Tag Archive for: Highlights

Wallarm highlights disturbing trends in API security threats

/in


Wallarm has released its Q3 2023 API ThreatStats report which sheds light on the escalating threats targeting APIs and revealing vulnerabilities that have impacted industry giants such as Netflix, VMware, and SAP.

The report’s revamped ‘Top 10 API Security Threats’ compilation outlines 239 vulnerabilities discovered during the quarter, with injections taking the lead.

Injections involve inserting malicious data or code into APIs, leading to unauthorised access and data breaches. Notably, SQL and XML-based attacks were prevalent, underscoring the importance of robust security measures to prevent such breaches.

33 percent of the vulnerabilities (79 out of 239) were linked to authentication, authorisation, and access control (AAA). Well-established safeguards such as OAuth, single-sign-on (SSO), and JSON Web Token (JWT) were compromised in high-profile organisations like Sentry and WordPress.

Sentry, for its part, faced incorrect credential validation—potentially exposing developers’ projects to unauthorised access. WordPress suffered from plugin broken authentication, leaving millions of users’ data vulnerable to theft.

The report also spotlighted the concerning rise in API data leaks, ranking fourth on the list of security threats. Complex tech stacks have made these leaks more prevalent, with Netflix, VMware, and SAP falling victim.

Ivan Novikov, CEO of Wallarm, urged business leaders and cybersecurity professionals to acknowledge the gravity of these threats:

“Whether caused by malicious actors or internal carelessness, this report is a wake-up call for business leaders and cybersecurity professionals to include protection against threats to APIs and other leaks in their product security programs.

Established security frameworks, like OWASP API Security Top-10, are one way to get started but have limitations in addressing today’s complex API security needs. 

This real-time data-driven threat list complements and extends the OWASP framework by identifying unaddressed threats and vulnerabilities, enhancing overall security posture.”

Wallarm’s report serves as a wake-up call, urging…

Source…

3CX hack highlights risk of cascading software supply-chain compromises

/in


At the end of March, an international VoIP software company called 3CX with over 600,000 business customers suffered a serious software supply-chain compromise that resulted in both its Windows and macOS applications being poisoned with malicious code. New evidence suggests the attackers, believed to be North Korean state-sponsored hackers, gained access to the company’s network and systems as a result of a different software supply-chain attack involving a third-party application for futures trading.

“The identified software supply chain compromise is the first we are aware of which has led to a cascading software supply chain compromise,” incident responders from cybersecurity firm Mandiant, who was contracted to investigate the incident, said in a report Thursday. “It shows the potential reach of this type of compromise, particularly when a threat actor can chain intrusions as demonstrated in this investigation.”

The North Korean connection to the 3CX attack

The 3CX hack involved attackers compromising the company’s internal software build servers for Windows and macOS because of lateral movement activity through the company’s network. As a result, they were able to inject malicious libraries into versions of the 3CX Desktop App for Windows and macOS and have them be signed with the developer’s certificate during the build process. The trojanized versions were then delivered as part of the update process.

Windows versions 18.12.407 and 18.12.416 that were shipped in Update 7 were impacted, as well as macOS versions 18.11.1213 shipped with Update 6, and 18.12.402, 18.12.407 and 18.12.416 included in Update 7.

The trojanized Windows version deployed an intermediate malware downloader that Mandiant named SUDDENICON that reaches out to a GitHub repository to obtain command-and-control (C2) addresses hidden inside icon files. The downloader then contacts the C2 server and deploys an information stealer dubbed ICONICSTEALER that collects application configuration data as well as browser history.

Researchers from Kaspersky Lab reported that in some cases the attackers deployed an additional backdoor program on some 3CX victims. This backdoor is known as…

Source…

Global Cyber Security Software Market Highlights 2023-2028, With New Report

/in


The MarketWatch News Department was not involved in the creation of this content.

Mar 18, 2023 (The Expresswire) —
Report Highlights with 122 pages: -“The global Cyber Security Software market size was valued at USD 2286.25 million in 2022 and is expected to expand at a CAGR of 11.54% during the forecast period, reaching USD 4402.7 million by 2028.”

New report titled as “Global Cyber Security Software Industry Research Report 2023, Competitive Landscape, Market Size, Regional Status and Prospect” which delivers a complete overview of the global Cyber Security Software market in terms of market segmentation by type and application.

GlobalCyber Security Software MarketInsight Report 2023| Analysis | Trends | Competitive Analysis

The global Cyber Security Software market size was valued at USD 2286.25 million in 2022 and is expected to expand at a CAGR of 11.54% during the forecast period, reaching USD 4402.7 million by 2028.

Internet security or cyber security is a branch of computer security specifically related to internet. The Internet has given rise to new opportunities almost in every field such as business, sports, education or entertainment and many others. However, the internet has its own drawbacks like cyber crime, where the computer used for various types of thefts and crime. Various types of cyber crimes include hacking, software piracy, denial of service attack, and cyber terrorism. The purpose of cyber security is to establish rules and measures to use against cyber crimes over the internet.

The report combines extensive quantitative analysis and exhaustive qualitative analysis, ranges from a macro overview of the total market size, industry chain, and market dynamics to micro details of segment markets by type, application and region, and, as a result, provides a holistic view of, as well as a deep insight into the Cyber Security Software market covering all its essential aspects.

For the competitive landscape, the report also introduces players in the industry from the perspective of the market share, concentration ratio, etc., and describes the leading companies in detail, with which the readers can get a better idea of their competitors and…

Source…

Ongoing VMware ESXi Ransomware Attack Highlights Inherent Virtualization Risks

/in


Organizations using older versions of VMWare ESXi hypervisors are learning a hard lesson about staying up-to-date with vulnerability patching, as a global ransomware attack on what VMware has deemed “End of General Support (EOGS) and/or significantly out-of-date products” continues.

However, the onslaught also points out wider problems in locking down virtual environments, the researchers say.

VMware confirmed in a statement Feb. 6 that a ransomware attack first flagged by the French Computer Emergency Response Team (CERT-FR) on Feb. 3 is not exploiting an unknown or “zero-day” flaw, but rather previously identified vulnerabilities that already have been patched by the vendor.

Indeed, it was already believed that the chief avenue of compromise in an attack propagating a novel ransomware strain dubbed “ESXiArgs” is an exploit for a 2-year-old remote code execution (RCE) security vulnerability (CVE-2021-21974), which affects the hypervisor’s Open Service Location Protocol (OpenSLP) service.

“With this in mind, we are advising customers to upgrade to the latest available supported releases of vSphere components to address currently known vulnerabilities,” VMware told customers in the statement.

The company also recommended that customers disable the OpenSLP service in ESXi, something VMware began doing by default in shipped versions of the project starting in 2021 with ESXi 7.0 U2c and ESXi 8.0 GA, to mitigate the issue.

Unpatched Systems Again in the Crosshairs

VMware’s confirmation means that the attack by as-yet unknown perpetrators that’s so far compromised thousands of servers in Canada, France, Finland, Germany, Taiwan, and the US may have been avoided by something that all organizations clearly need to do better — patch vulnerable IT assets — security experts said.

“This just goes to show how long it takes many organizations to get around to patching internal systems and applications, which is just one of many reasons why the criminals keep finding their way in,” notes Jan Lovmand, CTO for ransomware protection firm BullWall.

It’s a “sad truth” that known vulnerabilities with an exploit available are often left unpatched, concurs Bernard Montel, EMEA technical director and…

Source…