Daily Archives: September 11, 2020

Why Application Security is Important to Vulnerability Management

It was the day before a holiday break, and everyone was excited to have a few days off to spend with friends and family. A skeleton crew was managing the security operations center, and it seemed as though every other team left early to beat the holiday traffic. Every team other than the vulnerability management (VM) team that is. Just before it was time to leave for the day, and the holiday break, the phone rang. We were notified of a zero-day vulnerability, and our CISO requested a report on the location of the risk within the enterprise. Does this sound familiar?

This happened to me. I was part of the vulnerability management team leading the web application scanning program for a Fortune 100 company. When they announced a major struts vulnerability targeting SWIFT, my CISO wanted to know exactly where we could find it in our applications. As part of our prioritization efforts at the time, and according to our internal security policy, the VM team was only scanning our external applications dynamically. Sure, the software development lifecycle (SDLC) process included rigorous testing throughout the different stages, however, the data collected in some cases was point-in-time, and access to this data, if it persisted, was not accessible to the VM team.

One of the main reasons we continuously analyze our assets is to be aware. You don???t just want to know what vulnerabilities are present within your servers, containers, applications, and libraries. You also want to know what else is out there so when your CISO asks you where the zero-day vulnerability exists in your enterprise, you can quickly have an informed answer without having to rescan every single asset in your inventory to provide a report.

This is why the VM and security function need to be part of the development process. It???s not because security wants to be the persistent nag always asking, ???Did you scan it????, ???Did you scan it????, but it is their job to be proactive. Yes, I said it. Vulnerability Management is proactive. I can???t begin to tell you how many times I???ve heard people say, ???What???s the point of vulnerability management anyways? It???s just a reactive response to the inevitable.??? Collecting intelligence from your assets is a proactive measure that allows you to quickly assess the risk and remediate or mitigate as needed.ツ?

At Veracode, we provide you with the data from your application security program so it can be utilized as part of your vulnerability management program. Do you need to find where struts exist in your applications? No problem. With software composition analysis, we are able to identify all the libraries you are calling within your application, and we are even able to see what those libraries are calling. If Struts or any other library that poses a risk to your application is identified, we are going to let you know. Whether it be a Common Vulnerability and Exposure (CVE) finding or a Common Weakness Enumeration (CWE) category of flaw, we can identify it using static or dynamic analysis. We can then give you this intelligence so that the next time you are asked where the risk is, you can quickly pull from the data you have proactively collected and provide your CISO the risk data necessary to make quick, informed decisions.

To learn more about managing vulnerabilities, check out our comprehensive application security solutions. ツ?

This Week in Security News: Microsoft Fixes 129 Vulnerabilities for September’s Patch Tuesday and Trend Micro’s XDR Offerings Simplify and Optimize Detection and Response

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about this month’s Patch Tuesday update from Microsoft. Also, learn about Trend Micro’s Worry-Free XDR: a new version of its XDR platform designed to extend the power of correlated detection and response beyond the endpoint for smaller businesses.

Read on:

Exposed Docker Server Abused to Drop Cryptominer, DDoS Bot

Malicious actors continue to target environments running Docker containers. Trend Micro recently encountered an attack that drops both a malicious cryptocurrency miner and a distributed denial-of-service (DDoS) bot on a Docker container built using Alpine Linux as its base image. A similar attack was also reported by Trend Micro in May; in that previous attack, threat actors created a malicious Alpine Linux container to also host a malicious cryptocurrency miner and a DDoS bot.

Microsoft Fixes 129 Vulnerabilities for September’s Patch Tuesday

Microsoft released patches for 129 CVEs (common vulnerabilities and exposures) as part of its monthly Patch Tuesday rollout. Dustin Childs from Trend Micro’s Zero Day Initiative shared that this marks seven consecutive months of more than 110 bugs fixed and brings the yearly total close to 1,000.

Purple Fox EK Relies on Cloudflare for Stability

A year ago, Trend Micro talked about Purple Fox malware being delivered by the Rig exploit kit. Malwarebytes later found evidence that it had its own delivery mechanism, and thus named it the Purple Fox exploit kit. Trend Micro recently found a spike in the Purple Fox exploit kit with improved delivering tactics in our telemetry. Some of the improvements include use of full HTTPS infrastructure based on Cloudflare as frontend, fully encrypted landing page, and disguised redirection.

New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption

A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. Dubbed “Raccoon Attack,” the server-side attack exploits a side-channel in the cryptographic protocol (versions 1.2 and lower) to extract the shared secret key used for secure communications between two parties.

War of Linux Cryptocurrency Miners: A Battle for Resources

The Linux ecosystem is regarded as more secure and reliable than other operating systems, which possibly explains why Google, NASA, and the US Department of Defense (DoD) utilize it for their online infrastructures and systems. Unfortunately, the adoption of Linux systems is also an attractive target for cybercriminals. In this blog, learn about the ruthless battle for computing power among the different cryptocurrency-mining malware that target Linux systems. 

Trend Micro’s XDR Offerings Simplify and Optimize Detection and Response

Trend Micro announced Worry-Free XDR is a new version of its XDR platform designed to extend the power of correlated detection and response beyond the endpoint for smaller businesses. This unmatched channel offering is available now as a standalone or managed solution tailored for SMBs.

Securing Enterprise Security: How to Manage the New Generation of Access Control Devices

Enterprises are increasingly deploying contactless security solutions to control access to their spaces, especially now in the midst of a pandemic. These solutions mostly rely on devices that use facial recognition to manage entry to enterprise premises in an effective and efficient manner. Considering that these access control devices are the first line of defense for employees and assets on enterprise premises, Trend Micro set out to test the security of the devices and to find out whether they are susceptible to cyber as well as physical attacks.

Zeppelin Ransomware Returns with New Trojan on Board

The Zeppelin ransomware has sailed back into relevance, after a hiatus of several months. A wave of attacks were spotted in August by Juniper Threatlab researchers, making use of a new trojan downloader. These, like an initial Zeppelin wave observed in late 2019, start with phishing emails with Microsoft Word attachments (themed as “invoices”) that have malicious macros on board. Once a user enables macros, the infection process starts.

Published New Ebook: Strategic Investment to Secure Smart Factories

Security is undergoing a digital transformation in the manufacturing industry. As the fusion of the cyber world and the physical world progresses, various security issues are mounting. Manufacturing executives must view security as a management issue, not as a system issue. Trend Micro has published an ebook that focuses on security issues in the convergence of IT and OT.

Ransomware Accounted for 41% of All Cyber Insurance Claims in H1 2020

Ransomware incidents have accounted for 41% of cyber insurance claims filed in the first half of 2020, according to a report published today by Coalition, one of the largest providers of cyber insurance services in North America. The high number of claims comes to confirm previous reports from multiple cybersecurity firms that ransomware is one of today’s most prevalent and destructive threats.

What do you think about the Zeppelin ransomware attacks and the rise in ransomware overall? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Microsoft Fixes 129 Vulnerabilities for September’s Patch Tuesday and Trend Micro’s XDR Offerings Simplify and Optimize Detection and Response appeared first on .

Weekly Update 208

Weekly Update 208

The highlight of my week was absolutely getting the Shelly 1 units behind a couple of my light switches working as I'd always dreamed. It just opens up so many automation possibilities that I'm really excited about what I might do in the future with them now. When I get the place to a standard I'm happy with, I'll definitely do a good walkthrough and show how it all works. Until then, this week's update has some general infosec stuff but chief amongst that is the Giggle app situation. So many layers on this one, so many layers...

Weekly Update 208
Weekly Update 208
Weekly Update 208
Weekly Update 208

References

  1. Got the Shelly 1 working absolutely perfectly! (this is precisely what I always envisaged)
  2. Don't say your app is "highly secure" while the browser is literally telling everyone it's "Not Secure" (it's now fixed but still, how do you even start out without HTTPS these days?!)
  3. So apparently Michael McIntyre needed some good new material 🤣 (honestly, I couldn't care less if he actually did, that'd be kinda cool)
  4. If you want to go down a rabbit hole, read my short thread on the Giggle security situation then delve into the tweet threads 😲 (security is one thing, debates on AI detecting females and what makes someone one is quite another)
  5. Sponsored by: The biggest return on security investment is getting your time back. Scale your defenses and regain control with Tines Security Automation.