Tenable reportedly is exploring a potential sale that would add to the growing consolidation in a cybersecurity market that is seeing new innovations in cyber-defenses as the threat of cyberattacks grows.
The post Tenable Considering a Potential Sale: Report appeared first on Security Boulevard.
Numerous reports have highlighted the increased number of software supply chain attacks in recent years. The Verizon Business Data Breach and Investigation Report (DBIR) 2024 concluded that breaches stemming from third-party software development organizations played a role in 15% of the more than 10,000 data breaches that Verizon documented, a 68% jump from last year. Additionally, ReversingLabs' The "State of Software Supply Chain Security 2024" noted that incidents of malicious packages found on popular open-source package managers have increased by 1,300% over the past three years (2020–2023).
The post 8 supply chain security talks you don’t want to miss at Black Hat appeared first on Security Boulevard.
In today's intricately interconnected and complex software development ecosystem, a single compromised component can trigger a cascade of security breaches across thousands of organizations worldwide. And the cautionary tales keep piling up: In just the past month we’ve witnessed the CrowdStrike incident, where a faulty “channel file,” automatically pushed out to clients, shut down millions of Windows computers, and the “RoguePuppet” vulnerability that an attacker could exploit to add malware to any Puppet Forge module.
The post Are you ready for modern supply chain threats? Update your approach appeared first on Security Boulevard.
This Article The Cost of Insider Threats: Financial and Reputational Impact was first published on Signpost Six. | https://www.signpostsix.com/
In today’s interconnected world, insider threats pose a significant risk to organisations of all sizes. Whether through malicious intent or inadvertent actions, insiders – employees, contractors, or business partners – can cause severe damage. Understanding the costs associated with insider threats is crucial for organisations aiming to protect their assets and reputation. This post delves […]
This Article The Cost of Insider Threats: Financial and Reputational Impact was first published on Signpost Six. | https://www.signpostsix.com/
The post The Cost of Insider Threats: Financial and Reputational Impact appeared first on Security Boulevard.
July 2024 has surfaced a series of significant vulnerabilities that could compromise the security of many organizations. From Bamboo Data Center flaws to critical issues in ServiceNow, these vulnerabilities present...
The post Top CVEs of July 2024: Key Vulnerabilities and Mitigations appeared first on Strobes Security.
The post Top CVEs of July 2024: Key Vulnerabilities and Mitigations appeared first on Security Boulevard.
The rise of advanced AI and large language models has fundamentally altered the landscape of disinformation.
The post How Bots and AI are Fueling Disinformation appeared first on Security Boulevard.
On the heels of the recent U.S. ban on Kaspersky antivirus software, it was expected that Kaspersky would begin to remove resources in the U.S. However, few expected them to lay off all the U.S.-employee base with such efficiency.
The post From Geopolitics to Boardrooms: The Impact of the Kaspersky Ban appeared first on Security Boulevard.
One critical method employed by security professionals to test systems’ strength and resilience is penetration testing. Gray-box testing is a balanced and practical approach that combines black-box and white-box testing elements. This blog explains the nuances of gray-box testing in cybersecurity and explores its characteristics, advantages, and techniques. What Is Gray Box Testing In Cybersecurity? […]
The post Gray Box Testing in Cybersecurity: Finding the Right Balance for Security first appeared on StrongBox IT.
The post Gray Box Testing in Cybersecurity: Finding the Right Balance for Security appeared first on Security Boulevard.
A significant remote code execution (RCE) vulnerability was identified in the Ghostscript library, a widely used tool on Linux systems. This vulnerability, tracked as CVE-2024-29510, is currently being exploited in attacks, posing a severe risk to numerous applications and services. Ghostscript is a powerful and versatile tool used for processing PostScript and PDF files. It […]
The post Ghostscript Vulnerability Actively Exploited in Attacks appeared first on TuxCare.
The post Ghostscript Vulnerability Actively Exploited in Attacks appeared first on Security Boulevard.
Linux, the open-source operating system renowned for its stability, security, and customizability, is a major force in cloud computing. Many cloud services are built on Linux, making them naturally compatible with existing Linux systems. Automate Linux kernel patching with TuxCare’s KernelCare Enterprise without downtime. Imagine you’re a web developer working on a crucial e-commerce platform […]
The post An Introduction to Cloud Computing for Linux Users appeared first on TuxCare.
The post An Introduction to Cloud Computing for Linux Users appeared first on Security Boulevard.
There has been a dramatic rise in email attacks and ransomware incidents, with an Acronis report noting a staggering 293% increase in email attacks in the first half of 2024 compared to the same period in 2023.
The post Email Attacks Surge, Ransomware Threat Remains Elevated appeared first on Security Boulevard.
SolarWinds has recently addressed 8 critical vulnerabilities pertaining to its Access Rights Manager (ARM) software. This SolarWinds patch has been released prior to the SolarWinds security flaws being exploited in the wild. In this article, we’ll focus on what that patch entails and what the consequences would have been if the vulnerabilities were exploited. SolarWinds […]
The post SolarWinds Patch: Critical ARM Flaws Fixed Before Exploits appeared first on TuxCare.
The post SolarWinds Patch: Critical ARM Flaws Fixed Before Exploits appeared first on Security Boulevard.
Firewalls and VPN appliances are critical gateways. Like all on-prem systems, a vulnerability can lead to a compromise that is used to open the door for attackers.
The post If You are Reachable, You Are Breachable, and Firewalls & VPNs are the Front Door appeared first on Security Boulevard.
An IBM analysis of 604 organizations published today finds the average cost of each breach, including lost revenue, has now reached $4.9 million.
The post IBM: Cost of Data Breach on Average Reaches $4.9 Million appeared first on Security Boulevard.
NSFOCUS Remote Security Assessment Security (RSAS) is a specialized, all-encompassing vulnerability scanner tailored for clients performing security assessments. It is adept at swiftly identifying a full spectrum of weaknesses within network systems. NSFOCUS RSAS is not just a scanning tool; it’s a comprehensive solution that efficiently identifies a plethora of vulnerabilities across networks, encompassing new […]
The post NSFOCUS RSAS New Features Unleashed appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
The post NSFOCUS RSAS New Features Unleashed appeared first on Security Boulevard.
Multifactor authentication (MFA) has formally been around for more than two decades, gaining the most...
The post Is Your MFA Broken? appeared first on Axiad.
The post Is Your MFA Broken? appeared first on Security Boulevard.
Ransomware has been a daunting threat to organizations worldwide for decades. Recent trends show that ransomware attacks continue to grow more advanced and persistent. It’s become increasingly clear that no one is spared as cybercriminals carry out attacks that even target the children of corporate executives to force ransom payments. Despite the high-profile takedowns of criminal ransomware networks in “Operation Endgame” and “Operation Duck Hunt,” the most notorious ransomware groups remain tenacious, quickly regrouping after disruptions and aggressively launching new attacks.
The Zscaler ThreatLabz team has just released its latest research on this critical ransomware threat landscape in the ThreatLabz 2024 Ransomware Report, shedding light on new data and trends. ThreatLabz analyzed 4.4 million ransomware attacks blocked by the Zscaler cloud, amounting to a 17.8% year-over-year increase, and conducted extensive analysis of ransomware samples and attack data. The report offers valuable insights into primary attack targets, the most dangerous ransomware families, and the evolving tactics and demands of ransomware threat actors. Most shockingly, it reveals that ThreatLabz uncovered a record-breaking USD$75 million ransom payment.This blog post will summarize select findings from the report. For a comprehensive understanding of the ransomware landscape and how to strengthen your organization’s defenses against this pervasive threat, download the Zscaler ThreatLabz 2024 Ransomware Report.
5 key ransomware findingsThe ThreatLabz team tracks ransomware activity extensively to identify and understand how these threats are evolving. The following subset of findings highlight some of the most prominent trends and targets.
Top ransomware trends1. The number of extorted companies based on analysis of malicious data leak sites grew by 57.8% year-over-year, despite law enforcement actions that include criminal arrests, indictments, and seized infrastructure. The report breaks down the most significant law enforcement operations against ransomware groups and initial access brokers over the past year.
2. The use of voice-based social engineering to gain entry into networks is on the rise—a technique made popular by Scattered Spider and the Qakbot threat group.
3. The exploitation of vulnerabilities continues to be a prevalent attack vector for ransomware, emphasizing the critical need for measures like prompt patching and unified vulnerability management, reinforced by a zero trust architecture.
Top ransomware targets4. The manufacturing, healthcare, and technology sectors were the top targets of ransomware attacks between April 2023 and April 2024, while the energy sector experienced a 527.27% year-over-year spike.
5. The United States, United Kingdom, Germany, Canada, and France were the top five countries targeted by ransomware in the same time period.
Delve into these findings and more data in the full report.
$75M ransom payment uncoveredThreatLabz identified 19 new ransomware families this year, increasing the total number tracked to 391 over the past decade, as cataloged in the ThreatLabz GitHub repository.
With new and emerging ransomware groups come new and ever-evolving methods to maximize their operational impact and financial gains. This was evidenced by the record-breaking $75 million ransom payment uncovered by ThreatLabz. The report discloses the threat group behind this unprecedented payment—also named by ThreatLabz as one of the top five ransomware families that will be a big threat to businesses in the year ahead. Learn about their strategic approach and why ThreatLabz predicts similar strategies will gain traction among other threat actors.The report also shares comprehensive insights into the tactics, potential impacts, and recent activities of other ransomware families that ThreatLabz has identified as high-risk and noteworthy for 2024-2025.
Stopping ransomware starts with zero trustThe growing volume and cost of ransomware attacks found in this year’s report is a stark reminder that organizations must prioritize robust ransomware defenses. The Zscaler Zero Trust Exchange™ platform addresses this challenge by offering a holistic approach to stopping ransomware.The Zscaler ThreatLabz 2024 Ransomware Report provides essential guidance to this end, including:
Fighting AI with AI: Learn about Zscaler’s AI-powered cyberthreat protection capabilities needed to combat AI-driven threats.
Zero trust architecture advantages: Learn how the Zero Trust Exchange stops ransomware at every stage of the attack cycle:
Minimize the attack surface: By replacing exploitable VPN and firewall architectures with a zero trust architecture, it hides users, applications, and devices behind a cloud proxy, making them invisible and undiscoverable from the internet.
Prevent compromise: The platform uses TLS/SSL inspection, browser isolation, advanced sandboxing, and policy-driven access controls to prevent access to malicious websites and detect unknown threats before they reach the network, reducing the risk of initial compromise.
Eliminate lateral movement: Leveraging user-to-app (and app-to-app) segmentation, users connect directly to applications, not the network, eliminating lateral movement risk. It can also help find and stop possible attackers from moving around through identity threat detection and response (ITDR) and deception capabilities.
Stop data loss: Inline data loss prevention measures, combined with full inspection, effectively thwart data theft attempts.
Ransomware prevention checklist: Access the latest best practices to mitigate ransomware risk and protect your organization from existing and emerging threats.
Get your copy of the Zscaler ThreatLabz 2024 Ransomware Report today. As ransomware threats persist, understanding the latest trends and potential implications of these attacks and assessing your risk will help your organization protect itself against ransomware in 2024 and beyond.
The post ThreatLabz Ransomware Report: Unveiling a $75M Ransom Payout Amid Rising Attacks appeared first on Security Boulevard.
As a Detection Engineer and Threat Hunter, I love MITRE ATT&CK and I whole-heartedly believe that you should too. However, there’s something about the way that some folks leverage MTIRE ATT&CK that has me concerned. Specifically, it is the lack of both precision and accuracy in how mappings are sometimes applied to controls. While we can debate the utility and validity of using MITRE ATT&CK as a “coverage map” or “benchmark” of any kind, the reality is that many teams, organizations, and security products use MITRE ATT&CK (for good reasons) to assess, measure, and communicate breadth and depth of detection and/or prevention capability. If that’s the case, then it seems pertinent to talk about how we can do a better job of presenting a more realistic picture of coverage through closer examination of the quality of our mappings. In this article, I’ll present an argument for why precision and accuracy matter, provide some examples of common mistakes and how to fix them, and finally share some ideas and recommendations for thinking about how to map detections properly moving forward.
Why Accuracy & Precision MatterAccuracy and precision are not just inherently desirable traits; they are essential for the effective use of the MITRE ATT&CK framework within any organization. Accurate and precise mappings are crucial for maximizing the framework’s utility. To understand their importance, let’s first define these terms.
In this context, “accuracy” refers to whether the applied Tactic, Technique, or Sub-Technique correctly represents the activity identified by the detection. Imagine a literal map with cities in the wrong states, states in the wrong regions, and countries in the wrong parts of the world. Such a map would be unreliable for understanding our location or navigating to a new one.
Similarly, inaccurate mappings in threat detection lead to a distorted understanding of our security posture and undermine the integrity and utility of our efforts. This can result in misallocated resources, focusing on areas that don’t need attention while neglecting those that do. Such outcomes are detrimental to Threat Hunters and Detection Engineers, who already face a shortage of useful and actionable tools to understand and navigate the threat landscape effectively. Accurate mappings are therefore critical for these professionals to communicate the value of their work and make informed decisions.
In this context, “precision” refers to the level of specificity or granularity in a given mapping. The ATT&CK Framework is structured as a hierarchy of abstractions: Tactics encompass Techniques, which in turn encompass Sub-Techniques. For Detection Engineers and Threat Hunters, descending this hierarchy results in more granular and specific categories, thereby increasing their usefulness.
To use the metaphor of a literal map, a precision problem would be akin to a map of a country that only shows states or provinces but omits cities and towns. Such a map might help you understand the general direction needed to travel from one state to another, but it would be inadequate for navigating to a specific city within a state.
Similarly, imprecise mappings in threat detection provide only a “general idea” of our security posture and potential areas of focus. While this may offer some strategic insight, it ultimately falls short of being highly actionable. Precise mappings, down to the most granular elements of the ATT&CK Framework, are essential for making informed, effective decisions in threat detection and response.
Without placing explicit and intentional attention on the quality of mappings from detections to ATT&CK, individual errors can add up, giving us a “view of the world” that simply isn’t realistic or useful (can you even imagine what’s happening on the security vendor side?! If it is in their best interest to stretch the truth, do we really know how realistic their coverage is?).
Common MistakesUnlike with a world map, to the average observer, it is not always obvious when there is a lack of accuracy or precision. Mapping detection capabilities to MITRE ATT&CK properly is not easy. The ATT&CK Framework is a vast and deep source of knowledge that, despite being quite granular, still has gaps and is still subject to some degree of expert interpretation. In this section, we’ll highlight a few examples of both accuracy and precision error using Sigma rules from the SigmaHQ repository.
Example 1:
Name: Process Launched Without Image Name
Tactic: Defense Evasion
Technique(s): None
Sub-Technique(s): None
This is the most classic precision error; assigning a Tactic but not attributing it to a particular Technique or Sub-Technique.
Example 2:
Name: Activate Suppression of Windows Security Center Notifications
Tactic: Defense Evasion
Technique(s): T1112: Modify Registry
Sub-Technique(s): None
This is a nuanced precision error; this detection is missing a Sub-Technique which overlaps with but does not mutually exclude T1112.
Example 3:
Name: Unusual Child Process of dns.exe
Tactic: Initial Access
Technique(s): T1133 External Remote Services
Sub-Technique(s): None
This is an accuracy error.
Example 4:
Name: PetitPotam Suspicious Kerberos TGT Request
Tactic: Credential Access
Technique(s): T1187: Forced Authentication
Sub-Technique(s): None
Almost accurate, but not quite! PetitPotam is an example of T1187, but this detection is not identifying PetitPotam, just something (Rubeus) that is likely to happen after PetitPotam is used.
Example 5:
Name: Potential BlackByte Ransomware Activity
Tactic: Execution, Defense Evasion, Impact
Technique(s): T1140: Deobfuscate/Decode Files or Information, T1485: Data Destruction, T1498: Network Denial of Service
Sub-Technique(s): T1059.001: Command and Scripting Interpreter: PowerShell
This is primarily an accuracy error; the rule and the threat that it detects are kind of dense, so it would be easy to get confused.
Don’t believe me? Look at what the research article, referenced in the rule, suggests for these specific commands (bottom of article).
Getting It RightWhile it may seem like nit-picking, these small errors, when compounded across hundreds of rules, can lead to a significant misrepresentation of reality. Although there is no definitive formula for mapping rules accurately, there are several high-level principles that can enhance the accuracy and precision of our mappings.
Keep It Simple
Don’t Be Greedy
Become A Better Researcher
Am I suggesting that getting mappings done properly is simple? No.
Is this asking a lot of practitioners? Probably, yes.
Should you do it anyway? Absolutely.
One of my many personal mottos has always been “there’s no free lunch when it comes to solving hard problems”. In other words, we don’t always realize that the “easy buttons” made available to us through modern technology were only made possible by the people who came before us, the people who actually did put in some seriously hard work somewhere earlier down the line to pave the way for everyone else.
Getting It Right With SnapAttackEven though Detection Engineering and Threat Hunting have been around for years, it still feels like most of us are stuck at the starting line. At SnapAttack, we’ve been putting in the work to solve the hard problem of Threat Detection, enabling customers to stand on our shoulders and start ahead of us, and giving them the tools to grow their capabilities beyond us. While I’m not here to give you the hard sell, it would be negligent to not mention at least a few things that we do at SnapAttack that are relevant to this article’s topic.
If any of this sounds even remotely interesting — please reach out for a demo of our platform today! We’d love to show you exactly how we can help you detect more threats faster with SnapAttack.
Detection Rules & MITRE ATT&CK Techniques was originally published in SnapAttack on Medium, where people are continuing the conversation by highlighting and responding to this story.
The post Detection Rules & MITRE ATT&CK Techniques appeared first on Security Boulevard.
A hacker exploited a misconfiguration in Proofpoint's email protection platform to send millions of spoofed phishing emails from companies like IBM, Nike, and Disney looking to steal money and credit card information from victims.
The post Proofpoint Platform Exploited to Send Millions of Spoofed Phishing Emails appeared first on Security Boulevard.
What does the recent CrowdStrike outage tell us about the state of digital resiliency?
Related: CrowdStrike’s consolation backfires
On a resiliency scale of one to 10, most enterprises are at about two. This was clear over the weekend when over … (more…)
The post GUEST ESSAY: CrowdStrike outage fallout — stricter regulations required to achieve resiliency first appeared on The Last Watchdog.
The post GUEST ESSAY: CrowdStrike outage fallout — stricter regulations required to achieve resiliency appeared first on Security Boulevard.
