Tag: Vulnerability Management

Socura Launched New Managed Vulnerability Scanning Service

Posted on by admin

Socura has launched a new Managed Vulnerability Scanning (MVS) service. The MVS service from Socura is developed to assist clients in identifying potential vulnerabilities and misconfigurations across all on- and off-premises systems, including their local network, cloud applications, web applications, and mobile devices.

The service enables users to prioritize their remediation efforts while adhering to cyber security regulations and resolving security issues. The MVS service provides continuous vulnerability identification and mitigation and can run on-demand or on a schedule. It will assist Socura’s SOC team in limiting the success of attempted cyber-attacks.

Andrew Kays, CEO of Socura, commented, “Our MVS service empowers our customers to be more focused when protecting their IT assets, allowing them to focus their efforts in areas that will make the greatest difference. The data from our MVS tools will also feed into the SOC to help our team understand potential customer weaknesses, how to mitigate them, and ultimately ensure they are well protected. This is more important than ever, with vulnerabilities evolving as systems are updated, and new attack techniques becoming available”.

The MVS’s insights will improve Socura’s SOC capabilities by giving its analysts more context, which they can use to protect customer environments and set the order of importance for attack surface reduction initiatives. The advanced MVS service will provide customers with a full breakdown and prioritization of vulnerabilities, as well as an analysis of their potential impact and actionable insights for internal teams’ defensive efforts.

MVS is available for customers with two levels of service. Under the standard service, Socura will deploy the vulnerability scanning platform for clients, including setup, management, onboarding, scanning, and regular reporting. The advanced MVS service also includes an assessment of MVS scan results by Socura’s SOC team.

Socura’s MVS service includes features such as continuous vulnerability scanning and management, new asset discovery across the IT estate, monthly vulnerability reports, identification, and evaluation of vulnerabilities, including any threats that may exploit them, and actionable insights from Socura’s expert SOC analyst team.

WhiteSource Launched Spring4Shell Detect

Posted on by admin

WhiteSource Spring4Shell Detect, a free command-line interface (CLI) tool that swiftly searches projects for susceptible open-source libraries for CVE-2022-22965, also known as Spring4Shell, was released today by WhiteSource, a leader in application security. Spring4Shell is a remote code execution (RCE) vulnerability in Spring, one of the most widely used open-source Java frameworks today. While we are still learning about this vulnerability, its impact is anticipated to be comparable to that of Log4j, and it has a severity level of 9.8. WhiteSource’s free developer tool, which is currently accessible on GitHub, gives developers the exact path to direct and indirect dependencies, as well as the patched version, so they can fix them quickly.

Increasing the possibility of global prevalence and risks because of this zero-day vulnerability, WhiteSource advises companies to take the following steps to resolve and avoid future incidents:

  • Upgrade to the most recent version of Spring Framework if you have any vulnerable versions. Use tools like WhiteSource Renovate to update your libraries automatically with the most recent updates.
  • Inventory your whole program list to find all CVE-2022-22965 instances. WhiteSource’s free detection tool can help with this.
  • For each program in your environment, create a software bill of materials (SBOM). An SBOM gives you access to your whole software attack surface, including direct and indirect dependencies, and allows you to respond fast to vulnerability announcements.

The CEO at WhiteSource, Rami Sass, stated, “Organizations and security teams must approach Spring4Shell with the same attention and urgency they did with the recent Log4j vulnerability. This vulnerability highlights the importance of a proactive approach to software security and the need for more automated application security to be baked into the development lifecycle. Ensure you are handling your technical debt, and update.”

With over several downloads, WhiteSource Renovate automatically uploads prerequisites and has found and mitigated the Spring4Shell vulnerability for large numbers of businesses.

AVL and Cybellum Provide Automated Vulnerability Management!

Posted on by admin

With the rising scale and complexity of vehicle software, also known as the “data center on wheels,” attack surfaces and cyberattacks in the automotive industry are increasing.  AVL and Cybellum provide automated vulnerability management aimed at meeting these new challenges that the automotive industry is facing, such as driving innovation and accelerating development in the face of constant cyber threats and increased regulatory pressure. To accomplish this, Cybellum’s Product Security Platform will be integrated into AVL’s Cyber Security Ecosystem.

The Cybellum Product Security Platform continuously scans vehicle software for security flaws and data breaches, dealing with uncertainty from design to post-production. Cybellum’s Cyber Digital TwinsTM system enables programmers with a blueprint of the software in their product components, allowing them to quickly identify vulnerabilities.

“We are excited about this partnership,” says Gianluca Vitale, Global Business Segment Manager at AVL.”The combination of AVL’s and Cybellum’s toolchains enables our customers to efficiently manage vulnerabilities within many software versions for different control units all the way down to a single-vehicle variant. We can offer our customers an optimal solution for safeguarding their certification-relevant processes. We cover the entire process from development to calibration to release deployment within each single vehicle variant.”

AVL and Cybellum’s joint offering allows vehicle manufacturers and component suppliers to set up the vehicle and component-related security projects, automate risk assessment and mitigation, and oversee work related to certification across the value chain. The combination of AVL CRETATM and Cybellum’s Product Security Platform permits customers to perform vulnerability detection governance across application systems and parameter sets generated during development, production, or even vehicle fleet deployment.

Eddie Lazebnik, Global Partnerships Director at Cybellum, “We are delighted to partner with AVL. AVL’s vast know-how, experience, and product offering coupled with Cybellum’s expertise and a lifecycle approach to cybersecurity is a force multiplier for our customers. Together, we will enable manufacturers and their suppliers to build quality automotive products that will be secure and compliant from design to post-production.”

What is IoT Security?

Posted on by admin

The entire world has stepped into the digital bubble. Cell phones are popular, tablets have substituted spiral notebooks in classrooms, and industries have created cutting-edge technology such as self-driving cars.

Everything appears to be interconnected, especially in the corporate world. Because of the compact design, low profile, and capabilities, the IoT devices dominate the corporate environment and are being used by an insider, making them a formidable tool to avoid traditional security defenses focused on external and recognized threats. 

Infosecurity Outlook experts stated that the term IoT is increasingly making its way into everyday use. However, the internet of things (IoT) has become so large that security development has had to keep up.

IoT security is a technology that helps secure IoT-connected devices and networks. It is the practice of keeping IoT systems safe. IoT security tools help protect IoT devices against threats, identify, and monitor vulnerabilities, also assist in the remediation of flaws. The IoT solution’s availability, integrity, and confidentiality are all ensured by IoT security. If devices are not well secured, allowing them to connect to the internet exposes them to a range of dangers.

The advantages of IoT are evident, but high-profile cyberattacks, combined with uncertainties about security best practices and their related costs, prevent many organizations from utilizing it. Similarly, end-users are concerned about the repercussions of IoT security vulnerabilities.

Although cybercriminals can misuse information at various locations within an IoT platform, from corporate servers to cloud storage, it means you shouldn’t abandon your work tablet in favour of a pen and paper, but simply that you must prioritize IoT security. 

Nevertheless, users can apply a few best methods to prevent threats:

  • Keep track of mobile devices update your antivirus software automatically.
  • Strong login credentials should be mandatory.
  • Install end-to-end encryption.
  • Set up device and software updates regularly. 
  • Choose an expert cybersecurity provider
  • Set up a strict access control policy for APIs.

Conclusion

In addition to security protocols, users should be aware of emerging technology advancements. Recently, IoT security is considered on a priority basis. Research into how to secure specific businesses, monitor IoT-related dangers, and prepare for future game-changers like 5G is ongoing. Users must understand that because the Internet of Things is a dynamic and evolving industry, its security will need to evolve and adapt over time. It also makes sure that the company’s, data, and processes are safe as you develop your IoT network.

Free Risk Assessment Helps Secure Organizations From Cyberattacks

Posted on by admin

Legit Security, a cyber security business with an enterprise SaaS platform to protect an organization’s software supply chain, finally launched a free Rapid Risk Assessment to help organizations actively reduce the risk of debilitating software supply chain cyberattacks. The free risk assessment gives businesses rapid visibility into vulnerabilities in their software supply chain, as well as suggestions on where to best invest security resources and technologies to prevent future attacks. 

Software supply chain threats target an organization’s internal software development supply chain, introducing vulnerabilities and backdoors into the software, which are subsequently passed on to unwitting customers, exposing them to a powerful and dangerous multiplier effect. According to information from several governments, businesses, and security vendor sources, software supply chain threats have increased year over year.

The Rapid Risk Assessment is a free service that employs Legit Security’s SaaS-based security platform to perform automated discovery and analysis of an organization’s software supply chain environment to find vulnerabilities, misconfigurations, and security events. Risk assessments can be set up in minutes using an agentless connection, and they are non-invasive, requiring no changes to development tools or workflows. Depending on the scale of the environment, typical assessments might take anything from a few minutes to two hours to complete. This automated scan looks for weaknesses and breaches in software delivery pipelines, as well as the security posture of systems and infrastructure deployed within those pipelines, the people who work within them, and their security hygiene.

The Microsoft Azure Marketplace now has Orca Security

Posted on by admin

Orca Security has launched the Orca Cloud Security Platform now available in the Microsoft Azure Marketplace, an online store that sells apps and services for Azure. Customers of Orca Security may now get the comprehensive cloud security they need while leveraging the productive and trusted Azure cloud platform, all while reducing setup and administrative time.

The Orca Cloud Security Platform combines numerous technologies into a single solution for detecting and prioritizing cloud security issues in all Azure workloads, as well as providing comprehensive visibility into an organization’s entire cloud estate without the use of agents or fragmented tools. The one platform offers workload and data protection, cloud security posture management, cloud infrastructure entitlements management (CIEM), vulnerability management, and compliance management capabilities, and is powered by Orca SideScanningTM technology. Orca Security can detect attack chains including dangerous combinations by merging all of these features into a single platform and data architecture. An infected workload that can adopt a high-privileged instance role, providing access to a database with PII, for example, is a high-priority target for a timely recovery.

Orca Security has also extended the CIEM solutions as a critical component for modern cloud security platforms. Orca Security now monitors all identities, roles, groups, permissions, and rules implemented in a public cloud environment and informs people of any violations of best practices in identity management.

Artera Partners With Deepwatch to Secure Its Infrastructure

Posted on by admin

Deepwatch declared Artera Services has chosen Deepwatch’s MDR solution to secure its operations.

Artera is a leading provider of comprehensive vital and critical infrastructure services in the United States, providing maintenance and construction to energy utilities, infrastructure businesses, municipalities, and cooperatives.

Artera began investigating MDR providers in 2021 to reduce the risk of business and consumer disruption. Artera chose Deepwatch for its MDR service, which includes 24/7/365 monitoring with a named squad of experts and integrations with security tools such as Splunk Enterprise and leading endpoint detection and response (EDR), vulnerability management, and firewall solutions, after evaluating several MSSP and MDR providers with the help of their trusted VAR partner, Defy Security.

Director of cyber security at Artera Services, Sean Fuller said, “The transfer of assets, data, and resources is complex, and requires expert-level integration to ensure business continuity and reliability are continuous for our utility customers. It’s very important that I’m able to determine when we are under attack. And that’s where the partnership with Deepwatch comes in. When something does happen, we are in a good position to respond to it, minimize the impact to the company, and restore our security posture as quickly as possible.”

Artera turned to Deepwatch after looking for an MDR supplier that could integrate with their preferred SIEM, Splunk. Artera now has Splunk Enterprise integrated and tailored to provide only high-priority warnings to their tiny in-house team, thanks to Deepwatch’s MDR solution. Through the Deepwatch platform, Artera has complete visibility across the whole security environment, thanks to this integration and powerful endpoint detection and response.

CEO at Deepwatch, Charlie Thomas said, “The security requirements Artera Services has as a supplier for the critical infrastructure and energy sectors are complex. Our mission is to help customers like Artera stay ahead of threats and mitigate risks that could impact its business and their customers’ businesses, which provide energy and utility services to consumers across the United States. Our named squad of security experts gives Artera an extended security team that monitors systems around-the-clock to protect Artera’s service reliability.”

“Artera’s requirements for advanced managed detection and response, including the ability to use a best-in-class security technology stack, led us to recommend Deepwatch. The ability to push data into the Splunk SIEM that was stood up immediately and managed by Deepwatch is a game-changer for Artera, and gives their in-house team opportunities to work on other strategic security projects,” said Justin Domachowski, president and founder of Defy Security.

SECURITY ANALYTICS

Posted on by admin

 

Security analytics is a method of threat detection and security monitoring that employs data collecting, aggregation, and analysis technologies. Security analytics technologies enable organizations to evaluate security events to discover possible attacks before they have a detrimental impact on the company’s infrastructure and bottom line.

To detect, evaluate, and mitigate internal risks, as well as persistent cyberthreats and targeted attacks from external bad actors, security analytics integrates big data skills with threat intelligence.

Cybersecurity analytics are significant because they allow IT, security teams to take control of cybersecurity monitoring. Security analytics can help your organization get insight across its whole IT ecosystem, enabling faster threat detection and the automation of more manual security activities.

The Role of Security Analytics

Security analytics is a developing field with a lot of potential for enterprises that want to remain on top of vulnerabilities and stay one step ahead of cybercriminals.

A number of factors are driving the expansion of security analytics, including:

Transitioning from protection to detection: Hackers deploy a variety of attack strategies to exploit numerous vulnerabilities. For months, certain risks can go undiscovered. Security analytics systems can monitor common threat trends and send notifications when anomalies are identified.

A unified perspective of the enterprise: Security analytics organizes data in such a way that it can be viewed in real-time as well as in the past. This enables smarter planning, faster resolution, and better decision-making by providing a unified view of risks and security breaches from a central console.

Seeing outcomes and getting a return on investment: IT teams are under increasing pressure to convey their findings to senior management and stakeholders. Security analytics enables analysts to quickly identify risks and respond to security breaches by providing time-to-resolution metrics and fewer false positives.

 

BENEFITS OF SECURITY ANALYTICS

Organizations benefit from security analytics technologies in numerous ways:

1. Early detection and response to security incidents. To detect threats or security issues in real-time, security analytics solutions analyze data from a variety of sources, connecting the dots between various events and alerts. The security analytics software does this by analyzing log data, combining it with data from other sources, and identifying correlations between events.

2. Adherence to regulatory standards. Compliance with government and industry laws is a primary motivation for security analytics technologies. Security analysis tools integrate a wide range of data types to give companies a single, unified view of all data events across devices, as required by regulations like HIPAA and PCI-DSS.

3. Improved forensics capabilities. For performing forensic investigations into occurrences, security analytics technologies are extremely useful. Security analytics tools can reveal the source of an attack, how a compromise occurred, what resources were affected, what data was lost, and more, as well as a timeline for the incident. Being able to recreate and analyze an incident might assist to inform and enhance organizational defenses in the future, ensuring that similar incidents do not occur.

Uses of SECURITY ANALYTICS

From boosting data visibility and threat detection to network traffic analysis and user behavior tracking, security analytics offers a wide range of applications. The following are some of the most common security analytics use cases:

  • Employee monitoring
  • Detecting data exfiltration by attackers
  • Detecting insider threats
  • Identifying compromised accounts

Above all, through the correlation of actions and alarms, security analytics aims to turn raw data from various sources into actionable insights in order to identify situations that require prompt attention. Security analytics technologies do this by adding a critical filter to the massive amounts of data provided by people, apps, networks, and other security solutions.

HUMAN Bot Insights Services Secures Companies Against Advanced Bot Attacks

Posted on by admin

HUMAN Security has announced HUMAN Bot Insights services to support BotGuard for Applications customers in detecting advanced bot attacks.

Security teams are overworked and understaffed, according to the Information Systems Security Association (ISSA), with a cyber security skills deficit affecting 67 percent of businesses. Many businesses lack the staff, time, or resources necessary to speed the web application security enhancements needed to protect vital internet platforms from today’s sophisticated bot attacks. Furthermore, sophisticated bots can readily avoid bot detection tools in traditional app security solutions such as CDNs, WAFs, and CAPTCHAs, leaving apps vulnerable to abuse.

John Grady, Senior Analyst at Enterprise Strategy Group said, “As organizations have shifted to more online-focused business operations, a trend further accelerated by the pandemic, attackers have doubled down on their efforts and increased the frequency of bot-driven fraud and logic abuse.”

Application vulnerabilities must be identified, and mitigation solutions must be deployed and configured to meet each customer’s specific architecture and requirements in order to be effective. Businesses must choose a specific bot management system, but HUMAN understands that winning against attackers requires more than just technology. HUMAN verifies the humanity of over 15 trillion client-side interactions per week and monitors over 3 billion devices online each month, giving Bot Insights Services customers a level of visibility that no other company can match.

Gavin Hill, Vice President, Human Insights said, “HUMAN Bot Insights Services are designed to help businesses reduce the impact of malicious bots. By enhancing their security program with dedicated bot experts from HUMAN, customers collaborate with analysts that focus 100 percent of their time on protecting businesses from sophisticated bot attacks and fraud. Our Human Insights analysts and data scientists act as an extension of your security team providing custom bot attack surface analysis and advanced policy configuration, event investigations, priority responses, and detailed threat intelligence so that customers can protect and respond more quickly to automated attacks.”

Cisco Patches 14 Vulnerabilities In Small Business RV Series Routers

Posted on by admin

Cisco has a security update for 14 vulnerabilities in its Small Business RV Series routers, the most critical of which might allow attackers to get unauthenticated remote code execution or run arbitrary commands on the basic Linux operating machine.

“The Cisco PSIRT is aware that proof-of-concept exploit code is available for several of the vulnerabilities that are described in this advisory. Some of the vulnerabilities are dependent on one another. The exploitation of one of the vulnerabilities may be required to exploit another vulnerability,” said Cisco in the accompanying security advisory. Fortunately, the proofs of concepts aren’t public — Cisco (mainly) refers to the exploits used by security researchers to “pwn” the Cisco RV340 router during the Pwn2Own hacking event in November 2021 in Austin, Texas.

Cisco Small Business RV160, RV260, RV340, and RV345 Series routers are affected by the flaws.

They were assigned CVE numbers in order, beginning with CVE-2022-20699 and concluding with CVE-2022-20712. CVE-2022-20749 has been assigned to the last one.

They may provide attackers the ability to:

  • Obtain RCE
  • Increase their rights to root and allow them to run commands.
  • On an affected device, install and boot a malicious software image or run unsigned binaries.
  • View or modify data shared between a vulnerable device and certain Cisco servers.
  • Obtain access to the device’s web UI by bypassing authentication protections.
  • On the underlying operating system, inject and execute arbitrary commands.

As there are no workarounds, it is advised that users install the specified security updates as soon as possible.

While a security upgrade for the RV340 and RV345 Series routers is currently available, one for the RV160 and RV260 Series routers is still in the works and will be published later this month.