Security Boulevard

via the comic & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘House Inputs and Outputs’ appeared first on Security Boulevard.

Microsoft recently announced the deprecation of NTLM protocol for Windows client. This falls in line with Microsoft’s encouragement to move away from NTLM due to the security risks it introduces – and acts as a wakeup call that maintaining NTLM usage puts environments at high risk.   We cannot overlook the striking resemblance between today’s NTLM deprecation...

The post NTLM Deprecation is Giving Us XP EOL Flashbacks: Are You Protected?  appeared first on Silverfort.

The post NTLM Deprecation is Giving Us XP EOL Flashbacks: Are You Protected?  appeared first on Security Boulevard.

Resilience is now the prevailing ethos and strategy for cybersecurity programs. This idea is typified by the axioms, “assume breach,” or “not if, but when.” Cybersecurity’s journey to a resilience model makes perfect sense against the evolution of networking and business technology needs. However, our mental model for how we cope with challenges and stress […]

The post Extending Resilience: Reducing Stress and Burnout for Cybersecurity Teams appeared first on OX Security.

The post Extending Resilience: Reducing Stress and Burnout for Cybersecurity Teams appeared first on Security Boulevard.

Today we’ve announced our breakthrough Identity Threat Detection & Response (ITDR) platform for SaaS environments. Since entering this space a year ago, we’ve already become a leader in the field, implementing the solution in hundreds of enterprise customer environments. Adaptive Shield will demonstrate its new ITDR platform and award-winning technology at booth #1268 during Black Hat USA, […]

The post Adaptive Shield Showcases New ITDR Platform for SaaS at Black Hat USA appeared first on Adaptive Shield.

The post Adaptive Shield Showcases New ITDR Platform for SaaS at Black Hat USA appeared first on Security Boulevard.

Introduction

HYAS is excited to share some important updates to both HYAS Protect and HYAS Insight, designed to strengthen your organization’s cybersecurity.

For HYAS Protect, we’ve enhanced our categorization and content filtering capabilities. With more threat-specific classifications, our security is now even more effective. Domains flagged under Malicious Cyber Activity are now more visible, offering better proactive protection. Additionally, you can fine-tune subcategories within key classifications that are most relevant to your organization. These updates provide greater control and precision, ensuring a secure and efficient digital environment.

In HYAS Insight, we’ve introduced the ability to search and pivot on User Agent Strings, a valuable tool for cybersecurity analysis. This feature allows you to identify and track specific devices and software versions, making it easier to detect anomalies and patterns indicative of malicious activity.

These updates are designed to offer you a more secure and insightful cybersecurity experience with HYAS.

Enhanced Content Filtering in HYAS Protect

Before we dive into this month’s updates for HYAS Protect, let’s take a moment to explore the role of content filtering and why it’s a crucial element of your cybersecurity strategy.

Content filtering might seem like a basic concept, but it’s actually one of the most critical tools in the cybersecurity toolkit. Think of it as a digital gatekeeper for your company’s network. It monitors and controls access to internet content, emails, and other digital data based on specific rules, much like a vigilant security guard who ensures only authorized individuals gain entry.

Why is content filtering so essential? The internet is a vast landscape filled with potential threats, from phishing sites to malware. Content filtering acts as a protective barrier, blocking access to these dangerous sites and filtering out harmful content. This helps safeguard your company’s sensitive information and defends against data breaches, ransomware attacks, and other disruptive cyber incidents. In essence, content filtering provides a robust first line of defense against a wide range of cyber threats, ensuring your network remains secure and your operations uninterrupted.

But content filtering does more than just bolster security—it also enhances productivity. By blocking access to non-work-related or inappropriate websites, content filtering helps employees stay focused on their tasks. It reduces distractions such as social media browsing and irrelevant videos, creating a more productive and professional work environment.

With that understanding, let’s look at how HYAS simplifies and elevates content filtering for your organization.

HYAS stands out with its sophisticated domain categorization. At the heart of our content filtering solution, domain categorization involves meticulously classifying each website based on its content. We leverage advanced techniques, including artificial intelligence and machine learning, to deliver the most accurate and comprehensive classification results. This ensures that your content filtering is not only precise but also adaptive to evolving threats.

HYAS also addresses the challenge of managing large volumes of data by organizing it into seven main categories, each with multiple subcategories. This structured approach allows you to either block entire categories or select specific subcategories, giving you flexibility and control over what content is allowed or restricted. The main categories include: Acceptable Use Policy Content, Anomalous Web Resources, Digital Information Transfer, Dangerous Web Activity, Workplace Distraction, No Category, and the crucial Malicious Cyber Activity.

Websites classified under Malicious Cyber Activity are automatically blocked, providing immediate protection against the most severe online threats. This proactive approach means that HYAS Protect is constantly on guard, neutralizing risks before they can impact your digital environment.

In summary, HYAS transforms the complex task of content filtering into a streamlined and powerful process. By combining advanced categorization with proactive blocking, HYAS ensures that your organization is not only protected from cyber threats but also optimized for productivity. This allows you to focus on what truly matters—growing your business and achieving your goals.

User Agent String Pivoting in HYAS Insight

Before we dive into the latest and greatest from HYAS Insight, let’s get excited about User Agent Strings and why they’re a game-changer for your cybersecurity investigations.

Imagine User Agent Strings as digital fingerprints. Every time a device connects to a web service, it sends a User Agent String that includes valuable information about the device and its software environment. This string reveals details such as the operating system, browser type and version and even device type. In essence, it’s like a digital ID card, providing a snapshot of the incoming connection and helping to paint a complete picture of the device’s identity.

In the realm of cybersecurity, these strings are exceptionally valuable. They allow security professionals to pinpoint which devices and software versions are interacting with their network. This capability is crucial for identifying anomalies and potential threats. For example, if a User Agent String deviates from typical patterns, it could indicate a compromised device or an unauthorized user attempting to gain access. Furthermore, analyzing User Agent Strings helps identify outdated software or vulnerabilities that need attention, thus bolstering overall security.

User Agent Strings are also integral to behavioral analysis. By tracking these strings over time, security teams can establish a baseline of normal network activity. Any significant deviations from this baseline can trigger alerts for deeper investigation. For instance, if a User Agent String appears with an unusual browser or operating system, it could be a sign of a phishing attempt, malware infection, or other malicious activity.

In addition, User Agent Strings play a vital role in forensic analysis. After a cybersecurity incident, these strings provide a trail of evidence that can help trace the attacker’s steps. By examining the User Agent Strings used during an attack, investigators can gain insights into the attacker’s infrastructure. This information is crucial for developing effective countermeasures and preventing future incidents.

Now, let’s delve into how HYAS Insight is revolutionizing the use of User Agent Strings with its latest update. This feature elevates your cybersecurity analysis by providing advanced tools for searching and pivoting on User Agent Strings. You can now track specific devices and software versions with remarkable precision, making it easier to spot anomalies and detect patterns indicative of malicious activity.

The update also introduces expanded capabilities. You can seamlessly pivot from User Agent Strings to other crucial data points, such as GPS IP locations, Dynamic DNS, and C2 (Command and Control) attribution. This added functionality offers a more detailed view of an attacker’s interactions and the underlying attacker infrastructure.

For example, correlating User Agent Strings with GPS IP locations allows you to determine the geographic origin of a connection. This adds valuable context to your threat analysis and can help identify patterns of suspicious activity. By integrating Dynamic DNS information, you can track and manage connections associated with frequently changing IP addresses, which is essential for monitoring and responding to dynamic threats. Additionally, C2 attribution provides insights into the command and control servers used by attackers, offering a clearer understanding of their operational methods.

These enhancements not only improve your detection capabilities but also strengthen your overall security posture. By providing a more comprehensive view of potential attacker infrastructure and enabling precise tracking, HYAS Insight helps you stay ahead of evolving threats. This advanced approach ensures that your network remains secure and resilient, empowering you to effectively combat malicious activities and safeguard your digital environment.

In summary, the latest updates to HYAS Insight offer a powerful and refined approach to using User Agent Strings for cybersecurity analysis. With these new capabilities, you gain deeper insights, enhanced detection, and a stronger defense against cyber threats, ensuring your organization remains protected and agile in the face of evolving challenges.

The post HYAS Product Release News July 2024 appeared first on Security Boulevard.

Articles related to cyber risk quantification, cyber risk management, and cyber resilience.

The post Updates: ISO 27001 Mapping and Model Calibration | Kovrr appeared first on Security Boulevard.

Unaffiliated ‘lone wolf’ threat actors carry out a greater share of attacks
as they attempt to obfuscate their identity in Q2 2024.

The post Ransomware actors pivot away from major brands in Q2 2024 appeared first on Security Boulevard.

Las Vegas, Nevada, 30th July 2024, CyberNewsWire

The post Adaptive Shield Showcases New ITDR Platform for SaaS at Black Hat USA appeared first on Security Boulevard.

New and updated coverage for ransomware and malware variants, including AI Threat Scenario, GuLoader, DarkGate, MirrorBlast, & Kutaki Stealer

The post Poseidon Infostealer, DoNex Ransomware, ElDorado Ransomware, and More: Hacker’s Playbook Threat Coverage Round-up: July 2024 appeared first on SafeBreach.

The post Poseidon Infostealer, DoNex Ransomware, ElDorado Ransomware, and More: Hacker’s Playbook Threat Coverage Round-up: July 2024 appeared first on Security Boulevard.

Understanding the Security Risks and Solutions for Protecting Sensitive Data

There is a trend emerging for anyone launching a consumer business. Almost every business these days does two things: the first is to create an app and the second is to publish an API.

The post The Rise of Unofficial Apps in Delivery, Automotive, and E-Commerce appeared first on Security Boulevard.

Learn more about how organizations can use open source software to innovate while minimizing risk.

The post Next-Gen Vulnerability Assessment: AWS Bedrock Claude in CVE Data Classification appeared first on Security Boulevard.

What does Agile have to do with improving security? A lot! Explore highlights from Agile2024, including technical health, productive meetings, and addressing shadow IT.

The post Agile2024: Making Sure Security Is Part Of Our Processes appeared first on Security Boulevard.

Fortanix today extended the reach of its ability to discover encryption keys to on-premises IT environments to enable organizations to more comprehensively manage risks.

The post Fortanix Extends Encyption Key Discovery to On-Premises IT Platforms appeared first on Security Boulevard.

Discover, a new feature available to all DataDome customers, enables organizations to identify blind spots and shrink attack surfaces against malicious bots and fraudsters.

The post Uncover Your Attack Surface with Discover from DataDome appeared first on Security Boulevard.

For IDTR solutions, addressing compromised credentials head-on is crucial to protecting end users' environments.

The post Enzoic Dark Web Data Integration with IDTR Solutions appeared first on Security Boulevard.

Auto manufacturers are just starting to realize the problems of supporting the software in older models:

Today’s phones are able to receive updates six to eight years after their purchase date. Samsung and Google provide Android OS updates and security updates for seven years. Apple halts servicing products seven years after they stop selling them.

That might not cut it in the auto world, where the average age of cars on US roads is only going up. A recent report found that cars and trucks just reached a new record average age of 12.6 years, up two months from 2023. That means the car software hitting the road today needs to work­—and maybe even improve—­beyond 2036. The average length of smartphone ownership is just ...

The post Providing Security Updates to Automobile Software appeared first on Security Boulevard.

OCI Customers Can Now Externally Manage Encryption Keys from a Cloud-Based Service
madhav
Tue, 07/30/2024 - 10:20

Oracle stands apart by offering a comprehensive suite of services across all its cloud delivery models, from Oracle Alloy and Dedicated Region Cloud@Customer to its standard Public Cloud service. Regardless of the means of delivery or usage, security, and regulatory compliance are significant hindrances to cloud adoption. These concerns are particularly pressing for large enterprise clients traditionally relying on Oracle's database expertise to safeguard their most sensitive data. The pivotal Thales and Oracle external key management partnership directly addresses the challenge of securely storing data in the cloud in a manner that instills trust in large enterprises.

Continuing in its efforts to innovate for Oracle customers, we at Thales are excited to announce that organizations can now use Thales’ CipherTrust Data Security Platform as a Service (CDSPaaS) with Oracle Cloud Infrastructure (OCI) Vault’s External Key Management Service (EKMS) for full Hold Your Own Key (HYOK) encryption key management. Now customers can be in full control of their OCI keys without having to deploy hardware in their own data center as well as meet their data sovereignty needs.

Overview of CipherTrust Data Security Platform as-a-Service

Until this announcement, businesses have had the option to externally manage their OCI encryption keys by using Thales’ CipherTrust Cloud Key Management (CCKM) as either a physical appliance or virtual machine or sometimes arrayed in a hybrid or multi-cloud architecture. Now, with OCI Vault EKMS support available on the CipherTrust Data Security Platform-as-a-service (CDSPaaS), Thales offers a cloud-based service offering to the mix. Customers should have the choice of how and where they store their encryption keys. And now, they can do just that fully with Thales’ CipherTrust Data Security Platform.

The same underlying CCKM technology from our appliances underpins CDSPaaS. CCKM centralizes the management and storage of cloud encryption keys (from a broad array of CSP (Cloud Service Providers) vendors including Oracle Cloud Infrastructure) as organizations migrate their sensitive data to the cloud. With a single pane of glass view across regions, the CCKM functionality on CDSPaaS consolidates Bring Your Own Key (BYOK) and Hold Your Own Key (HYOK) use cases for customers in one straightforward interface to drive greater efficiency and more easily comply with data protection mandates, such as GDPR, Schrems II and the Data Privacy Framework (DPF).

CDSPaaS for OCI Vault EKMS is available to customers via Thales’s Data Protection on Demand (DPoD) Marketplace, a cloud-based online marketplace providing a wide range of cloud HSM (Hardware Security Modules), key management and encryption services. FIPS 140-2 Level 3 certified Luna Cloud HSMs (Hardware Security Modules) hosted in the Thales’ DPoD data centers secure the keys for each CDSPaaS subscription. The service automatically scales to meet the demands placed on it, so customers enjoy the high availability and resilience customary to the cloud. With a 30-day free trial, you can test it now.

Benefits of the Service

• Save time and effort by simplifying security management: Organizations avoid the procurement, configuration, and management cycles involved with purchasing hardware when they subscribe to CDSPaaS. Using Thales’ cloud-based DPoD service, organizations get to value faster with their OCI investments while also side-stepping the administrative costs associated with on-premises and siloed key management.
• Spread out capital investment costs: CDSPaaS subscriptions allow customers to fund their purchase over multiple years instead of experiencing heavy upfront capital expenditures. Thales’ subscription model allows customers to plan their spending in a consistent, reliable manner rather than having to budget inconsistent, one-time expenses.
• Scale when and how you need: CDSPaaS allows customers scale their requirements when they need it. Rather than purchasing hardware and capacity that organizations will need to grow into, CDSPaaS allows customers to add capacity on-demand as they add OCI Vault tenants for a just-in-time approach to meet their business demands more cost-effectively and to reduce their carbon footprint.
• The solution allows customers to address important compliance obligations by remaining in control of their data/encryption keys as their data resides in the cloud. More specifically, it allows European customers to ensure that their data safely resides within the EU under the control.Oracle Addresses European Data Privacy and Sovereignty Requirements with New EU Sovereign Cloud

Conclusion

Enterprises should have the tools to control their data however they see fit. Working with Oracle, we are excited to make this aspiration a reality. Some of the world’s most sensitive data resides in Oracle databases. Together with Oracle, we are making OCI not only possible, but convenient, for these customers and their most important data.

Try A Free Trial

CipherTrust Data Security Platform-as-a-service is available now, and businesses can sign up for a 30-day free trial through the Thales Data Protection on Demand (DPoD) Marketplace by following these three easy steps:

1) Sign up for a DPoD Marketplace account.

2) Select the CDSP (CipherTrust Data Security Platform) service on the DPoD Marketplace and fill in the requested information.

3) Log in and get started with no commitments.

To learn more read the product brief or contact one of our experts here.

Data Security Cloud Security Encryption Compliance Alex Hanway | Director of Business Development
More About This Author > Schema basic

The post OCI Customers Can Now Externally Manage Encryption Keys from a Cloud-Based Service appeared first on Security Boulevard.

The most completed and up to date crawlers list including the most common ones, the top SEO and TOOLS crawlers

The post The Complete 2024 Crawler List You Need to Identify All Web Crawlers appeared first on Security Boulevard.

Cloudflare, best known for its content delivery network (CDN), is marketed as a “Connectivity Cloud”. Part of its offering is protecting a vast number of websites from DDoS attacks [1]. However, its attitude to abuse management and prevention proves a point of contention and we urge Cloudflare to review its anti-abuse policies.

The post Too big to care? – Our disappointment with Cloudflare’s anti-abuse posture appeared first on Security Boulevard.

Two vulnerabilities were discovered in openvpn, a virtual private network software which could keep the closing session active or result in denial of service. Canonical released security updates to address these vulnerabilities in affected Ubuntu releases. These include Ubuntu 24.04 LTS, Ubuntu 23.10, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS. Let’s look at the details […]

The post Ubuntu Fixes Two OpenVPN Vulnerabilities appeared first on TuxCare.

The post Ubuntu Fixes Two OpenVPN Vulnerabilities appeared first on Security Boulevard.