Half of Apps Contain at Least One Serious Exploitable Vulnerability
At least 50% of apps used in sectors such as manufacturing, public services, healthcare, retail, education, and utilities contain one or more serious exploitable vulnerabilities, according to a new study by WhiteHat Security.
Manufacturing had the highest “window of exposure,” with nearly 70% of applications in the sector having at least one serious exploitable vulnerability, according to the AppSec Stats Flash Volume 2 report, a monthly analysis launched this year.
The top five vulnerability classes recorded by WhiteHat over the previous three months were information leakage, insufficient session expiration, cross-site scripting, insufficient transport layer protection, and content spoofing. The report authors noted that “the effort and skill required to discover and exploit these vulnerabilities is fairly low, thus making it easier for the adversary.”
California DMV Halts Data Transfer After Vendor Breach
A Seattle-based company suffered a recent ransomware attack, which causes the data of millions of drivers in California to also become implicated. The company is called Automatic Funds Transfer Services(AFTS) and they work with a national database to ensure vehicle registration renewals notices are mailed correctly. They have access to millions of Californian’s SSNs, birthdates, voter registration, immigration status, and more PII. Thankfully the attackers were unable to access the data since the DMV ceased all data transfers to AFTS but this caused a delay in available services. California has more than 26 million licensed drivers, which is more than any other state, so we can imagine the bottleneck that will occur because of this attack. This attack is most likely a DDoS attack by flooding AFTS’s servers and firewall, rendering it to be inaccessible.
Apple had excluded about 53 of their own apps from routing their traffic through VPNs and security firewalls. The apps were placed on a “Content Filter Exclusion List”, which researchers argued that malware could latch onto legitimate traffic to bypass the security features in place and compromise user devices. This bypass was also found to expose the user’s real IP address, therefore exposing their current location.
This discovery was made when security researchers and security app developers realized that traffic from some apple apps was not getting filtered or inspected. Apple said the exclusion list was a result of bugs that have since been fixed in various apps, and all subsequent release of the OS will not exclude any apps from bypassing security tools on devices.
Breached water plant employees used the same TeamViewer password and no firewall
The Florida water treatment facility whose computer system experienced a potentially hazardous computer breach last week used an unsupported version of Windows with no firewall and shared the same TeamViewer password among its employees, government officials have reported. There was a computer intrusion happened last Friday in Oldsmar. A hacker controlled equipment inside the Oldsmar water treatment plant, and he increased the amount of sodium hydroxide by factor of 100. The tampering could have caused severe sickness or death had it not been for safeguards the city has in place. Employee with the Oldsmar facility used a computer running windows 7 to remotely access plant controls the supervisory control and data acquisition. The computer does not have firewall and used a password that was shared among employees for remotely logging into city system with TeamViewer application. The employee and the system they used expose a large vulnerability which allows the attackers to gain access to the system and the results may put citizen’s life in danger.
The cloud is threatening firewalls. Is it time to let them go?
This article is discussing the shrinking market for firewalls. With more organizations going to the cloud to provide their services, they do not need an on-premise solution. This means you don’t need a firewall to protect these services anymore.
The cloud is able to provide segmentation. It would be hard for an attacker to move laterally in an organization if they have a separate vendor for email, network, CRM , and etc. It is important for organizations to fully understand the cloud provider’s security practices and what their role in securing their cloud environment is. But, for the most part, the control of security is moving out of the hands of the organization and into the hands of the cloud service providers.
The author also said more organizations are moving towards software defined wide area networks (SD-WAN) controllers to help protect their scattered field officers or retail locations. SD-WAN may not have a firewall because “there’s convergence between the firewall market and the SD-WAN controllers,” said David Holmes, senior analyst at Forrester.
With cloud and SD-WAN taking up more of the firewall market, organizations must make ROI decisions on whether or not they should make a purchase for next generation firewalls or web application firewalls.
A manufacturer of network devices such as home routers and switches, Zyxel, had over 100,000 firewalls, VPN gateways, and access point controllers compromised due to a hardcoded admin-level backdoor account. This account can be used to grant root access to devices via a SSH shell or web administration portal. Attackers discovered the username “zyfwp” and password “PrOw!aN_fXp” combination, stored in plaintext in one of organization’s systems. Threat actors are able to use this backdoor to access vulnerable network devices and pivot into internal networks. The company uses this backdoor to deliver firmware updates to interconnected devices using FTP. Since the vulnerability was discovered, an advisor was sent to patch any affected devices to remove the backdoor account. In 2016, Zyxel experience a security breach due to a hardcoded account. Maybe this time they have learned their lesson.
Kaspersky: Decline in DDoS Attacks Linked to Surge in Cryptocurrency Value
The researchers believe this reduction is linked to the surge in cryptocurrency costs, with cyber-criminals increasingly turning their attention to cryptomining. Kaspersky statistics showed that while the number of cryptominers declined throughout 2019 and at the start of 2020, from August 2020, this form of malware has gone up slightly.
With cryptomining becoming more lucrative, it is likely many cyber-criminals re-profiled some botnets to enable C&C servers, typically used in DDoS attacks, to repurpose infected devices and use their computing power to mine cryptocurrencies instead.
Alexey Kiselev, business development manager on the Kaspersky DDoS Protection team commented: “The DDoS attack market is currently affected by two opposite trends. On the one hand, people still highly rely on stable work of online resources, which can make DDoS attacks a common choice for malefactors. However, with a spike in cryptocurrency prices, it may be more profitable for them to infect some devices with miners. As a result, we see that the total number of DDoS attacks in Q4 remained quite stable. And we can predict that this trend will continue in 2021.”
Why Apple should let you define private places on iPhones
The way Significant Locations works is that your iPhone keeps a list of places you frequently visit. Like favorite places, shops, and you might visit often – medical center.
Data gathered from smartphones enables service providers to infer a wide range of personal information about their users, such as their traits, their personality, and their demographics. This personal information can be made available to third parties, such as advertisers. Leveraging location information, advertisers can serve ads micro-targeted to users based on the places they visited.
Apple promises this data is encrypted and cannot be read by Apple. But I’m a little unclear whether this information is made available to third-party apps.
Next generation firewalls is the topic of this interesting article! It highlights the difference between the up and coming next-gen firewalls and the traditional firewalls of the past. Here are a few key differences between the two:
Traditional:
– Evaluation of Network traffic: stateful – Looks at the state of a connection=>protocols, port, rule conformity. Pro – handles a high volume of network traffic with limited CPU power
– Layers: protects in Layer 3 of OSI model
– Devices: Uses IDS/IPS, WAF, network filter, and more resulting in lots of integration and network security manager to coordinate and centralize
Next-Gen:
– Evaluation of Network traffic: Stateful but also analyzes the packet contents for malformations, eg malware, and inconsistencies with expected traffic. Pro – provides more protection Con – requires more CPU power
– Layer: Takes effect in layers 4-7 meaning that firewall can identify and act upon many attacks.
– Devices: Replaces devices in a stateful security stack. Single device deployments can limit to one programming language and a single management console. Con => requires greater processing power and may limit options for each layer.
Overall, this article provides a glimpse as to the next generation of firewalls to be implemented and how your infosec team might be able to use them.
You’ve Got Cloud Security All Wrong: Managing Identity in a Cloud World
This article discusses the importance of identity and access management in the cloud. When it comes to cloud security, instead of redesigning their security infrastructure for the cloud, many organizations are simply wrapping the cloud around their legacy technologies, relying on legacy network security solutions to protect their data. Traditional network security no longer offers the same advantages or protection. Identity is the new perimeter, and it has become a critical attack surface for bad actors. It predicted through 2025 that at least 99% of cloud security failures will be the customer’s fault. Attackers like to focus on compromising weak credentials, such as passwords. With the cloud enabling users to access software and services from any device, cyber criminals can take advantage of weak authentication and other identity-related mechanics to seek out critical applications and data.
The article lists three steps for proper identiy and access management
1. The first layer is establishing identity at the security perimeter. This must be done not only for human users but for any entity trying to access a system, including an Internet of Things (IoT) device, bot, or machine.
Who are they?
What is their role or group?
Can we tie a device(s) to them?
What other contextual information is associated with them (e.g., what is their location, their common work pattern, etc.)?
2. The second layer is dictating what resources the specific user can access. Many ancillary products play a role here, including unified endpoint management, endpoint detection and response, cloud access security brokers, and more. All of these products should be tied to a source of trust, which conceptually resides within the identity layer (e.g., LDAP/Active Directory)
3. The last layer is the security of the data and applications. On the application side, determine criticality and adjust access accordingly. Do users need to be in a trusted location and on a trusted device to be granted access to the application? Or is it of lower sensitivity and can be accessed from anywhere? If the data is highly sensitive, an option is to classify access based on specific data elements. Instead of providing users access to an entire application, grant access to certain files and not others.
Phishing attacks have resulted in over 10,000 Microsoft email accounts to be breached. The phishing emails were pretending to be FedEx and DHL mail carriers. The attackers used Google Firebase and Quip web hosts, which are legitimate services that have a free option for anyone to use and potentially abuse. The sites would mimic the Microsoft login screen, asking the victim to enter their email address and password, while that information is then sent to the attacker directly instead of Microsoft’s servers. As the COVID-19 epidemic has been going on, more and more people rely on Internet based services, and attackers will target those individuals. The important thing to do is to enable multi-factor authentication so even if attackers have your password, they will not be able to log in without the code from your local device.
Security vendor SonicWall recently warned its customers that threat actors may have found some zero-day vulnerabilities in some of its remote access products. As mentioned in Dr. Lanter’s PIA class, we did a case study on a project that was conducted at a hospital network that realized they were coming up on a zero day issue. This happens when the clock of the program gets close to the limit (in the case study I believe it was about 32 years) all dating would revert back to zero as it cannot count any higher. In the study we mentioned how it would affect medical devices would could pose a threat to patients as machines and software/data would not show correct expiration dates or update dates, where in this instance hackers were using this vulnerability to try to gain access to the system through it. It shows us that there are many stakeholders and risks involved with not properly updating these. It also shows that due to the attack focusing on their remote access how a lot of things are now vulnerable due to the massive demand increase of work from home products and services.
Working from home has given a boost to Remote Desktop Protocol (RDP) attacks. In 2020, a 768% increase in RDP attacks was observed. The threat involved is the fact that ransomware attacks gain access to a network via backdoor approach that abuses flaw in RDP software or the way it is deployed. Attackers don’t have to struggle much since RDP attacks are dependent on technology and not the human factor. Misconfigured RDP can lead to the loss of valuable resources, including devices with admin access and company servers, and ultimately, network-wide compromise. It is recommended to limit the number of open ports, restricting access, and enhancing the security of the exposed ports to protect against RDP attacks.
Apple drops controversial firewall-bypass feature on macOS
Apple has removed a controversial feature in its macOS operating system that allows more than 50 of its own applications to completely bypass third-party security tools such as firewalls and virtual private networks (VPNs).
The ContentFilterExclusionList in macOS 11 was marked as a potential security risk by the security community and developers in the second half of last year.
Apple uses ContentFilterExclusionList to prevent more than 50 of its own applications and daemons from routing through NEF. This means that third-party firewalls using this new framework cannot block traffic from them. Researchers speculate that Apple excluded its applications from the supervision of third-party firewalls in the name of overall security.
Breached water plant employees used the same TeamViewer password and no firewall.
In Florida, a water treatment facility was breached and faced a very dangerous hazard because they used unsupported version of windows with no firewalls and shared the same teamviewer (remote login) password. The attacker intruded the water treatment facility of the town of about 15,000 people about 15 miles from the megacity of Tampa. The attacker increased the amount of sodium hydroxide by the factor of 100 with can be toxic level leading to severe sickness and deaths. This could have been prevented if the water treatment facility had a better information security practices and included firewall in their information security architecture.
119,000 Threats Per Minute Detected in 2020
The number of cyber-threats identified and blocked by Trend Micro rose by 20% in 2020 to more than 62.6 billion.
Email-borne threats such as phishing attacks accounted for 91% of the 62.6 billion threats blocked by Trend Micro last year. Nearly 14 million unique phishing URLs were detected by the company in 2020, with home networks a primary target.
Researchers found cyber-attacks on home networks surged 210% year-on-year in 2020 to just under 2.9 billion, a figure that equates to 15.5% of all homes. The vast majority (73%) of strikes against home networks involved brute-forcing logins to gain control of a smart device or router.
The number of newly detected ransomware families increased 34% last year. Researchers noted an increase in the popularity of “double extortion” attacks in which attackers exfiltrate data before encrypting it so they can use the threat of publication to extort money as well as charging for the data’s return. Government, banking, manufacturing, and healthcare were the sectors most targeted by ransomware gangs.
Researchers added that a year into the global health pandemic, organizations around the world should be aware of its impact on cybersecurity risk. https://www.infosecurity-magazine.com/news/119k-threats-per-minute-detected/?&web_view=true
Microsoft announced two new Azure services to improve the security for applications and content through the Internet. One is Azure Front Door to oversee global microservice-based web applications, and it can be a secure cloud content delivery network service against cyber threats to protect the apps and websites. According to this article, another one is Azure Firewall, and it is designed to protect Azure Virtual Network resources via log access to apps and resources with filtering for both inbound and outbound traffic. It can detect the traffic and then re-encrypt. While the user is checking the system, it can detect some known malicious instruction sequences used by malware. There is an advantage for the premium users that they can set filters for outbound traffic, and they can use Azure Key Vault to protect their passwords via key and TLS/SSL certificated. These services improve the operating system, and the users connect to the Internet more securely. https://redmondmag.com/articles/2021/02/18/azure-front-door-and-azure-firewall.aspx
Clubhouse to breach China’s Great Firewall.
The newest social media platform, Clubhouse, allows users to circumvent the government’s firewall so users can have access to a social media platform from mainland China. The process is simple, if the user has a non-Chinese account with Apple, they can download the application, log out of their Chinese account and log back on with their foreign account. Clubhouse is an audio only chat room and is likely monitored by the government . While the government can take action to cut off communications between the users and the application server as they do with other social media platforms like Facebook and Twitter, they have not taken action to do so.
On February 26 2021, T-mobile disclosed data breach after SIM swapping attacks. SIM swapping occurs when someone contacts your wireless carrier and is able to convince the call center employee that they are, in fact, you, using your personal data.
They do this by using data that’s often exposed in hacks, data breaches, or information you publicly share on social networks to trick the call center employee into switching the SIM card linked to your phone number, and replace it with a SIM card in their possession. You can decrease your chances of someone gaining access to and taking over your phone number by adding a PIN code or password to your wireless account. T-Mobile, Verizon and AT&T all offer the ability to add a PIN code.
If you’re unsure if you have a PIN code or need to set one up, here’s what you need to do for each of the major US carriers.
I couldn’t post my News here, but I sent it to the professor by email. Now I can send News by communicating with the administrator, and I pose it again.
“CISA, DHS Bolster State and Local Cybersecurity Programs”
The Cybersecurity and Infrastructure Security Agency authorized California-based communications company Viasat to receive sensitive and classified indicators of compromise from the federal government in order to better protect their U.S.-based customers from cybersecurity threats.
The company joins AT&T and Lumen as members of the Enhanced Cybersecurity Services program, which aims to augment intrusion detection for U.S. organizations, with federal aid for state and local entities to participate. The ECS providers will apply their access to sensitive and classified information to domain name service sinkholing, email filtering and netflow analysis, according to CISA’s description of the program. https://www.nextgov.com/cybersecurity/2021/02/cisa-dhs-bolster-state-and-local-cybersecurity-programs/172244/
Zibai Yang says
Half of Apps Contain at Least One Serious Exploitable Vulnerability
At least 50% of apps used in sectors such as manufacturing, public services, healthcare, retail, education, and utilities contain one or more serious exploitable vulnerabilities, according to a new study by WhiteHat Security.
Manufacturing had the highest “window of exposure,” with nearly 70% of applications in the sector having at least one serious exploitable vulnerability, according to the AppSec Stats Flash Volume 2 report, a monthly analysis launched this year.
The top five vulnerability classes recorded by WhiteHat over the previous three months were information leakage, insufficient session expiration, cross-site scripting, insufficient transport layer protection, and content spoofing. The report authors noted that “the effort and skill required to discover and exploit these vulnerabilities is fairly low, thus making it easier for the adversary.”
https://www.infosecurity-magazine.com/news/half-apps-serious-exploitable/
Mei X Wang says
California DMV Halts Data Transfer After Vendor Breach
A Seattle-based company suffered a recent ransomware attack, which causes the data of millions of drivers in California to also become implicated. The company is called Automatic Funds Transfer Services(AFTS) and they work with a national database to ensure vehicle registration renewals notices are mailed correctly. They have access to millions of Californian’s SSNs, birthdates, voter registration, immigration status, and more PII. Thankfully the attackers were unable to access the data since the DMV ceased all data transfers to AFTS but this caused a delay in available services. California has more than 26 million licensed drivers, which is more than any other state, so we can imagine the bottleneck that will occur because of this attack. This attack is most likely a DDoS attack by flooding AFTS’s servers and firewall, rendering it to be inaccessible.
https://www.infosecurity-magazine.com/news/california-dmv-vendor-breach/
Humbert Amiani says
Apple had excluded about 53 of their own apps from routing their traffic through VPNs and security firewalls. The apps were placed on a “Content Filter Exclusion List”, which researchers argued that malware could latch onto legitimate traffic to bypass the security features in place and compromise user devices. This bypass was also found to expose the user’s real IP address, therefore exposing their current location.
This discovery was made when security researchers and security app developers realized that traffic from some apple apps was not getting filtered or inspected. Apple said the exclusion list was a result of bugs that have since been fixed in various apps, and all subsequent release of the OS will not exclude any apps from bypassing security tools on devices.
https://www.zdnet.com/article/apple-removes-feature-that-allowed-its-apps-to-bypass-macos-firewalls-and-vpns/
Ting-Yen Huang says
Breached water plant employees used the same TeamViewer password and no firewall
The Florida water treatment facility whose computer system experienced a potentially hazardous computer breach last week used an unsupported version of Windows with no firewall and shared the same TeamViewer password among its employees, government officials have reported. There was a computer intrusion happened last Friday in Oldsmar. A hacker controlled equipment inside the Oldsmar water treatment plant, and he increased the amount of sodium hydroxide by factor of 100. The tampering could have caused severe sickness or death had it not been for safeguards the city has in place. Employee with the Oldsmar facility used a computer running windows 7 to remotely access plant controls the supervisory control and data acquisition. The computer does not have firewall and used a password that was shared among employees for remotely logging into city system with TeamViewer application. The employee and the system they used expose a large vulnerability which allows the attackers to gain access to the system and the results may put citizen’s life in danger.
https://arstechnica.com/information-technology/2021/02/breached-water-plant-employees-used-the-same-teamviewer-password-and-no-firewall/
Jonathan Castelli says
The cloud is threatening firewalls. Is it time to let them go?
This article is discussing the shrinking market for firewalls. With more organizations going to the cloud to provide their services, they do not need an on-premise solution. This means you don’t need a firewall to protect these services anymore.
The cloud is able to provide segmentation. It would be hard for an attacker to move laterally in an organization if they have a separate vendor for email, network, CRM , and etc. It is important for organizations to fully understand the cloud provider’s security practices and what their role in securing their cloud environment is. But, for the most part, the control of security is moving out of the hands of the organization and into the hands of the cloud service providers.
The author also said more organizations are moving towards software defined wide area networks (SD-WAN) controllers to help protect their scattered field officers or retail locations. SD-WAN may not have a firewall because “there’s convergence between the firewall market and the SD-WAN controllers,” said David Holmes, senior analyst at Forrester.
With cloud and SD-WAN taking up more of the firewall market, organizations must make ROI decisions on whether or not they should make a purchase for next generation firewalls or web application firewalls.
https://www.cybersecuritydive.com/news/cloud-firewall-devops-security/587881/
Anthony Wong says
A manufacturer of network devices such as home routers and switches, Zyxel, had over 100,000 firewalls, VPN gateways, and access point controllers compromised due to a hardcoded admin-level backdoor account. This account can be used to grant root access to devices via a SSH shell or web administration portal. Attackers discovered the username “zyfwp” and password “PrOw!aN_fXp” combination, stored in plaintext in one of organization’s systems. Threat actors are able to use this backdoor to access vulnerable network devices and pivot into internal networks. The company uses this backdoor to deliver firmware updates to interconnected devices using FTP. Since the vulnerability was discovered, an advisor was sent to patch any affected devices to remove the backdoor account. In 2016, Zyxel experience a security breach due to a hardcoded account. Maybe this time they have learned their lesson.
https://www.zdnet.com/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/
Xinyi Zheng says
Kaspersky: Decline in DDoS Attacks Linked to Surge in Cryptocurrency Value
The researchers believe this reduction is linked to the surge in cryptocurrency costs, with cyber-criminals increasingly turning their attention to cryptomining. Kaspersky statistics showed that while the number of cryptominers declined throughout 2019 and at the start of 2020, from August 2020, this form of malware has gone up slightly.
With cryptomining becoming more lucrative, it is likely many cyber-criminals re-profiled some botnets to enable C&C servers, typically used in DDoS attacks, to repurpose infected devices and use their computing power to mine cryptocurrencies instead.
Alexey Kiselev, business development manager on the Kaspersky DDoS Protection team commented: “The DDoS attack market is currently affected by two opposite trends. On the one hand, people still highly rely on stable work of online resources, which can make DDoS attacks a common choice for malefactors. However, with a spike in cryptocurrency prices, it may be more profitable for them to infect some devices with miners. As a result, we see that the total number of DDoS attacks in Q4 remained quite stable. And we can predict that this trend will continue in 2021.”
Xinyi Zheng says
https://www.infosecurity-magazine.com/news/kaspersky-decline-ddos/
Wenyao Ma says
Why Apple should let you define private places on iPhones
The way Significant Locations works is that your iPhone keeps a list of places you frequently visit. Like favorite places, shops, and you might visit often – medical center.
Data gathered from smartphones enables service providers to infer a wide range of personal information about their users, such as their traits, their personality, and their demographics. This personal information can be made available to third parties, such as advertisers. Leveraging location information, advertisers can serve ads micro-targeted to users based on the places they visited.
Apple promises this data is encrypted and cannot be read by Apple. But I’m a little unclear whether this information is made available to third-party apps.
https://www.computerworld.com/article/3608682/why-apple-should-let-you-define-private-places-on-iphones.html
Vanessa Marin says
Next generation firewalls is the topic of this interesting article! It highlights the difference between the up and coming next-gen firewalls and the traditional firewalls of the past. Here are a few key differences between the two:
Traditional:
– Evaluation of Network traffic: stateful – Looks at the state of a connection=>protocols, port, rule conformity. Pro – handles a high volume of network traffic with limited CPU power
– Layers: protects in Layer 3 of OSI model
– Devices: Uses IDS/IPS, WAF, network filter, and more resulting in lots of integration and network security manager to coordinate and centralize
Next-Gen:
– Evaluation of Network traffic: Stateful but also analyzes the packet contents for malformations, eg malware, and inconsistencies with expected traffic. Pro – provides more protection Con – requires more CPU power
– Layer: Takes effect in layers 4-7 meaning that firewall can identify and act upon many attacks.
– Devices: Replaces devices in a stateful security stack. Single device deployments can limit to one programming language and a single management console. Con => requires greater processing power and may limit options for each layer.
Overall, this article provides a glimpse as to the next generation of firewalls to be implemented and how your infosec team might be able to use them.
https://www.darkreading.com/edge/theedge/next-gen-firewalls-101-not-just-a-buzzword/b/d-id/1338865
Anthony Messina says
You’ve Got Cloud Security All Wrong: Managing Identity in a Cloud World
This article discusses the importance of identity and access management in the cloud. When it comes to cloud security, instead of redesigning their security infrastructure for the cloud, many organizations are simply wrapping the cloud around their legacy technologies, relying on legacy network security solutions to protect their data. Traditional network security no longer offers the same advantages or protection. Identity is the new perimeter, and it has become a critical attack surface for bad actors. It predicted through 2025 that at least 99% of cloud security failures will be the customer’s fault. Attackers like to focus on compromising weak credentials, such as passwords. With the cloud enabling users to access software and services from any device, cyber criminals can take advantage of weak authentication and other identity-related mechanics to seek out critical applications and data.
The article lists three steps for proper identiy and access management
1. The first layer is establishing identity at the security perimeter. This must be done not only for human users but for any entity trying to access a system, including an Internet of Things (IoT) device, bot, or machine.
Who are they?
What is their role or group?
Can we tie a device(s) to them?
What other contextual information is associated with them (e.g., what is their location, their common work pattern, etc.)?
2. The second layer is dictating what resources the specific user can access. Many ancillary products play a role here, including unified endpoint management, endpoint detection and response, cloud access security brokers, and more. All of these products should be tied to a source of trust, which conceptually resides within the identity layer (e.g., LDAP/Active Directory)
3. The last layer is the security of the data and applications. On the application side, determine criticality and adjust access accordingly. Do users need to be in a trusted location and on a trusted device to be granted access to the application? Or is it of lower sensitivity and can be accessed from anywhere? If the data is highly sensitive, an option is to classify access based on specific data elements. Instead of providing users access to an entire application, grant access to certain files and not others.
https://www.darkreading.com/cloud/youve-got-cloud-security-all-wrong-managing-identity-in-a-cloud-world/a/d-id/1340077
Krish Damany says
Phishing attacks have resulted in over 10,000 Microsoft email accounts to be breached. The phishing emails were pretending to be FedEx and DHL mail carriers. The attackers used Google Firebase and Quip web hosts, which are legitimate services that have a free option for anyone to use and potentially abuse. The sites would mimic the Microsoft login screen, asking the victim to enter their email address and password, while that information is then sent to the attacker directly instead of Microsoft’s servers. As the COVID-19 epidemic has been going on, more and more people rely on Internet based services, and attackers will target those individuals. The important thing to do is to enable multi-factor authentication so even if attackers have your password, they will not be able to log in without the code from your local device.
https://threatpost.com/microsoft-fedex-phishing-attack/164143/
Austin Mecca says
https://www.infosecurity-magazine.com/news/sonicwall-probes-zerodays-in-own/
Security vendor SonicWall recently warned its customers that threat actors may have found some zero-day vulnerabilities in some of its remote access products. As mentioned in Dr. Lanter’s PIA class, we did a case study on a project that was conducted at a hospital network that realized they were coming up on a zero day issue. This happens when the clock of the program gets close to the limit (in the case study I believe it was about 32 years) all dating would revert back to zero as it cannot count any higher. In the study we mentioned how it would affect medical devices would could pose a threat to patients as machines and software/data would not show correct expiration dates or update dates, where in this instance hackers were using this vulnerability to try to gain access to the system through it. It shows us that there are many stakeholders and risks involved with not properly updating these. It also shows that due to the attack focusing on their remote access how a lot of things are now vulnerable due to the massive demand increase of work from home products and services.
Priyanka Ranu says
RDP Attackers Have Made Themselves at Home
Working from home has given a boost to Remote Desktop Protocol (RDP) attacks. In 2020, a 768% increase in RDP attacks was observed. The threat involved is the fact that ransomware attacks gain access to a network via backdoor approach that abuses flaw in RDP software or the way it is deployed. Attackers don’t have to struggle much since RDP attacks are dependent on technology and not the human factor. Misconfigured RDP can lead to the loss of valuable resources, including devices with admin access and company servers, and ultimately, network-wide compromise. It is recommended to limit the number of open ports, restricting access, and enhancing the security of the exposed ports to protect against RDP attacks.
https://cyware.com/news/rdp-attackers-have-made-themselves-at-home-0a468887
Junhan Hao says
Apple drops controversial firewall-bypass feature on macOS
Apple has removed a controversial feature in its macOS operating system that allows more than 50 of its own applications to completely bypass third-party security tools such as firewalls and virtual private networks (VPNs).
The ContentFilterExclusionList in macOS 11 was marked as a potential security risk by the security community and developers in the second half of last year.
Apple uses ContentFilterExclusionList to prevent more than 50 of its own applications and daemons from routing through NEF. This means that third-party firewalls using this new framework cannot block traffic from them. Researchers speculate that Apple excluded its applications from the supervision of third-party firewalls in the name of overall security.
https://www.itpro.co.uk/security/firewalls/358338/apple-drops-controversial-firewall-bypass-feature-on-macos
Prince Patel says
https://arstechnica.com/information-technology/2021/02/breached-water-plant-employees-used-the-same-teamviewer-password-and-no-firewall/
Breached water plant employees used the same TeamViewer password and no firewall.
In Florida, a water treatment facility was breached and faced a very dangerous hazard because they used unsupported version of windows with no firewalls and shared the same teamviewer (remote login) password. The attacker intruded the water treatment facility of the town of about 15,000 people about 15 miles from the megacity of Tampa. The attacker increased the amount of sodium hydroxide by the factor of 100 with can be toxic level leading to severe sickness and deaths. This could have been prevented if the water treatment facility had a better information security practices and included firewall in their information security architecture.
Zhen Li says
119,000 Threats Per Minute Detected in 2020
The number of cyber-threats identified and blocked by Trend Micro rose by 20% in 2020 to more than 62.6 billion.
Email-borne threats such as phishing attacks accounted for 91% of the 62.6 billion threats blocked by Trend Micro last year. Nearly 14 million unique phishing URLs were detected by the company in 2020, with home networks a primary target.
Researchers found cyber-attacks on home networks surged 210% year-on-year in 2020 to just under 2.9 billion, a figure that equates to 15.5% of all homes. The vast majority (73%) of strikes against home networks involved brute-forcing logins to gain control of a smart device or router.
The number of newly detected ransomware families increased 34% last year. Researchers noted an increase in the popularity of “double extortion” attacks in which attackers exfiltrate data before encrypting it so they can use the threat of publication to extort money as well as charging for the data’s return. Government, banking, manufacturing, and healthcare were the sectors most targeted by ransomware gangs.
Researchers added that a year into the global health pandemic, organizations around the world should be aware of its impact on cybersecurity risk.
https://www.infosecurity-magazine.com/news/119k-threats-per-minute-detected/?&web_view=true
Cami Chen says
Microsoft announced two new Azure services to improve the security for applications and content through the Internet. One is Azure Front Door to oversee global microservice-based web applications, and it can be a secure cloud content delivery network service against cyber threats to protect the apps and websites. According to this article, another one is Azure Firewall, and it is designed to protect Azure Virtual Network resources via log access to apps and resources with filtering for both inbound and outbound traffic. It can detect the traffic and then re-encrypt. While the user is checking the system, it can detect some known malicious instruction sequences used by malware. There is an advantage for the premium users that they can set filters for outbound traffic, and they can use Azure Key Vault to protect their passwords via key and TLS/SSL certificated. These services improve the operating system, and the users connect to the Internet more securely.
https://redmondmag.com/articles/2021/02/18/azure-front-door-and-azure-firewall.aspx
Heather Ergler says
https://fortune.com/2021/02/08/clubhouse-app-in-china-censors-ban/
Clubhouse to breach China’s Great Firewall.
The newest social media platform, Clubhouse, allows users to circumvent the government’s firewall so users can have access to a social media platform from mainland China. The process is simple, if the user has a non-Chinese account with Apple, they can download the application, log out of their Chinese account and log back on with their foreign account. Clubhouse is an audio only chat room and is likely monitored by the government . While the government can take action to cut off communications between the users and the application server as they do with other social media platforms like Facebook and Twitter, they have not taken action to do so.
Kyuande Johnson says
On February 26 2021, T-mobile disclosed data breach after SIM swapping attacks. SIM swapping occurs when someone contacts your wireless carrier and is able to convince the call center employee that they are, in fact, you, using your personal data.
They do this by using data that’s often exposed in hacks, data breaches, or information you publicly share on social networks to trick the call center employee into switching the SIM card linked to your phone number, and replace it with a SIM card in their possession. You can decrease your chances of someone gaining access to and taking over your phone number by adding a PIN code or password to your wireless account. T-Mobile, Verizon and AT&T all offer the ability to add a PIN code.
If you’re unsure if you have a PIN code or need to set one up, here’s what you need to do for each of the major US carriers.
Haozhe Lin says
I couldn’t post my News here, but I sent it to the professor by email. Now I can send News by communicating with the administrator, and I pose it again.
“CISA, DHS Bolster State and Local Cybersecurity Programs”
The Cybersecurity and Infrastructure Security Agency authorized California-based communications company Viasat to receive sensitive and classified indicators of compromise from the federal government in order to better protect their U.S.-based customers from cybersecurity threats.
The company joins AT&T and Lumen as members of the Enhanced Cybersecurity Services program, which aims to augment intrusion detection for U.S. organizations, with federal aid for state and local entities to participate. The ECS providers will apply their access to sensitive and classified information to domain name service sinkholing, email filtering and netflow analysis, according to CISA’s description of the program.
https://www.nextgov.com/cybersecurity/2021/02/cisa-dhs-bolster-state-and-local-cybersecurity-programs/172244/