Category Archives: Financial protection

Web Application Security – A Complete Guide

OCD or just very fond of structure, I must confess that I like pretty much everything around me to be in (a specific) order. Due to this habit, I got used to working mostly with web applications, since I don’t like to have many windows opened on my taskbar and I prefer moving swiftly between my browser’s tabs. Recently, though, I’ve started to wonder: what does this mean in terms of web application security? 

To answer that question, let us start from the beginning and clarify what is a web application in the first place. 

According to SearchSoftwareQuality

A Web application (Web app) is an application program that is stored on a remote server and delivered over the Internet through a browser interface. […] Web applications do not need to be downloaded since they are accessed through a network. Users can access a Web application through a web browser such as Google Chrome, Mozilla Firefox or Safari. For a web app to operate, it needs a Web server, application server, and a database. Web servers manage the requests that come from a client, while the application server completes the requested task. A database can be used to store any needed information.

web application security: the anatomy of a web application Among the benefits of web applications we list:

a. Easier installation and maintenance 

It’s much easier to install, upgrade or maintain a web-based application than a standalone desktop application. Web applications are upgraded in the host servers, and every user can access the updated version as soon as the deployment had finished, without needing to update the application on their PCs. 

b. No download hassles

From an end-user perspective, this is probably the greatest advantage – with web applications, you don’t have to download anything in order to use the service. A compatible browser with Internet access is usually all you need. 

c. Use of less storage space 

When using a web application, you don’t have to worry about how much space and memory it needs on your device. Moreover, they can be accessed from any place in the world where there is an active Internet connection. 

d. Accessible on various platforms  

It’s safe to say that nowadays mobility is a great asset and it sure helps a lot not to depend on a certain device in order to complete your tasks. Web applications can be used on any platform (desktop, laptop, phone, tablet), wherever you are. 

Web applications may be: 

a. Static web applications 

These are the most basic type of web application, created using HTML and CSS. If you need to make any serious changes to it, it’s highly certain that you need to contact the ones who planned and designed it. 

b. Dynamic web applications 

Dynamic web applications can include databases or forums and have the constant ability to update or change the available information. 

c. E-commerce applications

E-commerce apps are more complex than the other two mentioned before, since they need a way to collect electronic payment. 

d. Portal web applications 

Portal web applications include forums, chats, emails etc. and are characterized by many different sections or categories which are accessible by way of a home page. 

e. Animated web applications 

It’s mandatory for this kind of applications to use FLASH technology. Animated web applications do not work with SEO optimization or positioning, because search engines cannot read their information properly. 

f. Content management systems 

Content management systems offer interfaces that can be accessed and updated and are used for personal or corporate blogs, media sites and so on. 

If we want to talk about web application security, though, we must first specify that web applications are related to the supply chain topic, which we covered here. Unfortunately but not surprisingly, as third-parties in your business workflow, web applications can be attacked in various ways, from database manipulation to large-scale network disruption. 

According to DARKReading

Positive Technologies’ analysis unearthed some 70 different types of vulnerabilities in total in Web apps. Security configuration errors—such as default settings, common passwords, full path disclosure, and other information-leak errors—were present in four out of five apps, making this class of vulnerability the most common. Cross-site scripting errors were present in 77% of applications; 74% had authentication-related issues, and more than half (53%) had access control flaws. 

Here are the main web application security threats that you need to be aware of: 

web application security: risks / threats

1. Cross-Site Scripting ( XSS)

In a cross-site scripting attack, hackers inject client-side scripts into webpages to get direct access to important information, to impersonate the user or to trick the user into disclosing sensitive data. If a visitor loads the compromised page, his/her browser may execute the malicious code. This kind of attack is not really the most sophisticated, but it is the most common. 

2. Cross-site request forgery 

This type of attack is a serious web application security vulnerability, involving tricking a user into making a request utilizing their authentication or authorization. By leveraging account privileges, attackers are able to send false requests. The common targets for cross-site request forgeries are the highly privileged accounts, like administrator or executive, which results in the exfiltration, destruction or modification of important information. 

3. Denial-of-Service (DoS) & Distributed denial-of-service (DDoS) attacks 

During a DoS or DDoS attack, hackers try to overload a targeted server or its surrounding infrastructure. When the server is no longer able to effectively process incoming requests, it will start to behave in an irregular manner, denying service to incoming requests from legitimate users. 

4. Data breaches 

Data breaches may occur through malicious actions or by mistake, but the consequence is the same: sensitive or confidential information gets leaked. Depending on the company who is unfortunate enough to experience a data breach, millions of user accounts can get exposed. 

5. Buffer overflow

The term buffer refers to memory storage regions that temporarily hold data during its transfer from one location to another. A buffer overflow/overrun happens when the data volume is bigger than the storage capacity of the memory buffer, which results in adjacent memory locations being overwritten with data. By overwriting the memory of an application, the execution path of the program is changed, which triggers a response that compromises files or exposes sensitive information. Moreover, extra codes that send new instructions to the application may be introduced to get access to the IT systems. 

6. SQL Injection (SQi) 

Structured Query Language (SQL) represents a programming language typically used in relational databases or data stream management systems, being very effective in querying, manipulating, aggregating data and performing an impressive number of other functions. In a SQL Injection attack,  the malicious players exploit vulnerabilities in the way a database executes search queries. 

7. Memory corruption 

Memory corruptions refer to that process in which a location in memory is unintentionally modified, possibly leading into unexpected behaviour. Hackers will try to exploit this by attempting code injections or buffer overflow attacks. 

8. Path traversal

Path traversal attacks refer to the injection of “../” patterns in order to move up in the server directory hierarchy, for the purpose of accessing unauthorized files or directories outside the webroot folder. Successful path traversal attack might allow hackers access to user credentials, configuration files or even databases. 

All these sound pretty alarming, but, fortunately, there are many options you can choose when it comes to web application security and protecting your company by detecting, preventing and responding to attacks. 

Here’s how you can enhance your company’s web application security: 

web application security - advice / precautions

1. Classify Web Applications 

The first thing to do if you want to avoid paying the fiddler is a matter of common sense – you must know the number of web applications your company uses and how are they being used. You cannot build a security system if you don’t know exactly what you need to protect. First step? Make a web applications inventory and try classifying them: very critical, critical, serious, normal. 

2. Apply the Principle of Least Privilege

Access management can make or break web application security. Not all users will need the same set of rights and privileges, so make sure that you confine the higher privileges to only a few. Automated solutions can be of great help here. Our Thor AdminPrivilege™, will make your life a lot easier if you decide to proactively manage, monitor and control privileged account access. 

Heimdal Official Logo

System admins waste 30% of their time manually managing user rights or installations.

Thor AdminPrivilege™

is the automatic Privileged Access Management (PAM) solution
which frees up huge chunks of sys-admin time.
  • Automate the elevation of admin rights on request;
  • Approve or reject escalations with one click;
  • Provide a full audit trail into user behavior;
  • Automatically de-escalate on infection;
Try it for FREE today Offer valid only for companies.
 

3.  Filter User Inputs

Input fields can be found in almost every web application. These sections, where users introduce data (text, images, file attachments), are often attacked in the attempt to corrupt or take over the web application, so make sure that your company uses filters

4. Use Application Monitoring 

By monitoring applications with the help of a web application firewall, you will be able to get some insights regarding what type of traffic flows in, what vulnerabilities are being blocked, what kind of inputs and responses the application is receiving etc. Both of our Thor Vigilance and Thor Premium include the firewall feature and can become your ally in your quest of implementing web application security. 

Heimdal Official Logo

Simple Antivirus protection is no longer enough.

Thor Premium Enterprise

is the multi-layered Endpoint Detection and Response (EDR) approach
to organizational defense.
  • Next-gen Antivirus which stops known threats;
  • DNS traffic filter which stops unknown threats;
  • Automatic patches for your software and apps with no interruptions;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today Offer valid only for companies.

5. Perform Proper Testing 

Testing is a crucial aspect in cybersecurity. When it comes to the web applications your company uses, make sure your security experts perform penetration testing, in order to make sure that there are no logical flaws in the web applications you need to use. 

6. Update the Passwords Frequently 

This is another simple safety measure that every web application user can adopt. In order to stay safe is mandatory to use strong passwords that include special characters, numbers and letters. We wrote more about this topic here and here. In addition to strong passwords, a two-factor authentication method will make your accounts even more secure and will drastically reduce the cybercriminals’ chances to successfully attack your company. 

7. Properly Handle Sessions 

Web sessions consist of a series of HTTP requests and the responses of a user, in a certain period of time. Web application sessions are user-initiated and last till the end of the communication between two systems over a network. It’s important to properly handle these sessions if you want to avoid session hijackings, session sniffing, and cross-site scripting attacks.

8. Don’t Forget about Cookies 

Cookies are crucial for web application security, and yet they are often overlooked. They provide excellent cyber attacks targets since they contain valuable information which helps users to be remembered by the sites they visit. To avoid any nuisances, try not to use cookies to store sensitive information or consider encrypting it and don’t forget to always monitor and control the cookies’ expiry dates. 

Conclusion 

As Dafydd Stuttard and Marcus Pinto say in their book, The Web Application Hacker’s Handbook

There is no doubt that web application security is a current and very newsworthy subject. For all concerned, the stakes are high: for businesses that derive increasing revenue from Internet commerce, for users who trust web applications with sensitive information, and for criminals who can make big money by stealing payment details or compromising bank accounts. 

Please remember that Heimdal™ Security always has your back and that our team is here to help you protect your home and your company and to create a cybersecurity culture to the benefit of anyone who wants to learn more about it. 

Drop a line below if you have any comments, questions or suggestions – we are all ears and can’t wait to hear your opinion!

The post Web Application Security – A Complete Guide appeared first on Heimdal Security Blog.

Privileged Account Management 101: How Can Privileged Accounts Compromise Your Security

When it comes to privileged account management (PAM), you might want to know: 

– what is a privileged account? 

– does it have any connection to “privileged access management” (also PAM)? 

– how do privileged accounts benefit your company?

– how many /what types of privileged account are there? 

– how can privileged accounts compromise your security?

– what can you do to ensure the cybersecurity of your company? 

If so, you have come to the right place – we will answer all this and more in the following lines. 

First, let us clarify that we call privileged accounts those accounts that have the most power inside an IT department and are used by the team to set up the IT infrastructure, to install new software or hardware, to run critical services or to conduct maintenance operations. To put it simply, privileged accounts can access an organization’s highly classified IT assets and the sensitive information stored within them. 

privileged account management - concept

Source: Teiss

As the acronym suggests, privileged account management is related to privileged access management: privileged access management tools monitor privileged accounts in order to ensure business safety. We wrote more about this here. You can also get into this further by learning more about the Zero Trust model, Insider Threats, why removing admin rights closes critical vulnerabilities in your organization, the Principle of Least Privilege (PoLP), and Identity and Access Governance.

How does privileged account management benefit your company? In several ways:

– it helps you maintain a complete list of active privileged accounts in your network, updating it whenever new accounts are created. 

– privileged identities (e.g. passwords) are stored in secure vaults. 

– enforce strict IT policies regarding password complexity, frequency of password rest, automatic reset, etc. 

– securely shares privileged accounts, granting every user the minimal permissions to fulfill their tasks. 

– monitors and records all privileged users in real-time.

– audits all identity-related operations: user logins, password access attempts, reset actions, etc.   

How many / what types of privileged accounts are there? 

Well, overall, privileged accounts can install system hardware/software, make changes in IT infrastructure systems, log into all machines in an environment, access sensitive data, reset passwords for others. 

privileged account management - tasks

They can be:

1. Local Administrative Accounts 

Non-personal accounts, which provide administrative access only to the localhost or instance. Local admin accounts are used for maintenance on servers, network devices, databases, etc. and usually have the same password across the entire organization. Local Administrative Accounts are the first accounts created during system installation and some companies give their credentials to every employee, which makes them easy targets. Default Administrative accounts cannot be deleted or locked out, only renamed or disabled. 

2. Privileged User Accounts 

These are named credentials that have been granted administrative privileges on one or more systems. They have unique and complex passwords, yet they must be constantly monitored and secured since they have access to very sensitive privileged data. 

3. Domain Administrative Accounts 

They have access across all workstations and servers, offering complete control and the ability to modify every administrative account, which makes them the most sensitive target of a cyber attack in an organization.  The access and usage to domain administrative accounts should be granted only on-demand, with additional security controls and their activity should be fully monitored and audited. 

4. Emergency Accounts

Also known as “fire calls” or “break-glass” accounts, they describe the situation in which an unprivileged user gets administrative access to secure systems, in case of emergency. For obvious security reasons, they require managerial approval. Emergency accounts are also helpful when it comes to restricting compromised accounts from being continuously abused. 

5. Service Accounts 

Service accounts are privileged local or domain accounts used by applications or services to communicate with the operating system. Coordinating their password changes is difficult because they can interact with many Windows components – not to mention that changing their passwords hardly ever happens. Also, this kind of privileged account does not expire. 

6. Active Directory or Domain Service Accounts 

Active Directory Domain Services represent the core functions that allow sysadmins to organize data into a logical hierarchy. Changing passwords here is a complicated job since they require coordination across multiple systems – this operation breaks the application(s) almost every time until the account is synced across the environment. 

7. Application Accounts

These allow applications to access databases, run batch jobs or scripts, or to provide access to other applications. Usually, they have broad access, so the passwords for this type of accounts are embedded and stored in unencrypted text files, which poses a significant risk to any organization. By compromising Application accounts, hackers can gain remote access, modify system binaries, or even elevate standard accounts to privileged. 

How can privileged accounts compromise your security?

According to the Netwrix Blog, “privileged user accounts are dangerous because they are so powerful, and that power can be misused in several different ways.” Specifically, 

1. Unintentionally

Unauthorized modifications to critical data can happen without thinking at any time. Plus, files that store sensitive data can be shared without checking the legitimacy of the business need, getting you in serious trouble. 

2. Maliciously 

Privileged accounts do have legitimate access rights, so if they engage in malicious actions, these would be pretty difficult to spot – if someone even thinks to check at all. Malicious use of privileged accounts is a serious threat, since these users’ activity may not be closely monitored or they usually have the expertise to dodge controls and do maximum damage without leaving any trace. 

3. By attackers 

Cyber attackers use a variety of techniques to obtain the powerful credentials of privileged accounts. Phishing, brute force or coercion are the most familiar. As the Netwrix Blog writes, 

The legitimate owner or user of the account might not even realize the account has been hijacked until it’s too late. Attacks often unfold like this: A hacker breaches the perimeter, takes control of a user’s PC, silently steals any privileged credentials cached there, and then moves from machine to machine looking for additional privileged users to hijack. In fact, hackers often dwell in the network undetected for months, steadily elevating their privileges until they are powerful enough to steal the organization’s intelligence.

As with almost everything in life, precaution is the key. But where do we start when we need to avoid serious privileged account management problems? 

Here are 5 key aspects you must consider in order to avoid privileged account management issues: 

1. Do you know all the privileged accounts in your company?

More than 50% of data breaches involve the use of privileged account access. If you don’t have a clear view of all the privileged accounts in your company, there’s a high probability you’ll have to deal with such a breach. Moreover, your security team must be able to apply the right controls to new systems and applications. 

2. Can you properly secure privileged credentials? 

Privileged credentials should not be shared among IT admins and should not be visible to end-user admins. Passwords and secure shell (SSH) keys should be rotated, random and should expire regularly – you don’t want static passwords to offer cyberattackers root access to your systems and data. If you do not take care of this aspect and do not use the principle of least privilege and multifactor authentication, phishing or man-in-the-middle attacks (no, not winter) might be coming. 

3. Can you identify privileged account use irregularities?

You should be able to monitor privileged accounts for any unusual behaviours and log activity information for later reviews. This should help you draw up a baseline of normal behaviour, which will help you catch deviations and, if need be, trigger alerts. The faster you detect an unusual incident, the better. 

4. Can you take quick action when you find suspicious activity?

As we said, the faster you detect a privileged account management irregularity, the better. Try to make sure that you can automatically shut down a privileged session based on unusual activity. It is not recommended to this manually,  because this might leave the attacker enough time to provoke irreparable damage.  

5. Can you recover/restore data after an incident? 

It is crucial to recover and restore data quickly after a data breach or system failure. The same goes for credentials – recovering them after an attack allows you to maintain control. A PAM solution can help you with this. 

Bearing this in mind…

Here are some precautions you can take in order to avoid compromised privileged account management: 

privileged account management - advice

1. Provide training to all your employees 

All your employees should be able to recognize suspicious or unsecure behaviour. This aspect is particularly important nowadays, since phishing and social engineering attacks are getting more sophisticated and more and more personal devices are being used for business purpose. 

2. Be proactive

Make a habit of actively monitoring and routinely auditing any privileged user accounts with elevated permissions, de-credential user accounts that no longer require elevated permissions, set appropriate expiration dates in order to avoid accumulated privileges. 

It’s also useful to perform a data risk evaluation in order to know exactly what privileged accounts have access to sensitive data, because those accounts need higher security scrutiny and protocol. 

3. Always change default credentials 

It’s mandatory to change default credentials when you set up a new account, application or system. Default credentials like “admin” or “12345” are always a top priority for hackers because they are, obviously, totally easy to crack. 

4. Adopt least privilege policies 

Although some users sometimes need more rights and have more responsibilities than regular users, there are times when they’re over-privileged. It’s better to configure a standard user and then elevate their privileges when needed. 

5. Analyze behaviour 

Look for any anomaly regarding when, from where, and how privileged accounts are used. You will only notice the irregularities if you first establish what normal looks like. 

6. Consider automation 

Automated solutions, like our Thor AdminPrivilege™, will make your life a lot easier because they help you proactively manage, monitor and control privileged account access. A Privileged Access Management tool is vital for scalability and it’s not only about managing user rights, but also about the fast flow of software installs, about logs and audit trail, about achieving data protection compliance. 

Heimdal Official Logo

System admins waste 30% of their time manually managing user rights or installations.

Thor AdminPrivilege™

is the automatic Privileged Access Management (PAM) solution
which frees up huge chunks of sys-admin time.
  • Automate the elevation of admin rights on request;
  • Approve or reject escalations with one click;
  • Provide a full audit trail into user behavior;
  • Automatically de-escalate on infection;
Try it for FREE today Offer valid only for companies.

7. Don’t forget to protect your endpoints

You need an endpoint protection solution in order to keep malicious code that might get into your system from running. Thor Foresight Enterprise can help you prevent exploits, ransomware and data leakage at DNS level and hunt, detect and respond to threats faster. 

Heimdal Official Logo

Antivirus is no longer enough to keep an organization’s systems secure.

Thor Foresight Enterprise

Is our next gen proactive shield that stops unknown threats
before they reach your system.
  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Automatic patches for your software and apps with no interruptions;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today Offer valid only for companies.

You can also make sure that your company is protected against any dangerous emails your privileged users might receive with MailSentry Fraud Prevention, which notifies you about fraud attempts, business email compromise (BEC) and impersonation. 

Heimdal Official Logo

Email communications are the first entry point into an organization’s systems.

MailSentry

is the next-level mail protection system which secures all your
incoming and outgoing comunications
  • Deep content scanning for attachments and links;
  • Phishing, spear phishing and man-in-the-email attacks;
  • Advanced spam filters which protect against sophisticated attacks;
  • Fraud prevention system against Business Email Compromise (BEC);
Try it for FREE today Offer valid only for companies.

8. Record sessions 

If an attacker manages to obtain access to your system, you must be able to determine to which purpose he used the credentials, if any data got exfiltrated, if malware was inserted into any of your servers, which databases were compromised.  Thor AdminPrivilege™ can also help you with this aspect. 

Wrapping Up…

As Security Intelligence says, “Privileged account management (PAM) is emerging as one of the hottest topics in cybersecurity — and it’s easy to understand why. Cybercriminals are relentless when it comes to finding and compromising their targets’ privileged credentials to gain unfettered access to critical assets.” You should have some peace of mind, though, if you adopt a proactive attitude and take safety measures. 

Also, please remember that Heimdal™ Security always has your back too and that our team is here to help you protect your home and your company and to create a cybersecurity culture to the benefit of anyone who wants to learn more about it. 

Drop a line below if you have any comments, questions or suggestions – we are all ears and can’t wait to hear your opinion!

The post Privileged Account Management 101: How Can Privileged Accounts Compromise Your Security appeared first on Heimdal Security Blog.

Cloud Computing Threats: Beyond Vulnerabilities

When you hear the term cloud computing, know that it has little to do with the famous cloud number 9 some sing about – it is a key concept in the current and future evolution of technology. Like everything else, though, it has its strengths and downsides, so let us have a closer look at some of the most relevant cloud computing threats and vulnerabilities, not without first defining the notion. 

According to Edwards Zamora

Cloud computing consists of the set of systems and services working in unison to provide distributed, flexible, and measurable resources to consumers of cloud services. The National Institute of Standards and Technology (NIST) defines cloud computing as a model that consists of on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service (Mell & Grance, 2011). Essentially, cloud computing allows consumers to provision for themselves resources available from a cloud services provider. Consumers are able to access their cloud resources from a wide variety of devices including mobile, thin clients, and traditional desktops. […] Physical and virtual systems are combined to provide consumers with resources dynamically without the user needing to know the details of how it all works.

cloud computing threats and vulnerabilities - cloud computing concept 1

Source: Cloud Testing Methodology,  Edward Zamora  

As i-SCOOP notes: 

Cloud computing is also one of the essential enablers of Industry 4.0, has been shaping the software and business applications market for over a decade, has an important place in the development of the Internet of Things and is essential to manage data, including big data, to give just a few examples.

cloud computing threats and vulnerabilities - cloud computing metaphor

 

Cloud technology is also used for hosting popular services like e-mail, social media, business applications. The average person checks their phone 221 times per day to look at e-mails, browse the Internet or use smartphone applications. Besides, 82% of large enterprises are now using cloud computing and up to 78% of small businesses are expected to adopt cloud technology in the next few years. 

Depending on the delivery methods, the 4 main cloud delivery models are the following: 

Public Cloud – owned and operated by a third-party provider, can be used by everyone, so it’s publicly accessible. Examples: Microsoft Azure, Google. 

Private Cloud – a distinct cloud, whose main key trait is privacy, which can be used in several ways by a specific organization. 

Hybrid Cloud – a computing environment which combines a public cloud and a private one (or more) by allowing the exchange of data and applications between them. 

Community Cloud – a cloud used by a community of people with, possibly, shared or common profiles, for a common shared purpose. 

Depending on the types of services and resources a customer subscribes to, here are the 3 main cloud services available: 

Software as a Service (SaaS). The choice of most businesses, SaaS utilizes the Internet to deliver applications that are managed by a third-party vendor to the users. Many SaaS applications run directly through the web browser, meaning they do not require to be downloaded or installed. 

SaaS is the best option for: 

– short-term projects that require quick, easy and affordable collaboration. 

– startups or small companies that need to launch e-commerce quickly. 

– applications that need both web and mobile access. 

– applications that aren’t needed very often. 

Platform as a Service (PaaS). Cloud platform services deliver a platform that can be modified by developers to create customized applications. 

PaaS is particularly useful when:

– multiple developers are working on the same development project. 

– other vendors must be included, PaaS providing great speed and flexibility to the whole process. 

– you need to create customized applications. 

– you are rapidly developing and deploying an application, because it can reduce costs and simplify challenges. 

Infrastructure as a Service (IaaS). Cloud infrastructure services are made of highly scalable and automated compute resources. IaaS is self-service for accessing and monitoring computers, networking, storage and so on, allowing businesses to purchase resources on-demand. 

IaaS is most advantageous:

– for small companies or startups, to avoid spending time and money on purchasing and creating hardware and software. 

–  for larger companies, who want to purchase only what they actually consume / need. 

– for companies who experience rapid growth and want to change out easily specific hardware and software. 

cloud computing threats and vulnerabilities - cloud service models

Among the benefits of cloud computing we mention: 

A. Mobility

Cloud computing allows mobile access to your company’s data via various types of devices – smartphones, tablets, laptops, which is particularly useful in the context of the Coronavirus and work from home policy. 

B. Easy to scale server resources

Most cloud servers provide access to an intuitive site management dashboard where you can view your site’s performance in real-time. Server resources can be scaled up or down on the spot, without having to wait for your hosting provider’s approval.   

C. Safety from server hardware issues and loss prevention

By choosing a cloud service you make sure you avoid any physical server issue like hacking, hardware failure or system overload. We could also include here natural disasters or fires that could destroy your equipment. Most cloud-based services provide data recovery for all kinds of emergency scenarios, from natural disasters to power outages. 

D. Faster website speed and performance 

Usually, a cloud server should equal whipping speed, which will allow you to increase your site’s capacity, providing you with a great competitive edge. 

E. Automatic software updates 

Any busy man knows how irritating having to wait for system updates to be installed is. Instead of forcing an IT department to perform a manual, organisation-wide, update, cloud-based applications automatically refresh and update themselves.   

F. Sustainability 

If you aim to have a positive impact from an environmental point of view too, bear in mind that by choosing cloud computing you help cut down on paper waste,  improve energy efficiency and reduce commuter-related emissions.  

As I already mentioned, cloud computing can bring amazing benefits to companies, but it also has its downsides. If we want to discuss cloud computing threats and vulnerabilities, though, we must not forget the context of the times we live in. 

According to Gartner

The shortage of technical security staff, the rapid migration to cloud computing, regulatory compliance requirements and the unrelenting evolution of threats continue to be the most significant ongoing major security challenges. However, responding to COVID-19 remains the biggest challenge for most security organizations in 2020. 

“The pandemic, and its resulting changes to the business world, accelerated digitalization of business processes, endpoint mobility and the expansion of cloud computing in most organizations, revealing legacy thinking and technologies,” says Peter Firstbrook, VP Analyst, Gartner.

Here are the main cloud computing threats and vulnerabilities your company needs to be aware of:

1. Lack of Strategy and Architecture for Cloud Security 

Many companies become operational long before the security strategies and systems are in place to protect the infrastructure, in their haste to migrate to the cloud. 

2. Misconfiguration of Cloud Services 

Misconfiguration of cloud services is a growing cloud computing threat you must pay attention to. It is usually caused by keeping the default security and access management settings. If this happens, important data can be publicly exposed, manipulated or deleted. 

3. Visibility Loss 

Cloud services can be accessed through multiple devices, departments and geographic places. This kind of complexity might cause you to lose sight of who is using your cloud services and what they are accessing, uploading or downloading. 

4. Compliance Violation 

In most cases, compliance regulations require your company to know where your data is, who has access to it, how it is processed and protected. Even your cloud provider can be asked to hold certain compliance credentials. Thus, a careless transfer of your data to the cloud or moving to the wrong provider can bring potentially serious legal and financial repercussions. 

5. Contractual Breaches 

Any contractual partnerships you have or will develop will include some restrictions on how any shared data is used, how it is stored and who has authorized access to it. Unknowingly moving restricted data into a cloud service whose providers include the right to share any data uploaded into their infrastructure could create a breach of contract, which could lead to legal actions. 

6. Insecure Application User Interface (API) 

Operating systems in a cloud infrastructure is sometimes done through an API that helps to implement control. API’s are sets of programming codes that enable data transmission between one software product and another and contains the terms of this data exchange. 

Application Programming Interfaces (API) have two components: technical specification describing the data exchange options, in the form of a request for processing and data delivery protocols, and the software interface written to the specification that represents it. 

cloud computing threats and vulnerabilities - how does API works

Source: Medium 

Any API can be accessed internally by your staff and externally by consumers – the external-facing API can represent a cloud computing threat. Any insecure external API might become a gateway for unauthorized access to cybercriminals who might steal data and manipulate services. 

7. Insider Threats 

Your employees, contractors and business partners can, without having any malicious intent, become some of your biggest security risks due to a lack of training and negligence, as we have already shown. Moving to the cloud introduces a new layer of insider threat, from the cloud service provider’s employees. 

Since it is clear, although there are so many threats and vulnerabilities, that cloud computing could be really helpful to any company if used correctly and that it is here to stay, let us now mention some of the safety measures you can take. 

Here’s what you can do to efficiently combat cloud computing threats and vulnerabilities: 

1. Manage User Access

Not every employee needs access to every application, file or bit of information. By setting proper levels of authorization you make sure that everyone gets to view or manipulate only the data and the applications necessary for them to do their job. 

2. Deploy Multi-Factor Authentication 

Stolen credentials are one of the most common methods hackers use to get access to your company’s online data. Protect it by deploying multi-factor authentication and make sure that only authorized personnel can log in and access data. 

3. Detect Intruders with Automated Solutions that Monitor and Analyze User Activity 

Abnormal activities can indicate a breach in your system, so try using automated solutions that can help you spot irregularities by monitoring and analyzing user activities in real-time. This is a very efficient tool in the combat against cloud computing threats and vulnerabilities. 

4. Consider Cloud to Cloud Back-Up Solutions 

The chances of losing data because of your cloud provider’s mistake are pretty low – unlike losing them due to human error. Check with your cloud provider for how long they store deleted data, if there are any fees to restore it or turn to a cloud to cloud back-up solution. 

5. Provide Anti-Phishing Training for Employees 

The Heimdal™ Security team is very fond of education – we really believe that knowledge is power and that many things can be confronted if we know about them and try our best to prevent them. It goes without saying that we recommend you to discuss with all your employees about the dangers of phishing. (We actually wrote more about this herehere and here.)

6. Develop an Off-Boarding Process to Protect against Departing Employees 

Always make sure that the employees that leave your company can no longer access your systems, data or customer information by revoking all the access rights. You can manage this internally or outsource the task to someone who knows how to implement the process. 

Heimdal™ Security can also help. Here’s how! 

In our opinion, you can choose between 3 approaches – or opt for all of them if you want top cybersecurity for your company:

Manage user access with Thor AdminPrivilege™ , our Privileged Access Management (PAM) software which helps your organization achieve not just better cybersecurity, but also full compliance and higher productivity. Thor AdminPrivilege™ will allow your system admins to approve or deny user requests from anywhere or set up an automated flow from the centralized dashboard.  Moreover, all the activity will be logged for a full audit trail. 

Heimdal Official Logo

System admins waste 30% of their time manually managing user rights or installations.

Thor AdminPrivilege™

is the automatic Privileged Access Management (PAM) solution
which frees up huge chunks of sys-admin time.
  • Automate the elevation of admin rights on request;
  • Approve or reject escalations with one click;
  • Provide a full audit trail into user behavior;
  • Automatically de-escalate on infection;
Try it for FREE today Offer valid only for companies.

Prevent any phishing attempt with MailSentry Fraud Prevention, our revolutionary communications protection system which alerts you to fraud attempts, business email compromise (BEC) and impersonation. MailSentry Fraud Prevention monitors all of your e-mails, can detect BEC, CEO frauds phishing attempts and Imposter Threats, offering you live monitoring and alerting 24/7 from a specialist fraud team. 

Heimdal Official Logo

Email communications are the first entry point into an organization’s systems.

MailSentry

is the next-level mail protection system which secures all your
incoming and outgoing comunications
  • Deep content scanning for attachments and links;
  • Phishing, spear phishing and man-in-the-email attacks;
  • Advanced spam filters which protect against sophisticated attacks;
  • Fraud prevention system against Business Email Compromise (BEC);
Try it for FREE today Offer valid only for companies.

Enjoy the benefits of a complete endpoint security solution with Thor Premium Enterprise, our multi-layered security suite that brings together threat hunting, prevention, and mitigation, securing any device that connects to your cloud.

Heimdal Official Logo

Simple Antivirus protection is no longer enough.

Thor Premium Enterprise

is the multi-layered Endpoint Detection and Response (EDR) approach
to organizational defense.
  • Next-gen Antivirus which stops known threats;
  • DNS traffic filter which stops unknown threats;
  • Automatic patches for your software and apps with no interruptions;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today Offer valid only for companies.

Whatever you choose, please remember that Heimdal™ Security always has your back and that our team is here to help you protect your home and your company and to create a cybersecurity culture to the benefit of anyone who wants to learn more about it. 

Drop a line below if you have any comments, questions or suggestions – we are all ears and can’t wait to hear your opinion!

The post Cloud Computing Threats: Beyond Vulnerabilities appeared first on Heimdal Security Blog.

Patch Tuesday (July 2020): Microsoft Fixes a 17-Year-Old Flaw Found in Windows DNS Servers

The recurring monthly security updates from Microsoft are now out. In the July 2020 Patch Tuesday, the Redmond giant released updates to fix 123 vulnerabilities found in Windows and other software. The most notable one is a critical, wormable vulnerability spotted in Windows Server versions from 2003 to 2019. According to Microsoft, the flaw could be exploited anytime soon, so it’s crucial for all organizations to patch their systems as soon as possible as an entire organization’s network could become compromised.

Even though none of the vulnerabilities have been spotted being exploited in the wild so far, we urge you to prioritize this serious security issue and apply your updates immediately!

CVE-2020-1350 has been given a CVSS severity score of 10.0

CVE-2020-1350, dubbed SigRed, is the most recent major concern for system administrators in charge of patching. This is a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that has been classified as a wormable (self-propagating) vulnerability.

It has been rated by Microsoft with a CVSS base score of 10.0, being the result of a flaw in Microsoft’s DNS server role implementation. It affects all Windows Server versions (keep in mind that non-Microsoft DNS Servers are not affected). Basically, an exploitable vulnerability in Windows Server could allow attackers to install malware by sending a specially crafted DNS request.

Heimdal Official Logo

Antivirus is no longer enough to keep an organization’s systems secure.

Thor Foresight Enterprise

Is our next gen proactive shield that stops unknown threats
before they reach your system.
  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Automatic patches for your software and apps with no interruptions;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today Offer valid only for companies.

Why is this vulnerability highly dangerous?

All wormable vulnerabilities can be passed on from endpoint to endpoint through malware without the need for any user interaction. The Windows DNS server is the main network component and if a compromised user with elevated privilege becomes compromised, the attacker could also be granted admin rights. In some cases, the vulnerability can be leveraged remotely through the browser. The attacker could take control of the server and perform malicious actions such as gain complete access to the network, steal the employees’ credentials, etc.

No one has reported the weakness having been exploited in the wild (as of yet), but Microsoft still advises everyone to apply the updates.

“While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible”.

“DNS is a foundational networking component and commonly installed on Domain Controllers, so a compromise could lead to significant service interruptions and the compromise of high-level domain accounts.”, writes Microsoft.

As reported by ZDNet, the issue has been lingering in Microsoft’s code for 17 years, yet there is no evidence that it has ever been abused in the real world.

Is there a workaround for SigRed?

Even though we don’t advise you to delay the patching process, if you are unable to quickly apply the patches, there is a registry-based workaround available that can be implemented without requiring an administrator to restart the server.

You can find guidance for the DNS Server Vulnerability CVE-2020-1350 on Microsoft’s support page until you manage to apply the patch over the next few days.

What you need to do is make the following registry change to restrict the size of the largest inbound TCP-based DNS response packet allowed:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v "TcpReceivePacketSize" /t REG_DWORD /d 0xFF00 /f
net stop DNS && net start DNS

Once you apply this temporary workaround, a Windows DNS server will not be able to resolve DNS names for its clients when the DNS response is larger than 65280 bytes.

What other flaws are addressed in the July 2020 Patch Tuesday

CVE-2020-1350 is not the only alarming vulnerability fixed in this month’s Patch Tuesday. Another 17 critical vulnerabilities found in Microsoft software could allow for remote code execution without user intervention.

In most cases, users whose accounts have fewer rights on the system would be less impacted than the ones who have been granted admin rights. This means that attackers could perform malicious actions on behalf of the targeted user, should they be operating with elevated permissions.

Referring to the July 2020 Patch Tuesday, we would like to point out the vulnerabilities below.

Should they become successfully exploited, they would allow for Remote Code Execution. This month’s security updates address the vulnerabilities by correcting how each piece of software handles files in memory.

Heimdal Official Logo

System admins waste 30% of their time manually managing user rights or installations.

Thor AdminPrivilege™

is the automatic Privileged Access Management (PAM) solution
which frees up huge chunks of sys-admin time.
  • Automate the elevation of admin rights on request;
  • Approve or reject escalations with one click;
  • Provide a full audit trail into user behavior;
  • Automatically de-escalate on infection;
Try it for FREE today Offer valid only for companies.

Conclusion

HeimdalTM Security customers using either Thor Foresight Enterprise (or its built-in X-Ploit Resiliece module) with automatic updates turned on do not need to take any action, as they are fully protected.

X-Ploit Resilience is the easiest solution to patch management with customizable set-and-forget settings for Automatic deployment of software and updates, which guarantees full compliance and a CVE/CVSS audit trail. We deliver updates fully repackaged, ad-free, and tested, using encrypted packages through HTTPS transfers. The distribution is also optimized locally using a P2P network between the customer’s own endpoints, and the software center allows customers to remove admin rights and permit their users to click-and-install pre-approved software only.

Get in touch with us today and learn how patch management can truly become easy!

The post Patch Tuesday (July 2020): Microsoft Fixes a 17-Year-Old Flaw Found in Windows DNS Servers appeared first on Heimdal Security Blog.