who is accessing it, and when it is at risk. Combined with the above user-friendly methods, Imperva’s solutions allow employees to be your first line of defense and enterprise-ready cybersecurity tools to be your last.

Now that’s defense-in-depth to secure our world!

Data Security Identity & Access Management

Ashvin Kamaraju | Vice President of Engineering, Strategy & Innovation
More About This Author > Schema {
"@context": "https://schema.org",
"@type": "BlogPosting",
"headline": "Cybersecurity Awareness Month 2024: The Top Four Ways to Secure Our World",
"description": "Learn practical tips for enhancing cybersecurity during Cybersecurity Awareness Month 2024. Discover key strategies like strong password management, recognizing phishing attacks, enabling MFA, and updating software.",
"datePublished": "2024-10-01",
"author": {
"@type": "Person",
"name": "Ashvin Kamaraju",
"url": "https://cpl.thalesgroup.com/blog/author/akamaraju",
"sameAs": "https://www.linkedin.com/in/ashvinkamaraju/"
},
"publisher": {
"@type": "Organization",
"name": "Thales Group",
"description": "The world relies on Thales to protect and secure access to your most sensitive data and software wherever it is created, shared, or stored. Whether building an encryption strategy, licensing software, providing trusted access to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.",
"url": "https://cpl.thalesgroup.com",
"logo": "https://cpl.thalesgroup.com/sites/default/files/content/footer/thaleslogo-white.png",
"sameAs": [
"https://www.facebook.com/ThalesCloudSec",
"https://www.twitter.com/ThalesCloudSec",
"https://www.linkedin.com/company/thalescloudsec",
"https://www.youtube.com/ThalesCloudSec"
]
},
"mainEntityOfPage": "https://cpl.thalesgroup.com/blog/identity-data-protection/cybersecurity-awareness-month-2024"
}

basic

The post Cybersecurity Awareness Month 2024: The Top Four Ways to Secure Our World appeared first on Security Boulevard.

User interaction with online platforms, applications, and websites has become a fundamental aspect of daily life. Whether you’re shopping, managing finances, or engaging with social media, your interaction with a user interface (UI) shapes your experience. However, not all UI designs have your best interests in mind. Hackers sometimes use clickjacking and dark patterns to […]

The post How Dark Patterns Trick Users into Unintended Actions? appeared first on Kratikal Blogs.

The post How Dark Patterns Trick Users into Unintended Actions? appeared first on Security Boulevard.

The world of gaming can be a cut-throat place, with many players turning to online help via third-party programs (‘game hacks’) to get ahead. Although some of these programs offer legitimate game boosts, malicious actors frequently leverage these game hackers’ interest in modifications to deliver malware. One such example can be found in the game […]

The post Trouble in Da Hood: Malicious Actors Use Infected PyPI Packages to Target Roblox Cheaters appeared first on Blog.

The post Trouble in Da Hood: Malicious Actors Use Infected PyPI Packages to Target Roblox Cheaters appeared first on Security Boulevard.

After putting its controversial AI-based Recall feature on hold in June, Microsoft rearchitected many of its features to address the security and privacy concerns that users and experts raised and will release it for the upcoming Windows Copilot+ PCs.

The post Microsoft Readies a More Secure Recall Feature for Release appeared first on Security Boulevard.

Authors/Presenters:Jinzhu Yan, Haotian Xu, Zhuotao Liu, Qi Li, Ke Xu, Mingwei Xu, Jianping Wu

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – Brain-on-Switch: Towards Advanced Intelligent Network Data Plane via NN-Driven Traffic Analysis at Line-Speed appeared first on Security Boulevard.

The financially motivated Storm-0501 threat group is attacking hybrid cloud environments in the United States by compromising on-prem systems first and moving laterally into the cloud, stealing data and credentials and dropping the Embargo ransomware along the way, Microsoft says.

The post Storm-0501 Gang Targets US Hybrid Clouds with Ransomware appeared first on Security Boulevard.

Overview: IBM's Cost of a Data Breach Report 2024About the report

IBM’s annual 2024 Cost of a Data Breach Report provides IT, risk management, and security leaders with timely, quantifiable evidence to guide them in their strategic decision-making. The report is based on an in-depth analysis of real-world data breaches experienced by 604 organizations globally between March 2023 and February 2024.

About the research

The research for this report was done by Ponemon Institute on its own and was sponsored, analyzed, and published by IBM. Researchers looked at organizations across 17 industries, in 16 countries and regions, and breaches that ranged from 2,100 to 113,000 compromised records. It also included interviews with 3,556 security and business professionals from the breached organizations.

This article delves into the key takeaways from the report, examining the financial impacts and emerging trends in data security. We will explore the effectiveness of new technologies in breach mitigation, the costs associated with cloud security threats, and the other elements that play a critical role in preventing breaches. By unpacking these insights, organizations can better prepare themselves against the rising tide of cyberthreats.

Seven Key Takeaways Let’s look at some of the most important insights and lessons from this year's report and how companies can transform them into strategies.

Takeaway 1: Data breach costs hit new highs with a 10% spikeNotable stats: The global average cost of a data breach surged to $4.88 million in 2024, reflecting a 10% increase from 2023‌—the largest annual spike since the pandemic. The main factors contributing to this increase are the costs associated with business disruption, lost customers, and post-breach responses, such as regulatory fines and customer remediation efforts.

Other findings:

The United States had the highest average breach cost at $9.8 million
Healthcare remains the costliest industry for breaches at $9.8 million per breach
Mega breaches (those involving 1 to 10 million records) represent only a small fraction of incidents but were nearly nine times more expensive than the average breach, starting at around $42 million per breach
Noncompliance with regulations - 22.7% increase in the share of organizations paying fines of more than $50,000
Law enforcement involvement lowered breach costs by 20%

Fig. Global average cost of a data breach, IBM Cost of a Data Breach Report 2024

These figures demonstrate the rise of cyber assaults and the progressive complexity of the daily dangers that organizations encounter. Bad actors are using various advanced methods to breach defenses and carry out their attacks.

Key lesson: Know and protect your data landscape

Data breaches significantly impact businesses, rather than just causing small disruptions. They lead to substantial financial losses, reputation damage, and the erosion of customer confidence. It's then vital to enhance data security measures and assess potential data risks to prevent attackers from breaking in.

How Zscaler helps

Zscaler Data Security Posture Management (DSPM) can identify and protect sensitive data to mitigate the risk of data exposure, breach, and regulatory non-compliance. With Zscaler, organizations can improve visibility, conduct regular risk assessments, prioritize risk remediation, ensure compliance, and reduce data breach risk.

Takeaway 2: Exploding cloud data is a prime targetNotable stats: About 40% of all breaches involved data distributed across multiple environments. Data breaches solely involving public clouds were the most expensive type of data breach, costing $5.17 million on average, a 13.1% increase from last year.

Key lesson: Strengthen risk assessment and remedy

Multicloud environments and cloud native architectures have created both complexity and a data explosion that’s becoming increasingly difficult for security professionals to manage, making organizations vulnerable to breaches. Teams struggle to understand which data is in the cloud, where it’s located, and who’s using it.

Fig: Cost of data breach by storage location, IBM Cost of a Data Breach Report 2024

Moreover, cloud services and configurations change frequently, which can lead to data exposure. It's crucial to actively monitor, assess, and fix risks associated with new and changing data services before bad actors can exploit them.

Fig: Cost of data breach by storage location, IBM Cost of a Data Breach Report 2024

How Zscaler helps

DSPM seamlessly covers a variety of cloud environments and reads from various databases, data pipelines, object storage, and much more. What’s more, it’s managed and self-hosted to provide a single, consistent view of data across clouds, geographies, and organizational boundaries. This single view helps security teams to evaluate the risk of sensitive data across multicloud environments rather than individually.

Takeaway 3: Shadow data increases the risk and potential cost of breachesNotable stats: As per the report, 35% of data breaches involved shadow data, and breaches involving shadow data led to a 16% higher cost on average. Moreover, breaches involving shadow data took 26.2% longer to identify and 20.2% longer to contain. These resulted in data breaches lasting longer than the normal average life cycle of 291 days, 24.7% longer than data breaches without shadow data.

Fig: Cost of data breach including shadow data, IBM Cost of a Data Breach Report 2024

Key lesson: Monitor and protect shadow data

Managing data security across environments becomes further complicated by the impact of unmanaged or shadow data. Shadow data can cause large financial losses to a business if breached, and must be tightly secured as such. This data is often invisible to security teams, making it difficult to track, classify, and secure.

How Zscaler helps

Zscaler DSPM scans cloud data repositories to discover structured and unstructured data stores to give a clear view of the data landscape, inventory, and security posture. Security teams can easily track, classify, and secure shadow data while reducing the risk of breaches.

Takeaway 4: Common attack vectors cause substantial damage Notable stats: Credential-based attacks were the most common attack vector, accounting for 16% of all breaches. On top of that, they took the largest amount of time to identify and contain—an average of 292 days, approximately 10 months—resulting in some of the highest breach costs.

Phishing was the second-most costly common attack vector, at $4.76m on average, which led to 15% of breaches. Other common vectors included cloud misconfigurations, email compromises, and vulnerabilities that led to 15%, 9%, and 5% breaches.

Fig: Average response time to identify and contain breaches caused by common attack vectors, IBM Cost of a Data Breach Report 2024

Key lesson: Focus on consistent security across environments

Organizations need a robust data security strategy that can decode weak signals to uncover hidden risks and threats, analyze attack patterns, and help security teams with swift incident response to secure data.

How Zscaler helps

Integrating DSPM solutions with cloud environments allows security teams to monitor data flows—including tracking data, access, actions, and data transfer. Organizations can leverage artificial intelligence (AI), advanced threat correlation, analytics, and machine learning (ML) to identify patterns that indicate potential security risks, such as unauthorized access, abnormal data transfers, or attempts to exfiltrate sensitive data.

Moreover, encompassing a single DLP engine for your entire data protection solution lets organizations create a policy once and apply it everywhere in their environments.

Takeaway 5: Critical infrastructure organizations under pressure to secure crown jewelsNotable stats: For the 14th year in a row, the healthcare sector saw the costliest breaches across industries with average breach costs reaching $9.77 million. While the report highlighted a 10.6% decrease from 2023, healthcare remained a prime target for cybercriminals, followed by financial services, industrial, technology, and energy organizations. Organizations in these industries also reported the largest fines for regulatory violations such as GDPR violations.

Fig: Cost of data breach by industry, IBM Cost of a Data Breach Report 2024

Key lesson: Modernize and simplify security stack

Organizations in these industries generate and hold a vast amount of personal and sensitive information, with data often data scattered with default access. It’s loosely exchanged with third-party partners, such as agencies, research firms, and service providers, which creates opportunities for data breaches and insider threats, underscoring the need for stringent data protection protocols.

Most organizations opt for a siloed security approach with multiple security products that exacerbates the complexity of security challenges. As such, it’s crucial for organizations to modernize their security stack to better protect data and reduce breach costs.

How Zscaler helps

With Zscaler's comprehensive data protection platform, organizations can secure their structured and unstructured data across all channels, including web, SaaS, public clouds (AWS, Azure, GCP), private apps, email, and endpoints.

Takeaway 6: AI and automation reduce breach costsNotable stats: 53% of organizations that experienced a data breach in 2024 reported significant shortages in their security staff. This shortage is directly linked to higher costs associated with data breaches, as organizations with severe staffing shortages had to pay an extra $1.76 million for breach-related expenses.

In the face of this growing challenge, there’s been a marked shift towards AI and automation tools within security operations. The report highlights the fact that AI and automation can alleviate some of the workload and optimize security. According to the report, organizations that deployed security, AI, and automation extensively across their operations saved an average of $2.2 million compared to those that did not.

Fig: Cost of a data breach by AI and automation usage level; IBM Cost of a Data Breach Report 2024

Key lesson: Implement advanced AI and automation for data security

For organizations seeking to mitigate the risk of a data breach, investing in security automation is no longer optional—it’s essential. Due to a shortage of skilled manpower, companies have had to manually enforce security processes and data security policies, which can prove to be error-prone and inefficient, particularly in complex cloud environments.

Moreover, human error can introduce risks such as misconfigured access control or overlooked data transfers. AI and automation can enable security teams to act faster, reducing the time to identify and contain breaches, which in turn lowers breach costs overall.

How Zscaler helps

Organizations can leverage AI-powered DSPM to understand data context, making discovery and classification affordable at scale, and empowering cross-functional teams to be part of the solution. Moreover, DSPM can enforce automated, consistent security policies, like encryption, access control, data retention, and deletion, across various environments, ensuring uniformity and reducing non-compliance risk. By automating security policies, organizations can streamline processes to ensure that data is secured according to established rules and regulatory requirements.

Takeaway 7: Slow response increases risk and costNotable stats: The average time to identify and contain a data breach dropped to 258 days, reaching a 7-year low, compared to 277 days the previous year. Roughly one-third of organizations took more than three-quarters for a complete recovery.

Fig: Time to identify and contain a data breach, IBM Cost of a Data Breach Report 2024

Key lesson: Enhance breach detection and incident response plans

This is a significant amount of time to detect and contain breaches, and it highlights the importance of having a strong plan in place to detect and contain data breaches as quickly as possible.

How Zscaler helps

Zscaler DSPM leverages AI, ML, and advanced threat correlation capabilities to aggregate and effortlessly transform security data into meaningful insights to uncover hidden risks or attack vectors that could lead to a compromise or breach. This can be backed by near-real-time alerts and notification with remediation guidance that enables security teams to focus on what matters most.

The Bottom Line

The IBM Cost of a Data Breach Report 2024 highlights the growing financial impact and operational risks posed by data breaches. The threat landscape is becoming more challenging, growing more complex and dangerous. Given the report's findings, it’s clear that organizations without a modern and advanced security stack are at a considerable disadvantage, facing longer breach life cycles and higher associated costs. ‌

Investing in the right tools and strategies like Zscaler Data Protection and DSPM is not just a good choice, but a critical action that organizations must take to better protect themselves from the rising costs of data breaches. This will help them succeed and be resilient in the future.

Interested in learning more about Zscaler and how it can help prevent risk of data breaches?

Register for our upcoming webinar: Dissecting Cloud Data Breaches with DSPM
Watch on demand: Webinar: Why Does DSPM Belong In Your Data Protection Strategy?

Schedule a 1:1 Demo today to learn more about ‌our innovative solutions that secure your valuable data assets against the evolving threat landscape. Our team will work with you to assess your current security posture, identify potential vulnerabilities, and tailor a solution that maximizes protection and efficiency.

The post 7 Key Takeaways From IBM's Cost of a Data Breach Report 2024 appeared first on Security Boulevard.

by Source Defense A new report by Recorded Future’s Insikt Group reveals a concerning rise in Magecart attacks and e-skimming activity targeting online retailers. The research highlights how cybercriminals are evolving their tactics to bypass traditional, rather antiquated client-side security measures such as Content Security Policy (CSP) and compromise e-commerce platforms at an alarming rate.

The post Magecart Attacks Surge as E-Commerce Security Struggles to Keep Pace appeared first on Source Defense.

The post Magecart Attacks Surge as E-Commerce Security Struggles to Keep Pace appeared first on Security Boulevard.

URL rewriting, a service designed to neutralize malicious URLs by redirecting users to a safe environment, has been a common practice in email security. However, as cyberthreats evolve, it’s becoming clear that this approach has limitations and potential vulnerabilities. Contact us to learn more. The Origin of URL Rewriting  URL rewriting emerged as a creative […]

The post The Hidden Risks of URL Rewriting and the Superior Alternative for Email Security first appeared on SlashNext.

The post The Hidden Risks of URL Rewriting and the Superior Alternative for Email Security appeared first on Security Boulevard.

via the comic humor & dry wit of Randall Munroe, creator of XKCD

The post Randall Munroe’s XKCD ‘Late Cenozoic’ appeared first on Security Boulevard.

Sonatype's co-founder and Chief Technology Officer, Brian Fox, has been appointed to the newly formed Cyber and Technology Resilience Experts (CTREX) Panel, established by the Monetary Authority of Singapore (MAS).

The post Sonatype CTO appointed to cyber resilience experts panel amidst growing financial compliance demands appeared first on Security Boulevard.

Connected cars considered crud: Kia promises bug never exploited. But even 10-year-old cars were vulnerable.

The post Kia’s Huge Security Hole: FIXED (Finally) appeared first on Security Boulevard.

Poor DNS hygiene can leave your organization vulnerable to threats like subDoMailing, DNS spoofing, domain hijacking and other threats. In addition to putting domain security at risk, these vulnerabilities can have long-term effects on domain reputation. Here are ten DNS best practices businesses can implement to protect their domains and their entire business.

The post 10 DNS best practices to keep your Domain Reputation in check appeared first on Security Boulevard.

Discover why API security is crucial in Forrester's CISO 2025 Budget Planning Guide. Learn how to prioritize investments and justify your budget.

The post Forrester’s CISO Budget Planning Guide for 2025: Prioritize API Security appeared first on Security Boulevard.

Authors/Presenters:Yang Zhou, Xingyu Xiang, Matthew Kiley, Sowmya Dharanipragada, Minlan Yu

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – DINT: Fast In-Kernel Distributed Transactions with eBPF appeared first on Security Boulevard.

Since June 1st 2024, Chinese frontline threat actor APT 41 has been linked to as many as 63 events globally. These include attacks on Taiwanese research agencies in August and attacks on the shipping and logistics, utilities, media and entertainment, technology, and automobile sectors in countries such as Taiwan, Thailand, Italy, UAE, Spain, the United Kingdom, and Turkey in July. The group is known to have successfully penetrated networks connected with critical infrastructure in as many as 29 countries as of this year. The group has registered a whopping 900 percent rise in its presence this year as measured by the IOCs recovered from various events analyzed by Sectrio’s Threat Research team.   So why has APT 41 turned hyperactive in 2024 and what does this mean for critical infrastructure operators around the world? Let’s find out. Background of APT 41 APT 41 has been a group reserved for carrying out the most sophisticated attacks on few of China’s chosen geo-political rivals. Hitherto, this group had a mandate covering the G7 countries, India, South Korea, Taiwan and Vietnam. As things stand, APT 41 is assigned the best talent, weapons, and exploits to work with, thanks to its ranking by the Chinese Ministry of State Security as a frontline cyber intelligence gathering entity. Read now: The Complete Guide to OT SOC Periodically, the group is split for administrative (and/or project) reasons. The splinter groups are assigned strategic targets to pursue only to be merged with APT 41 once the target data is acquired or the project closed. It is believed that APT 41 also covers several shadow groups working under the direct tutelage of senior members such as Dalin Tan and Qian Chuan. Such groups do not have any direct affiliation with the MSS and their operations are channeled through APT 41 and they may even be on the direct payroll of APT 41. [You can read more about APT 41 in our comprehensive intelligence note on this threat actor presented in our Threat Landscape Report 2024] As per Sectrio’s Threat Research Team, APT 41 also runs an intelligence crunching operation that churns out intelligence of very high quality that is shared directly with the CCP leadership. This intel is also used to shape the geopolitical responses of China in addition to being used to shape specific long-term military and diplomatic interventions as well. The strategic importance of the intelligence gathered by APT 41 and recent moves by many APT 41 target countries offers a clue on why APT 41 is in such a hurry to target multiple critical infrastructure operators. We will get there in a minute but before that, it is important to understand what has changed in the last few months. Rising legislative attention on critical infrastructure security         In the last few months, many countries have enacted legislation on Industrial Control System/OT cybersecurity. These legislations mandate cyber risk and gap assessment, deployment of OT Security Operations Center (SOC), better reporting and asset visibility and enhanced monitoring of OT/ICS networks. There is increased scrutiny on critical infrastructure operators and regulatory bodies are also conducting surprise checks on various entities to check their preparedness levels to deal with cyber risks and threats. Penalties are in order as well. Many critical infrastructure entities are also conducting security acceptance tests on systems and assets to ensure they are free of backdoors and that they do not leak any data or have security issues that could compromise the device or networks connected to it.  This coupled with regular IEC 62443-based risk and gap assessments is helping critical infrastructure operators scale their security posture and bring it closer to the levels of risks these entities are exposed to. So how does this impact APT 41 and its operations you may ask? The answer is simple. With security measures intensifying, the MSS understands that its window of opportunity for exfiltrating data and maintaining a menacing presence through APT 41 will diminish considerably in the days to come. There is certainly a growing realization among the bosses at APT 41 that they need to hurry up. This hurry has led to APT 41 and its sister actors The sense of urgency has also led to errors across geos revealing its modus operandi as well as the measures it is using to breach networks and maintain surveillance. APT 41’s attempts to plant reconware have been exposed in multiple instances including two times in the recent past when APT actors tried to engage a decoy infra in an apparent surveillance bid. What the future holds for APT 41? It is too early to say but one can assert arguably that APT 41 will continue to evolve its tactics and tools in the future with more funding and talent. This is something that won’t change in the days to come and APT 41 may even reduce or increase the targets in its crosshairs depending on the mandate given by the MSS. APT 41 is an evolved threat actor and if its past track record is anything to go by, we may very well be witnessing a new phase in its evolution. It also serves as a test bed for new and emerging threat actors to test new breach tactics as well. MSS may even reconfigure the group by adding newer players to keep the group going. Talk to us to learn how your crown jewels and assets can be protected through a custom-built ICS security plan. Contact us now! Learn more about an IEC 62443-base cyber threat and risk assessment for your infrastructure. Book a free consultation with our Industrial Control System security expert to learn about the latest cyber risk minimization strategies and models. Book a consultation with our ICS security experts now. Contact Us  Thinking of an ICS security training program for your employees? Talk to us for a custom package.   

The post Why is Chinese threat actor APT 41 in a tearing hurry? appeared first on Security Boulevard.

Apono is proud to announce the successful completion of its Series A funding round, raising $15.5 million to further its mission of delivering AI-driven cloud access governance. This funding round, led by New Era Capital Partners with participation from Mindset Ventures, Redseed Ventures, Silvertech Ventures, and existing investors, brings Apono’s total investment to $20.5 million. […]

The post Apono Secures $15.5M Series A Funding to Revolutionize Cloud Access Security appeared first on Security Boulevard.

Avanan is a complete email security gateway that ...

The post Avanan’s SPF and DKIM configuration: Step By Step Guideline appeared first on EasyDMARC.

The post Avanan’s SPF and DKIM configuration: Step By Step Guideline appeared first on Security Boulevard.