Security Boulevard

Boston, USA, 16th September 2024, CyberNewsWire

The post Entro Security Labs Releases Non-Human Identities Research Security Advisory appeared first on Security Boulevard.

Phishing, despite its somewhat innocuous name, remains one of the foremost security threats facing businesses today. Improved awareness by the public and controls such as multi-factor authentication (MFA) have failed to stem the tide.

The FBI Internet Crime Report puts phishing and its variants (spear phishing, smishing, vishing) as the top cybercrime for the last five years, and the advent of generative AI has only added fuel to the fire. Using ChatGPT and other tools, hackers can quickly create personalized messages, in local languages, to launch widespread, highly effective phishing campaigns.

In the last six months alone, malicious emails have increased by 341%, prompting industry experts to urge organizations of all sizes to implement phishing-resistant MFA.

The post What Is Phishing-Resistant MFA and How Does it Work? appeared first on Security Boulevard.

Maximize Your District’s Application Success: How ManagedMethods Qualifies for the Identity Protection and Authentication Category We recently hosted a live webinar that discusses what you need to know about the FCC School and Libraries Cybersecurity Pilot Program. This webinar outlines an overview of the new pilot program, demonstrates how ManagedMethods products align with funding criteria ...

The post Unlock FCC Pilot Program Funding with Cloud Monitor and Content Filter appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post Unlock FCC Pilot Program Funding with Cloud Monitor and Content Filter appeared first on Security Boulevard.

Folks,

Do you remember the international embassies web malware exploitation spree using client-side exploits that took place back in 2009 with the Russian Business Network the hosting provider of choice for these campaigns?

I recently took the effort to look at my original data set here and tried to enrich it and provide additional analysis with more details and context.

Sample domains known to have been operated by the same individuals behind these campaigns include:

hxxp://beert54[.]xyz
hxxp://aaepgp[.]com
hxxp://brightstonepharma[.]com
hxxp://ksfcradio[.]com
hxxp://ksfcnews[.]com
hxxp://kklfnews[.]com
hxxp://arabiandemographics[.]com
hxxp://sig4forum[.]com
hxxp://pornokman[.]com
hxxp://pinalbal[.]com
hxxp://bodinzone[.]com
hxxp://123124[.]com
hxxp://pixf[.]biz
hxxp://frmimg[.]info
hxxp://us-shops[.]online
hxxp://hornybabeslive[.]com
hxxp://pharmacyit[.]net
hxxp://deapotheke[.]com
hxxp://cplplywood[.]com
hxxp://us-electro[.]online
hxxp://omiardo[.]com
hxxp://frmimg[.]info
hxxp://ramualdo[.]com
hxxp://pixf[.]biz
hxxp://ksfcnews[.]com
hxxp://ksfcradio[.]com
hxxp://kklfnews[.]com
hxxp://odmarco[.]com
hxxp://us-electro[.]online
hxxp://123124[.]com
hxxp://sig4forum[.]com
hxxp://brightstonepharma[.]com
hxxp://bodinzone[.]com
hxxp://aaepgp[.]com
hxxp://pinalbal[.]com
hxxp://cplplywood[.]com
hxxp://pornokman[.]com
hxxp://hornybabeslive[.]com
hxxp://beert54[.]xyz
hxxp://us-shops[.]online
hxxp://deapotheke[.]com
hxxp://pharmacyit[.]net

Sample personally identifiable email address accounts known to have been involved in these campaigns:

nepishite555suda[.]gmail.com
abusecentre[.]gmail.com
belyaev_andrey[.]inbox.ru
srvs4you[.]gmail.com
migejosh[.]yahoo.com
kseninkopetr[.]nm.ru
palfreycrossvw[.]gmail.com
redemption[.]snapnames.com
mogensen[.]fontdrift.com
xix.x12345[.]yahoo.com
johnvernet[.]gmail.com
4ykakabra[.]gmail.com
mironbot[.]gmail.com
fuadrenalray[.]gmail.com
incremental[.]list.ru
traffon[.]gmail.com
auction[.]r01.ru
admin[.]brut.cn
bobby10[.]mail.zp.ua
ipspec[.]gmail.com
OdileMarcotte[.]gmail.com
sflgjlkj45[.]yahoo.com

Sample MD5s:

MD5: ca9c64945425741f21ba029568e85d29
MD5: b252c210eeed931ee82d0bd0f39c4f1d
MD5: 787ed25000752b1c298b8182f2ea4faa
MD5: fcbd2777c8352f8611077c084f41be8c
MD5: ce02bed90fd08c3586498e0d877ff513
MD5: 97ff606094de24336c3e91eaa1b2d4f0
MD5: a0caae81c322c03bd6b02486319a7f40
MD5: 5733030dcd96cec73e0a86da468a101c
MD5: 5d8398070fa8888275742db5b8bbcebf

The post International Embassies Web Malware Exploitation Serving Domain Properties appeared first on Security Boulevard.

At AppViewX, our top priority is safeguarding the digital identities that are the backbone of modern enterprises. With hundreds of customers and millions of certificates under management, AppViewX bears a significant responsibility to protect its customers’ critical data and infrastructure. This commitment to security is not merely a claim. It is substantiated through independent audits […]

The post SOC 2 Compliance Provides AppViewX Customers Security and Data Protection Assurance appeared first on Security Boulevard.

In episode 346, we discuss new AI-driven voicemail scams that sound convincingly real and how to identify them. We also explore recent research on the privacy concerns surrounding donations to political parties through their websites. Additionally, we celebrate the 15th anniversary of the podcast and share some reflections and fun facts about the journey. Join […]

The post The Rise of AI Voicemail Scams, Political Donation Privacy Concerns appeared first on Shared Security Podcast.

The post The Rise of AI Voicemail Scams, Political Donation Privacy Concerns appeared first on Security Boulevard.

Authors/Presenters:Bingyu Shen, Tianyi Shan, Yuanyuan Zhou

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – Multiview: Finding Blind Spots in Access-Deny Issues Diagnosis appeared first on Security Boulevard.

Authors/Presenters:Binlin Cheng, Erika A Leal, Haotian Zhang, Jiang Mingy

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – On the Feasibility of Malware Unpacking via Hardware-assisted Loop Profiling appeared first on Security Boulevard.

Convert the Browsers on BYOD / Unmanaged Devices into Secure Browsing Sessions

As modern enterprises continue to adapt to the flexible work culture, Bring Your Own Device (BYOD) policies have become a standard practice. However, protecting sensitive corporate data while maintaining user privacy and a seamless work experience has proven to be a difficult balancing act for many organizations.

SquareX’s BYOD solution offers a breakthrough approach that also delivers a frictionless user experience, while respecting employee privacy. In this blog post, we’ll dive into how SquareX’s BYOD solution works and why it’s the right choice for enterprises looking to upgrade their device management strategies.

How SquareX’s BYOD Solution Works

SquareX integrates seamlessly with existing enterprise infrastructure to transform the web browser into a secure environment where corporate data and applications are accessed.

Step 1:
The user accesses an enterprise application, such as Slack or OneDrive, through their browser. They are immediately redirected to an Identity Provider (IDP) like Ping Identity or Okta to authenticate.

Step 2:
The user inputs their login credentials on the IDP page. At this point, the IDP starts the authentication process.

Step 3:
Simultaneously, SquareX collects important browser signals and assesses the device’s posture or health. This data helps determine if the device is secure enough to be allowed access to the enterprise app.

Step 4:
Once the IDP has verified the user’s identity and SquareX confirms that the device meets security requirements, the session is considered trustworthy.

Step 5:
After both the IDP trust and device trust are established, the session is validated, and the IDP redirects the user to the enterprise application, granting access to the desired app.

Why Enterprises Should Use SquareX’s BYOD Solution 1. Granular Access Controls

SquareX offers IT administrators granular control over what employees can access based on device security posture, location, and role. Through the browser extension, administrators can implement policies that define which applications and data employees can access, ensuring that users only have access to the resources they need. For example, access to sensitive corporate resources can be restricted based on device security (e.g., patch levels or encryption status), ensuring only compliant devices can access the most sensitive data.

This level of granularity allows enterprises to enforce least-privilege access — ensuring that users only have the minimum level of access needed to perform their tasks, reducing the risk of overexposure to critical business data.

2. Data Privacy and Protection

With SquareX, enterprises can create policies separating personal and corporate data and workflows. SquareX allows employees to maintain full control over their personal apps, data, and device usage, while only corporate activities are monitored. This approach builds trust and improves user adoption of BYOD policies.

3. Improved UX: Low-Latency, High-Performance Access

SquareX provides a fast, low-latency experience, eliminating the performance issues typically associated with traditional solutions like VPNs or VDIs. Employees can access corporate applications with the same performance as if they were working on a local machine, regardless of their location. This is particularly important for global enterprises, where employees may be accessing corporate resources from different regions or time zones.

4. Easy Deployment and Management

SquareX’s lightweight browser extension means that IT administrators can deploy the solution quickly, with no need for lengthy configurations or large-scale software installations. IT teams can set granular policies, manage security settings, and control access levels all through a central dashboard, making it easy to manage BYOD security at scale.

The Future of BYOD Security

By deploying SquareX, enterprises can modernize their BYOD policies, protect corporate data, and empower their employees to work from anywhere with confidence.

SquareX: The Future of BYOD Security for Enterprises was originally published in SquareX Labs on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post SquareX: The Future of BYOD Security for Enterprises appeared first on Security Boulevard.

A critical vulnerability (CVE-2024-28986) in SolarWinds Web Help Desk puts systems at risk of exploitation, requiring immediate attention. Affected Platform The security vulnerability CVE-2024-28986 primarily affects the SolarWinds Web Help Desk software. Organizations utilizing this platform must act swiftly to mitigate the potential risks associated with this critical flaw.  Summary  CVE-2024-28986 has been identified as...

The post CVE-2024-28986 – SolarWinds Web Help Desk Security Vulnerability – August 2024 appeared first on TrueFort.

The post CVE-2024-28986 – SolarWinds Web Help Desk Security Vulnerability – August 2024 appeared first on Security Boulevard.

Reading Time: 3 min The recent exploitation of Proofpoint’s email routing flaw, known as EchoSpoofing, allowed attackers to send millions of spoofed emails across multiple organizations.

The post What is EchoSpoofing?: Proofpoint Email Routing Exploit appeared first on Security Boulevard.

Authors/Presenters:Carlo Meijer, Wouter Bokslag, Jos Wetzels

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – All Cops Are Broadcasting: TETRA Under Scrutiny appeared first on Security Boulevard.

GraphQL vs REST APIs Developers are constantly exploring new technologies that can improve the performance, flexibility, and usability of applications. GraphQL is one such technology that has gained significant attention for its ability to fetch data efficiently. Unlike the traditional REST API, which requires multiple round trips to the server to gather various pieces of data, [...]

The post Fundamentals of GraphQL-specific attacks appeared first on Wallarm.

The post Fundamentals of GraphQL-specific attacks appeared first on Security Boulevard.

So some of you are thinking “ewwww … another security transformation paper” and this is understandable. A lot of people (and now … a lot of robots too) have written vague, hand-wavy “leadership” papers on how to transform security, include security into digital transformation or move to the cloud (now with GenAI!) the “right” way, while reaping all the benefits and suffering none of the costs. Because tote leadership!

This is not one of those, promise! Why not? Because our new paper helps answer two real — and really hard — questions:

#1 Based on the experience of others, what does a “modern” or transformed organization’s security capability look like? #2 Given what you have today, how to transition from whatever you have to what we discussed in #1 above?

I bet you’d agree that this is really tricky. Hence our paper!

Let’s start with my favorite insights and surprises below (and, yes, Gemini via Gems had a “hand” in this, curation though is very human):

• The Primacy of Organizational Transformation: The guide emphasizes that digital transformation is not solely — or even largely — about technology adoption, but fundamentally about transforming the organization, its operations, its team structure and its culture. This may surprise security leaders from traditional organizations who might primarily focus on technical solutions and “let’s just get new tools!”
• The OOT (Organization, Operations, Technology) Approach: The guide advocates for prioritizing organizational and operational changes before finalizing technology decisions. This may challenge the conventional approach in traditional organizations where technology choices often precede organizational adaptation.

Roadmap of how “classic” teams fuse into modern ones

• The Significance of a Generative Culture: The guide stresses the critical role of a generative culture in achieving successful transformation. Cultivating a generative culture is essential for fostering adaptability and thus ultimately for modernizing security. Such a culture, characterized by high trust, information flow, and shared responsibility, may be a departure from the hierarchical and siloed structures prevalent in traditional organizations.
• The Distribution of Security Responsibilities: We propose a shift away from centralized security functions towards a model where product teams assume greater ownership of security throughout the development lifecycle. The distributed responsibility model emphasizes empowering product teams to build security into their applications from the outset. This may surprise — and upset — security leaders accustomed to a centralized security model.
• The Difficulty of Letting Go: We remind everybody that moving away from legacy processes and controls can be unexpectedly challenging, even painful. Teams may be attached to familiar processes or resistant to change, even if it leads to visibly greater efficiency and security. Security leaders might be surprised by the internal resistance they encounter when trying to implement new ways of working.

Transform process we use

As usual, my favorite quotes from the paper:

• “As we’ve helped more security teams make the move to the cloud, we’ve identified nuanced challenges that they face — namely those related to team structure, changing business operations, and establishing culture — that are critical to their success”
• “Where do we start when we talk about transforming the cybersecurity organization within a company that’s historically delivered security to on-premise systems within a highly centralized function? Ideally, we think this conversation should start with defining security goals framed in business outcomes like capabilities, velocity, quality, cost, and risk.”
• “You’ll find many opinions about how cybersecurity enables a successful digital transformation, but most observers are unaware of the complexity involved in effectively collaborating and sharing responsibilities, skills, tooling, and other capabilities with fast-moving product-based teams who own the full set of responsibilities — including cybersecurity — for the applications they build and run.”
• “Moving away from the toil often associated with securing on-premise systems can be challenging for unexpected reasons. We think security in the cloud is a better future that can be difficult to imagine without inspiration and intentional culture development. ” [A.C. — this is not some snide remark about ‘server huggers’ but a very human tendency to like whatever they invested their blood and soul into…]
• “Our first step in helping customers work through transition to the cloud and more modern ways to work starts with backing away from the belief that it’s the technology that’s transforming.” [A.C. — my fave example is here]

Now, go and read our new paper!

P.S. “Anton, but I like SOC papers, can I haz moar? — Yes, there is one coming in a few weeks! Part 4.5 of our glamorous SOC of the Future series”

Related:

• “CISO’s Guide to Cloud Security Transformation” paper (2021)
• Moving shields into position: How you can organize security to boost digital transformation (official launch blog for the same paper)
• How CISOs need to adapt their mental models for cloud security
• For a successful cloud transformation, change your culture first

New Office of the CISO Paper: Organizing Security for Digital Transformation was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post New Office of the CISO Paper: Organizing Security for Digital Transformation appeared first on Security Boulevard.

via the comic & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Monocaster’ appeared first on Security Boulevard.

Authors/Presenters:Zichen Gui, Kenneth G. Paterson, Tianxin Tang

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – Security Analysis of MongoDB Queryable Encryption appeared first on Security Boulevard.

Introduction Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution that allows for centralized management of devices within an organization. On September 12th, 2024, ZDI and Ivanti released an advisory describing a deserialization vulnerability resulting in remote code execution with a CVSS score of 9.8. In this post we detail the internal workings of this vulnerability. Our POC can be found here. We would like to credit @SinSinology with the discovery of this vulnerability. AgentPortal The ZDI advisory told us exactly where to look for the vulnerability. A service named AgentPortal. A quick search shows us that we can find the file at C:\Program Files\LanDesk\ManagementSuite\AgentPortal.exe. Upon further investigation, we find that it is a .NET binary. After loading AgentPortal.exe into JetBrains dotPeek for decompilation, we find that its not a very complicated program. It’s main responsibility is creating a .NET Remoting service for the IAgentPortal interface. IAgentPortal Interface The IAgentPortal interface is pretty simple, it consists of functions to create Requests and other functions to get the results and check the status of those requests. Digging into what kind of requests we can make, we find the ActionEnum enum. We are immediately drawn to the RunProgram option. The handler […]

The post CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability appeared first on Horizon3.ai.

The post CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability appeared first on Security Boulevard.

Artificial intelligence (AI) is no longer just a buzzword in the cybersecurity industry—it’s an essential tool for staying ahead of threats. But how are leading organizations leveraging AI in cybersecurity effectively, and what challenges do they face? During a recent Nuspire webinar, experts J.R. Cunningham, Michael Wilson and Marcy Elder uncover how AI is transforming cybersecurity operations and what the ... Read More

The post AI in Cybersecurity: Experts Discuss Opportunities, Misconceptions and the Path Forward appeared first on Nuspire.

The post AI in Cybersecurity: Experts Discuss Opportunities, Misconceptions and the Path Forward appeared first on Security Boulevard.

Are you confident your vulnerability management is doing its job, or do you sometimes feel like it’s falling short? Many companies invest time and resources into managing vulnerabilities, yet still...

The post Top 5 Vulnerability Management Mistakes Companies Make (Plus a Bonus Mistake to Avoid) appeared first on Strobes Security.

The post Top 5 Vulnerability Management Mistakes Companies Make (Plus a Bonus Mistake to Avoid) appeared first on Security Boulevard.

By Joe Doyle If you’ve encountered cryptography software, you’ve probably heard the advice to never use a nonce twice—in fact, that’s where the word nonce (number used once) comes from. Depending on the cryptography involved, a reused nonce can reveal encrypted messages, or even leak your secret key! But common knowledge may not cover every […]

The post Friends don’t let friends reuse nonces appeared first on Security Boulevard.