Security Boulevard

via the comic humor & dry wit of Randall Munroe, creator of XKCD

The post Randall Munroe’s XKCD ‘Late Cenozoic’ appeared first on Security Boulevard.

Sonatype's co-founder and Chief Technology Officer, Brian Fox, has been appointed to the newly formed Cyber and Technology Resilience Experts (CTREX) Panel, established by the Monetary Authority of Singapore (MAS).

The post Sonatype CTO appointed to cyber resilience experts panel amidst growing financial compliance demands appeared first on Security Boulevard.

Connected cars considered crud: Kia promises bug never exploited. But even 10-year-old cars were vulnerable.

The post Kia’s Huge Security Hole: FIXED (Finally) appeared first on Security Boulevard.

Poor DNS hygiene can leave your organization vulnerable to threats like subDoMailing, DNS spoofing, domain hijacking and other threats. In addition to putting domain security at risk, these vulnerabilities can have long-term effects on domain reputation. Here are ten DNS best practices businesses can implement to protect their domains and their entire business.

The post 10 DNS best practices to keep your Domain Reputation in check appeared first on Security Boulevard.

Discover why API security is crucial in Forrester's CISO 2025 Budget Planning Guide. Learn how to prioritize investments and justify your budget.

The post Forrester’s CISO Budget Planning Guide for 2025: Prioritize API Security appeared first on Security Boulevard.

Authors/Presenters:Yang Zhou, Xingyu Xiang, Matthew Kiley, Sowmya Dharanipragada, Minlan Yu

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – DINT: Fast In-Kernel Distributed Transactions with eBPF appeared first on Security Boulevard.

Since June 1st 2024, Chinese frontline threat actor APT 41 has been linked to as many as 63 events globally. These include attacks on Taiwanese research agencies in August and attacks on the shipping and logistics, utilities, media and entertainment, technology, and automobile sectors in countries such as Taiwan, Thailand, Italy, UAE, Spain, the United Kingdom, and Turkey in July. The group is known to have successfully penetrated networks connected with critical infrastructure in as many as 29 countries as of this year. The group has registered a whopping 900 percent rise in its presence this year as measured by the IOCs recovered from various events analyzed by Sectrio’s Threat Research team.   So why has APT 41 turned hyperactive in 2024 and what does this mean for critical infrastructure operators around the world? Let’s find out. Background of APT 41 APT 41 has been a group reserved for carrying out the most sophisticated attacks on few of China’s chosen geo-political rivals. Hitherto, this group had a mandate covering the G7 countries, India, South Korea, Taiwan and Vietnam. As things stand, APT 41 is assigned the best talent, weapons, and exploits to work with, thanks to its ranking by the Chinese Ministry of State Security as a frontline cyber intelligence gathering entity. Read now: The Complete Guide to OT SOC Periodically, the group is split for administrative (and/or project) reasons. The splinter groups are assigned strategic targets to pursue only to be merged with APT 41 once the target data is acquired or the project closed. It is believed that APT 41 also covers several shadow groups working under the direct tutelage of senior members such as Dalin Tan and Qian Chuan. Such groups do not have any direct affiliation with the MSS and their operations are channeled through APT 41 and they may even be on the direct payroll of APT 41. [You can read more about APT 41 in our comprehensive intelligence note on this threat actor presented in our Threat Landscape Report 2024] As per Sectrio’s Threat Research Team, APT 41 also runs an intelligence crunching operation that churns out intelligence of very high quality that is shared directly with the CCP leadership. This intel is also used to shape the geopolitical responses of China in addition to being used to shape specific long-term military and diplomatic interventions as well. The strategic importance of the intelligence gathered by APT 41 and recent moves by many APT 41 target countries offers a clue on why APT 41 is in such a hurry to target multiple critical infrastructure operators. We will get there in a minute but before that, it is important to understand what has changed in the last few months. Rising legislative attention on critical infrastructure security         In the last few months, many countries have enacted legislation on Industrial Control System/OT cybersecurity. These legislations mandate cyber risk and gap assessment, deployment of OT Security Operations Center (SOC), better reporting and asset visibility and enhanced monitoring of OT/ICS networks. There is increased scrutiny on critical infrastructure operators and regulatory bodies are also conducting surprise checks on various entities to check their preparedness levels to deal with cyber risks and threats. Penalties are in order as well. Many critical infrastructure entities are also conducting security acceptance tests on systems and assets to ensure they are free of backdoors and that they do not leak any data or have security issues that could compromise the device or networks connected to it.  This coupled with regular IEC 62443-based risk and gap assessments is helping critical infrastructure operators scale their security posture and bring it closer to the levels of risks these entities are exposed to. So how does this impact APT 41 and its operations you may ask? The answer is simple. With security measures intensifying, the MSS understands that its window of opportunity for exfiltrating data and maintaining a menacing presence through APT 41 will diminish considerably in the days to come. There is certainly a growing realization among the bosses at APT 41 that they need to hurry up. This hurry has led to APT 41 and its sister actors The sense of urgency has also led to errors across geos revealing its modus operandi as well as the measures it is using to breach networks and maintain surveillance. APT 41’s attempts to plant reconware have been exposed in multiple instances including two times in the recent past when APT actors tried to engage a decoy infra in an apparent surveillance bid. What the future holds for APT 41? It is too early to say but one can assert arguably that APT 41 will continue to evolve its tactics and tools in the future with more funding and talent. This is something that won’t change in the days to come and APT 41 may even reduce or increase the targets in its crosshairs depending on the mandate given by the MSS. APT 41 is an evolved threat actor and if its past track record is anything to go by, we may very well be witnessing a new phase in its evolution. It also serves as a test bed for new and emerging threat actors to test new breach tactics as well. MSS may even reconfigure the group by adding newer players to keep the group going. Talk to us to learn how your crown jewels and assets can be protected through a custom-built ICS security plan. Contact us now! Learn more about an IEC 62443-base cyber threat and risk assessment for your infrastructure. Book a free consultation with our Industrial Control System security expert to learn about the latest cyber risk minimization strategies and models. Book a consultation with our ICS security experts now. Contact Us  Thinking of an ICS security training program for your employees? Talk to us for a custom package.   

The post Why is Chinese threat actor APT 41 in a tearing hurry? appeared first on Security Boulevard.

Apono is proud to announce the successful completion of its Series A funding round, raising $15.5 million to further its mission of delivering AI-driven cloud access governance. This funding round, led by New Era Capital Partners with participation from Mindset Ventures, Redseed Ventures, Silvertech Ventures, and existing investors, brings Apono’s total investment to $20.5 million. […]

The post Apono Secures $15.5M Series A Funding to Revolutionize Cloud Access Security appeared first on Security Boulevard.

Avanan is a complete email security gateway that ...

The post Avanan’s SPF and DKIM configuration: Step By Step Guideline appeared first on EasyDMARC.

The post Avanan’s SPF and DKIM configuration: Step By Step Guideline appeared first on Security Boulevard.

This instructional article will demonstrate the Barracuda configuration ...

The post Barracuda SPF and DKIM Configuration: Step By Step appeared first on EasyDMARC.

The post Barracuda SPF and DKIM Configuration: Step By Step appeared first on Security Boulevard.

Outstanding Paper Award Winner!

Authors/Presenters:Mohammad Javad Amiri, Chenyuan Wu, Divyakant Agrawal, Amr El Abbadi, Boon Thau Loo, Mohammad Sadoghi

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – The Bedrock of Byzantine Fault Tolerance: A Unified Platform for BFT Protocols Analysis, Implementation, and Experimentation appeared first on Security Boulevard.

Overview Recently, NSFOCUS CERT monitored the disclosure of the details of remote code execution vulnerabilities for Unix CUPS printing service on the Internet. When the system enables cups-browsed process listening (default port 631) to receive UDP packets, unauthenticated attackers induce victims to configure by constructing a malicious IPP server. When using the printing service, they […]

The post Remote Code Execution Vulnerability Alert of Unix CUPS Print Service (CVE-2024-47076 / CVE-2024-47175 / CVE-2024-47177) appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Remote Code Execution Vulnerability Alert of Unix CUPS Print Service (CVE-2024-47076 / CVE-2024-47175 / CVE-2024-47177) appeared first on Security Boulevard.

Overview In September 2024, NSFOCUS Global Threat Hunting System monitored a new botnet family calling itself Gorilla Botnet entering an unusually active state. Between September 4 and September 27, it issued over 300,000 attack commands, with a shocking attack density. During this active period, Gorilla Botnet targeted over 100 countries, with China and the U.S. […]

The post Over 300,000! GorillaBot: The New King of DDoS Attacks appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Over 300,000! GorillaBot: The New King of DDoS Attacks appeared first on Security Boulevard.

A series of critical vulnerabilities has been uncovered in the Common Unix Printing System (CUPS), specifically in the

The post CUPS: Unraveling a Critical Vulnerability Chain in Unix Printing Systems appeared first on ARMO.

The post CUPS: Unraveling a Critical Vulnerability Chain in Unix Printing Systems appeared first on Security Boulevard.

Authors/Presenters:Fedor Ryabinin, Alexey Gotsman, Pierre Sutra

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – SwiftPaxos: Fast Geo-Replicated State Machines appeared first on Security Boulevard.

This is how to redefine CISO events! I had a spectacular time at the “Locked In — The Cybersecurity Event of the Year!” Organized by Rinki Sethi and Lucas Moody, it was nothing short of epic! Forget long boring sessions and tracks, this was about CISOs connecting at a social level, building relationships, and sharing insights.

Prestigious guests included the indomitable Edna Conway, the venerable Gary Hayslip (who has a new book out — CISO Desk Reference Guide: A Practical Guide for CISOs), career facilitator Mike Piacente from Hitch Partners, coaching expert Kristin Tedford, Clarence Chio (who also has a new book out — Machine Learning and Security: Protecting Systems with Data and Algorithms), offensive cyber expert Nathan Sportsman founder of Praetorian, and many more!

…don’t ask how I was able to sneak in unnoticed among these powerhouses! I am stealthy!

Sunset was beautiful on the rooftop of The Graduate Hotel in Palo Alto, which made for a great backdrop. Everyone walked away with a pair of kicks, customized right before our eyes by a local graffiti artist.

Thanks to the Sponsors — Cyera, SentinelOne, Red Canary, Bolster, and Orca Security. As well as to Katelyn Ruby and Christine Valenzuela for carefully herding all of us!

The post Locked In – The Cybersecurity Event of the Year appeared first on Security Boulevard.

The post How Long Does it Take You to Successfully Identify Phishing Emails? appeared first on AI-enhanced Security Automation.

The post How Long Does it Take You to Successfully Identify Phishing Emails? appeared first on Security Boulevard.

In today’s rapidly evolving IT and security management landscape, competitive advantage is an MSP’s golden ticket to success. That’s whyRead More

The post The Kaseya Advantage: 10 Years and $12B in the Making appeared first on Kaseya.

The post The Kaseya Advantage: 10 Years and $12B in the Making appeared first on Security Boulevard.

Discover how to mitigate SaaS risks like shadow SaaS and unmanaged identities with Grip Extend, an advanced suite of features powered by a browser extension.

The post Unlocking Deeper Visibility and Control Over SaaS Risks appeared first on Security Boulevard.

Financial services face growing risks from shadow IT and SaaS usage. Learn how SaaS identity risk management helps secure data and ensure regulatory compliance.

The post When Innovation Outpaces Financial Services Cybersecurity appeared first on Security Boulevard.