Tag Archive for: Gaps

Newly Introduced HackerOne Assets Goes Beyond Attack Surface Management To Close Security Gaps

/in


SAN FRANCISCO, October 13, 2022: HackerOne, the leader in Attack Resistance Management, today announced the general availability of its HackerOne Assets product. Assets combines the core capabilities of Attack Surface Management (ASM) with the expertise and reconnaissance skills of ethical hackers to bring visibility, tracking, and risk prioritization to an organization’s digital asset landscape. Research from ESG
revealed that 69% of organizations have experienced a cyberattack through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset. Assets form a key part of HackerOne’s Attack Resistance Management portfolio that aims to discover unknown assets and vulnerabilities and close organizations’ security gaps.

With Assets, customers can manage both the discovery and testing of assets in a single platform. The solution blends security expertise with asset discovery, continuous assessment, and process improvements to reduce risk. HackerOne’s community of ethical hackers enrich the asset and scan data and analyze it themselves, ensuring that newly found assets are tested for risk and mapped according to their metadata. Once the assets have been identified and ranked for risk, security teams can use these insights to initiate pentests on newly discovered assets and add assets to their bug bounty scope.

“HackerOne Assets solves for the inefficiencies in traditional ASM scanning” explained Ashish Warty, SVP of Engineering at HackerOne. “It’s impossible for security teams to see their entire attack surface, while cloud transformation, agile product cycles, and mergers and acquisitions keep the threat landscape growing. By combining attack surface management with the creative power of the ethical hacking community, Assets reduces manual work, increases the accuracy of scanning results, and speeds up time to remediation by prioritizing based on real world risk.”

“Having in-depth visibility of our attack surface is a core part of our security strategy,” said Roy Davis, Lead Security Engineer at Zoom. “With HackerOne Assets and the insights it brings from the hacking community, our security team has been able to effectively prioritize those…

Source…

Study explores security gaps linked to BYOD initiatives

/in


Details
Published: Tuesday, 22 June 2021 07:49

Bitglass has released findings from its 2021 BYOD Security Report that show the risks associated with the rapid adoption of unmanaged personal devices connecting to work-related resources (BYOD).

The study, a joint venture with Cybersecurity Insiders, surveyed hundreds of cyber security professionals across industries to better understand how COVID-19’s resulting surge of remote work has affected security and privacy risks introduced by the use of personal mobile devices. The insights in this report are especially relevant as more enterprises are shifting to permanent remote work or hybrid work models, connecting more devices to corporate networks and, as a result, expanding the attack surface.

Key findings include:

BYOD is here to stay

The shift to remote work amid the pandemic resulted in 47 percent of organizations reporting an increase of personal devices being used for work. As a result, a total of 82 percent of organizations said they now actively enable BYOD to some extent. While the use of personal devices has helped businesses improve employee productivity and satisfaction, while also reducing costs, challenges associated with managing device access and mobile security remain.

Securing BYOD to prevent data loss/theft is a top concern

The most critical concern respondents expressed was data leakage or loss (62 percent). Other apprehensions included users downloading unsafe apps or content (54 percent), lost or stolen devices (53 percent), and unauthorized access to company data and systems (51 percent).

Enterprises are running blind when it comes to securing BYOD devices against modern security threats

Only 22 percent of organizations indicated they can confirm that unmanaged devices have downloaded malware in the past 12 months. However, nearly half (49 percent) indicated they are not sure or could not disclose whether the same could be said for them. This lack of visibility can be detrimental to the overall business.

Many organizations are securing BYOD with old tools vs modern threats
A total of 41 percent of organizations reported relying on endpoint malware protection for BYOD, an approach that is not ideal for personal…

Source…

Secure Email Gateway: The Gaps That Could Cost You

/in


The email channel is one of the most essential components of effective corporate communication. Email is vital to keeping business flowing amongst colleagues, clients, vendors, and others. In  fact, the total number of business and consumer emails sent and received per day exceeded 293 billion in 2019. This is forecasted to grow to more than 347 billion by the end of 2023. 

That’s why it should come to no surprise that the email channel is one of the most leveraged threat vectors. The Verizon 2020 Data Breach Investigations Report notes that 94% of the time malware is delivered via email. Therefore, it’s imperative that organizations have a sophisticated security solution that is able to fully protect their email channel. 

The Three Major Security Gaps of Secure Email Gateway Solutions

Secure Email Gateways typically analyze all inbound emails for malicious content and, if an email is deemed safe, it is sent to the recipient. So, while Secure Email Gateways aim to prevent emails containing spam, phishing, malware or fraudulent content, they fall short in being able to protect against the plethora of other threats regularly targeting inboxes. And, there are additional disadvantages to Secure Email Gateway solutions that open enterprises up to further risk. 

Extremely advanced socially engineered attacks, such as the scenario with the Bank of America phishing attack, enable hackers to penetrate Secure Email Gateway protections. Here, the bad actors’ use of new and unique domains, along with refraining from the traditional “spray and pray” approach, allowed them to bypass being labeled as known bad or nefarious. Threat actors are continuously seeking ways to exploit such vulnerabilities within security solutions like Secure Email Gateway and evade the protective measures enterprises have in place. 

1. Secure Email Gateway relies on known malware signatures 

Unfortunately, new and unknown threats continue to proliferate. Every day, the AV-TEST Institute registers over 350,000 new malicious programs. These programs are unlikely to be found within the Secure Email Gateway’s database of malware signatures. Even if Secure Email Gateways are using dynamic threat…

Source…

Safety gaps in online banking security systems exposed

/in


Mobile Pnone Shopping Online With A Debit Card
Banks have ‘concerning vulnerabilities’ in security that could leave their customers exposed to fraud, according to an investigation by Which? Photo: Getty

Safety gaps in the online banking security systems of some of the UK’s biggest banks have been exposed by a new investigation by consumer group Which?

Banks have “concerning vulnerabilities” in security that could leave their customers exposed to fraud, according to the investigation by Which? and independent security experts 6point6.

The investigation looked at four main criteria: encryption, login, account management and navigation.

Tesco Bank (TSCO.L) received the lowest rating for online security in Which?’s testing, with an overall score of 46%.

Multiple security headers were missing from its webpages, the investigation found. Security headers protect customers against a range of cyberattacks, by telling users’ browsers how to behave when they communicate with the website.

Tesco Bank also failed to block testers from logging in to its website from two computer networks at the same time and also did not log out when switching to a different website or using the forward or back button to leave the session and return to it.

READ MORE: Brits to spend 19 million hours on tax returns

Tesco Bank told Yahoo Finance UK: “The security of our customers’ accounts is always our top priority. Customers can be assured we have robust security measures in place to protect them and their money. Not all of these controls are obvious or visible to customers, but each of them serves to protect customers and all are in line with industry standards.

“We use the latest technology to protect and manage the security of Online Banking and our Mobile Banking App and all our controls are constantly reviewed to ensure they remain fit for purpose, giving customers peace of mind they can bank safely and securely with us.”

TSB finished second from bottom in the ranking with a score of 51%. The bank’s login process did not meet new regulations on “strong customer authentication” (SCA), introduced in March, the research found.

Which?
Which?’s ranking for online banking security. Photo: Which?

When Which? reported TSB’s non-compliance to the Financial…

Source…