The continued inability of organizations to patch security vulnerabilities in a timely manner, combined with guessable passwords and the spread of automated hacking tools, is making it pretty easy for miscreants, professionals, and thrill-seekers to break into corporate networks.
This is according to the penetration-testing crew at Positive Technologies, which pored over the results of its 2019 client audits [PDF] and found that 71 per cent of the time – 20 out of 28 pentest contracts – its red team was able to get into their target using tools and tricks available to script kiddies and newbies.
...
The report shows that performing what some assume is the minimum of effort – timely patching, login monitoring, and network segmentation with access limit policies, for instance – can be rather effective at keeping at least opportunistic crooks out.ZDNet - RedCurl cybercrime group has hacked companies for three years -
Security researchers have uncovered a new Russian-speaking hacking group that they claim has been focusing on the past three years on corporate espionage, targeting companies across the world to steal documents that contain commercial secrets and employee personal data.
Named RedCurl, the activities of this new group have been detailed in a 57-page report released today by cyber-security firm Group-IB.
SC Magazine - Shadow Code in security’s blind spot, ups risk of attack -
The proliferation of Shadow Code – third-party scripts and open source libraries used in web applications – may help organizations accelerate their digital transformations but it also puts them at higher risk of cyberattack.
Security teams are finding the Shadow Code, the code equivalent to rogue or Shadow IT, remains a blind spot for their organizations, with a mere eight percent of respondents in a PerimeterX/Osterman Research report saying they have complete visibility into the hidden code running on their websites. That’s a drop from 10 percent in 2019.
Related - CSO - The state of application security: What the statistics tell us -
A new report by the Enterprise Strategy Group (ESG), which surveyed 378 application developers and application security professionals in North America, found that many organizations continue to push code with known vulnerabilities into production despite viewing their own application security programs as solid.
Releasing vulnerable code is never good but doing so knowingly is better than doing it without knowing, since the decision usually involves some risk assessment, a plan to fix, and maybe temporary mitigations. Half of respondents said their organizations do this regularly and a third said they do it occasionally. The most often cited reasons were meeting a critical deadline, the vulnerabilities being low risk or the issues being discovered too late in the release cycle (45%).Related - CSO - 4 best practices to avoid vulnerabilities in open-source code -
A vulnerable or malicious package that makes its way into popular repositories, and eventually into your software supply chain, can wreak havoc for your customers. Vulnerable and malicious components have been detected in popular open-source repositories such as npm, PyPI, NuGet and Fedora.
Best Practices:Related - HelpNet Security - Surge in cyber attacks targeting open source software project -
- Know your software - i.e Software BOM
- Resolve Dependency Issues - 47% of flawed libraries are transitive, pulled in by a library not by the developer
- Automate Code Scanning
- Beware of Licensing Risks
There has been a massive 430% surge in next generation cyber attacks aimed at actively infiltrating open source software supply chains, Sonatype has found.The Register - Made in China? Not for much longer, reckons Foxconn boss -
China's days as "the world's factory" are numbered, according to Foxconn chairman Young Liu.
Speaking to investors on a conference call, the Apple supplier's boss predicted local markets would grow their own manufacturing ecosystems, pointing to India and the Americas.
Threatpost - ReVoLTE Attack Allows Hackers to Listen in on Mobile Calls -
Dubbed ReVoLTE, the attack — detailed by a group of academic researchers from Ruhr University Bochum and New York University Abu Dhabi — exploits an implementation flaw in the LTE cellular protocol that exists at the level of a mobile base station. ReVoLTE makes use of a predictable keystream reuse, a scenario in encryption in which stream ciphers, or encryption keys, are vulnerable to attack if the same key is used in a predictable fashion.can allow threat actors to recover the contents of an encrypted VoLTE call.Cyberscoop - NSA, FBI publicize hacking tool linked to Russian military intelligence -
Hackers working for Russia’s General Staff Main Intelligence Directorate’s 85th Main Special Service Center, military unit 26165, use the malware, which the Russians themselves call “Drovorub,” to target Linux systems, the NSA and FBI said Thursday in a detailed report.
...
While the alert does not include specific details about Drovorub victims, U.S. officials did say they published the alert Thursday to raise awareness about state-sponsored Russian hacking and possible defense sector vulnerabilities. The disclosure comes just months before American voters will conduct a presidential election.
No comments:
Post a Comment