Aggregator

The adoption of Cloud Native Application Protection Platforms (CNAPPs) has surged, reflecting a growing recognition of the need for comprehensive security across cloud environments. According to industry reports, the global CNAPP market is projected to grow at a CAGR of over 25% from 2023 to 2028 – and 40% of enterprises already have one. This […]

The post CNAPP found identity problems. How are you fixing them? appeared first on Security Boulevard.

This analysis highlights the 2024 Democratic National Convention’s impact on Internet traffic and security, with spikes in interest for sites related to Kamala Harris and the Democrats, as well as news sites, plus pre-convention attacks on political organizations.

美国的两大政党是民主党和共和党，其中民主党倾向于支持更自由的政策，而共和党支持更保守的政策。近年来随着政治极化，持不同政治立场的人彼此之间互相厌恶的情况日益普遍。夫妻之间持不同政治立场的情况也日益罕见的。根据发表在《Journal of Personality and Social Psychology》一项研究，此类跨党派夫妇仅占 8%。研究还发现，相比 50 年前，政治立场迥异的两个人结婚的可能性更小了。跨党派婚姻也更可能以离婚收场。政治立场相似的两个人结婚被认为可能会增加回音室效应，加剧政治极化。研究显示，逾八成的 民主党人和共和党人有支持同一政党的伴侣；如果两个人政治立场不同，那么另一方更可能是无党派的；民主党人伴侣支持无党派的可能性几乎是共和党人伴侣的两倍。

In today’s hyper-connected digital landscape, APIs are the lifeblood of innovation, powering everything from customer experiences to internal operations. However, with this growing reliance on APIs comes a dark side—zombie and shadow APIs. These hidden, forgotten, or undocumented endpoints present significant security risks that traditional approaches simply can’t address. In this post, we’ll explore why these APIs are so dangerous and why Salt Security is the only solution capable of securing your entire API ecosystem.

What Are Zombie and Shadow APIs?

Before diving into the risks, it’s essential to understand what we mean by zombie and shadow APIs:

• Zombie APIs are endpoints that were once used but are now outdated, deprecated, or forgotten. These can linger in your environment long after they’re needed, exposing potential vulnerabilities.
• Shadow APIs are those created without the knowledge or approval of security teams. They often emerge when development teams build new endpoints without properly documenting or integrating them into the formal API management processes.

Both types of APIs are typically overlooked by traditional security tools, yet they are ripe targets for attackers. Unmonitored and unmanaged, these endpoints can provide easy access points for data breaches, unauthorized access, and other malicious activities.

The Risks of Zombie and Shadow APIs

The hidden nature of these APIs makes them particularly dangerous. Here are a few key reasons why:

1. Lack of Visibility: Without complete visibility into your API inventory, it’s impossible to secure what you don’t know exists. Zombie and shadow APIs are often undocumented, making it easy for them to fall under the radar.
2. Inconsistent Security Posture: These APIs might not adhere to current security standards, leaving them vulnerable to attacks like SQL injection, authentication bypasses, or data exfiltration.
3. Compliance and Data Privacy Risks: Undocumented APIs can inadvertently expose sensitive data, leading to compliance violations and hefty fines under regulations like GDPR and CCPA.
4. Operational Inefficiencies: Managing zombie and shadow APIs drains resources and introduces unnecessary complexity. Developers and security teams waste valuable time tracking down and mitigating issues with APIs that shouldn’t even exist.

Why Traditional Tools Fail to Address These Issues

Legacy security tools and API management platforms are ill-equipped to handle the dynamic and often chaotic nature of modern API environments. They rely on manual processes, static documentation, or simple API gateways that can’t adapt to the fluid development cycles and sprawling microservices architectures seen today. This leaves a critical gap in security that attackers are all too eager to exploit.

How Salt Security Solves the Zombie and Shadow API Problem

Salt Security’s API Protection Platform stands alone in its ability to discover, monitor, and secure every API in your environment—no matter how obscure or hidden it may be. Here’s how:

1. Comprehensive API Discovery: Salt Security continuously and automatically discovers all APIs in your environment, including zombie and shadow APIs. Our platform dynamically maps your entire API landscape, providing the full visibility you need to identify risks and eliminate blind spots.
2. API Posture Governance: Once discovered, Salt Security allows you to apply posture governance rules to bring them into compliance with your organization's regulatory or industry-specific guidelines. This helps to dramatically lower the risk profile that these shadow and zombie APIs presented before.
3. Advanced Behavioral Analysis: Using machine learning and AI, Salt Security analyzes the behavior of every API, identifying anomalies, outdated endpoints, and undocumented activity that could indicate a zombie or shadow API. This proactive approach lets you detect issues before they become full-blown security incidents.
4. Real-time Threat Detection and Response: Our platform doesn’t just discover hidden APIs—it actively protects them. Salt Security’s real-time threat detection capabilities ensure that even the most obscure APIs are monitored and secured against attacks. Deep insights into each API’s behavior allow us to quickly identify and mitigate threats specific to zombie and shadow APIs.
5. Extend API Security Left: Salt Security integrates seamlessly into your development pipeline, ensuring that zombie and shadow APIs are addressed at the earliest stages of development. By embedding governance and security into the CI/CD process, we help prevent the creation of risky, undocumented APIs from the start.

Why Salt Security Is the Only True Solution

While other solutions may claim to offer API protection, none provide the end-to-end capabilities needed to fully secure zombie and shadow APIs. Salt Security offers the most comprehensive AI-infused platform for API security, combining deep discovery, continuous monitoring, governance, and proactive threat detection. Our solution not only finds hidden APIs—it safeguards them, ensuring your organization’s API landscape remains resilient, compliant, and secure.

Conclusion

Zombie and shadow APIs represent a hidden yet significant threat to your organization’s security posture. With traditional tools falling short, it’s time to rethink your API security strategy. Salt Security’s unique capabilities make it the only solution capable of addressing the full spectrum of API threats—including those you can’t see.

By choosing Salt Security, you can rest assured that your APIs—documented or not—are fully protected, enabling your business to innovate without compromise.

If you want to learn more about Salt and how we can help you on your API Security journey through discovery, posture management, and run-time threat protection, please contact us, schedule a demo, or check out our website.

The post The Hidden Dangers of Zombie and Shadow APIs—and Why Only Salt Security Can Tackle Them appeared first on Security Boulevard.

全球最大的油田服务公司疑遭网络攻击，丰田再发数据泄露事件……

Пользователи Google Chrome подверглись тайному сбору логинов и паролей.

We’re excited to announce the integration of Azure Boards into Strobes, enhancing your project management capabilities and streamlining your vulnerability tracking processes. Azure Boards Overview: Azure Boards is a project...

The post Introducing Azure Boards Integration in Strobes appeared first on Strobes Security.

The post Introducing Azure Boards Integration in Strobes appeared first on Security Boulevard.

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn't exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here's a look at one security researcher's efforts to map and shrink the size of this insidious problem.

Collaboration with security teams, making cybersecurity a core principle of business strategy, and investing in defenses better position organizations to thwart threats and ensure business continuity.

Новая брешь обнаружена всего через неделю после предыдущей уязвимости в том же продукте.

The federal police in Argentina (PFA) have arrested a 29-year-old Russian national in Buenos Aires, who is facing money laundering charges related to cryptocurrency proceeds of the notorious North Korean hackers' Lazarus Group.' [...]

The US government has filed a lawsuit against Georgia Tech for alleged cybersecurity violations as a Department of Defense contractor

This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach.

The post NTLM Credential Theft in Python Windows Applications appeared first on Horizon3.ai.

The post NTLM Credential Theft in Python Windows Applications appeared first on Security Boulevard.

Het logistiek- en bevoorradingsschip Zr.Ms. Karel Doorman is teruggekeerd van de EU-operatie Aspides in de Rode Zee. Het schip heeft bijgedragen aan de bescherming van internationale scheepvaart tegen de dreiging van Houthi’s. Vandaag kwam de Karel Doorman aan in Den Helder.

Authorities nab crypto and extortion criminals, cloud hacktool identified in spam SMS attacks, and DPRK actors exploit Windows zero-day.

The post The Good, the Bad and the Ugly in Cybersecurity – Week 34 appeared first on SentinelOne.

Looking to sharpen your team’s event logging and threat detection? A new guide offers plenty of best practices. Plus, the FAA wants airplanes to be more resilient to cyberattacks. Meanwhile, check out the critical vulnerabilities Tenable discovered in two Microsoft AI products. And get the latest on ransomware trends, vulnerability management practices and election security!

Dive into six things that are top of mind for the week ending August 23.

1 - Guide outlines logging and threat detection best practices

As attackers double down on the use of stealthy, hard-to-detect “living off the land” (LOTL) techniques, cybersecurity teams should improve how they log events and detect threats. That’s the call government agencies from multiple countries made in a joint guide published this week and titled “Best Practices for Event Logging and Threat Detection.” 

“Event logging supports the continued delivery of operations and improves the security and resilience of critical systems by enabling network visibility,” reads the guide, which was developed by the Australian Cyber Security Centre (ACSC).

 

The guide, whose intended audience includes senior IT and operational technology (OT) leaders and operators, network administrators and critical infrastructure providers, groups its best practices under four categories:

• Enterprise-approved event logging policy, which includes event-log quality and the consistency of content, formats and timestamps
• Centralized log collection and correlation, which focuses on logging priorities for enterprise networks, OT systems, mobile devices and cloud environments
• Secure storage and event-log integrity, which touches on protecting logs from unauthorized access, modification and deletion
• Detection strategy for relevant threats, which deals with LOTL techniques, such as attackers’ use of legitimate tools and capabilities in the breached environment

The guide’s recommendations can help “detect malicious activity, behavioral anomalies, and compromised networks, devices, or accounts,” reads a statement from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which collaborated with the ACSC, along with cyber agencies from seven other countries.

To get more details, check out:

• CISA’s announcement
• The full 17-page guide “Best Practices for Event Logging and Threat Detection”

For more information about event logging and threat detection:

• “Security log management and logging best practices” (TechTarget)
• “Logging Cheat Sheet” (OWASP)
• “Network security logging and monitoring” (Canadian Centre for Cyber Security)
• “Introduction to logging for security purposes” (U.K. NCSC)

2 - FAA wants to tighten aviation cyber rules

To beef up the aviation sector’s cyber defenses, the U.S. government this week proposed new cybersecurity rules for airplanes, engines and propellers as they become increasingly connected to computer networks and services.

In a proposed rulemaking notice, the U.S. Federal Aviation Administration (FAA) said some of its regulations are “inadequate and inappropriate to address the cybersecurity vulnerabilities caused by increased interconnectivity.”

Current designs for airplanes can make them vulnerable to cyber risks from maintenance laptops; airport or airline networks; the internet; wireless sensors and their networks; USB devices; and cellular and satellite systems and communications; and more.

 

 

The proposed new and revised rules seek to protect airplanes, engines and propellers from “intentional unauthorized electronic interactions” (IUEI) so the FAA wants to require product designers and makers to “identify” and “assess” IUEI risks and mitigate them.

To that end, they would need to conduct a security risk analysis to identify all cyberthreats, assess threat severity, determine exploitation likelihood and mitigate these security issues.

The proposed rules are now open for public comment.

To get more details, check out the 36-page notice of proposed rulemaking titled “Equipment, Systems, and Network Information Security Protection.”

For more information about aviation cybersecurity:

• “TSA, FAA Requirements Emphasize Cybersecurity for Airport and Aircraft Operators and Airport Terminal Projects” (Tenable)
• “Aviation Cybersecurity: Risks and Mitigations” (National Business Aviation Association)
• “Why aviation needs to prioritise cybersecurity” (Airport World)
• “Protecting The Aviation Sector From Cyberattacks” (Tenable)

3 - Tenable finds critical vulnerabilities in two Microsoft AI products

Tenable Research recently discovered critical vulnerabilities in Microsoft’s Azure Health Bot Service and Copilot Studio.

In the case of Azure Health Bot Service, a cloud platform for deploying AI-powered virtual health assistants, the critical vulnerabilities allowed researchers access to cross-tenant resources within this service. 

Meanwhile, a server-side request forgery (SSRF) vulnerability in Copilot Studio allowed researchers access to potentially sensitive information regarding service internals with potential cross-tenant impact. With Copilot Studio, you can build custom Copilot conversational applications for performing large language model (LLM) and generative AI tasks.

 

 

To get all the details, read these Tenable blogs:

• “SSRFing the Web with the Help of Copilot Studio”
• “Compromising Microsoft's AI Healthcare Chatbot Service”

You can also find media coverage of the two discoveries here:

Copilot Studio

• “Microsoft Copilot Studio Exploit Leaks Sensitive Cloud Data” (Dark Reading)
• “Microsoft Copilot Studio Vulnerability Led to Information Disclosure” (SecurityWeek)
• “Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data” (The Hacker News)

Azure Health Bot Service

• “Microsoft's AI Health Bot required patching for privilege vulnerability” (Healthcare IT News)
• “Fix for Azure Health Bot vulnerabilities prevents exploitation” (TechTarget)
• “Microsoft Azure AI Health Bot Infected With Critical Vulnerabilities” (Dark Reading)

4 - Tenable polls webinar attendees on VM practices

During our recent webinar “From Frustration to Efficiency: Optimize Your Vuln Management Workflows and Security with Tenable,” we polled attendees on their biggest VM challenge and on patching prioritization. Check out what they said!

(231 webinar attendees polled by Tenable, August 2024)

(234 webinar attendees polled by Tenable, August 2024)

Want to learn how to improve key vulnerability management practices, including remediation prioritization? Watch this on-demand webinar “From Frustration to Efficiency: Optimize Your Vuln Management Workflows and Security with Tenable.”

5 - Report: Ransomware attacks jumped in July, as attackers turn to infostealer malware

Ransomware attacks spiked 20% globally in July, compared with June, as the RansomHub gang emerged as the most active group.

However, ransomware attacks were down compared with July 2023, and “remain much lower” compared with the activity observed between February to May of this year.

That’s according to the “Monthly Threat Pulse” report for July 2024, published this week by NCC Group’s Global Threat Intelligence team.

“Whether this increase reflects the start of an upward trend remains to be seen,” the report reads.

Global Ransomware Attacks by Month 2023 - 2024

(Source: “Monthly Threat Pulse” report from NCC Group, August 2024)

The industrials sector was the hardest hit, receiving about a third of all attacks, a clear sign of ransomware groups’ strong interest in breaching critical-infrastructure organizations, the report says.

Ransomware groups pounced on CVE-2024-37085, an authentication-bypass vulnerability in the VMware ESXi hypervisor product, a reminder that organizations need to continue to prioritize patching high-risk bugs.

While vulnerability exploitation remains a popular tactic for ransomware attackers, they’re also increasing their use of information stealer malware, which offers them a “far easier, faster and often cheaper” way to access a network via the use of stolen credentials, the report reads.

“The rise in sophisticated techniques, such as the use of information stealer malware in their pre-attack phase, highlights that cybercriminals are not standing still. As these threats evolve, so must our defences,” Ian Usher, Deputy Head of Threat Intelligence at NCC Group, said in a statement.

To get more details, check out:

• The report’s announcement
• The “Monthly Threat Pulse Review of July 2024”

For more information about ransomware trends:

• “Ransomware Is ‘More Brutal’ Than Ever in 2024” (Wired)
• “Ransomware on track for record profits, even as fewer victims pay” (SC Magazine)
• “Ransom recovery costs reach $2.73 million” (Help Net Security)
• “Ransomware report finds 43% of data unrecoverable after attack” (SC Magazine)

6 - CISA: Ransomware won’t impact U.S. presidential election

Although ransomware gangs may try to disrupt the U.S. general election, their attacks won’t compromise the voting and counting processes, according to CISA and the FBI. At best, ransomware attacks would cause isolated delays and be minimally disruptive.

“The public should be aware that ransomware is extremely unlikely to affect the integrity of voting systems or the electoral process,” FBI Cyber Division Deputy Assistant Director Cynthia Kaiser said in a statement.

The reason: U.S. election officials have put in place what CISA and the FBI call a “multi-layer approach to security” with a variety of technical, physical and procedural safeguards.

“In the event of a ransomware event affecting their offices, election officials have plans and redundancies in place to allow voting operations to continue so that all eligible voters are able to cast their ballot securely,” reads a joint public-service announcement from CISA and the FBI.

To get more details, check out:

• CISA’s announcement “Ransomware Disruptions During Voting Periods Will Not Impact the Security and Resilience of Vote Casting or Counting”
• The joint PSA