Archive for November 11, 2021

Cybrella Partners With Neosec To Protect Today’s API-Driven Business Applications

Posted in Commentary with tags on November 11, 2021 by itnerd

Cybrella, a leading provider of specialized cybersecurity professional services utilizing in-depth knowledge of the attack landscape, today announced a partnership with Neosec to provide AI-based API security as part of the company’s services. The new partnership enables Cybrella’s customers to discover all APIs in use across their organization, analyze the behavior of those APIs, and prevent abuse or cyberthreats that may be exploiting them.

Modern applications are essentially all API-driven, and they frequently expose confidential and proprietary information through these North-south APIs as the company communicates with partners, suppliers, and other users. This presents a new attack surface that puts businesses at risk in a new and fundamentally different way. Conventional application security techniques are largely irrelevant against API exploits and abuses. However, Neosec’s new and innovative AI-based API Security Platform is an ideal solution to help businesses address these new API-based threats. Designed specifically to discover and secure all APIs used across the organization, without agents or sensors, Neosec gives security professionals visibility and control over their API infrastructure—preventing abuses and cyberattacks.

Organizations that contract with Cybrella for CISO as a Service, Application Security, or other cybersecurity services, can now benefit from Neosec’s innovative AI-based API security. This new partnership adds the following advantages for Cybrella customers:

  • API Discovery: Locate API usage across the entire enterprise, including those previously unknown.
  • Pinpoint Vulnerabilities: Identify those API’s within the organization that have vulnerabilities, misconfigurations, or that exhibit other risks.
  • Fraud Reduction: Find unauthorized use or abuse of financial and other transactions.
  • Prevent Data Leakage: Detect data exfiltration and regulatory compliance violations.
  • Improved Customer Experience: Improve partner and customer experiences through better API performance and a reduction in errors.
  • Cloud-Based and Seamless Integration: An open and extensible SaaS solution that layers on top of your enterprise core security stack to provide a total integrated solution.
  • Implemented and Managed by Cybrella’s Experts: Cybrella’s Application Security and CISO as a Service packages remove the complexities of installation and on-going administration.

Application Security Services and Advisory CISO Services

Cybrella provides the deep security skill sets that organizations typically lack, and engages with existing staff to properly assess security needs, develop appropriate policies, and clearly define responsibilities. The company works closely with its clients and educates their employees in the process of developing and maintaining secure applications, including the use of APIs. In addition to Application Security Services, Cybrella’s Advisory CISO Service provides customers who lack in-house expertise with a dedicated CISO that operates as an integral part of their organization. The newly added API protection available through the Neosec partnership greatly contributes to both services. The Neosec platform adds an entirely new and powerful dimension to application security and provides CISOs and other network defenders with the visibility required to secure all of their API based interactions.

With these optimized security services and the Neosec platform, businesses can get the most out of every corporate dollar.

Acalvio’s ShadowPlex Product Named a Leader in Deception Technologies by KuppingerCole

Posted in Commentary with tags on November 11, 2021 by itnerd

Acalvio Technologies today announced that ShadowPlex, the award-winning autonomous deception product, was named a leader in the KuppingerCole Leadership Compass report for Distributed Deception Platforms. Additionally, ShadowPlex received the highest Security rating among all five deception products evaluated in the report. 

KuppingerCole Leadership Compass report rates the deception companies on product leadership, innovation leadership, market leadership and overall leadership. Acalvio’s ShadowPlex is named a “Leader” in each of the four categories. Acalvio ShadowPlex provides early detection of advanced threats with precision and speed. Built on 26+ issued patents, it delivers distributed deception at enterprise scale, across on-premises and cloud workloads, for both IT and OT environments. 

Deception technology has been widely recognized by industry analysts and government think tanks as the leading technology to provide Active Defense, which not only counters current attacks but also engages and learns about the adversary TTPs (tactics, techniques, and procedures).  Deception is designed to attract attackers, with access credentials cached on enterprise hosts. Attackers may also bring zero-day exploits to compromise decoys and gain privileged access. The decoys now become a security risk – once an attacker compromises a decoy, the attacker may use the decoy as a base to launch pivot-back attacks into the enterprise network.  Further, if the deception solution requires that decoys have multiple network interfaces, attackers can bridge over to other subnets, magnifying the problem.  

ShadowPlex patented Deception Farms architecture provides a novel and secure approach to attacker containment, using SDN (Software Defined Network)-based policy enforcement. The unbreakable containment provided in ShadowPlex resides outside the decoy in the SDN switch and hence cannot be overridden by an attacker. In addition, ShadowPlex is agentless. The patented innovations make ShadowPlex the most secure and scalable distributed deception product.

ShadowPlex is the first and only deception product to achieve the FedRAMP Ready rating and be listed in the Federal Marketplace, and pass the rigorous security controls designed to protect customer data.  

Apple Introduces Apple Business Essentials

Posted in Commentary with tags on November 11, 2021 by itnerd

Apple today announced Apple Business Essentials, an all-new service that brings together device management, 24/7 Apple Support, and iCloud storage into flexible subscription plans for small businesses with up to 500 employees. The company also unveiled a new Apple Business Essentials app that enables employees to install apps for work and request support.

Apple Business Essentials saves precious time for small businesses as they grow. Available today in beta, the service supports small businesses through the total device management life cycle — from device setup to employee onboarding and device upgrades — while providing strong security, prioritized support, and secure data storage and backup.

Apple Business Essentials is a complete solution that makes employee onboarding simple, allowing a small business to easily configure, deploy, and manage Apple products from anywhere.

Within Apple Business Essentials, Collections enable IT personnel to configure settings and apps for individual users, groups, or devices. When employees sign in to their corporate or personally owned device with their work credentials, Collections automatically push settings such as VPN configurations and Wi-Fi passwords. In addition, Collections will install the new Apple Business Essentials app on each employee’s home screen, where they can download corporate apps assigned to them, such as Cisco Webex or Microsoft Word.

With Apple Business Essentials, it’s simple to maintain strong security across the organization. IT managers can enforce critical security settings such as FileVault for full-disk encryption on Mac, and Activation Lock to protect devices that may be lost or stolen — and Apple Business Essentials ensures these aren’t turned off by mistake. When employees use a personal device at work, User Enrollment creates cryptographic separation for work data, to ensure employee data remains private while company data remains secure.

In addition to streamlined setup and onboarding, Apple Business Essentials provides a dedicated iCloud account for work, providing simple and secure storage, backup, and collaboration on files and documents. Business data in iCloud is automatically stored and backed up, making it easy to move between devices or upgrade to a new device.

Businesses have the option to add fast and reliable service for employee devices with prioritized Apple Support. When a business adds AppleCare+ for Business Essentials to its plan, they get 24/7 access to phone support, training for both IT administrators and employees, and up to two device repairs per plan each year. Employees can initiate repairs directly from the new Apple Business Essentials app, and an Apple-trained technician can come onsite in as little as four hours to get their devices back up and running.

A set of three simple Apple Business Essentials plans enable businesses to cover every employee and device in their organization. Plans can be customized to support each user with up to three devices and up to 2TB of secure storage in iCloud, starting at $2.99 per month, with optional AppleCare+ for Apple Business Essentials.

Apple Business Essentials is available as a free beta starting today in the US. The service will be fully available in the spring of 2022. To sign up for the beta, visit apple.com/business/essentials.

FBI Warns Iranian Hackers Are Targeting US Orgs Stolen Data

Posted in Commentary with tags on November 11, 2021 by itnerd

Bleeping Computer is reporting “FBI warns of Iranian hackers looking to buy US orgs’ stolen data”. The FBI warning came in a Private Industry Notification (PIN) to private industry partners warning threat actors will likely use leaked data bought from clear and dark web sources to breach systems of related organizations. The FBI is warning organizations that had data stolen or leaked online before of being targeted in future attacks coordinated by this unnamed Iranian threat actor:

Orgs at risk are advised to take mitigation measures to block hacking attempts by securing Remote Desktop Protocol (RDP) servers, Web Application Firewalls, and Kentico CMS installations targeted by this adversary.

Among the Tactics, Techniques, and Procedures (TTPs) used in attacks by this threat actor since May 2021, the FBI mentions the use of auto-exploiter tools used to compromise WordPress sites to deploy web shells, breaching RDP servers and using them to maintain access to victims’ networks.

This threat actor is also attempting to breach supervisory control and data acquisition (SCADA) systems with the help of common default passwords, according to the FBI.

Yan Michalevsky, CTO and Cofounder, Anjuna Security had this commentary as to a mitigation strategy:

     “Using strong password, periodic rotation of credentials and mandating the use of two-factor authentication are some of the measures that can help protect organizations against attackers who attempt to exploit leaked or stolen data.”

Given how high profile this warning is, this simple advice can help to keep you from getting pwned.

EnGenius Harnesses Latest Cloud Security Technology To Protect Enterprise Networks From Rogue Devices And Data Threats

Posted in Commentary with tags on November 11, 2021 by itnerd

EnGenius Technologies Inc., a worldwide manufacturer of future-proof enterprise networking solutions, today introduced two brand new cloud-managed Wi-Fi 6 security access points, the ECW230S and ECW220S with the EnGenius AirGuard™ system.

As remote network access and a growing number of Bluetooth/IoT devices create more attack surfaces than ever before, enterprise networks are increasingly vulnerable to data breaches and cyber-attacks. In response, EnGenius has expanded its security features to include new Wi-Fi 6 cloud-managed security access points ideal for information-sensitive financial, medical, and distributed enterprise networks.

Unlike other Wi-Fi security solutions that scan outside peak times, the EnGenius Cloud security APs come equipped with EnGenius AirGuard™, an intelligent wireless security system that identifies and neutralizes threats 24/7. Using dedicated scanning radios, AirGuard™ security APs scan the environment non-stop for attacks—evil twins, rogue APs, flood detection, man-in-the-middle attacks, and radio frequency jammers—without degrading network performance at all.

The new security APs also feature professional-grade RF spectrum analysis that visualizes radio frequencies at a glance to ensure all SSIDs are authorized, and the most efficient channels are utilized. Its zero-wait DFS avoids disruption from radar detection and provides an uninterrupted change of channels when needed. In addition to identifying unauthorized devices, the security APs also detect all Bluetooth devices nearby.

Keeping your network secure is challenging. According to recent statistics, phishing is responsible for 90% of enterprise data breaches that are costing billions of dollars in lost revenue and downtime. Rogue devices are often the gateway to such attacks. EnGenius is moving aggressively into the Wi-Fi network security space, offering end users a seamless all-in-one cloud-managed security solution without the need to purchase multiple off-the-shelf solutions to handle costly cyberattacks.

Key Features: 

  • Wireless intrusion detection system (WIDS) – for threat detection
  • Wireless intrusion protection system (WIPS) – for attack remediation
  • Dedicated scanning radios – for 24/7 wireless security monitoring
  • RF spectrum analysis – for identifying clean channels and ensuring all SSIDs are legitimate
  • Wi-Fi 6 technology – for high-performance Wi-Fi in high-density, multi-device environments
  • Zero-wait DFS – to avoid client disruption when radar is detected on DFS channels
  • Bluetooth 5 low energy – for BLE device detection and location-based extended advertising.

“With over twenty years of delivering high-quality networking solutions, we are excited to continue leading the industry by strengthening our industry-acclaimed cloud management system with an integrated high-performance wireless security solution. The ECW230S and ECW220S will be able to identify and prevent Wi-Fi security threats in real time without any performance degradation,” said Andy Chang, global vice president of marketing and sales at EnGenius Technologies. “We are determined to provide our customers with even stronger security tools to counter the constant, increasingly sophisticated attacks on their networks and sensitive enterprise data.”

The ECW230S and ECW220S APs will start shipping worldwide in the fourth quarter of 2021. For more information visit https://www.engeniustech.com/security-access-points.html.

AWS API Gateway “Header-Smuggling” Flaw Discovered And Fixed

Posted in Commentary with tags on November 11, 2021 by itnerd

Intruder researcher and penetration tester Daniel Thatcher has disclosed an AWS API Gateway flaw which allowed him to bypass the API Gateway’s IP address restrictions and wage a cache-poisoning attack using so-called HTTP header-smuggling. Yariv Shivek, VP of Product, Neosec had this to say:

     “When working with B2B partners, many companies use IP address whitelisting over the more cumbersome implementation of mTLS (mutual transport layer security). In this case, IP whitelisting was bypassed using request header smuggling.”

     “The bigger picture here is that we keep seeing security controls evaded and bypassed, which in turn speaks to the importance of monitoring API usage.”

     “Since bad actors will eventually get to your APIs and use them, the question then becomes one of visibility: Will you be able to see the abnormal usage patterns in order to shut them down?”

AWS has since fixed the vulnerability, which means that this is no longer exploitable. But it is still a concern that needs to be discussed as these sorts of security issues simply cannot be swept under the rug.