Tag Archive for: Learn

4 Lessons Security Leaders Can Learn


Ivanti has had a rough start to the year. In January and February, the IT software company disclosed a series of VPN vulnerabilities impacting the Ivanti Connect Secure and Ivanti Policy Secure gateways. In February, the Cybersecurity and Infrastructure Security Agency (CISA) warned that threat actors were actively exploiting these vulnerabilities.  

As exploitation continued, CISA became one of the impacted organizations. The federal agency took down two of its systems affected by exploitation of the Ivanti vulnerabilities, The Record reported.  

“About a month ago CISA identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses. The impact was limited to two systems, which we immediately took offline. We continue to upgrade and modernize our systems, and there is no operational impact at this time,” a CISA spokesperson shared in an emailed statement.  

What lessons can CIOs, CISOs, and other enterprise security leaders learn from these vulnerabilities, Ivanti’s response, and the exploitation of the bugs?  

Understand the VPN Vulnerabilities 

“From Jan. 10 to Feb. 8, there were five vulnerabilities disclosed; the nature of these vulnerabilities allows an unauthenticated actor to execute arbitrary commands with elevated privileges,” Nick Hyatt, director of threat intelligence at managed detection and response (MDR) company Blackpoint Cyber, tells InformationWeek in an email interview.  

Related:How to Evaluate a CISO Job Offer

The five vulnerabilities that impacted the Ivanti Connect Secure and Ivanti Policy Secure gateways are CVE-2023-46805 (CVSS 8.2), CVE-2024-21887 (CVSS 9.1), CVE-2024-21888 (CVSS 8.8), CVE-2024-21893 (CVSS 8.2), and CVE-2024-22024 (CVSS 8.3).  

This crop of VPN flaws in Ivanti’s products has led to criticism of the company’s cyber incident response. The company will likely need to work to regain customer trust following the exploitation of these bugs. In the meantime, enterprise leaders may be considering their choice of VPN solution.  

“There are other solutions out there that do this exact same thing that haven’t appeared on CISA KEV [Known Exploited Vulnerabilities Catalog] as much,” says…

Source…

Learn How To Become A Cybersecurity Specialist – Forbes Advisor


Editorial Note: We earn a commission from partner links on Forbes Advisor. Commissions do not affect our editors’ opinions or evaluations.

Cybersecurity specialists perform crucial work in protecting sensitive digital information and communications. These professionals work with public and private employers of all sizes to ensure the safety of data for customers, government entities and healthcare organizations.

This guide offers information on how to become a cybersecurity analyst, along with details on other cybersecurity roles such as information security specialist. If you’re wondering how to get into cybersecurity, read on to explore salaries, job outlooks and available certifications in the field.

What Does a Cybersecurity Specialist Do?

Cybersecurity specialists handle a broad set of technical responsibilities related to safeguarding sensitive digital information and data. Depending on the size of their employer, these cybersecurity experts may work in niche, specialized areas of the field or oversee more general security tasks. They provide ongoing oversight for organizations’ cybersecurity efforts through several methods.

Cybersecurity specialists perform similar work to information security specialists but may focus more on hardware. As experts in cybersecurity, these specialists help to create, analyze and deploy organizational security systems. Cybersecurity specialists test for areas of potential exposure in interconnected computer networks, document their findings and provide solutions for vulnerabilities.

These professionals also educate co-workers on best practices, as breaches may occur accidentally or deliberately by bad actors within their companies. Cybersecurity specialists must remain up to date with changes in the field by researching emerging threats and fixes.

Cybersecurity specialists earn relatively high salaries. Payscale reports an average annual cybersecurity salary of around $97,000, and these wages typically increase with experience.

Cybersecurity specialists can anticipate strong employment growth over the coming decade. For example, The U.S. Bureau of Labor Statistics reports a 32% projected employment…

Source…

How to Learn From Coldfusion Attack to Prevent Ransomware?


Credential compromise is a common way for attackers to get into systems and move around in compromised environments. Limiting their maneuverability can make things much harder for them.

Fremont, CA: Ransomware attacks on servers underscore the need for security. EDR software blocks the attacker’s attempts to install their payload because of vulnerabilities in unsupported ColdFusion Server software. To that end, security teams should:

Perform Continuous Backups: The best way to protect against data breaches is to back it up. It’s imperative in the case of ransomware attacks since it allows you to restore your system without paying a ransom.

Prepare An Incident Response Plan: To deal with ransomware attacks and digital disruptions, organizations need an effective incident response plan. It requires planning, practice, and testing.

Assess The Security Team: Companies without dedicated cybersecurity professionals should consider third-party cybersecurity service providers (MSSPs) for enhanced ransomware protection.

Cyber Insurance: The insurance company and broker assess the security readiness of the organization, so a cyber-insurance policy can reduce the financial impact.

Identify And Reduce Exposure: Organizations can reduce their exposure and minimize risk by identifying and inventorying every asset through patch applications, configuration management, and network segmentation.

Prepare For Double Extortion: The double extortion attack involves ransomware attackers demanding a ransom so that their data remains unencrypted. A sound data security policy involves more than just backups and reducing data exfiltration.

Stay Up-To-Date With Software: The ColdFusion Server attack highlighted the importance of patching software, exploiting vulnerabilities in unsupported versions, and emphasizing the need for end-of-life software updates.

Monitor Server Activity: Server traffic and behavior are crucial thanks to high access levels and tons of applications and networks. Attackers can get deeper access through command-line interfaces, so monitoring is vital.

Consider Endpoint Detection and Response (Edr): When the endpoint detection and response software is effective, it…

Source…

The most hated man on the internet. Lessons to learn


A while ago I was scouring Netflix and stumbled across the 2022 The most hated man on the internet docuseries.

What’s that all about then?

The show is about Hunter Moore and his isanyoneup.com website (Wikipedia article), where abhorrent people uploaded naked / pornographic images, intended to shame or embarrass the subject. The website was shut down in April 2012. At its height it was getting 350K unique visits daily. Today that number could be monetised into $millions.

While some images were willingly submitted many were not. It was apparent that plenty of people, mainly women, had their intimate images uploaded without consent, and more worryingly those images had never been in the public domain before. They had gone to lengths to keep them private.

It transpired that many of the exploited women’s email accounts had been hacked. The Tactics, Techniques, and Procedures (TTPs) used to hack the accounts weren’t ground-breaking in the 2010s and they still work today. Typically it’s credential stuffing and spoofing of messages to friends in order to bypass 2FA. This isn’t APT territory, but it’s still effective.

Why have I written this post?

Like the TTPs used there, none of what I write is ground-breaking or state of the art. People’s digital lives are fairly easy to look in to as a consequence of social media and our increasingly connected lives.

At PTP we regularly use TTPs (TLAs in full effect!) in various engagements, TTPs that are covered in Netflix shows like The most hated man on the internet and also You. We use them to identify weaknesses in a client’s defences, and a significant part of those defences are human beings.

More and more we’re asked by the Board or Senior Leadership Team to conduct consensual Digital Footprint Reviews of its members, to identify potential angles or leverage a crook could use to bypass the most sophisticated tech a company can buy.

What lessons can we learn?

What we can learn from shows like this and the experiences of the victims:

  • Don’t give your password to anyone. Ever.
  • Double check and verify anyone who wants to connect with you, even if they seem like someone you know. Social media allows people to find out a lot…

Source…