When is One Vulnerability Scanner Not Enough?May 02, 2024Vulnerability / Pen testing Like antivirus software, vulnerability scans rely on a database of known weaknesses. That's why websites like VirusTotal exist, to give cyber practitioners a chance to see whether a malware sampleis detectedby multiple virus scanning engines, but thisconcept hasn't existed in the vulnerability management space. The benefits of using multiple scanning engines Generally speaking, vulnerability scanners aim to produce checks for as many vulnerabilities as possible. However, the number of vulnerabilities discovered year on year isnowso high, reaching nearly 30,000 a year, or 80 a day, that it's impossible for a single scanning engine to keep up with them all. As a result, even the very best, industry-leadingleadingscanners will struggle to check for every known vulnerabilityout there, and often they willfavour certain sets of software known to be used by their customers. For example, Intruder's analysis from early 2023whichcompared Tenable's Nessus andOpenVASshowed si
Hands-on Review: Cynomi AI-powered vCISO PlatformApr 10, 2024vCISO / Risk Assessment The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain cybersecurity expertise specialized for their industry and strengthen their cybersecurity posture. MSPs and MSSPs looking to meet this growing vCISO demand are often faced with the same challenge. The demand for cybersecurity talent far exceeds the supply. This has led to a competitive market where the costs of hiring and retaining skilled professionals can be prohibitive for MSSPs/MSPs as well. The need to maintain expertise of both security and compliance further exacerbates this challenge. Cynomi, the first AI-driven vCISO platform , can help. Cynomi enables you - MSPs, MSSPs and consulting firms
Automated Security Validation: One (Very Important) Part of a Complete CTEM FrameworkAug 08, 2024Cyber Threat Management The last few years have seen more than a few new categories of security solutions arise in hopes of stemming a never-ending tidal wave of risks. One of these categories is Automated Security Validation (ASV), which provides the attacker's perspective of exposures and equips security teams to continuously validate exposures, security measures, and remediation at scale. ASV is an important element of any cybersecurity strategy and by providing a clearer picture of potential vulnerabilities and exposures in the organization, security teams can identify weaknesses before they can be exploited. However, relying solely on ASV can be limiting. In this article, we'll take a look into how combining the detailed vulnerability insights from ASV with the broader threat landscape analysis provided by the Continuous Threat Exposure Management Framework (CTEM) can empower your security teams to make more informed decisions and allocate resources effectively. (Want to learn more about CTEM? Check
From 500 to 5000 Employees - Securing 3rd Party App-Usage in Mid-Market CompaniesMar 04, 2024SaaS Security / Vulnerability Assessment A company's lifecycle stage, size, and state have a significant impact on its security needs, policies, and priorities. This is particularly true for modern mid-market companies that are either experiencing or have experienced rapid growth. As requirements and tasks continue to accumulate and malicious actors remain active around the clock, budgets are often stagnant at best. Yet, it is crucial to keep track of the tools and solutions that employees are introducing, the data and know-how shared through these tools, and to ensure that these processes are secure. This need is even more pronounced in today's dynamic and interconnected world, where third-party applications and solutions can be easily accessed and onboarded. The potential damage of losing control over the numerous applications with access and permissions to your data requires no explanation. Security leaders in mid-market companies face a unique set of challenges that demand a distinct approach to overcome. To begin
SANS Institute 35th Anniversary Complimentary Cyber Bundle ($1700 Value) at Network Security 2024
SANS InstituteArtificial Intelligence / Network Security
Register to attend in-person training at Network Security 2024 and receive a complimentary cyber bundle! Bundle includes bonus SANS course AIS247, OnDemand bundle, AND @Night pass to the AI Cybersecurity Summit (Sept 8-9)!
A New Age of Hacktivism Feb 22, 2024Hacktivism / Information Warfare In the past 2 years, we have observed a significant surge in hacktivism activity due to ongoing wars and geopolitical conflicts in various regions. Since the war against Ukraine began, we have witnessed a notable mobilization of non-state and state-backed actors alike, forming new groups or joining existing hacker collectives. We understand hacktivism as a form of computer hacking that is done to further the goals of political or social activism 1 . While activism describes a normal, non-disruptive use of the Internet in order to support a specific cause (online petitions, fundraising, coordinating activities), hacktivism includes operations that use hacking techniques with the intent to disrupt but not to cause serious harm (e.g., data theft, website defacements, redirects, Denial-of-Service attacks). Cyber operations that inherit a willingness or intent to cause harm to physical property, severe economic damage or loss of life would be referred to as cyberterrorism, 2, 3 Th
Perfecting the Defense-in-Depth Strategy with AutomationJan 26, 2024Cyber Threat Intelligence Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like castles with strategic layouts to withstand attacks, the Defense-in-Depth strategy is the modern counterpart — a multi-layered approach with strategic redundancy and a blend of passive and active security controls. However, the evolving cyber threat landscape can challenge even the most fortified defenses. Despite the widespread adoption of the Defense-in-Depth strategy, cyber threats persist. Fortunately, the Defense-in-Depth strategy can be augmented using Breach and Attack Simulation (BAS), an automated tool that assesses and improves every security control in each layer. Defense-in-Depth: False Sense of Security with Layers Also known as multi-layered defense, the defense-in-depth strategy has been widely adopted by organizations since the early 2000s. It's based on the assumption that a
Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act NowJan 16, 2024Vulnerability / Network Security Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE). "The two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern," Jon Williams, a senior security engineer at Bishop Fox, said in a technical analysis shared with The Hacker News. The vulnerabilities in question are listed below - CVE-2022-22274 (CVSS score: 9.4) - A stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote, unauthenticated attacker to cause DoS or potentially result in code execution in the firewall. CVE-2023-0656 (CVSS score: 7.5) - A stack-based buffer overflow vulnerability in the SonicOS allows a remote, unauthenticated attacker to cause DoS, which could result in a crash. While there are no reports of exploitation of the flaws
Exposed Secrets are Everywhere. Here's How to Tackle ThemJan 05, 2024Threat Intelligence / Security Automation Picture this: you stumble upon a concealed secret within your company's source code. Instantly, a wave of panic hits as you grasp the possible consequences. This one hidden secret has the power to pave the way for unauthorized entry, data breaches, and a damaged reputation. Understanding the secret is just the beginning; swift and resolute action becomes imperative. However, lacking the necessary context, you're left pondering the optimal steps to take. What's the right path forward in this situation? Secrets management is an essential aspect of any organization's security strategy. In a world where breaches are increasingly common, managing sensitive information such as API keys, credentials, and tokens can make all the difference. Secret scanners play a role in identifying exposed secrets within source code, but they have one significant limitation: they don't provide context. And without context, it's impossible to devise an appropriate response plan. Con
Three Ways To Supercharge Your Software Supply Chain SecurityJan 04, 2024Ethical Hacking / Vulnerability Assessment Section four of the " Executive Order on Improving the Nation's Cybersecurity " introduced a lot of people in tech to the concept of a "Software Supply Chain" and securing it. If you make software and ever hope to sell it to one or more federal agencies, you have to pay attention to this. Even if you never plan to sell to a government, understanding your Software Supply Chain and learning how to secure it will pay dividends in a stronger security footing and the benefits it provides. This article will look at three ways to supercharge your Software Supply Chain Security . What is your Software Supply Chain? It's essentially everything that goes into building a piece of software: from the IDE in which the developer writes code, to the third-party dependencies, to the build systems and scripts, to the hardware and operating system on which it runs. Instabilities and vulnerabilities can be introduced, maliciously or not, from inception to deployment and even beyond. 1: Ke
