Aggregator

Infoblox Researchers on Links Between Human Trafficking, Cybercrime and Gambling
Illegal gambling operations depend on trafficked individuals to perform cybercriminal activities. Threat researchers at Infoblox explain how cybercriminals use trafficked people for operations such as pig-butchering scams and leverage European sports sponsorships to boost illegal gambling websites.

Nearly 137,000 People Affected in 2023 Ransomware Attack on Maryland-Based Hospital
A ransomware attack against Berlin, Maryland-based Atlantic General Hospital that affected the personal information of 137,000 individuals in 2023 has led to a $2.25 million preliminary settlement of a consolidated proposed federal class action lawsuit.

Federal Aviation Administration Seeks Public Input on New Cyber Rules for Airplanes
The U.S. Federal Aviation Administration is seeking public comment on a proposed rule that aims to further elevate and streamline cyber regulations for future airplanes and aircraft equipment. The rule isn't intended to have a substantive effect on airliner cybersecurity standards.

Wireless Gear Shifting System Is Vulnerable to Replay Attacks
Imagine cruising down a bike path and having the gears suddenly shift without warning. Security researchers say cybercriminals could take advantage of new wireless controlled bicycle gear systems to make that happen - and cause crashes and injuries.

Explore how generative AI is transforming cybersecurity and enterprise resilience

Enterprises have gone all-in on GenAI, but the more they depend on AI models, the more risks they face. Trend Vision One™ – Zero Trust Secure Access (ZTSA) – AI Service Access bridges the gap between access control and GenAI services to protect the user journey.

Using the Trend Micro Vision One platform, our MDR team was able to quickly identify and contain a Play ransomware intrusion attempt.

There is no such thing as a silver bullet in cybersecurity. No, not even multifactor authentication.

Do I go to my Cloud Service Provider (CSP) for cloud security tooling or to a third party vendor?

Who will secure my cloud use, a CSP or a focused specialty vendor?

Who is my primary cloud security tools provider?

This question asked in many ways has haunted me since my analyst days, and I’ve been itching for a good, fiery debate on this. So, we did this on our Cloud Security Podcast by Google where the co-hosts divided the positions, researched the arguments in advance of the debate and then just … WENT AT EACH OTHER :-)

The results were so fun and interesting that this blog was born!

The Case for Third-Party Vendor Tooling

These arguments hinge on three primary concerns: trust, consistency, and innovation.

Some observers also highlight the theoretical conflict of interest when a CSP is responsible for both building and securing the cloud (no idea why people say this, as IMHO there is no conflict here). This side also stressed the importance of consistency across multi-cloud environments and argued that dedicated security vendors are more likely to innovate more rapidly. They also may address client needs faster, especially narrow vertical needs.

• You just can’t trust the cloud builder to secure their own stuff (or “letting the cat guard the cream” as somebody weirdly opined on social media). Third-party vendors promise unbiased security analysis and can uncover security issues that CSPs might deprioritize, benefiting the broader public and individual users. This separation of duties suggests a more objective evaluation of cloud security.
• Consistency is super critical for multicloud. Third-party tools provide a consistent security framework across multiple cloud platforms. This simplifies management and reduces the need for specialized knowledge in each CSP’s unique security offerings.
• Startups just build better tools; this is their focus and sole mission; CSPs suffer from “security from a big company” syndrome, being slow and political. Third-party vendors, whose core business is security, are more likely to develop innovative and effective security solutions compared to CSPs, who may view security as a secondary concern.
• Auxiliary argument: Would you ever trust the CSP to secure the network/environment that belongs to their competitor?

The Case for CSP-Native

These arguments hinged on three primary concerns: deep platform knowledge, built-in security, and seamless stack.

Deep platform knowledge that CSPs possess suggests both robust and “automatic”, default security. The seamlessness of CSP-native tools and the vast (we mean it, BTW!) resources that CSPs dedicate to security also play a key role. CSPs are very well positioned to keep pace with the rapid evolution of cloud services, and secure them as they are built.

• CSP knows the platform and cloud in general best, can use unlisted or poorly documented capabilities to secure the cloud. Security deeply integrated into the platform is “more secure”, and also better linked with asset tracking, and other IT ops / DevOps capabilities. This deep knowledge translates into superior security capabilities, both practical and conceptual.
• Built-in beats bolt-on, with fewer seams to break and break through. CSP-native tools offer seamless integration with other services, streamlining workflows, and reducing the risk of security gaps that can arise from stitching together disparate tools. This results in a simpler and more manageable security stack. Recent breaches highlight the risks associated with these integration points, underscoring the advantage of built-in security.
• Using native tools reduces the number of third-party vendors and solutions you need to manage, leading to a simpler security stack and less administrative overhead. When cloud platforms and security tools share the same foundation, operational teams benefit from streamlined access and workflows.
• Auxiliary argument: CSP keeps pace with securing new services as they are being launched. And there are a lot of cloud services being launched.

The Verdict

• “It depends” wins! It really does. No, we are not hedging or fudging. Are you disappointed?
• To make it practical, we need to answer “depends on what?” Organizational realities: how you use cloud, what cloud, how many clouds, what is your threat model, etc.
• None of the arguments from either side include a “killer” or a clincher argument that stops the debate and hands the victory to one side.
• Often starting with CSP-native tools and then supplementing with third-party solutions to address any gaps (if any) is the way to go (this also was Gartner advice in my days, BTW)

Listen to the audio version (better jokes!). And, yes, do read “Snow Crash” if you somehow failed to, before.

Resources:

• EP186 Cloud Security Tools: Trust the Cloud Provider or Go Third-Party? An Epic Debate, Anton vs Tim
• EP74 Who Will Solve Cloud Security: A View from Google Investment Side
• EP22 Securing Multi-Cloud from a CISO Perspective, Part 3
• EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use
• “Use Cloud Securely? What Does This Even Mean?!”

The Great Cloud Security Debate: CSP vs. Third-Party Security Tools was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post The Great Cloud Security Debate: CSP vs. Third-Party Security Tools appeared first on Security Boulevard.

A 39-year old man from Somerset, Kentucky, was sentenced to 81 months in federal prison for identity theft and faking his own death in government registry systems. [...]

A vulnerability, which was classified as critical, was found in SolarWinds Web Help Desk up to 12.8.3 Hotfix 1. Affected is an unknown function. The manipulation leads to hard-coded credentials. This vulnerability is traded as CVE-2024-28987. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Learning with Texts 2.0.3. This issue affects some unknown processing of the component URL Parameter Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-41572. The attack may be initiated remotely. There is no exploit available.

​​Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability, the ninth one tagged as exploited this year. [...]

​​Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability, the ninth one exploited in attacks this year. [...]

A vulnerability classified as problematic was found in Cisco Identity Services Engine Software. This vulnerability affects unknown code of the component Web-based Management Interface. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-20486. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Cisco Identity Services Engine Software. This affects an unknown part of the component REST API. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-20417. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco Identity Services Engine Software. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web-based Management Interface. The manipulation leads to incorrect privilege assignment. This vulnerability is handled as CVE-2024-20466. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Installer. The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2024-7977. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.