Technology

Related News

Tech entrepreneur pays $8M for Continuum South Beach condo

  • By Katherine Kallergis
  • Published date: 2021-09-17 18:30:48

Tech entrepreneur Hari Ravichandran paid $8 million for a condo at the Continuum in South Beach, The Real Deal has learned. Ravichandran is the founder and former CEO of Burlington, Massachusetts-based Endurance International Group, which acquired Waltham, Ma…

Continuum unit at 100 South Pointe Drive and Hari Ravichandran (Luxhunters for ONE Sothebys International Realty, Hari Ravichandran Foundation) Tech entrepreneur Hari Ravichandran paid $8 million fo… [+1812 chars]

8 Myths Worrying Employers About Remote Work

  • Devin Partida
  • Published date: 2021-09-17 14:17:26

While there are a few myths worrying employers about remote work, you can look at them as opportunities to learn new ways to improve your company culture...

Commuting used to be an expected part of having a career, but not anymore. More people than ever began working at home during the global pandemic, and experts estimate remote work could continue for … [+7598 chars]

The 'world's safest city' for 2021 revealed

  • Tamara Hardingham-Gill, CNN
  • Published date: 2021-09-17 13:42:55

Asian cities like Tokyo, Singapore and Osaka formerly occupied the top spots in the Economist's annual list of safe destinations, but Covid has turned the world on its head. Now a European city leads the pack in terms of resilience, security and wellbeing.

(CNN) Safety has long been a paramount concern for travelers when it comes to deciding which destination to visit. But the world has been turned on its head in recent years due to the global pandemi… [+5687 chars]

IoT Cyberattacks Escalate in 2021, According to Kaspersky - IoT World Today

  • Callum Cyrus
  • Published date: 2021-09-17 13:40:05

Some 1.51 billion IoT breaches occurred from January to June, most using the telnet remote access protocol.

IoT cyberattacks more than doubled year-on-year during the first half of 2021, according to anti-virus and computer security service provider Kaspersky. From January to June this year, some 1.51 bil… [+2428 chars]

Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do

  • Jeff Costlow
  • Published date: 2021-09-17 09:20:00

Jeff Costlow, CISO at ExtraHop, makes the case for implementing next-gen intrusion-detection systems (NG-IDS) and retiring those noisy 90s compliance platforms.

<div class="c-article__content js-reading-content"> <p>After more than 20 years of underwhelming results, security leaders have accepted their intrusion detection system (IDS) programs as no more than a compliance checkoff. It’s no secret that IDS’s reliance on bi-modal signatures is brittle, easily evaded and often referred to as an “alert cannon.”</p> <p>Time has not been kind to IDS and has created wide security gaps. With low IT budgets and the rise of the cybersecurity jobs crisis, organizations are in need of a centralized way to optimize workflow by integrating detection, investigation and response into a single tool.</p> <p><a href="https://threatpost.com/infosec-insider-subscription-page/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=InfosecInsiders_Newsletter_Promo/" target="_blank" rel="noopener"><img loading="lazy" class="aligncenter wp-image-168544 size-full" src="https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/10165815/infosec_insiders_in_article_promo.png" alt="Infosec Insiders Newsletter" width="700" height="50"></a></p> <p>And that’s not to mention the lack of coverage traditional IDS solutions provide. According to the <a href="https://www.verizon.com/business/en-sg/resources/reports/dbir/" target="_blank" rel="noopener">Verizon 2020 Data Breach and Incident Response (DBIR) report</a>, out of 3,000 investigated breaches, 97.5 percent were caused by attacks that IDS wasn’t designed to detect.</p> <p>To combat the outdated nature of IDS, organizations should adopt next-generation IDS (NG-IDS) to fulfill the defense-in-depth promise unmet by legacy IDS. NG-IDS is effective against more types of attacks and fills glaring decryption and cloud compliance gaps while improving security.</p> <h2><strong>IDS Erosion Over Time</strong></h2> <p>IDS boomed in the ’90s as security frameworks like the SANS 20 Critical Security Controls and mandates like PCI DSS called out IDS by name. But even after a quarter of a century of IDS innovation and adoption across many enterprises, the same challenges persist. <a href="https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-94.pdf" target="_blank" rel="noopener">NIST 800-94</a>, written in 2007, calls out the top challenges of that time, including detection accuracy, extensive tuning, blindspots and performance limits.</p> <p>Unfortunately, these shortcomings still plague IDS today, limiting it’s usability and effectiveness even in its original monolithic “castle-and-moat” paradigm it was developed to protect. When you add the major changes affecting enterprise networks today, continuing down the traditional IDS path is problematic.</p> <p>While IDS was designed to detect and secure the network perimeter from attacks, the evolution of the adversary has exposed the limits of IDS. The one-size-fits-all technology misses the mark with a narrow view of threat detection efficacy, an inability to cover east-west traffic, a lack of support for network security hygiene, a need for high operational overhead and the potential for numerous false positives. IDS is still useful, but its effectiveness is growing increasingly limited.</p> <h2><strong>The Next-Gen Super Shield</strong></h2> <p>Security and compliance frameworks, including those from CIS, NIST and PCI SSC point to long lists of must-have technology to build secure and compliant defenses. But they don’t tell us which ones to do first or how to allocate our limited budgets. Additional contextual knowledge from NG-IDS gives you a roadmap to prioritize investments while leaving others as “good enough” that fit your budget and time constraints.</p> <p>Integrated solutions like NG-IDS are part of a broader operation that improve on legacy technologies by harnessing the benefits of network detection and response (NDR), which makes monitoring an attacker’s land-and-pivot approach and preventing threats before significant damage is done much easier. Even more, solutions like NDR give better security efficacy with cloud-scale machine learning (ML) behavioral analysis, added visibility into encrypted and east-west traffic and extended detection across the full attack life cycle.</p> <p>Visibility gets you many things, but the most important is peace of mind. Cloud-based ML gives organizations access to superior detections and analytics, scalability, global coverage across network boundaries, and rapid security updates. Added visibility into encrypted traffic can reveal bad actors trying to disguise their attempts at lateral movement and data exfiltration in encrypted traffic. SecOps teams desperately need to gain better and extended visibility into encrypted data to help eliminate bad actors.</p> <h2><strong>Cover All Your Bases</strong></h2> <p>Security must not slow the business. Most NG-IDS systems deliver agentless, unified security across on-premises and cloud environments and is frictionless to the DevOps innovation pipeline.</p> <p>Digital transformation can create high-profile security lapses since widespread cloud adoption has upended almost everything. The migration of critical workloads from on-premises data centers to the cloud shifted into overdrive with urgency from the pandemic. This often inadvertently has caused teams to neglect cloud security strategy resulting in security gaps.</p> <p>Meanwhile, cybercriminals have been quick to weaponize encryption as a means to hide their malicious activity in otherwise benign traffic. Without decryption, organizations are blind to 60 percent of the Cybersecurity and Infrastructure Security Agency’s (CISA) most exploited vulnerabilities. Cybersecurity teams need access to tools that allow for true decryption to achieve true visibility. Out-of-band SSL/TLS decryption provides organizations with deep, meaningful network traffic analysis without risk to sensitive data or data regulated by various industry standards such as HIPAA, PCI, GDPR and others.</p> <p><strong> </strong>With a network detection layer at the point of intrusion and within the east-west corridor, security teams are prepared for situations where an attacker achieves a beachhead through leaky defenses or advanced techniques. Just as important, NG-IDS makes time- and budget-strapped analysts more effective by integrating detection, investigation and response into a single tool with a more efficient security workflow.</p> <p>IDS programs had their time as the go-to technology to achieve network security compliance check-offs. With next-generation firewalls (NGFW) absorbing some IDS perimeter functions, there’s an opportunity to shift detection deeper into the network with NG-IDS.</p> <p><em><strong>Jeff Costlow is CISO at ExtraHop.</strong></em></p> <p><em><strong>Enjoy additional insights from Threatpost’s Infosec Insiders community by </strong></em><a href="https://threatpost.com/microsite/infosec-insiders-community/" target="_blank" rel="noopener"><strong><em>visiting our microsite</em></strong></a><em><strong>.</strong></em></p> <footer class="c-article__footer"> <div class="c-article__footer__container"> <div class="c-article__footer__col"> <a href="#discussion" class="c-button c-button--secondary">Write a comment</a> </div> <div class="c-article__footer__col"> <div class="c-article__sharing"> <p><strong>Share this article:</strong></p> <nav class="c-nav-sharing"> <div class="social-likes social-likes_notext" data-title="Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do" data-url="https://threatpost.com/modernizing-ids-security/174789/" data-counters="no" data-zeroes="yes"><div class="facebook" title="Share via Facebook"></div> <div class="twitter" title="Share via Twitter"></div><div class="linkedin" title="Share via LinkedIn"></div> <div class="reddit" title="Share via Reddit"></div> <div class="flipboard" title="Share via Flipboard"></div> </div> </nav> </div> </div> </div> <div class="c-article__footer__container"> <div class="c-article__footer__col"></div> <div class="c-article__footer__col"> <ul class="c-list-categories"> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/cloud-security/">Cloud Security</a></li> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/infosec-insider/">InfoSec Insider</a></li> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/web-security/">Web Security</a></li> </ul> </div> </div> </footer> </div>

The FTE Summit Kicks off the Mykonos Decade

  • PR Newswire
  • Published date: 2021-09-17 05:00:00

VIVA Investment Partners AG announces its 12th Annual Follow The Entrepreneur (FTE) Investor Summit – FTE Mykonos 2021 – at the Royal Myconian Hotel kicking ...

ZURICH and ATHENS, Greece, Sept. 17, 2021 /PRNewswire/ -- VIVA Investment Partners AG announces its 12th Annual Follow The Entrepreneur (FTE) Investor Summit FTE Mykonos 2021 at the Royal Myconian Ho… [+5782 chars]

The FTE Summit Kicks off the Mykonos Decade

  • None
  • Published date: 2021-09-17 05:00:00

ZURICH and ATHENS, Greece, Sept. 17, 2021 /PRNewswire/ -- VIVA Investment Partners AG announces its 12th Annual Follow The Entrepreneur (FTE) Investor Summit – FTE Mykonos 2021 – at the Royal Myconian Hotel kicking off on the 1st of October until the 5th of O…

ZURICH and ATHENS, Greece, Sept. 17, 2021 /PRNewswire/ -- VIVA Investment Partners AG announces its 12th Annual Follow The Entrepreneur (FTE) Investor Summit FTE Mykonos 2021 at the Royal Myconian Ho… [+5664 chars]

Writing On The Pareto Frontier

  • johnswentworth
  • Published date: 2021-09-17 00:05:33

Published on September 17, 2021 12:05 AM GMTI have a personal rule: don’t write something which someone else has already written better.This is easier than it sounds. For instance, suppose I’m writing an intro to systems biology. I don’t need it to be the mos…

I have a personal rule: dont write something which someone else has already written better. This is easier than it sounds. For instance, suppose Im writing an intro to systems biology. I dont need i… [+5524 chars]

UN calls for facial recognition and artificial intelligence moratorium

  • None
  • Published date: 2021-09-17 00:00:00

None

<div class="body gsd-paywall article-body"><p>Following an artificial intelligence (AI) <a href="https://www.ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?NewsID=27469&amp;LangID=E" rel="noopener noreferrer" target="_blank">report</a> published by the United Nations (UN), UN High Commissioner for Human Rights Michelle Bachelet called for a moratorium on the sale and use of AI systems that pose a serious risk to human rights until safeguards are put in place. AI applications that cannot be used in compliance with international human rights law should be banned, Bachelet said.</p><p>The UN Human Rights Office report analyses how AI, including profiling, automated decision-making and other machine-learning technologies, affects people’s privacy rights. The report details how AI systems rely on large data sets, with information about individuals collected, shared, merged and analyzed in multiple ways. It also cites the risk posed by data breaches as a serious privacy issue.</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>“Artificial intelligence can be a force for good, helping societies overcome some of the great challenges of our times. But AI technologies can have negative, even catastrophic, effects if they are used without sufficient regard to how they affect people’s human rights,” Bachelet said.</p><p>The report calls for increased transparency from developers, marketers, operators and users of AI systems.</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> </div>

Raf Sanchez promoted to Global Head of Cyber Services at Beazley

  • None
  • Published date: 2021-09-17 00:00:00

None

<div class="body gsd-paywall article-body"><p>Raf Sanchez will <a href="https://www.beazley.com/news/2021/beazley_announces_new_global_head_of_cyber_services.html" rel="noopener noreferrer" target="_blank">join</a> the Global Cyber &amp; Tech Management Team as the Global Head of Cyber Services at Beazley, London market insurance and underwriting firm, leaving his current position as International Manager of Beazley Breach Response Services.</p><p>The organization created the Global Head of Cyber Services role to address risk management by utilizing data and technology. Paul Bantick, Global Head of Cyber &amp; Technology, said, “In his new role, Raf will direct global risk management and incident response functions.”</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>“This is a critical time for cyber risk; with an increasingly distributed workforce, well-funded and innovative adversaries and the challenge of fending off a barrage of constant attacks," said Sanchez, "I am excited to be taking on this new global leadership role.”</p><p>Congratulations!</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> </div>

Security cameras installed at all NYC subway stations

  • None
  • Published date: 2021-09-17 00:00:00

None

<div class="body gsd-paywall article-body"><p>The Metropolitan Transportation Authority (MTA) has recently installed security cameras at all 472 subway stations in New York City. Thousands of cameras have now been deployed systemwide.</p><p><a href="https://new.mta.info/press-release/mta-announces-security-cameras-installed-all-472-subway-stations" rel="noopener noreferrer" target="_blank">According to the MTA</a>, the initiative to expand security camera coverage was accelerated last year by Interim President of New York City Transit Sarah Feinberg, who identified a new class of cameras that could be deployed more quickly and inexpensively than traditional cameras. As a result, 200 stations of the 472 in the system have gained security camera coverage within the past year.</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>Security cameras used in the subway system come in two forms: Those that broadcast in real-time to the subway’s security center, and those that record locally and provide material that can be retrieved quickly to be used in the investigation of crimes. Some of the live cameras give New York City Transit the ability to spot suspicious packages and other activities that require a response.</p><p>“We at the MTA, together with the NYPD, are driven to deliver a safer and more high-level quality of life experience in the subway system and these cameras are a big part of that,” said MTA Chief Safety Officer Patrick Warren.</p><p>The MTA will continue to expand the placement of cameras throughout the system to optimize station coverage.</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> </div>

APT actors exploiting newly identified vulnerability in ManageEngine ADSelfService Plus

  • None
  • Published date: 2021-09-17 00:00:00

None

<div class="body gsd-paywall article-body"><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">According to a joint advisory released by multiple agencies, state-backed advanced persistent threat (APT) groups are likely among those exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021. </span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">The joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), United States Coast Guard Cyber Command (CGCYBER), and the Cybersecurity and Infrastructure Security Agency (CISA) to highlight the cyber threat associated with active exploitation of a newly identified vulnerability (CVE-2021-40539) in ManageEngine ADSelfService Plus—self-service password management and single sign-on solution.</span></p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">CVE-2021-40539, rated critical by the Common Vulnerability Scoring System (CVSS), is an authentication bypass vulnerability affecting representational state transfer (REST) application programming interface (API) URLs that could enable remote code execution.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">The FBI, CISA and CGCYBER assess that advanced persistent threat (APT) cyber actors are likely among those exploiting the vulnerability. The exploitation of ManageEngine ADSelfService Plus poses a severe risk to critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities that use the software.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Successful exploitation of the vulnerability allows an attacker to place webshells, which enable the adversary to conduct post-exploitation activities, such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files.</span></p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Jake Williams, Co-Founder and CTO at </span><a href="https://breachquest.com/" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">BreachQuest</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">, an Augusta, Georgia-based leader in incident response, explains, "While patching is important (and especially so with such a high impact vulnerability), organizations should note the frequent use of web shells as a post-exploitation payload. In this case, threat actors have been observed using web shells that were disguised as certificates. Thissort of activity should stand out in web server logs - but only if organizations have a plan for detection. Given that this will certainly not be the last vulnerability that results in web shell deployment, organizations are advised to baseline normal behavior in their web server logs so they can quickly discover when a web shell has been deployed."</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">The FBI, CISA and CGCYBER have reports of malicious cyber actors using exploits against CVE-2021-40539 to gain access [</span><a href="https://attack.mitre.org/techniques/T1190/" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">T1190</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">] to ManageEngine ADSelfService Plus as early as August 2021. The actors have been observed using various tactics, techniques, and procedures (TTPs), including:</span></p><ul style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"> <span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Frequently writing webshells [</span><a href="https://attack.mitre.org/techniques/T1505/003/" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">T1505.003</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">] to disk for initial persistence</span> </li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"> <span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Obfuscating and Deobfuscating/Decoding Files or Information [</span><a href="https://attack.mitre.org/techniques/T1027/" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">T1027</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"> and </span><a href="https://attack.mitre.org/techniques/T1140/" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">T1140</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">]</span> </li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"> <span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Conducting further operations to dump user credentials [</span><a href="https://attack.mitre.org/techniques/T1003/" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">T1003</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">]</span> </li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"> <span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Living off the land by only using signed Windows binaries for follow-on actions [</span><a href="https://attack.mitre.org/techniques/T1218/" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">T1218</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">]</span> </li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"> <span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Adding/deleting user accounts as needed [</span><a href="https://attack.mitre.org/techniques/T1136/" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">T1136</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">]</span> </li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"> <span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Stealing copies of the Active Directory database (NTDS.dit) [</span><a href="https://attack.mitre.org/techniques/T1003/003/" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">T1003.003</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">] or registry hives</span> </li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"> <span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Using Windows Management Instrumentation (WMI) for remote execution [</span><a href="https://attack.mitre.org/techniques/T1047" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">T1047</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">]</span> </li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"> <span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Deleting files to remove indicators from the host [</span><a href="https://attack.mitre.org/techniques/T1070/004/" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">T1070.004</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">]</span> </li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"> <span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Discovering domain accounts with the net Windows command [</span><a href="https://attack.mitre.org/techniques/T1087/002/" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">1087.002</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">]</span> </li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"> <span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Using Windows utilities to collect and archive files for exfiltration [</span><a href="https://attack.mitre.org/techniques/T1560/001/" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">T1560.001</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">]</span> </li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"> <span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Using custom symmetric encryption for command and control (C2) [</span><a href="https://attack.mitre.org/techniques/T1573/001/" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">T1573.001</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">]</span> </li> </ul><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Sean Nikkel, Senior Cyber Threat Intel Analyst at </span><a href="https://www.digitalshadows.com/" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">Digital Shadows</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">, a San Francisco-based provider of digital risk protection solutions, says, "The recently reported ManageEngine vulnerability is the fifth instance of similar, critical vulnerabilities from ManageEngine this year. Notably, these vulnerabilities are severe in that they allow either remote code execution or the ability to bypass security controls. Since the service interacts with Active Directory, giving attackers access can only lead to bad things, such as controlling domain controllers or other services. Attackers can then take advantage of "blending in with the noise" of everyday system activity. It's reasonable to assume that there will be more widespread exploitation of this and previous vulnerabilities given the interactivity with Microsoft system processes. The observation that APT groups are actively exploiting CVE-2021-40539 should highlight the potential exposure it might cause. If trends are consistent, extortion groups will likely seek exploitation for ransomware activity in the not-so-distant future. Users of Zoho's software should apply patches immediately to avoid the types of compromise described in the CISA bulletin."</span></p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> <p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Considering the amount of access and control these tools have, IT security teams must take immediate steps to remediate fully, says Yaniv Bar-Dayan, CEO and co-founder at </span><a href="https://vulcan.io/" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">Vulcan Cyber</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">, a provider of SaaS for enterprise cyber risk remediation. Bar-Dayan adds, "Zoho has a patch, but it is just a patch for one vulnerable component of what is a multi-layered, advanced persistent threat. Apply the patch, but also make sure to eliminate direct access to ManageEngine software from the Internet where possible. If APT groups get access to systems management tools, they get the keys to the kingdom. Move quickly."</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">The FBI, CISA, and CGCYBER are proactively investigating and responding to this malicious cyber activity. The </span><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">FBI, for instance, is leveraging specially trained cyber squads in each of its 56 field offices and CyWatch, the FBI's 24/7 operations center and watch floor, which provides around-the-clock support to track incidents and communicate with field offices across the country and partner agencies.</span><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"></span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">CISA also offers a range of no-cost </span><a href="https://www.cisa.gov/cyber-hygiene-services" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">cyber hygiene services </span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">to help organizations assess, identify, and reduce their exposure to threats. Organizations of any size could find ways to reduce their risk and mitigate attack vectors by requesting these services.</span><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"></span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">CGCYBER has deployable elements that provide cyber capability to marine transportation system critical infrastructure in proactive defense or response to incidents.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p><br></p><p><br></p><p><br></p></div>

Jeffrey Horn named Police Chief at Merced College

  • None
  • Published date: 2021-09-17 00:00:00

None

<div class="body gsd-paywall article-body"><p>Merced College has hired longtime Merced County law enforcement veteran Jeffrey Horn as their new police chief.</p><p>Horn, who attended Merced College as a student in 2005 and 2006, said he’s hoping to create a series of events and other opportunities for students and university staff to get to know their campus police officers.</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>Horn brings over 24 years of experience to his new position at the Merced, California university, having worked most recently as the Merced Police Department's administration sergeant. He will continue to serve as the department’s rangemaster and oversee firearms training.</p><p>“I am excited to be at Merced College, and grateful for the opportunity to work with students and staff to have a safe and enjoyable school year,” Horn said.</p><p>Congratulations!</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> </div>

8 tough questions to drive the right AppSec reporting solution and DevSecOps

  • Joanne Godfrey
  • Published date: 2021-09-17 00:00:00

None

<div class="body gsd-paywall article-body"><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Chief information security officers (CISOs) and their teams must have timely access to accurate and meaningful application security (AppSec) data to do their jobs effectively. This visibility is essential for reporting on the organization’s overall risk posture to the executive leadership and the Board of directors. It’s necessary to identify where the most significant AppSec risks lie, what to prioritize for remediation and to provide crucial forensic insight in the event of a breach. And it’s also the cornerstone to achieve DevSecOps.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">You can’t achieve DevSecOps unless everyone responsible for developing the product works from the same data set and can truly understand application security risks. CISOs, Chief Product Security Officers (CPSOs) and their teams must be able to communicate around AppSec risk with business unit (BU) leaders and product owners who, more and more, are being held accountable for the security of their products. And all these teams must collaborate with development leaders and DevOps teams, who work to highly rapid release cycles, and can no longer afford to be sidelined by security problems within the applications they are developing.</span></p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Specifically, security, product and development leaders must have visibility into issues such as:</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><ul style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">What is the state of our AppSec program? Where are the gaps, the most significant risks to the business, what should we prioritize for remediation?</span></li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Do we have 100% static application security testing (SAST), software composition analysis (SCA) and dynamic application security testing (DAST) scanning coverage for all our mission-critical applications in development? If not, do we have a plan to get there? </span></li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">What’s our progress in detecting and remediating vulnerabilities month over month? What are those vulnerabilities? Do they even matter? Are they systemic across teams?</span></li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">What are our top riskiest applications? Is there a problem with a specific application or DevOps team? Why is this happening? What’s the best way to address it? </span></li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Are we in compliance with regulations and with our own policies and service-level agreements (SLAs)? Can we track that?</span></li> </ul><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">But the current state of application security across most organizations means that answering these questions and gaining AppSec visibility is no easy task. In many organizations we work with, application security is becoming more decentralized, with DevOps teams now handling at least some AppSec scanning, often using the tools they select themselves. Moreover, we’re finding that AppSec scanning is still relatively immature and inconsistent in terms of coverage and the types of applications scanned, while the tools used are generating an unwieldy amount of disparate data. As a result, organizations are struggling to handle all their AppSec data and make sense of all it all, much less answer these questions accurately, in a timely fashion, and in an easily consumable format appropriate for the many audiences that need this insight.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><h3 style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">A Quick Fix vs. a Long-term Solution</span></strong></h3><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"> </span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Some security teams attempt to address this problem by centralizing all their existing vulnerability data in a business intelligence (BI) tool. It’s relatively quick and easy to do, cheap and probably adequate if all needed is a dashboard to showcase compliance with the AppSec program or a monthly overview report for the leadership team.</span></p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"> </span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">While such a BI dashboard may address some of the CISOs </span><em style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">immediate</span></em><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"> needs, it cannot provide a long-term foundation for risk reporting that is holistic, strategic, scalable or drives practical improvements in application security across the organization.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><ul style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"> <strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Accuracy</span></strong><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">: To produce an AppSec risk dashboard, BI tools need to ingest data from multiple tools – each with its own formatting, scoring and prioritization. Standard BI tools do not normalize data from various sources into a common risk framework or aggregate, correlate and compress related issues to remove noise and create an even playing field from which you can gain a clear – and accurate –picture of AppSec risk. Thus, for example, 100 instances of cross-site scripting in the same application component may be blown out of proportion, even though it’s only a single linked vulnerability. Attempting to undertake this normalization through custom scripting is a heavy lift requiring expertise and expertise with significant time on their hands.</span> </li></ul><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"> </span></p><ul style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"> <strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Scope: </span></strong><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">The structure of the modern enterprise, together with the shift to a more decentralized approach to application security and the demand for a more agile development process, will likely raise many questions – and conflicts - around ownership and inclusion in these reports. The most optimistic outcome is that the reports will be provided - siloed - for each business unit, which has its benefits but will not provide a comprehensive view of enterprise-wide risk, which is critical for the CISO, executive leadership team and the Board.</span> </li></ul><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><ul style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"> <strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Management &amp; Maintenance: </span></strong><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">AppSec is not static – it constantly changes together with the evolution of the company, the products it develops, its infrastructure, processes and tools. To provide an up-to-date view of AppSec risk, the BI tool’s data model must be</span><strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"> </span></strong><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">managed and maintained in real-time, in line with any changes across the organization. So, when a DevOps team starts using a new scanning tool or starts working on a new mission-critical application, adding this information to the BI tool must be quick and easy. </span> </li></ul><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><ul style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"> <strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Actionable:</span></strong><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"> BI-generated reports are just that, reports. They are not designed to drive triage and remediation efforts through workflows, automation, or self-service capabilities, which are a critical part of an App Sec program. </span> </li></ul><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"> </span></p><h3 style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Build The Right Foundation for Comprehensive AppSec Risk Reporting – 8 Questions to Ask</span></strong></h3><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Before attempting to build a solution for AppSec visibility internally, consider some of these questions: </span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><ol style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:decimal;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">What is the primary use for these reports: audits, corporate risk assessment, compliance (regulatory, internal), vulnerability management, patch management? Will the content and level of detail be tailored to each of the use cases?  </span></li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:decimal;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Who are the requestors and consumers of the reports? How will the reports be delivered?</span></li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:decimal;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Which business units and/or application teams will this reporting include? What are the criteria for inclusion?       </span></li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:decimal;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Do you know all the different types of reports needed? What are the required outputs? Who will define them?  </span></li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:decimal;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">How many applications does your company have, and how many different application security scanning tools are being used across the organization? </span></li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:decimal;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Will the reports cover all these applications and tools? Will reports be available on the individual components of the applications in addition to the aggregate business application?       </span></li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:decimal;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Is there a specific format for the scan data? Are APIs being utilized, and how automated is the ingestion process?   </span></li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:decimal;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Who is sponsoring, staffing and funding the internal reporting effort? </span></li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:decimal;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Has funding and staffing been allocated for ongoing maintenance and enhancements of the reports beyond the initial project?  </span></li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:decimal;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Will the reports foster a shared responsibility for AppSec and help drive remediation of any security issues? Will they map to the various stages of the software development life cycle (SDLC) with enough detail? Is sufficient guidance being provided to developers to identify, prioritize and remediate vulnerabilities? Can the reports compare outputs from different AppSec tools? Can reports highlight bad coding practices within or across Development teams to identify training and development opportunities?   </span></li> </ol><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">As you go on the journey to DevSecOps, make sure you have the right solution that can deliver the level of visibility into AppSec risk that the CISO requires, together with the critical reports needed to drive shared responsibility, accountability and effective AppSec remediation throughout your organization.</span></p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> <p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"></p></div>

Misconfigured APIs make up two-thirds of cloud breaches

  • None
  • Published date: 2021-09-17 00:00:00

None

<div class="body gsd-paywall article-body"><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Shadow IT and misconfigured application programming interface (APIs) accounted for the vast majority of security incidents in the cloud last year, according to the </span><a href="https://www.ibm.com/downloads/cas/WMDZOWK6" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">2021 IBM Security X-Force Cloud Threat Landscape Report.</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"> In particular, the report revealed that two-thirds of the incidents studied involved improperly configured APIs.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">This year, IBM augmented the 2020 report with new and more robust data spanning Q2 2020 through Q2 2021. Data sets used include dark web analysis, IBM Security X-Force Red penetration testing data, IBM Security Services metrics, X-Force Incident Response analysis and X-Force Threat Intelligence research. These multiple data sources help better understand how threat actors are getting into cloud environments, what types of malicious activity are pursued once they’re inside and how organizations can prepare and react to security incidents involving their cloud environments more effectively.</span></p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <h3 style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></h3><h3 style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Cloud Environments Need to Be Better Secured</span></strong></h3><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Cloud accounts/resources on the dark web.</span></strong><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"> There is a thriving dark web market for public cloud access, with advertisements for tens of thousands of cloud accounts and resources for sale. In 71% of cases, threat actors offered Remote Desktop Protocol (RDP) access to cloud resources, enabling attackers to have direct access and conduct malicious activity. In some cases, account credentials to access cloud environments were being sold for a few dollars.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Passwords &amp; Policies</span></strong><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">: The vast majority of X-Force Red penetration tests of cloud environments found issues with either passwords or policies.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Hardening systems</span></strong><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">: Based on X-Force research, two-thirds of breaches to cloud environments would likely have been prevented by more robust hardening of systems, such as properly implementing security policies and patching systems.</span></p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Vulnerabilities in cloud-deployed applications surge</span></strong><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">: Almost half of the more than 2,500 disclosed vulnerabilities in cloud-deployed applications recorded to date were disclosed in the last 18 months. While some of this growth can be attributed to better tracking (cloud vulnerabilities were added to MITRE’s CVE standards in January 2020), this steep growth emphasizes the importance of closely managing </span><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">this growing risk as more vulnerabilities are exposed.</span></p><h3 style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></h3><h3 style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Threat Actors Target Cracks in the Armor</span></strong></h3><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Public API policies </span></strong><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">represented a significant security gap. Two-thirds of the incidents analyzed involved improperly configured Application Programming Interface (APIs) based on analysis of X-Force Incident Response data of impacted clients. </span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Michelle McLean, Vice President at </span><a href="https://salt.security/" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">Salt Security</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">, a Palo Alto, Calif.-based provider of API security, says, “APIs are the heart of applications, powering business functionality and serving up data. In the current Q3 </span><a href="https://salt.security/api-security-trends" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">State of API Security report</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">, Salt Labs found that API traffic had increased 141% in the past six months while malicious API traffic increased a whopping 348%. And 94% of respondents had experienced an API security incident in the past 12 months.</span></p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> <p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">“Perhaps the clearest indicator that this market has reached a tipping point comes in recent Gartner research. In its August 25, 2021, </span><a href="https://salt.security/blog/api-security-tipping-point-gartner-just-created-the-category" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">report entitled “Advance your PaaS Security,”</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"> Gartner modified its long-standing security reference architecture to add a distinct pillar dedicated to API security. For years, Gartner noted three components to securing services:</span></p><ul style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">WAF, WAAP, API gateway, and CDNs for edge security</span></li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">CWPP for data-plane security</span></li> <li style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; list-style-type:disc;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">CSPM for control-plane security</span></li> </ul><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">“Over those years, Gartner nested API security under the WAF/WAAP pillar. In its verbiage, the firm would acknowledge that some organizations might need dedicated API security. But the “picture” didn’t show it separately. By adding API security as a standalone core element of this security reference architecture, Gartner has acknowledged that protecting APIs requires dedicated API security tooling.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">“This explosive growth in the API security market brings both good news and bad news for buyers. On the upside, customers gain choices, and competition should improve product capabilities. On the downside, separating signal from noise gets harder as the noise gets louder and more voluminous, so organizations will need to dig in and better evaluate both the technical capabilities as well as the customer penetration and success each platform delivers.”</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">In addition, one of the top attack vectors X-Force observed targeting cloud was threat actors </span><strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">pivoting from on-premises environments into cloud environments</span></strong><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">. This lateral movement was seen in almost a quarter of incidents X-Force responded to in 2020.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">IBM estimates that over half of breaches to cloud environments occurred due to “</span><strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">shadow IT</span></strong><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">,” emerging via unauthorized systems spun up against security policies that likely lacked vulnerability and risk assessments, as well as hardened security protocols.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Cryptominers and ransomware remain the top dropped malware</span></strong><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"> into cloud environments, accounting for over half of detected system compromises based on the data analyzed. Threat actors continue to pursue clouds in their malware development, with new variants of old malware focusing on Docker containers and new malware written in programming languages, like Golang, that run cross-platform.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"> APIs are silently but rapidly becoming one of the most critical pieces of the software supply chain, says Setu Kulkarni, Vice President, Strategy at </span><a href="https://www.whitehatsec.com/" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">NTT Application Security</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">, a San Jose, Calif.-based application security provider. He adds, “Organizations are now one vulnerable API call away from a potential major breach. An underlying challenge that gets obscured is that APIs today are facades to legacy systems that were never designed to be online or used in an integrated B2B or B2C setting. By creating an API layer, these legacy transactional systems are enabled to participate in digital transformation initiatives. This pattern of API enablement of legacy systems creates security issues which otherwise would not have been issued in the controlled trusted zones the legacy systems were designed to operate in.”</span></p></div>

Port Canaveral awarded $1.4 million for security enhancements

  • None
  • Published date: 2021-09-17 00:00:00

None

<div class="body gsd-paywall article-body"><p>The Canaveral Port Authority has been awarded $1.392 million in federal and state funding to strengthen Port security operations.</p><p>Brevard County, Florida's Port Canaveral was one of nearly 50 U.S. ports that received grants through the Federal Emergency Management Agency (FEMA) $100 million Port Security Grant Program (PSGP), which awards grants on a competitive basis each year to support the building, sustainment and delivery of core capabilities of Ports, facility operators and state and local government agencies.</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>In addition to $1.1 million in federal funds, the Port has also been awarded $288,000 in state-supported port security grant funding from the 2021 Florida Seaport Transportation and Economic Development (FSTED) program. </p><p>Port Canaveral will use the grant funding to enhance the Port’s physical and cybersecurity posture and operational readiness with technology upgrades and new equipment to mitigate potential failures and reduce vulnerabilities.</p><p>“Port safety and security is a primary mission of Port Canaveral. Our operations are diverse and continuous, and our close proximity to the surrounding community adds complexity to our environment,” said Port CEO Capt. John Murray. “Grants like these are important funding to help us employ new resources and latest technologies to augment our security measures.”</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> </div>

Anticipating and resolving conflict in the workplace

  • Patricia Coureas
  • Published date: 2021-09-17 00:00:00

None

<div class="body gsd-paywall article-body"><p>Businesses re-opening after many months of COVID-19 related restrictions are beginning to shift the focus of their security concerns to the potential threat of conflict in the workplace. While tensions or disagreements may be part of any work setting, identifying the warning signs and responding appropriately can prevent conflict from escalating into something more dangerous.</p><p>Among those most dramatically impacted by workplace violence are workers in the healthcare community, with the Occupational Health &amp; Safety Administration (OSHA) designating workplace violence a “recognized hazard” for all healthcare organizations. Furthermore, The Joint Commission (TJC), which provides hospital accreditation, is recommending changes to its standards to address workplace violence that, if approved, would require preventive measures to take effect as early as January of 2022. TJC’s proposal requires an annual assessment of policies, procedures and education, including de-escalation training techniques and strategies to help prevent conflict from igniting into workplace violence that is defined as including verbal and non-verbal actions, threats and intimidation.  </p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>Although workers in other industries may face fewer or different risks related to workplace violence than those in the healthcare community, the acknowledgement and formal recognition that workplace violence is an urgent problem represents an important trend other organizations would be wise to consider as they evaluate the potential threat posed to their employees, visitors and customers. Those working in fields such as education, transportation and retail may face elevated risk as well, but the potential exists in any work environment for conflict to escalate into aggressive or violent behavior unless you know the warning signs and how to address them. </p><p>Having worked on crime problems that pose major threats to the U.S. in my past, I understand how violent crime can paralyze entire communities and strain state and local law enforcement resources. In addition, I see huge value for companies to recognize this trend and begin to give it priority, not only to prevent violent workplace incidents, but to create more positive and productive environments where people can best contribute, collaborate and thrive with the added benefit that organizations will be helping to create safer communities across the country.</p><p>Security and other business leaders who are aware of how team members interact with each other verbally, through emails and during meetings can look for red flag warnings that can signal a conversation or encounter might be spiraling in the wrong direction or out of control.</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p>Conflict management and team dynamics experts at <a href="https://www.resologics.com/conflict-warning-signs" rel="noopener noreferrer" target="_blank">Resologics</a> have assembled a helpful list of some of the most common warning signs that a problem might be developing. </p><ol> <li>Dysfunctional meetings that devolve into gripe sessions instead of positive gatherings to brainstorm with one or two people repeatedly dominating the discussion while others appear annoyed or distracted.</li> <li>Productivity slowdowns by a usually high-tempo worker who starts to perform or behave differently can be cause for concern.</li> <li>Anger or over-the-top reactions are reasons to take notice, especially if anyone seems easily triggered or overly emotional. Anxiety brought on by the stresses of the pandemic can compound the frustrations people are feeling, but anger is rarely the response for a first time or one-off upset and requires immediate attention.</li> <li>Inappropriate communications by someone consistently using rude or disrespectful language during meetings, interpersonally or in e-mails can indicate issues that need to be addressed quickly.</li> <li>Cliques forming that go beyond healthy or established employee work teams can create a sense of exclusion that may lead to disagreements that can escalate.</li> <li>Distrust may develop when a feeling of skepticism dominates a team’s project or management’s ability, eroding the trust that is so essential to any team environment. </li> </ol><p>No two situations are exactly the same, but when faced with intervening during a conflict, the best first step is to completely understand the situation and all points of view, so the actions that follow can be most effective and have a positive impact.  </p><ul> <li>Acknowledge the concerns or frustrations of the person or people involved in the conflict. Make your initial goal to come to some agreeable resolution in a few hours. This may not always happen, but it’s important to set that as the objective.</li> <li>Establish guidelines and ground rules for the conversation. This will vary depending upon the situation.</li> <li>Remain neutral by not judging, agreeing or disagreeing with any side. Patiently allow everyone to talk and express their point of view. </li> <li>Avoid using coercion or intimidation to direct a specific outcome.</li> <li>Focus on the problems, not any one incident that may have occurred.</li> <li>Act decisively so that the person who is experiencing conflict knows what is going to happen next. </li> </ul><p>De-escalation training is an important part of any comprehensive risk assessment and workplace violence prevention program that should also include having a robust, monitored electronic security system in place. </p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> <p>Prioritizing a comprehensive workplace violence prevention program in your organization is key to providing a safe, healthy workplace. Implementing prevention measures in the workplace before a violent incident occurs can help prevent conflict from turning into a crisis that results in lost productivity, brand erosion or worse, injury or the loss of life.</p></div>

The Beginner’s Guide to Crypto Business Ideas

  • Lars Lofgren
  • Published date: 2021-09-16 22:00:00

20% of US adults, around 46 million people, say they would make a purchase with cryptocurrency.  While many ideas for crypto businesses center on creating, exchanging, or brokering different digital currencies, it’s possible to build a crypto business in any …

20% of US adults, around 46 million people, say they would make a purchase with cryptocurrency.  While many ideas for crypto businesses center on creating, exchanging, or brokering different digital… [+12169 chars]

Implanted atoms create unique electrical IDs that distinguish bona fide devices from forgeries

  • Science X staff
  • Published date: 2021-09-16 16:02:04

If someone sells you a luxury handbag from Paris, France, but it turns out be a forgery from Paris, Texas, the counterfeit item might cost you a thousand bucks and the crook could wind up in jail. But if a counterfeit electronic device gets installed in a car…

If someone sells you a luxury handbag from Paris, France, but it turns out be a forgery from Paris, Texas, the counterfeit item might cost you a thousand bucks and the crook could wind up in jail. Bu… [+6116 chars]

Elissa Murphy Joins GlobalFoundries Board

  • None
  • Published date: 2021-09-16 13:00:00

MALTA, N.Y., Sept. 16, 2021 /PRNewswire/ -- GlobalFoundries (GF) today announced Elissa Murphy is joining the company's board of directors with immediate effect as an independent director. Currently a vice president of Engineering at Google, Ms. Murphy previo…

MALTA, N.Y., Sept. 16, 2021 /PRNewswire/ -- GlobalFoundries (GF) today announced Elissa Murphy is joining the company's board of directors with immediate effect as an independent director. Currently… [+2467 chars]

A Smart Use for Doping: Implanted Atoms Create Unique Electrical IDs That Distinguish Bona Fide Devices From Forgeries

  • Pamela L Corey
  • Published date: 2021-09-16 12:00:00

If someone sells you a luxury handbag from Paris, France, but it turns out be a forgery from Paris, Texas, the counterfeit item might cost you a thousand bucks and the crook could wind up in jail. But if a counterfeit electronic device gets installed

If someone sells you a luxury handbag from Paris, France, but it turns out be a forgery from Paris, Texas, the counterfeit item might cost you a thousand bucks and the crook could wind up in jail. Bu… [+6053 chars]

NHS Scotland's cyber security agency becomes first tenant at Dundee cyberQuarter - Insider.co.uk

  • John Glover
  • Published date: 2021-09-16 11:04:00

tenant at dundee,nhs scotland's cyber,cyber security agency,abertay's bell street,centre,scotland's cyber security,abertay university,scotland's health services,dundee cyberquarter insider.co.uk,nhs requires security,£18m research,space at abertay's,nss

NHS Scotlands cyber security agency has been confirmed as the first tenant for the new cyberQuarter at Abertay University in Dundee, bringing around 30 new jobs. NHS National Services Scotland (NSS)… [+1973 chars]

Sophos home review: Antivirus software to protect all your private information

  • Ian Evenden
  • Published date: 2021-09-16 11:00:31

From web protection to parental controls, we try out both the free and premium antivirus software programs from Sophos Home

British software company, Sophos, has been producing computer security software since 1985, so should know a thing or two about producing an antivirus program. And the brands home programme is a refr… [+7497 chars]

DDoS Attacks: A Flourishing Business for Cybercrooks – Podcast

  • None
  • Published date: 2021-09-16 09:00:00

Imperva’s Peter Klimek on how DDoS attacks started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee,

<div class="c-article__content js-reading-content"> <p>Distributed denial-of-service (DDoS) started out as an inconvenience: They were a roadblock that kept customers from getting at systems.</p> <p>That’s bad enough. Keeping availability away from customers via DDoS can have a painful impact on businesses as they find their doors blocked to customers, keeping them from making transactions.</p> <p>But over the years, <a href="https://www.imperva.com/resources/resource-library/reports/ddos-threat-landscape-report/" rel="sponsored,nofollow">DDoS attacks have evolved</a> regarding level of sophistication, metrics and the techniques that threat actors employ.</p> <p><a href="https://threatpost.com/infosec-insider-subscription-page/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=InfosecInsiders_Newsletter_Promo/" target="_blank" rel="noopener"><img loading="lazy" class="aligncenter wp-image-168544 size-full" src="https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/10165815/infosec_insiders_in_article_promo.png" alt="Infosec Insiders Newsletter" width="700" height="50"></a></p> <p>According to Peter Klimek, director of technology in the office of the CTO at Imperva, DDoS attacks have blossomed into what he calls a huge business for cybercriminals. “Looking at it from a business perspective, that’s really the big impact and are why businesses should start considering DDoSes as “a consistent and persistent threat.”</p> <p>“As a whole, there’s really a low barrier to entry in order to actually perform the [DDoS] attack itself,” he said. “And there’s a high capacity for damage or a high potential for it leading to damage.”</p> <p>Take the services known as booters, aka stressors: “They can be had and used for as little as the price of a cup of coffee,” Klimek observed, and “Even a small scale DDoS attack can cause disruption.”</p> <p>Because of the low technical acumen that’s required to launch lower-scale attacks, a poorly defended network can be taken down “for as little as a hundred dollars.”</p> <p>Klimek visited the Threatpost podcast recently to discuss the evolution of DDoSes and other trends that he and his team have unearthed.</p> <p>Listen to the full podcast below, or <a href="https://traffic.libsyn.com/digitalunderground/091321_Imperva_sponsored_podcast_mixdown.mp3" target="_blank" rel="noopener">download it directly here</a>.</p> <p></p><div class="c-video-container"><iframe loading="lazy" style="border: none" height="360" scrolling="no" src="//html5-player.libsyn.com/embed/episode/id/20474888/height/360/theme/legacy/thumbnail/yes/direction/backward/" width="100%"></iframe></div> <p><b>It’s time to evolve threat hunting into a pursuit of adversaries. </b><a href="https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=September_Cybersixgill_Webinar"><b>JOIN</b></a><b> Threatpost and Cybersixgill for </b><a href="https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=September_Cybersixgill_Webinar"><b>Threat Hunting to Catch Adversaries, Not Just Stop Attacks</b></a><b> and get a guided tour of the dark web and learn how to track threat actors before their next attack. </b><a href="https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=September_Cybersixgill_Webinar"><b>REGISTER NOW</b></a><b> for the LIVE discussion on September 22 at 2 PM EST with Cybersixgill’s Sumukh Tendulkar and Edan Cohen, along with researcher and vCISO Chris Roberts and Threatpost host Becky Bracken.</b></p> <footer class="c-article__footer"> <div class="c-article__footer__container"> <div class="c-article__footer__col"> <a href="#discussion" class="c-button c-button--secondary">Write a comment</a> </div> <div class="c-article__footer__col"> <div class="c-article__sharing"> <p><strong>Share this article:</strong></p> <nav class="c-nav-sharing"> <div class="social-likes social-likes_notext" data-title="DDoS Attacks: A Flourishing Business for Cybercrooks – Podcast" data-url="https://threatpost.com/ddos-attacks-a-flourishing-business-for-cybercrooks-podcast/169473/" data-counters="no" data-zeroes="yes"><div class="facebook" title="Share via Facebook"></div> <div class="twitter" title="Share via Twitter"></div><div class="linkedin" title="Share via LinkedIn"></div> <div class="reddit" title="Share via Reddit"></div> <div class="flipboard" title="Share via Flipboard"></div> </div> </nav> </div> </div> </div> <div class="c-article__footer__container"> <div class="c-article__footer__col"></div> <div class="c-article__footer__col"> <ul class="c-list-categories"> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/podcasts/">Podcasts</a></li> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/sponsored/">Sponsored</a></li> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/web-security/">Web Security</a></li> </ul> </div> </div> </footer> </div>

Smashing Security podcast #243: Breaking news, Apple zero-clicks, and bad blood

  • Graham Cluley
  • Published date: 2021-09-16 00:04:40

A Walmart press release says it's jumping aboard the cryptocurrency bus - but is it true? Theranos's Elizabeth Holmes goes on trial, and have you updated your Apple gadgets to protect against the latest NSO Group spyware attack? All this and much more is dis…

A Walmart press release says its jumping aboard the cryptocurrency bus but is it true? Theranoss Elizabeth Holmes goes on trial, and have you updated your Apple gadgets to protect against the latest … [+1536 chars]