Tag Archive for: ‘blind’

2023 Browser Security Report Uncovers Major Browsing Risks and Blind Spots

/in


Mar 02, 2023The Hacker NewsBrowser Security

Browser Security

As a primary working interface, the browser plays a significant role in today’s corporate environment. The browser is constantly used by employees to access websites, SaaS applications and internal applications, from both managed and unmanaged devices. A new report published by LayerX, a browser security vendor, finds that attackers are exploiting this reality and are targeting it in increasing numbers (download report here).

The key report findings

  1. Over half of all the browsers in the enterprise environment are misconfigured. While a configured browser is nearly impossible to compromise, stealing data from misconfigured browsers is like taking candy from a baby. The Leading misconfigurations are improper use of personal browser profiles on work devices (29%), poor patching routine (50%), and the use of corporate browser profiles on unmanaged devices.
  2. 3 of every 10 SaaS applications are non-corporate shadow SaaS, and no SaaS discovery/security solution can address its risks. Shadow SaaS, and more than that, shadow identities, are the number one source for enterprise data loss. No existing data security tool (whether it being a traditional DLP or a DSPM) has access or control to what employees can do on their own personal applications.
  3. Attackers adopt evasive attack techniques that neither email security nor network security tools can detect. Advanced browser-borne attack techniques, such as the use of SaaS applications to distribute malware or abusing high-reputation sites for phishing, have become a threat commodity.
  4. Traditional security tools miss over half of those attack vectors at zero hour, making targeted browser attacks into a leading cause for enterprise breaches.
  5. Most browser risks may lead to identity theft. Weak passwords, misconfigurations and SaaS security issues all circulate around the digital identity. This depressing finding outlines a main pain point – the digital identities are still the corporate Achilles heel.

The report also details the top browser security threats of 2022, which include phishing attacks via high reputation domains, malware distribution via file sharing systems, data leakage exploiting…

Source…

The Vice Society Ransomware Gang Thrives in a Crucial Blind Spot

/in


Throughout 2021, Vice Society’s health care targets included Barlow Respiratory Hospital in California, Eskenazi Health in Indiana, Centre Hospitalier D’Arles in France, United Health Centers in California, and a dental company in Brazil. The group also attacked New Zealand’s Waikato District Health Board that summer, which, among other impacts, resulted in the cancellation of two Air New Zealand flights; the airline couldn’t obtain proof of negative Covid-19 tests for crew members because the health department’s digital systems were down.

Vice Society also targeted schools and universities in 2021 and seems to have favored this sector more and more as the United States and other countries devote more resources to ransomware enforcement and hone mitigation techniques. In the wake of high-profile 2021 attacks, like the Colonial Pipeline ransomware incident, prominent Russian-speaking actors faced infrastructure takedowns, indictments, and even rare Russian arrests for their brazen crimes. 

Vice Society may view education as a quieter and less well funded category where it can fly under the radar. For example, the group hit the Austrian Medical University of Innsbruck in June and Linn-Mar Community School District in Iowa at the beginning of August—neither of which many people would flag as major, obvious targets. The Bluets maternity hospital in Paris accused the group last week of a ransomware attack on its systems. Vice Society has not taken credit so far for the hack.

“They’re a perfect example of the success of mediocrity in the ransomware ecosystem,” says Claire Tills, a researcher for the security firm Tenable who has studied Vice Society’s tactics and organization. “You have the top-tier groups developing their own zero days and acting all polished and professional. But meanwhile, Vice Society is just chugging along, not really innovating, stealing tools from other folks, but they have just enough stability to launch attacks, get paid, keep moving.”

Researchers view the group’s attack on the Los Angeles Unified School District as significant because LAUSD is a major target, and it made more of a splash than most of Vice Society’s other hacks. Tills notes that the…

Source…

“Blind” Previews Intriguing Ties Between Jung Eun Ji, Taecyeon, Ha Seok Jin, And More With Relationship Chart

/in


The production team of “Blind” has revealed a character relationship chart!

tvN’s upcoming Friday-Saturday drama “Blind” is a mystery thriller that depicts the story of people who have unfairly become victims because they are ordinary and perpetrators who have closed their eyes to the uncomfortable truths. The story centers around detectives, judges, law school students, and jurors.

The relationship chart allows viewers to see at a glance the intertwined relationships of the characters involved in the mysterious serial murder of a jury, stimulating the viewers’ curiosity.

In the chart, from top left to right are the two brothers, Ryu Sung Joon (2PM’s Taecyeon) and Ryu Sung Hoon (Ha Seok Jin), and Jo Eun Ki (Apink’s Jung Eun Ji), who is one of the nine jurors. Detective Ryu Sung Joon and judge Ryu Sung Hoon, who are the sons of Supreme Court justice Ryu Il Ho (Choi Hong Il) and Minister of Welfare nominee Na Gook Hee (Jo Kyung Sook), are on a hunt for the unknown serial killer of the so-called “Joker’s Murder Case” who leaves a brutal signature mark at each crime scene.

Overly motivated and passionate, detective Ryu Sung Joon always makes his older brother Ryu Sung Hoon concerned. The previously released teaser captures the two brothers not being able to trust each other. Anticipation is high for whether these brothers can overcome their distrust and find the culprit.

The chart also depicts the family relationship of Jo Eun Ki, a social worker and juror who is pursuing the truth of the murder case along with Ryu Sung Joon and Ryu Sung Hoon. Growing up with her mother Jo In Sook (Jo Yeon Hee), who took on the responsibility of her family’s livelihood on her own, Jo Eun Ki went through many hurdles in life and became blunt about things. Even when her life is at risk, Jo Eun Ki remains calm. Viewers are curious to find out whether Jo Eun Ki can survive from the unidentified killer who is targeting the jury.

The names and nicknames of the eight jurors involved in the trial of death along with Jo Eun Ki have also been revealed. From top left to right are Kang Young Ki (Kim Ha Kyun), who retired as managing director at a large firm, Bae Chul Ho (Jo Seung Yeon),…

Source…

CrowdStrike Introduces CrowdStrike Asset Graph to Help Organizations Proactively Identify and Eliminate Blind Spots

/in


AUSTIN, Texas and RSA Conference 2022, SAN FRANCISCO – June 6, 2022 – CrowdStrike (Nasdaq: CRWD), a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, today introduced CrowdStrike Asset Graph, a new graph database powered by the CrowdStrike Security Cloud that provides IT and security leaders with a 360-degree view into all assets (both managed and unmanaged) alongside unprecedented visibility into their attack surface across devices, users, accounts, applications, cloud workloads, operational technology (OT) and more to simplify IT operations and stop breaches.

As organizations accelerate their digital transformation, they are expanding their attack surface exponentially. This has dramatically increased their risk exposure to adversaries who are discovering and exploiting these soft targets and vulnerabilities faster than IT and security teams can discover them. Visibility is one of the foundational principles of cybersecurity because you cannot secure and defend the assets you don’t know exist. This, in turn, creates a race between adversaries and companies’ IT and security teams to find these blind spots. According to a 2022 report from Enterprise Strategy Group (ESG), “69% of organizations have experienced a cyberattack in which the attack itself started through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset.”

CrowdStrike Asset Graph solves this problem by dynamically monitoring and tracking the complex interactions between assets, providing a single holistic view of the risks those assets pose. While other solutions simply provide a list of assets without context, Asset Graph provides graphic visualizations of the relationships between all assets such as devices, users, accounts, applications, cloud workloads and OT, along with the rich context necessary for proper security hygiene and proactive security posture management to reduce risk in their organizations.

“Digital transformation has led to an equal and pronounced acceleration of security transformation in the modern enterprise. For companies furthest along on this journey, IT operations and security teams – once distinct silos – are…

Source…