Category: News

 Gauging Cybersecurity Resiliency and Why It MattersJoao-Pierre S. RuthInformation WeekEarly this month, Accenture released results of its annual State of Cyber Resilience study, which asked more than 4,700 executives questions about their organizations’ effectiveness in halting cyberattacks.Ryan LaSalle, senior managing director and Accenture Security’s North America lead, says resiliency (as…

 OWASP Top 10 Vulnerabilities List — You’re Probably Using It Wrong
Gabriel Avner 
White Source 
Gabriel AvnerFirst issued in 2004 by the Open Web Application Security Project, the now-famous OWASP Top 10 Vulnerabilities list (included at the bottom of the article) is probably the closest that the development community has ever come to a set of commandments on how to keep their products secure.
Unfortunately, as the OWASP Top 10 Vulnerabilities list has reached a wider audience, its real intentions as a guide have been misinterpreted, hurting developers instead of helping.
So how should we understand the purpose of this list and actually encourage developers to code more securely?   
In a recent interview, OWASP’s chairman Martin Knobloch voiced his disappointment at the list being used as a sort of checklist for a final run through before a release, serving more as a validation mechanism than a guide.
The OWASP Top 10 is not set up to resolve every attack in the book, but to help teams avoid the common mistakes which are far more likely to get their applications breached.
A determined attacker can find many avenues to breach their target.
However, the smart risk management advisories do not focus on the minority of cases but instead seek to address the issues facing the widest audience.
Security teams that do not engage with their developers, making the effort to understand how they can empower them to have security be an inherent element of their workflow, will quickly find themselves sidelined.
If you want to stay relevant, become an enabler, and use the OWASP Top 10 list as a way to start conversations, not to threaten.
In the end, you might find that you catch more (O)WASPS with honey than vinegar.
Link: https://resources.whitesourcesoftware.com/blog-whitesource/owasp-top-10-vulnerabilities?utm_medium=email&utm_source=topic%20optin&utm_campaign=awareness&utm_content=20191026%20prog%20nl&mkt_tok=eyJpIj

 CPDoS attack can poison CDNs to deliver error pages instead of legitimate sites
Catalin Cimpanu 
ZD Net 
Two academics from the Technical University of Cologne (TH Koln) have disclosed this week a new type of web attack that can poison content delivery networks (CDNs) into caching and then serving error pages instead of legitimate websites.
The new attack has been named CPDoS (Cache-Poisoned Denial-of-Service), has three variants, and has been deemed practical in the real world (unlike most other web cache attacks).
According to the research team, three variants of the CPDoS attack exist, depending on how attackers decide to structure the malformed header.
The names are self-explanatory, with using oversized header fields, meta characters that trigger errors, or instructions that override normal server responses.
Mitigations against CPDoS attacks, fortunately, exist.
The simplest solution is that website owners configure their CDN service to not cache HTTP error pages by default.
Link: https://www.zdnet.com/article/cpdos-attack-can-poison-cdns-to-deliver-error-pages-instead-of-legitimate-sites/

 4 steps to RPA success
Eth Stackpole 
insider Pro 
Amidst the hype and promise of artificial intelligence (AI) and machine learning (ML), their less-familiar counterpart, RPA, is starting to gain traction, especially among banks, insurance companies, telecommunications firms and utilities.
The technology employs AI and ML to handle rules-driven, high-volume and repeatable business tasks such as queries, calculations and copying and pasting data across systems without any coding requirement.
According to Gartner, RPA software revenue spiked 63.1 percent in 2018 to $846 million with projections calling for $1.3 billion in sales this year.
By the end of 2022, Gartner expects 85 percent of large and very large organizations will have deployed some form of RPA, fueling a $2.4 billion market.
While initial RPA use cases are aimed at automating back-office functions such as reconciliations and accounts receivable and payables, experts in the field say it’s only a matter of time before RPA is deployed to automate middle office and front-office activities, including customer call centers where there is a lot of behind-the-scenes manual work to share data between multiple systems.
As companies move beyond limited RPA pilots to full-blown implementations, there are four practices to keep in mind to ensure things stay on track:
1) Don’t rush to automate
2) Governance is key, but don’t let it grind things to a halt
3) Align business and IT
4) Embrace change management
Link: https://www.idginsiderpro.com/article/3446657/4-steps-to-rpa-success.html?utm_source=Adestra&utm_medium=email&utm_content=Title%3A%204%20steps%20to%20RPA%20success&utm_campaign=CIO%20Daily&utm_term=Ed

 JSON tools you don’t want to miss
Paul Krill 
infoworld, from IDG 

• JSONLint
• JSONCompare
• jtc  
• ijson
• JSON Formatter and Validator
• Altova XMLSpy JSON and XML Editor
• Code Beautify JSON Tools
• Visual Studio Code
• Eclipse JSON Editor Plugin

Link: https://www.infoworld.com/article/3446216/json-tools-you-dont-want-to-miss.html?utm_source=Adestra&utm_medium=email&utm_content=Title%3A%20JSON%20tools%20you%20don’t%20want%20to%20miss&utm_campaign=ID

 Slack rolls out new Salesforce integrations, launches Workflow Builder
Matthew Finnegan 
Computerworld 
Slack has added new integrations with Salesforce’s customer relationship management (CRM) and customer service apps, part of its ongoing push to bolster connections with other “best of breed” cloud apps.
Slack now lets users search and preview Salesforce Sales Cloud and Service Cloud records such as accounts and opportunities in app by using a slash command to pull up details.  
Other features include the ability to send Salesforce records relating to an account or case directly to an individual Slack user or a channel, such as #customer-support, for instance.
In addition, sales and service reps using Salesforce will be able to see Slack conversations related to a Salesforce record.
Also this week, Slack announced that its Workflow Builder tool is now generally available.
The feature lets all users automate routine processes; they can, for instance, create messages sent to new members of a channel, set up their own automations or select a pre-built template from Slack.
Link: https://www.computerworld.com/article/3446881/slack-rolls-out-new-salesforce-integrations-launches-workflow-builder.html?utm_source=Adestra&utm_medium=email&utm_content=Title%3A%20Slack%20rolls%20out%

 Windows 10 security: Microsoft reveals ‘Secured-core’ to block firmware attacks
Liam Tung 
ZD Net 
The new layer of security is for high-end PCs and the first Windows 10 ‘Secured-core’ PC is the Arm-powered Surface Pro X.
At its heart, the new firmware protection comes from a Windows Defender feature called System Guard.
That feature is intended to protect Windows 10 PCs from new attacks used by the likes of state-sponsored hacking group APT28 or Fancy Bear, which was caught late last year using a novel Unified Extensible Firmware Interface (UEFI) rootkit to target Windows PCs.   
“It’s pretty similar to what other manufacturers might be doing with a specific security chip, but we are doing this across all different manners of CPU architectures and OEMs, so we can bring this to a much broader audience, and they can select the form factor or product that matches them but with the same security guarantees as if Microsoft created it.” 
Microsoft already has Secure Boot.
However, that feature assumes the firmware is trusted to verify bootloaders, meaning attackers can exploit trusted firmware.
APT28’s rootkit was not properly signed, which meant Windows PCs with Windows Secure Boot enabled were not vulnerable because the system only permits signed firmware to load.
Link: https://www.zdnet.com/article/windows-10-security-microsoft-reveals-secured-core-to-block-firmware-attacks/

 STEALTHY TOOL DETECTS MALWARE IN JAVASCRIPT
Matt Shipman 
Futurity 
A new open-source tool called VisibleV8 allows users to track and record the behavior of JavaScript programs without alerting the websites that run those programs.
The tool runs in the Chrome browser and is designed to detect malicious programs that are capable of evading existing malware detection systems.
VisibleV8 saves all of the data on how a site is using JavaScript, creating a “behavior profile” for the site.
Researchers can then use that profile, and all of the supporting data, to identify both malicious websites and the various ways that JavaScript can compromise web browsers and user information.
You can download VisibleV8 from Kapravelos’ site.
Link: https://www.futurity.org/malware-in-javascript-visiblev8-2190792/

 ACSC warns of Windows malware Emotet spreading in Australia Featured
Sam Varghese 
IT Wire 
An infection of Windows systems by the Emotet malware was the precursor to the recent ransomware attack on Victorian hospitals, the Australian Cyber Security Centre says, as part of a warning that Emotet, which has been around since 2014, is being spread in Australia by malicious emails.
The ACSC named the ransomware as being Ryuk.
According to the Israeli firm Check Point, Ryuk is used only for tailored attacks.
In a statement, the ACSC said it had received numerous reports of confirmed Emotet infections from different industries, including critical infrastructure providers and government agencies.
The ACSC has asked anyone who requires assistance to contact ASD.Assist@defence.gov.au.
Link: https://www.itwire.com/security/acsc-warns-of-windows-malware-emotet-spreading-in-australia.html

 Microsoft Office Bug Remains Top Malware Delivery Vector
Kelly Sheridan 
Dark Reading 
CVE-2017-11882 has been attackers’ favorite malware delivery mechanism throughout the second and third quarters of 2019.

The third quarter of 2019 brought the rise of keylogger Agent Tesla, the decline of phishing-delivered ransomware-as-a-service (RaaS), and attackers’ continued preference for exploiting the CVE-2017-11882 Microsoft Office vulnerablity to deliver phishing campaigns.
Throughout the second and third quarters, researchers saw little change in the significant delivery mechanisms used to spread malware.
The most common method, as seen in more than 600 incidents, is Microsoft Office vulnerability CVE-2017-11882, which remains a “prolific technique” for attackers to spread malware through phishing attacks, researchers report.
Following CVE-2017-11882, the other two most common delivery mechanisms were Office macros and Windows Script Component (WSC) downloaders.
Attackers’ consistent use of the same delivery mechanisms could change as the holidays approach and Emotet reemerges, driving innovation among cybercriminals who may start using new variants and tactics.
Another notable trend third quarter was the drop in RaaS, which has decreased as attackers swap large-scale campaigns for narrowly focused ones.
GandCrab was taken offline; Sodinokibi, the ransomware that shares some of its code base, has seen a low rate of dissemination.
Targeted attacks let cybercriminals keep a lower profile and benefit from a higher return ratio.
Link: https://www.darkreading.com/operations/microsoft-office-bug-remains-top-malware-delivery-vector/d/d-id/1336182

 Cisco Networking Trends Report: ‘Intent-Based Networking Is Coming’
Sydney Sawaya 
sdX Central 
Winter is coming, and according to Cisco’s 2020 Global Networking Trends Report, so is intent-based networking (IBN).
Cisco conducted a web-based survey of 505 IT leaders and 1,566 network strategists across 13 countries about the current state of their networks, their network aspirations over the next two years, and their network operational and talent readiness. 
The survey found maximizing business value to be IT’s No. 1 priority with 40% of respondents naming it their top concern.
But seeing the top of the mountain is one thing, and getting up there is another.
In order to maximize business value, IT teams will require greater insight into data along with the right tools.
Still, Cisco’s findings suggest IBN will be the next “IT girl” of networking in the coming years — essentially the second phase of SDN.
Some 41% of those surveyed claim to have at least one instance of SDN in at least one of their network domains.
SDN has given network operators a way to design, build, and operate their networks through a centralized view. 
However, only 28% of respondents indicated having reached SDN or IBN on Cisco’s Digital Network Readiness Model, yet 78% expect to their networks to move beyond SDN or IBN within the next two years.
Likewise, only 4% indicated that their currently deployed networks are intent-based, and 35% plan to be within two years.
Link: https://www.sdxcentral.com/articles/news/cisco-networking-trends-report-intent-based-networking-is-coming/2019/10/

 Nasty PHP7 remote code execution bug exploited in the wild
Catalin Cimpanu 
ZD Net 
Exploiting the bug is trivial, and public proof-of-concept exploit code has been published on GitHub earlier this week.
“The PoC script included in the GitHub repository can query a target web server to identify whether or not it is vulnerable by sending specially crafted requests,” says Satnam Narang, Senior Security Response Manager at Tenable. “Once a vulnerable target has been identified, attackers can send specially crafted requests by appending ‘?a=’ in the URL to a vulnerable web server.”
Fortunately, not all PHP-capable web servers are impacted.
Only NGINX servers with PHP-FPM enabled are vulnerable.
PHP-FPM, or FastCGI Process Manager, is an alternative PHP FastCGI implementation with some additional features.
This blog post from Wallarm, the company that found the PHP7 RCE, includes instructions on how webmasters can use the standard mod_security firewall utility to block %0a (newline) bytes in website URLs, and prevent any incoming attacks.
Due to the availability of public PoC code and the simplicity of exploiting this bug, website owners are advised to check server settings and update PHP as soon as possible if they run the vulnerable configuration.
Link: https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

 Huawei: Banned and Permitted In Which Countries? List and FAQ
Joe Panettieri 
CHANNEL e2e 
Here’s an FAQ explaining the Huawei controversy, along with a list of countries, organizations and technology companies, and their current business status with the China-based technology giant.
Link: https://www.channele2e.com/business/enterprise/huawei-banned-in-which-countries/?utm_medium=email&utm_source=sendpress&utm_campaign

 Heed 5 security operations center best practices before outsourcing
Johna Till Johnson 
Tech Target – Security 
Research showed highly successful cybersecurity organizations, as measured by mean total time to contain, are 52% more likely to have deployed an SOC than their less successful peers.  
In fact, merely deploying a SOC can improve an organization’s mean time to contain a breach by almost half.  
But, as always, the devil is in the details in terms of assessing security operations center best practices: Should cybersecurity pros outsource the SOC function or develop one in-house.
And, if they outsource, what should the selection criteria be?
First is the operational model: Is the SOC provider primarily focused on event notification, or does it work in a team extension mode and proactively take steps to respond to events?  
Second is the SOC run book itself.
Regardless of who executes it — the internal team or the SOC provider — how is the run book developed.
Does the SOC provider have a standardized run book that can be customized to each client, or should the client plan to develop it?  
The third step to ensure security operations center best practices is to examine the portfolio of services the SOC provider offers.  
Fourth is the set of tools and technologies the SOC provider relies on.  
Finally, as counterintuitive as it sounds, there’s the question of how the relationship will be terminated.
Link: https://searchsecurity.techtarget.com/tip/Heed-5-security-operations-center-best-practices-before-outsourcing

 SOC Operations: 6 Vital Lessons & Pitfalls
Todd Thiemann 
Dark Reading 
Lesson #1: Locate and Retain High-Quality SOC Talent
Lesson #2: Improve Your SOC Incrementally
Lesson #3: Coordinate SOC and Network Operations
Lesson #4: Realistic Goals
Lesson #5: Staffing Delusions
Lesson #6: The “AI Cure-All” Fallacy
Link: https://www.darkreading.com/operations/soc-operations-6-vital-lessons-and-pitfalls-/a/d-id/1336076

 The Global Security Orchestration Automation and Response (SOAR) Market size is expected to reach $2.3 billion by 2025, rising at a market growth of 16.3% CAGR during the forecast period
Cision PR Newswire 
NEW YORK, Oct. 21, 2019 /PRNewswire/ — The Global Security Orchestration Automation and Response (SOAR) Market size is expected to reach $2.3 billion by 2025, rising at a market growth of 16.3% CAGR during the forecast period.
Market growth is influenced by factors like growing cyber-attacks, absence of staff availability, strict laws and compliance, absence of centralized views on threats, and a large amount of false alerts that contribute significantly to the SOAR ecosystem.
Market players are taking step-by-step approaches to leverage market possibilities.
Companies focus on innovative market-space competitive strategies.
For instance, in August 2019, Splunk integrated with Deloitte in order to provide automated security monitoring and response capabilities which helps in driving higher fidelity and greater consistency into security workflows and outputs for organizations.
The same month, FireEye launched FireEye® Network Security 8.3 and FireEye Endpoint Security 4.8; are used for enhanced detection and investigation related to advanced attacks.
Similarly, Tufin collaborated with Cisco in order to launch Tufin Orchestration Suite R19-2 for helping the customers to increase the mitigation process to Cisco ACI.
Link: https://www.prnewswire.com/news-releases/the-global-security-orchestration-automation-and-response-soar-market-size-is-expected-to-reach-2-3-billion-by-2025–rising-at-a-market-growth-of-16-3-cagr-dur

 Secureworks Welcomes Steve Hardy as Chief Marketing Officer
Business Wire 
Yahoo – Finance 
Secureworks® (SCWX), a leading global cybersecurity company that protects organizations in a digitally connected world, announced the appointment of Steve Hardy as its new Chief Marketing Officer, effective today.
As CMO, Steve will lead Secureworks’ global marketing strategy, including product marketing, demand generation, corporate communications and field marketing.
He will report direc

 Security warning for software developers: You are now prime targets for phishing attacks
Anny Palmer 
ZD Net 
Software developers are the people most targeted by hackers conducting cyberattacks against the technology industry, with the hackers taking advantage of the public profiles of individuals working in the high-turnover industry to help conduct their phishing campaigns.
The August 2019 Threat Intelligence Bulletin from cybersecurity company Glasswall details the industries most targeted by phishing, with the technology sector accounting for almost half of malicious phishing campaigns.
According to the Glasswall report, software developer is the role most targeted by hackers going after the technology sector.
A key reason for this is that devs do the groundwork on building software and will often have administrator privileges across various systems.
That’s something attackers can exploit to move laterally around networks and gain access to their end goal.
One way potential victims could make themselves less susceptible to attacks would be to display less information about themselves on their public-facing profiles – although given this is how many look for work, that might not be practical for everyone.
Link: https://www.zdnet.com/article/security-warning-for-software-developers-you-are-now-prime-targets-for-phishing-attacks/

 [Infographic] Nations and Hackers Unleash Destructive Malware!
Rich Tehrani 
Tehrani Blog 
A new report from IBM X-Force Incident Response and Intelligence Services (IRIS) shows that these attacks have been on the rise, posing a growing threat to a wide variety of businesses that may not consider themselves an obvious target.
Key findings include:
• Massive destruction, massive costs: Destructive attacks are costing multinational companies $239 million on average.
As a point of comparison, this is 61 times more costly than the average cost of a data breach ($3.92 million).
• The long road to recovery: The debilitating nature of these attacks requires a lot of resources and time to respond and remediate, with companies on average requiring 512 hours from their incident response team.
It’s also common for organizations to use multiple companies to handle the response and remediation, which would increase hours even further.
• RIP laptops: A single destructive attack destroys 12,000 machines per company on average — creating quite a tab for new devices in order to get companies’ workforce back in action.
Link: https://blog.tmcnet.com/blog/rich-tehrani/security/infographic-nations-and-hackers-unleash-destructive-malware.html

 Why Modernizing Security is Like Visiting a Fast-Food Restaurant
Jonathan Divincenzo 
Dev Ops.com 
Fast casual restaurants are taking over the food industry.
Today’s consumers want quality and speed, and the brick-and-mortar model offering immediate service paired with quality ingredients perfectly fits the bill.
It’s the new, modernized dining experience.
You can also argue that the same modernization taking the food industry by storm is happening in the security sector.
A modern infrastructure mix is made up of many parts (much like a layered chicken sandwich): cloud, containers, hardware, platforms—and sometimes serverless.
Flexibility and deployment options are essential to defending applications and APIs across multiple components and delivery stacks.
Typically, security teams end up in a balancing act of supporting new infrastructure plans while taking over existing legacy systems and applications.
The modern world is ever-evolving and the definition of “modern” changes as new technology is introduced.
Fast-food chains have evolved over the years and, in turn, moved the food industry forward with the introduction of fast, casual and reliable options.
The companies continue to evolve to meet the customers’ demands by introducing delivery services, unique rewards programs and leading mobile apps.
Link: https://devops.com/why-modernizing-security-is-like-visiting-a-fast-food-restaurant/

 The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby 
Dark Reading 
The old-school technology is experiencing new popularity, but too many people assume mainframes are inherently secure.
Case in point: IBM’s Z series mainframe sales are up 70% year-over-year.
And a recent Compuware survey showed that mainframe workloads are increasing.
Currently, 57% of enterprises with a mainframe run more than half of their critical applications on the mainframe, but that number is expected to rise to 64% by next year, according to Compushare.
Overlooking mainframe security is an industrywide issue today.
Recent research shows that even though 85% of companies say that mainframe security is a top priority, 67% admit that they only sometimes or rarely factor security into mainframe environment decisions.
Ultimately, the mainframe renaissance will equip businesses with the processing power, reliability, and scalability they need to thrive.
But for true peace of mind, especially where sensitive customer data is involved, businesses need to be aware of the importance of mainframe security and, just as importantly, prepared to execute on it.
Link: https://www.darkreading.com/vulnerabilities—threats/the-mainframe-is-seeing-a-resurgence-is-security-keeping-pace/a/d-id/1335476

 The Ins and Outs of SOC for MSSPs and MSPs
Edward Gately 
Channel Partners 
To be successful as an MSSP or security-centric MSP, security operations center (SOC) is a must.
Channel Partners: What are some of the issues to consider when deciding whether to build your own SOC or outsource?

• Cost – building a SOC could cost $1-3 million depending on the size and scope.  
• Timing – some partners may find that it’s better to outsource the SOC to ensure your sales team is capable of selling the solution before you invest in building it yourself.  
• Skills – finding qualified people to work as SOC analysts is very difficult, so make sure that you have a pipeline of these rare resources before you invest.
• Scope – you need to decide early if you will staff for 24×7 or 9×5. Maybe you should partner for the after-hours work.

CP: What are some common mistakes to avoid when building your own SOC?
AR: Automation needs to be top of mind from the start.
A security information and event management (SIEM) solution alone with SOC analysis to sift through the data will not be effective unless you can automate some of the incident response to help you scale.
CP: What’s the best criteria for choosing a specialist to handle your SOC?
IT people think in a structured way with rules, policies and procedures – but hackers are very unstructured and creative.
To catch a hacker, you need to think like them, so hire a former programmer with problem-solving skills.
Link: https://www.channelpartnersonline.com/article/the-ins-and-outs-of-soc-for-mssps-and-msps/

 Demisto & Uptycs: Orchestrating Incident Response Activities
Security Boulevard 
Uptycs leverages the open-source osquery agent in order to acquire real-time data about nearly any facet of your infrastructure (more about osquery here).
This data is streamed, aggregated, and stored in the Uptycs backend and then made accessible via our API, allowing the integration of Uptycs data with other services.
The Uptycs-Demisto integration (available here in the Demisto Integration catalog) allows customers of both solutions the use of Uptycs data within their Demisto instance.
Link: https://securityboulevard.com/2019/08/demisto-uptycs-orchestrating-incident-response-activities/

 Secureworks Unveils 24/7 Threat Detection and Response Service
Dan Kobialka 
MSSP Alert 
Secureworks, a Top 100 MSSP, has added a 24/7 service to its Red Cloak Threat Detection and Response (TDR) offering.
Red Cloak TDR’s 24/7 service helps organizations scale their security expertise and combat cyber threats, according to Secureworks.
In doing so, the service enables organizations to accelerate threat detection, response and remediation.
The 24/7 service for Red Cloak TDR is now available.
Also, Secureworks is showcasing its updated version of Red Cloak TDR at this week’s Black Hat USA conference in Las Vegas, Nevada.
Red Cloak TDR is a managed detection and response (MDR) offering designed to help organizations identify cyber threats that typically go undetected by traditional security solutions, Secureworks noted.
It uses insights from incident response engagements to provide continuously updated threat intelligence and analytics that enables organizations to recognize malicious activity.
In addition, Red Cloak TDR analyzes data from IT environments and applies advanced analytics and threat intelligence, Secureworks said.
It then alerts end users if it identifies suspicious activity that requires attention.
Link: https://www.msspalert.com/cybersecurity-companies/mssps/secureworks-threat-detection/?utm_medium=email&utm_source=sendpress&utm_campaign

 IBM: Average Destructive Attacks Costs Over $200 Million
Dan Kobialka 
MSSP Alert 
Destructive malware, malicious software with the capability to render affected systems inoperable, represents a growing problem for global organizations, according to IBM X-Force Incident Response and Intelligence Services (IRIS).
Large multinational companies appear to incur costs around $239 million per destructive malware incident — 61 times greater than the cost of a typical data breach, IBM IRIS noted.
Furthermore, the average destructive malware attack affects 12,316 computer workstations and servers and requires 512 hours to remediate.
Link: https://www.msspalert.com/cybersecurity-research/ibm-destructive-malware-costs/?utm_medium=email&utm_source=sendpress&utm_campaign

 Cylance report looks into questionable pentesting practices
Security Brief – Asia 
BlackBerry has announced that new research from the BlackBerry Cylance Threat Intelligence Team has uncovered a trove of highly sensitive data. 
In Thin Red Line: Penetration Testing Practices Examined, the BlackBerry Cylance Threat Intelligence Team sheds light on a range of questionable pentesting practices, by-products and outcomes.
The report raises critical questions about the industry’s adherence to expectations of privacy and confidentiality, as well as compliance with legal and regulatory requirements, like Europe’s General Data Protection Regulation (GDPR). 
Included in the report is a case study of an advanced persistent threat (APT) like group which the research team found to be operating openly as a Brazilian security firm that is linked to the exposure of sensitive air traffic control data.
The research also explores the tradecraft of more than two dozen well-known companies offering pentesting services, from boutiques to blue chips, and finds the widespread exposure of client data in semi-public repositories.
Link: https://securitybrief.asia/story/cylance-report-looks-into-questionable-pentesting-practices

 Nmap 7.80 released: A mature Npcap Windows packet capturing driver, 11 new NSE scripts
Help Net Security 
It includes a mature Npcap raw packet capturing/sending driver, 11 new NSE scripts, a bunch of new libraries, bug fixes and performance improvements.
Nmap team has created the Npcap raw packet capturing/sending driver because the previously used Winpcap hasn’t been updated since 2013, doesn’t always work on Windows 10, and depends on long-deprecated Windows APIs.
Npcap uses modern APIs, is more performant, secure and featureful.
Nmap 7.80 updates the bundled Npcap from version 0.99-r2 to 0.9982, including all changes from the last 15 Npcap releases.
Link: https://www.helpnetsecurity.com/2019/08/12/nmap-7-80/

 NTT Security partners with Europol to bolster Threat Intelligence
Response Source 
NTT Security, the specialised security company of NTT Group, has signed a Memorandum of Understanding (MoU) with Europol’s European Cybercrime Centre (EC3).
This latest move forms part of its committment to sharing its strategic threat intelligence with industry partners and law enforcement agencies to prevent cybercrime globally.
The new MoU defines a framework for NTT Security and Europol to exchange strategic threat intelligence as well as information relating to cybersecurity trends and industry best practice.
Trust building through public-private sector partnerships is a priorty for NTT Security as it looks to enhance it’s relationship with EC3 which now includes NTT Security’s Global Threat Intelligence and Incident Center (GTIC)
Europol is one of many partners with whom NTT Security collaborates.
Others include the National Cyber Forensics and Training Alliance (NCFTA); Council of Registered Ethical Security Testers (CREST); Cyber Threat Alliance (CTA) Forum of Incident Response Teams (FIRST) and others.
Link: https://pressreleases.responsesource.com/news/98221/ntt-security-partners-with-europol-to-bolster-threat-intelligence/

 ConnectWise Identifies MSP Security Holes Through Risk Assessments
Maddie Bacon 
Channel Futures 
More than half of MSPs don’t do basic security awareness training, according to new data from ConnectWise.
57% of participating MSPs and SMBs don’t do security awareness training, 48% have not assessed or analyzed cybersecurity attack targets and tactics, and 48% don’t have a security incident response plan in place — all while more than 60% of SMBs experience cyberattacks or data breaches, according to the “2017 State of Cybersecurity in Small and Medium-Sized Businesses (SMB)” report from Ponemon Institute.
Link: https://www.channelfutures.com/security/connectwise-identifies-msp-security-holes-through-risk-assessments

 Stronger as One: IronNet Expands the Power of Collective Defense to Organizations of All Sizes
Iron Net 
New strategic initiative will improve cyber defense collaboration and security outcomes across organization and industry
IronNet Cybersecurity, the leading provider of collective defense and network behavioral analysis for companies and industries, today announces that IronDome, the industry’s first and only collective defense platform, is now available to companies of all sizes.
IronDome is a revolutionary way to defend against sophisticated and well-funded cyber adversaries by enabling organizations to join resources and envision impending potential threats to collectively defend against targeted attacks.
The platform applies advanced behavioral analytics, AI, and machine learning techniques to network traffic data and combines the tradecraft knowledge of the best offensive and defensive cyber operators in the world with world-class mathematicians and data scientists.
This IronDome expansion will be the first cross-sector sharing initiative at scale.
Additional initiatives will be launched to complement other public-private sharing entities and to provide a real-time anonymized view into domestic and international threats for cyber response.
Link: https://ironnet.com/new/stronger-as-one-ironnet-expands-the-power-of-collective-defense-to-organizations-of-all-sizes/

Copyright © *|CURRENT_YEAR|* *|LIST:COMPANY|*, All rights reserved. Our mailing address is: dailynews@paulgdavis.com If someone forwarded this email to you and you want to be added in, please click this subscribe to this list unsubscribe from this list    update subscription preferences  *|IF:REWARDS|* *|HTML:REWARDS|* *|END:IF|*

Average cost of a data breach rises to $3.92 million: IBM study

Nandita Mathur

Live Mint

The cost of a data breach has risen 12% over the past five years and now costs $3.92 million on an average, said study by IBM Security on Tuesday.
Assessing the financial impact of data breaches on organisations, the report claimed that the rising expenses were representative of multi-year financial impact of breaches, increased regulation, and the complex process of resolving criminal attacks.
The report also found that companies with less than 500 employees suffered losses of more than $2.5 million on average – a potentially crippling amount for small businesses, which typically earn $50 million or less in annual revenue.
While an average of 67% of data breach costs were realized within the first year after a breach, 22% accrued in the second year and another 11% accumulated more than two years after a breach.
The long tail costs were higher in the second and third years for organisations in highly-regulated environments, such as healthcare, financial services, energy and pharmaceuticals.
The study also found that data breaches which originated from a malicious cyber attack were not only the most common cause of a breach, but also the most expensive.
Malicious data breaches cost companies, examined in the study, $4.45 million on average – over $1 million more than those originating from accidental causes such as system glitch and human error.
These breaches are a growing threat, as the percentage of malicious or criminal attacks as the root cause of data breaches in the report crept up from 42% to 51% over the past six years of the study (a 21% increase).
One particular area of concern is the mis-configuration of cloud servers, which contributed to the exposure of 990 million records in 2018, representing 43% of all lost records for the year, according to the IBM X-Force Threat Intelligence Index.
The report found that the average life cycle of a breach was 279 days with companies taking 206 days to first identify a breach after it occurs and an additional 73 days to contain the breach.
However, companies in the study who were able to detect and contain a breach in less than 200 days spent $1.2 million less on the total cost of a breach.
A focus on incident response can help reduce the time it takes companies to respond, and the study found that these measures also had a direct correlation with overall costs.
Companies that had both these measures in place had $1.23 million less total costs for a data breach on average than those that had neither measure in place ($3.51 million vs. $4.74 million).
Link: https://www.livemint.com/technology/tech-news/average-cost-of-a-data-breach-rises-to-3-92-million-ibm-study-1563872957873.html

Immunity's penetration testing utility now includes an exploit for BlueKeep flaw

Dev Kundaliya

Computing

The exploit for the BlueKeep flaw is now included in CANVAS v7.23, enabling users to achieve remote code execution on unprotected PCs during penetration tests – in other words, able to open a shell on infected hosts.

The BlueKeep flaw, aka CVE-2019-0708, was first uncovered by security researchers in May, with Microsoft rushing out a patch to cover it.
According to Microsoft, it is a "wormable" vulnerability that can self-propagate from one vulnerable system to another without requiring user interaction – similar to the way that WannaCry and NotPetya were spread.
Link: https://www.computing.co.uk/ctg/news/3079585/bluekeep-exploit-released?utm_source=Adestra&utm_medium=email&utm_content=&utm_campaign=CTG.Daily_RL.EU.A.U&im_edp=146339-8a9e173aa3aaf898%26campaignname%3

MSP State of the Market report: MSPs give blunt feedback on what they really value from their vendor partners

Josh Budd

Channel Partner Insight

US and European providers anonymously share their experiences with vendors in CPI's MSP State of the Market report

Some MSP repsondents slammed their vendor partners for taking a short-term approach to the managed services market.
Our research finds that more than two thirds of MSPs are still running an "operationally immature" model where they are not selling a standardised and fully managed package.
Link: https://www.channelpartnerinsight.com/channel-partner-insight/feature/3079483/msp-state-of-the-market-report-msps-give-blunt-feedback-on-what-they-really-value-from-their-vendor-partners?utm_medium=em

Penetration Test Data Shows Risk to Domain Admin Credentials

Jai Vijayan

Dark Reading

A new analysis of data from 180 real-world penetration tests in enterprise organizations suggests that cybercriminals who manage to get a foothold on an internal network have an opportunity to then gain domain administrator access in more than three in four cases.
But attacks on Internet-facing assets actually result in some kind of internal access only about 20% of the time because of the security controls that many organizations have implemented at the network perimeter.
Attacks on Web applications are likely to result in site-wide compromise even more rarely (3%) of the time, the study by security vendor Rapid7 showed.
Most of the flaws on the internal LAN tend to be Microsoft-centered and have an impact on data integrity.
The biggest problems here have to do with SMB relaying: a failure to apply critical patches and credentials being stored in cleartext.
In 11% of the client sites, Rapid7 found organizations had not deployed patches even for very old vulnerabilities and for extremely critical flaws like EternalBlue, which was exploited in the WannaCry ransomware attacks of 2017.
Unlike prior years, penetration testers were able to use SMB relaying as a viable attack only about 15% of the time, suggesting organizations are much more aware of the need for SMB signing and are getting rid of SMB clients that don't support signing, Beardsley says.
Link: https://www.darkreading.com/vulnerabilities—threats/penetration-test-data-shows-risk-to-domain-admin-credentials/d/d-id/1335324

Fujitsu opens SOC in Canberra

Eleanor Dickinson

ARN, from IDG

Named the Cyber Resilience Centre (CRC), the facility will provide a centralised management hub for Fujitsu’s new security-as-a-service (SECaaS) offerings.

Aimed primarily at Federal and State Government customers, the facility will oversee managed and professional security services across the Oceania region using an unnamed Australian Signals Directorate-certified Protected Cloud as a host.
Operating on a consumption cost mode, the centre will provide services including: threat analytics, vulnerability management, threat intelligence and threat response.
Link: https://www.arnnet.com.au/article/664253/fujitsu-launches-protected-level-security-services-hub-in-canberra/?fp=2&fpid=1

How DNS firewalls can burn security teams

Andrew Wertkin

Help Net Security

It’s easy to see how DNS firewalls could have thwarted 33% of data breaches.
For most IT and security teams, DNS has been an afterthought.
Or, worse, not even that.
The research, conducted by the Global Cyber Alliance, was absolutely still worth doing.
On the surface, this research is good news.
It suggests there is a low-hanging fruit in the cybersecurity space.
But it also suggests that a DNS firewall is the logical next step to improved security.
It’s not — at least not on its own.
Turning DNS data gathering inwards, towards the edge, will allow you to examine the contextual data you need to shut down malicious activity long before it attempts to smuggle data out of the network.
Compromised devices can, and often do, act locally to perform reconnaissance or hoover up data before communicating out.
These internal queries, to private DNS, are not seen at all by most external facing DNS firewalls.
Further, by having device attribution of this data, I can spot patterns that are difficult or impossible to find among a firehose of data that doesn’t have originating device attribution.
Link: https://www.helpnetsecurity.com/2019/07/22/dns-firewalls/

Verint Systems selected as official supplier of Web Intelligence solutions to the UK police forces

Help Net Security

Verint Systems, a global provider of data mining software for Cyber Intelligence, announced it has been selected by The UK Police ICT Company as an official supplier of Web Intelligence solutions to the UK police forces, under Project IRIS.
Project IRIS represents all police forces in England and Wales as well as associated forces and agencies across the UK, including Police Scotland and the Police Service of Northern Ireland.
The total value of the IRIS procurement framework is £50 million over several years.
Link: https://www.helpnetsecurity.com/2019/07/22/verint-systems-uk-police/

Optiv Security opens the Dallas Innovation and Fusion Center

Help Net Security

Optiv Security, a security solutions integrator delivering end-to-end cybersecurity solutions across the globe, announced the opening of its new Dallas Innovation and Fusion Center, a state-of-the-art, more than 14,000-square-foot facility located in the HALL Park complex in Frisco, Texas.
The Center brings together a diverse team of cybersecurity experts – cyber digital and risk professionals, threat and innovation experts and others – working together with clients and industry partners to develop integrated, tailored and proactive cybersecurity solutions that address the speed of business change.
Link: https://www.helpnetsecurity.com/2019/07/22/optiv-security-dallas-innovation-and-fusion-center/

Analytics new battleground for MSSPs in Asia

Kenny Yeo

Channel Asia

This lack of talent and the constant push to meet regulatory compliance is driving the adoption of managed security services (MSS) solutions.
Traditional security monitoring is no longer sufficient because of limited log collection and rule-based analysis.
This shift in enterprise focus from device management to threat management is expected to drive the MSS market from US$1.97 billion in 2017 towards US$4.34 billion in 2022, at a compound annual growth rate (CAGR) of 17.1 per cent.
Furthermore, MSSPs are investing in technologies such as anti-distributed denial of service (DDoS), advanced malware analysis and advanced endpoint protection to deliver cloud-based security services.
Link: https://sg.channelasia.tech/article/664306/

THREAT INTELLIGENCE MARKET PROJECTED TO REACH US$ 12.9 BILLION BY 2023

Ramona Zimmerman

Rent Fin

The Global Research report titled Threat Intelligence Market delivering key insights and providing a competitive advantage to clients through a detailed report.
The report contains 200 pages which highly exhibit on current market analysis scenario, upcoming as well as future opportunities, revenue growth, pricing and profitability.
An exclusive data offered in this report is collected by research and industry experts team.
The Threat Intelligence Market size is estimated to grow from US$ 5.3 Billion in 2018 to US$ 12.9 Billion by 2023, at a Compound Annual Growth Rate (CAGR) of 19.7%.
The report spread across 200 Pages, Profiling 25 Companies and Supported with 90 Tables and 41 Figures is now available in this research.
The SMEs segment is expected to grow at the highest CAGR, owing to the rising deployment of threat intelligence solutions by SMEs to proactively protect their digital assets.
SMEs are small in terms of their size but cater to a large number of customers globally.
Robust and comprehensive security solutions are not implemented in SMEs, due to financial constraints in these organizations.
Weak cyber security and low budget make the organizations more susceptible to advanced cyber-attacks such as ransomware, botnets, zero-day attacks, and Advanced Persistent Threats (APTs).
APAC includes emerging economies such as India, China, Australia, Hong Kong, and Japan, which are rapidly deploying threat intelligence solutions.
APAC is expected to grow at the highest CAGR during the forecast period.
The APAC threat intelligence market is gaining traction as it provides proactive security measures against the evolving cyber-attacks.
Link: http://rentfint.com/2019/07/23/threat-intelligence-market-projected-to-reach-us-12-9-billion-by-2023/

Endace and Micro Focus Partnership Delivers New Security Insights for Threat Hunting and Investigation

Realwire

Virtual Strategy

London, UK – July 24, 2019 – Endace, specialists in high speed network recording and analytics hosting, today announced a new partnership with Micro Focus®.
Alongside the partnership announcement, Endace and Micro Focus also announced new integration between ArcSight Enterprise Security Manager and the EndaceProbe™ Analytics Platform to deliver faster, more accurate response to cybersecurity threats.
This integration dramatically reduces the time required for security analysts to respond to cybersecurity threats, at scale.
Link: http://virtual-strategy.com/2019/07/24/endace-and-micro-focus-partnership-delivers-new-security-insights-for-threat-hunting-and-investigation/

‘SOC’ It to ‘Em: How to Overcome Security Operations Center Challenges

Ericka Chickowski

Channel Futures

According to a new study from SANS Institute, today’s SOCs are treading water when it comes to making progress on maturing their practices and improving their technical capabilities.
Experts say that may not be such a bad thing considering how quickly the threats and the tech stacks they monitor are expanding and changing.

Staffing levels.
According to SANS, the size scales by organizational size, with organizations with between 10,000 and 15,000 employees generally running a SOC with six to 10 employees; organizations from 15,001 employees up to 100,000 putting together SOC teams of approximately 11-25 analysts; and very large enterprises with over 100,000 employees standing up SOCs with 26-100 analysts.
SOC budgets.
When asked about where they’d like to see more investments, 39% said they’d want to make additional investments in new/modern technology, 35% said they’d like to secure additional funding for staffing needs, and 34% would invest in automation to save time.
Outsourcing.
Some 43% of organizations report that they outsource certain functions of their work.
The three most popular functions for outsourcing – both in prevalence and growth over the last year – were malware analysis expertise, threat analysis and threat intel services.
This is in line with SANS outsourcing findings, which broke up categories differently but found that monitoring and detection capabilities were outsourced to some degree by 76% of respondents.
Top tech used.
ccording to the SANS study, security information and event management (SIEM) platforms are far and away the front-running technology for security analysts to correlate and analyze all of the data feeds they must deal with on a daily basis.
That’s followed by threat intel platforms, log management systems, and security automation and orchestration tools (SOAR).
SOC pain points.
Time wasted spinning wheels was one of the biggest pain points identified by those surveyed in the Exabeam study.
Other common complaints were out-of-date systems or applications, false positives, and lack of visibility.
SOC-NOC relationships.
Getting SOC analysts to team with network operations center (NOC) analysts is still a tall task for most organizations.
Proving SOC value with metrics.
SANS analysts say that if SOC managers are going to get more budget to make the investments they need to move the needle on SOC maturity, they’ve got to get better at the metrics game.
The No. 1-used metric to track and report the SOC’s performance is the number of incidents handled.
Meantime, only a very slim number of SOCs track monetary cost per incident or losses accrued versus losses prevented.
Link: https://www.channelfutures.com/mssp-insider/soc-it-to-em-how-to-overcome-security-operations-center-challenges

D3 Security Creates First Proactive Response Platform by Bringing Together SOAR and the MITRE ATT&CK Framework

Business Wire

VANCOUVER, British Columbia–(BUSINESS WIRE)–D3 Security, an innovator in security orchestration, automation and response (SOAR) technology, has released ATTACKBOT, a unique solution that utilizes the MITRE ATT&CK framework to identify and address the entire kill chain of complex attacks.
ATTACKBOT is a significant enhancement to existing SOAR capabilities that allows organizations to predict attacker behavior and focus remediation efforts effectively for more conclusive incident response.
ATTACKBOT streamlines the identification of incidents by allowing security teams to monitor attack progress in real time, correlate incidents with known adversary behaviors, and take appropriate action with the assistance of decision-tree-based playbooks.
ATTACKBOT delivers proactive intervention against ongoing attacks by treating every event as a link in a large chain of adversarial intent instead of solely isolated incidents.
By enabling visualizations of what the attack is and how far it has progressed, organizations are able to proactively intervene before the kill chain is complete.
Link: https://www.businesswire.com/news/home/20190724005141/en/D3-Security-Creates-Proactive-Response-Platform-Bringing