Tag Archive for: Framework

Steps to Establish an Effective Zero Trust Framework

/in


The fact is we live in a world where bad actors actively target individuals and devices for cyber-attacks, proven by the fact that in 2021, there was a 50% increase in overall attacks per week on corporate networks compared to 2020.

As an outcome, most if not all, companies must plan and execute strategies to protect themselves, their customers and their employees. This reality explains why in 2021, 41% of respondents from a global survey have plans to adopt a zero trust strategy with 72% of respondents adopting zero trust now or in the future.

Cybersecurity Live - Boston

What is zero trust?

First and foremost, an effective zero trust framework is a journey not a destination. Secondly, zero trust is not a switch that can be turned on with one click, but rather it’s a security strategy with multiple processes, tools and technologies all designed to protect “mobile anywhere” end users and company data at a micro level. Net, net, zero trust focuses on secure access, device management and user authentication in order to gain access to applications and data.

The good news, it is likely that you already have some of the tools and technologies that fit into a zero trust framework, but you need implement them at a micro level. So, how do you prioritize zero trust tools and technologies and how do you build out your framework?

Tools and technologies to assess and implement as a starting point

  1. Review your current company policies and ensure they are aligned with today’s dynamic work environments and can accommodate flexibility related to access rights and the use of personal devices.
  2. Apply an application/cloud/service proxy tool that “wraps” an application and isolates the application on a device.
  3. Protect corporate data via an endpoint management solution at a micro level ultimately mitigating concern that “big brother” is targeting personal data.
  4. Utilize mobile device management tools to create profiles that can delete company data if an employee leaves without impacting personal data.
  5. Implement micro level data protection encryption to applications and data to ensure no sensitive date is stored on a device.

Practical steps for starting or continuing a zero trust journey

  • Discover your assets,…

Source…

New Malware Framework Distributed Via Pay-Per-Install Service

/in


Researchers have uncovered a new malware framework that they say is fairly sophisticated and is being spread as part of the known pay-per-install (PPI) PrivateLoader malware service.

The framework, which researchers call NetDooka (due to the names of some of its components), contains multiple parts, including a loader, dropper, protection driver and a remote access trojan (RAT) with its own network communication protocol. Researchers said the malware framework’s capabilities enable it to act as an entry point for other malware.

“PPI malware services allow malware creators to easily deploy their payloads,” said Aliakbar Zahravi and Leandro Froes with Trend Micro in a Thursday analysis. “The use of a malicious driver creates a large attack surface for attackers to exploit, while also allowing them to take advantage of approaches such as protecting processes and files, bypassing antivirus programs, and hiding the malware or its network communications from the system, among others.”

PrivateLoader’s initial infection vector is typically via pirated software downloads. The downloader then installs the first NetDooka malware family, which is a dropper component that decrypts and executes the loader. The loader installs a kernel driver and then creates a new virtual desktop in order to execute an antivirus software uninstaller. It interacts with the uninstaller by emulating the mouse and pointer position, which also allows it to prepare the environment for executing other components.

“By understanding how these services proliferate, defenders can better recognize these campaigns and stop them from wreaking havoc on their organization’s IT stack.”

Then, another dropper is executed by the loader that executes a full-featured RAT. The RAT has multiple functionalities, including the abilities to start a remote shell, grab browser data, take screenshots and gather system information. It might also leverage the previously installed kernel driver component to protect the dropped payload, researchers said.

“With the RAT payload properly installed, malicious actors can perform actions such as stealing several critical information from the infected systems,…

Source…

‘Spring4Shell’ bug in framework for Java programming draws widespread warnings

/in


Written by Joe Warminsky
Apr 1, 2022 | CYBERSCOOP

Security researchers are urging users of Spring — a popular framework for creating create web applications in the widely used Java programming language — to update their software due to a critical vulnerability discovered this week.

An alert Friday from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency warns Spring users that a remote attacker “could exploit this vulnerability to take control of an affected system,” otherwise known as remote code execution (RCE).

Researchers are already calling the bug Spring4Shell, a name reminiscent of the major Log4Shell bug discovered in December in the open source Log4j logging software for websites. Spring4Shell is also open source software, which can complicate the response to a major bug.

The CISA alert does not specify how widely Log4Shell might be exploited so far. Researchers at Rapid7 said in an updated blog post Friday that it is still “a quickly evolving incident.”

Engineers at Spring, part of IT giant VMware, announced the vulnerability Thursday, roughly two days after reports noted that its existence had been leaked outside of usual vulnerability disclosure processes. Spring posted a guide to mitigation on Thursday.

The potential for exploitation of Spring4Shell can vary from project to project, researchers say, given that not all programmers might be using the same version of the Spring platform.

“In certain configurations, exploitation of this issue is straightforward, as it only requires an attacker to send a crafted HTTP request to a vulnerable system,” researchers at Praetorian said. “However, exploitation of different configurations will require the attacker to do additional research to find payloads that will be effective.”

There are signs that Spring4Shell had drawn potentially malicious activity before this week. Researchers at 360 Netlab say they have evidence of activity as early as 10 days before Spring officially announced the bug. A familiar piece of malware subsequently has reared its head, 360 Netlab said. A variant of the Mirai malware

Source…

Computer Security: The Mess We're In, How We Got Here, and What to Do About It

/in