Tag Archive for: Uncovers

2023 Browser Security Report Uncovers Major Browsing Risks and Blind Spots

/in


Mar 02, 2023The Hacker NewsBrowser Security

Browser Security

As a primary working interface, the browser plays a significant role in today’s corporate environment. The browser is constantly used by employees to access websites, SaaS applications and internal applications, from both managed and unmanaged devices. A new report published by LayerX, a browser security vendor, finds that attackers are exploiting this reality and are targeting it in increasing numbers (download report here).

The key report findings

  1. Over half of all the browsers in the enterprise environment are misconfigured. While a configured browser is nearly impossible to compromise, stealing data from misconfigured browsers is like taking candy from a baby. The Leading misconfigurations are improper use of personal browser profiles on work devices (29%), poor patching routine (50%), and the use of corporate browser profiles on unmanaged devices.
  2. 3 of every 10 SaaS applications are non-corporate shadow SaaS, and no SaaS discovery/security solution can address its risks. Shadow SaaS, and more than that, shadow identities, are the number one source for enterprise data loss. No existing data security tool (whether it being a traditional DLP or a DSPM) has access or control to what employees can do on their own personal applications.
  3. Attackers adopt evasive attack techniques that neither email security nor network security tools can detect. Advanced browser-borne attack techniques, such as the use of SaaS applications to distribute malware or abusing high-reputation sites for phishing, have become a threat commodity.
  4. Traditional security tools miss over half of those attack vectors at zero hour, making targeted browser attacks into a leading cause for enterprise breaches.
  5. Most browser risks may lead to identity theft. Weak passwords, misconfigurations and SaaS security issues all circulate around the digital identity. This depressing finding outlines a main pain point – the digital identities are still the corporate Achilles heel.

The report also details the top browser security threats of 2022, which include phishing attacks via high reputation domains, malware distribution via file sharing systems, data leakage exploiting…

Source…

New Report Uncovers Cybersecurity Challenges Facing K-12 Schools

/in


A tour through the busy halls and classrooms of our K-12 public schools would not reveal any clues to the underlying threat they face daily from cyber threat actors intent on disrupting the digital safety and security of students, staff, and their data. K-12 schools have emerged in the past several years as one of the most frequently targeted of our public institutions in the United States. While the hardworking IT and cyber professionals in this sector have made great strides in applying effective cyber defenses, more can be done. The Multi-State Information Sharing and Analysis Center (MS-ISAC) produced our first K-12 Report as a way for K-12 leaders to better understand their cyber risk and take decisive actions to mitigate it.

At the MS-ISAC, we have a unique vantage point to view the cybersecurity challenges and threats faced by various critical infrastructure sectors among state and local governments in the U.S. We manage the largest cyber threat database on U.S. State, Local, Tribal, and Territorial (SLTT) governments, informed by telemetry from thousands of sensors deployed across SLTT networks, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and more than 200 threat intelligence sources. We process more than 100 petabytes of data each month – the equivalent of two billion four-drawer filing cabinets full of information related to the cybersecurity of state and local governments. While our more than 3,700 K-12 school and district members are among the most highly targeted, they are also among the most active segment of our 14,000 organizational members in the MS-ISAC. Given the cyber threat they face, they have to be.

The cybersecurity threat to K-12 schools is persistent, and the potential harm of cyber attacks threatens both the vital work of our education system and the data security of an entire generation of young Americans. Ransomware remains the most impactful cybersecurity threat to K-12 schools, often resulting in significant financial loss and taking schools offline for days. Some K-12 ransomware attacks have taken months to fully remediate. Cyber threat actors’ demands seemed to have increased over time, with ransom demands exceeding…

Source…

FMI uncovers massive growth of IoT network management market

/in


According to the IoT network management industry analysis by Future Market Insights (FMI), the demand registered in the IoT network management market will grow at a noteworthy CAGR of around 23.3% from 2022-2032.

The report states that the market is expected to reach a valuation of US$ 5.1 billion by the end of 2022.

According to the researchers, IoT networks are rapidly expanding across the globe, allowing businesses, and industries to control and/or monitor a broad range of smart gadgets. With any network technology, speed and responsiveness are crucial for accurate and dependable IoT device performance.

IoT networks, on the other hand, have a variety of network performance issues due to the presence of heterogeneous and resource-constrained devices communicating through error-prone radio channels and frequently deployed in hostile environments.

The Internet of Things (IoT) tangibly solves significant business problems in a variety of industries. Healthcare, smart cities, building management, utilities, transportation, and manufacturing are among the early users of this technology, attesting to its numerous advantages.

However, the number of threats and cyber attacks directed at IoT devices and networks is on the rise in both number and complexity. Attacks like IoT botnets, DNS threats, IoT ransomware, IoT physical security, and shadow IoT are on the rise in IoT devices, connected software, and network connections.

Combining IoT solutions with edge processing technology supports minimising the vulnerabilities as edge security helps in protecting users and sensitive data. Therefore, there is an increased need to secure the devices and network, and use them to strengthen network security. As a result, enterprises are deploying IoT network management solutions to protect devices against new security threats, the researchers state.

“Different functionalities of IoT network management help to maintain network performance. Increasing adoption of IoT network management platforms across large enterprises will augment the growth in the market over the forecast period,” says an FMI analyst.

Key takeaways include the following:

  • By solution, demand in the network…

Source…

Microsoft Uncovers Austrian Company Exploiting Windows and Adobe Zero-Day Exploits

/in


Windows and Adobe Zero-Days

A cyber mercenary that “ostensibly sells general security and information analysis services to commercial customers” used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities.

The company, which Microsoft describes as a private-sector offensive actor (PSOA), is an Austria-based outfit called DSIRF that’s linked to the development and attempted sale of a piece of cyberweapon referred to as Subzero, which can be used to hack targets’ phones, computers, and internet-connected devices.

“Observed victims to date include law firms, banks, and strategic consultancies in countries such as Austria, the United Kingdom, and Panama,” the tech giant’s cybersecurity teams said in a Wednesday report.

Microsoft is tracking the actor under the moniker KNOTWEED, continuing its trend of terming PSOAs using names given to trees and shrubs. The company previously designated the name SOURGUM to Israeli spyware vendor Candiru.

KNOTWEED is known to dabble in both access-as-a-service and hack-for-hire operations, offering its toolset to third parties as well as directly associating itself in certain attacks.

CyberSecurity

While the former entails the sales of end-to-end hacking tools that can be used by the purchaser in their own operations without the involvement of the offensive actor, hack-for-hire groups run the targeted operations on behalf of their clients.

The deployment of Subzero is said to have transpired through the exploitation of numerous issues, including an attack chain that abused an unknown Adobe Reader remote code execution (RCE) flaw and a zero-day privilege escalation bug (CVE-2022-22047), the latter of which was addressed by Microsoft as part of its July Patch Tuesday updates.

“The exploits were packaged into a PDF document that was sent to the victim via email,” Microsoft explained. “CVE-2022-22047 was used in KNOTWEED related attacks for privilege escalation. The vulnerability also provided the ability to escape sandboxes and achieve system-level code execution.”

Similar attack chains observed in 2021 leveraged a combination of two Windows privilege escalation exploits (CVE-2021-31199 and CVE-2021-31201) in…

Source…