Posted on

Visualize Attack Paths in Production Environments With ThreatMapper

The huge advances in 'Shift Left' processes makes it possible to deliver code to production that is secure and largely free from vulnerable dependencies. Among other things, these processes typically involve matching dependencies against public vulnerability lists from Mitre, Red Hat, Debian, and other projects.

'Shift Left' Scanning Alone Does Not Go Far Enough to Identify Production Vulnerabilities

Vulnerability lists don’t stand still. CVEs are published through the NVD at a rate of about 50 per day, so the risk of a new vulnerability being found in production is significant. Furthermore, third-party production components may not be scanned in a way that is as rigorous or up-to-date as you would like.

Posted on

What Does a Transparent and Secure Digital Workplace Look Like?

Over 25 percent of employees don’t trust their employers, and an even greater 50 percent think that their employers aren’t open or upfront with them. The lack of trust among employees is due to the lack of transparency in the workplace. 

In digitally transformed organizations with digitized workflows, decentralized teams, and remote employees, embracing and maintaining transparency across different workplace tools can become even more difficult. 

Posted on

Why Hasn’t the Security Industry Embraced the API-First Revolution?

How the Security Industry Fell a Decade Behind the Broader Tech Industry

I’m not going to sugarcoat it; the security industry has fallen way behind the broader tech industry in the last decade in a really fundamental way. While much of the tech industry has started to pivot away from hardware and software-based solutions – which dominated the 90s and early 2000s – and towards the use of API-first SaaS services, most of the security industry has not.

Now, this reluctance to embrace a new way of delivering security outcomes means that customers are overburdened with acquiring, deploying, and managing security tools in a legacy model. A painful, not to mention expensive, way to defend against threats.

Posted on

Identity Management Day: Cause for Celebration or Concern?

Tuesday, April 13 marks Identity Management Day — a time to bring awareness to business leaders, IT decision-makers, and others about the importance of managing and securing digital identities. It’s a nice concept: businesses coming together to share best practices, vendors supporting the cause, and an overall push for better security hygiene. But is there actually a reason to celebrate?

Securing your network is a journey, not a destination. Not just on one day, but every day. As such, identity management (IM) shouldn’t be celebrated as a singular component of security, but rather a capability that should be ingrained in the data governance fabric of every organization. With the ability to safeguard information, facilitate compliance, and streamline work processes, it's hard to believe that it’s not already.

Posted on

Top 5 Tips To Enhance Cloud Computing Security Solutions In 2021

Introduction

Do you know that cloud service acquisition is evolving so swiftly that it has grown up to 35% in 2021? Nearly every business that you can possibly think of is utilizing public cloud computing services for most of their critical business applications. 

But simultaneously, we cannot neglect the fact that we are witnessing an unprecedented level of vulnerability in this tech-oriented world. Cyberattacks and data breaches associated with cloud services are making headway alongside the growth of cloud usage. Unfortunately, 63% of companies claim that their data was potentially compromised during the past 12 months. 

Posted on

Risky Business: Preparedness Lessons Learned from the Florida Water Plant Hack

You’d be hard-pressed to find someone in the IT security space who will argue against the importance of risk preparedness. Unfortunately, more often than not, people will talk-the-talk without walking the proverbial walk. It sounds smart: be ready for potential attacks before they happen. But we have a long way to go to put this sentiment into practice. Accidents are unplanned, and we're never quite as prepared as we should be. The "that will never happen to us" attitude is rampant among the enterprise, especially when it comes to cybersecurity.

Risk preparedness is something organizations need to start taking seriously, as seen by the recent Florida water plant hack, among others. If they don't, the outcomes could be devastating. Imagine a stadium of sick Super Bowl attendees or worse. While the focus has been largely on protecting big businesses or federal entities with lots of valuable data, no one is truly safe from bad actors — not even local municipalities. In fact, these could be even more dangerous targets when you consider something as serious as compromising a community’s water supply or information theft. 

Posted on

Achieving Cloud-Native Security and Compliance With Teleport

Security is the most critical aspect for any IT solutions and with the ever-increasing adoption of cloud-native technologies, the need for Zero Trust Architecture is irrefutable as:

  • The traditional networking approach is not effective enough to provide full security to cloud-native applications.
  • With cloud offerings being heavily getting used going forward, security policies around the application need to be scalable as well.
  • With more emphasis on loosely coupled microservice-based applications, chances of vulnerabilities getting introduced also increases.
  • People are using multiple clouds to take advantage of the offerings.
  • On-premise to the cloud and another way around connectivity is a reality.
  • Devices that span beyond traditional data centres & cloud are increasingly being used to provide connectivity to remote sites.

To sum up, it means there is no "real network boundary" anymore, and hence we need to have a way in which we don't trust anyone. Traditionally it was assumed that communication between entities inside the same data centre is secure; whereas with zero trusts, we don't even assume that. So, it has become a mandate to have a zero-trust security framework around your cloud-native applications.

Posted on

Understand the Powerful ROP Attack From Zero!

What Is ROP?

First, let's describe a gadget. A gadget is a sequence of assembly code that ends with a jump instruction: for example, pop rax; ret;. Jump instructions include ret, jmp, call, etc. If you use the last jump instruction of each gadget to execute many gadgets one by one, that’s return-oriented programming (ROP): gadget1 -(jump)> gadget2 -(jump)> gadget3 -(jump)>… Gadgets extensively exist in the vulnerable binary executable. You need to scan the binary executable, find its gadgets, exploit a vulnerability to execute some useful gadgets, and eventually finish your attack.

Implement a Real ROP Attack

Environment

Download the necessary files from here. Bug is the vulnerable binary executable. exploit_gen.c generates a binary data file called “exploit." The data file is the input of bug. exploit_gen.c may not be able to exploit the bug on your machine. Follow the steps in the next section. Do your experiments and modify exploit_gen.c.

Posted on

How Machine Learning and Artificial Intelligence Improve Your Cyber Security

The integration of artificial intelligence systems and machine learning is the next big development in the sphere of information technology. These systems have brought a new wave of advancements in technological developments. It has also transformed the way organizations were using Cyber Security Services to prevent cyber attacks.

In old times, cybersecurity was used based on signature pattern matching or rules. With the advent of anti-virus software, companies started to rely on them, but it was used for detecting malware only that matches with the signature or virus definition. 

Posted on

5 Cybersecurity Tips to Protect Yourself While Shopping Online

Christmas has always been a time when people stay away from work, relax, travel, and do a great deal of shopping, but 2020 has come with a difference. The first and second waves of COVID-19 have made it almost impossible for people to move around and shop at will. What people have to recourse to is online shopping. In 2019, according to a recent study, 93.4% of American consumers bought Christmas gifts, and the average consumer who bought Christmas gifts spent $928.76.

Most of these gifts were bought online. Buying from an eCommerce store, among other things, removes geographical limitations, reduces costs, and enhances comparison shopping. It also enables deals, bargains, coupons, group-buying in real-time and creates room for targeted communication. However, this comes with many cybersecurity risks. Cybercriminals catch in on the volume of data and personal information that have to be ferried during Christmas to wreak serious havoc.

Posted on

FaaS: Security Considerations to Know Before Going Serverless

Serverless architecture is becoming a compelling choice for developers and companies to host their applications. It is easy to see why with its ability to dynamically scale to meet load requirements as well as removing a lot of the complexity with deploying and maintaining applications, sometimes even removing the need for an Ops team. But what are the security considerations we should consider before choosing to go serverless?

What is Serverless Architecture?

Serverless architecture (also known as serverless computing or function as a service, FaaS) is a software architecture where applications are hosted by a third-party service. This essentially means that your application is broken into individual services, which negates the need for server software and hardware management by the developers.

Posted on

10 Cyber Security Tools to Watch Out for in 2021

With an immense number of companies and entities climbing onto the digital bandwagon, cybersecurity considerations have come up as limelight. Besides, new technologies such as Big Data, IoT, and Artificial Intelligence/Machine Learning are gradually more making inroads into our everyday lives, the threats related to cybercrime are mounting as well. Additionally, the usage of mobile and web apps in transacting financial information has put the complete digital stuff exposed to cybersecurity breaches. The inherent risks and vulnerabilities found in such apps can be exploited by attackers or cybercriminals to draw off crucial information data counting money. Internationally, cyber-security breaches have caused a yearly loss of USD 20.38 million in 2019 (Source: Statista). Plus, cybercrime has led to a 0.80 percent loss of the entire world’s Gross domestic product, which sums up to approx. USD 2.1 trillion in the year 2019 alone (Source: Cybriant.com).

Statista Report 2018 “Security Threats at All-Time High”. The no. of security threats or vulnerabilities in all kinds of Information Technology software is at an all-time high.

Posted on

Detecting Credentials In Source Code: Solutions Guide

In modern software development, we rely on hundreds, sometimes thousands of different building blocks. The glue that connects all the different building blocks are collectively known as secrets. These are typically API keys, credentials, security certificates, and URIs. These are the modern-day master keys. They can provide access to cloud infrastructure, payment systems, internal messaging, and user information to name a few. Once an attacker has a secret, they can move laterally between systems to uncover additional information and secrets, and because they are authenticated, they look and appear like valid users, making it extremely difficult to detect.

But even having established how sensitive these secrets are and why they should be tightly wrapped, this next statement may surprise you:

Posted on

Video Encryption Types, Security Level, and Compatibility

Have you noticed how in recent years there has been a rapid increase in the number of OTT platforms such as Netflix, Amazon Prime, Disney plus and so much more? Almost everyone relies on these platforms to view content and for these platforms as well their content is the source of their income. But then again all these videos on these platforms were easily downloadable in the past and it is still now up to an extent.  

Every year organizations lose billions of dollars in piracy. Almost all the content is freely available in different sources. Users can access video content for free without having to spend much money on it.

Posted on

Vulnerability Assessment and Penetration Testing

Introduction

In these days of widespread Internet usage, security is of prime importance. The almost universal use of mobile and Web applications makes systems vulnerable to cyber-attacks. Vulnerability assessment can help identify the loopholes in a system while penetration testing is a proof-of-concept approach to actually explore and exploit a vulnerability.

Cyber-attacks are increasing every day with the increased use of mobile and Web applications. Globally, statistics show that more than 70 percent of the applications either have vulnerabilities that could potentially be exploited by a hacker or worse, they have already been exploited. The data losses due to this are typical of two types. Either the data is confidential to the organization or it is private to an individual. Regardless of the category, data losses result in the loss of money or reputation. This article explores a technical process that can be adopted by industries and organizations to protect their intellectual property, and if implemented correctly, will result in better risk management.

Posted on

Latest Cyber Security Trends: 2020 in Review

The past decade has seen many advances, such as cloud computing, artificial intelligence, blockchain, the Internet of Things (IoT), and many more. These technologies provide many advantages, but also with distinct disadvantages. Perhaps the most critical disadvantage is the increasing amount of cyber threats. This article provides a brief overview of critical cybersecurity threats to watch out for during 2020, alongside the cybersecurity trends rising to prominence.

Trending Cybersecurity Threats

As technologies change, cybercriminals continue to develop innovative methods to exploit vulnerabilities and bypass security protections. To keep your systems and data secure, you need first to understand what the most common threats are.