Archive for January 30, 2024

New Cradlepoint AI Functionality Advances 5G for Business

Posted in Commentary with tags on January 30, 2024 by itnerd

Cradlepoint today announced new comprehensive AI functionality to make 5G networks smarter, simpler, and more secure. Cradlepoint is the first enterprise 5G router vendor to adopt an AI model uniquely focused on cellular networking. Organizations are also able to embrace the productivity benefits of generative AI tools without the risk of data leakage through a security service acquired from Ericom

Cradlepoint’s AI capabilities include:

  • NetCloud AIOps Dashboard – Simplifies the ongoing operations of enterprise networks leveraging 5G SASE capabilities. The NetCloud AI model aggregates learning into a single dashboard that identifies areas of performance degradation, isolates the cause of the issue, and pinpoints the affected sites, users and applications. With a unique focus on cellular networking, NetCloud AIOps will turn cellular signal quality indicators, such as proximity to cell tower, signal quality and signal strength into actionable insights to enhance performance. 
  • AI-based NetCloud Assistant (ANA) – Uses natural language processing to assist NetCloud users with everyday queries about the operation of their network. From providing recommendations on cellular endpoints for specific use cases, to effectively troubleshooting network performance issues, ANA will be an invaluable assistant to simplify day-to-day operations.
  • Network Traffic Analysis – Provides centralized flow-level visibility for traffic analysis and forensics. This service will evolve later this year to leverage AI to establish a baseline of normal traffic patterns for the most common 5G use cases (distributed IoT, vehicles, sites) and flag any anomalies indicating the signs of a breach. 
  • GenAI Data Loss Prevention – With 79 per cent of organizations reporting generative AI adoption without established policies, this solution applies access policies to block confidential data, personally identifiable information, or other sensitive data from being submitted to the generative AI site which can be potentially exposed in future responses. Ericom’s remote browser isolation technology also protects against weaponized responses infecting employee assets.  

For more information on Cradlepoint’s AI strategy and new offerings, please read more about NetCloud’s AI enhancements here or Ericom’s Gen AI Data Loss Prevention solution here

Leave a comment »

GuidePoint Security Announces Portfolio of Data Security Governance Services

Posted in Commentary with tags on January 30, 2024 by itnerd

GuidePoint Security today announced the availability of its Data Security Governance services, which are designed to help customers address the challenges of unstructured data and data sprawl through a proven process and program to meet their unique needs.

GuidePoint’s Data Security Governance services consist of policies, standards, and processes leveraging the newest technologies to meet organizations’ data governance goals in both on-prem and cloud environments. Once the right strategy is determined with the customer, GuidePoint Security consultants will review program requirements, assess current policies and controls, perform gap analysis, design and develop/enhance the program, recommend and implement supporting technologies, and create operational processes and metrics.

GuidePoint’s Data Security Governance Services include:

  • Sensitive Data Cataloging: For organizations just getting started in the process of protecting their sensitive data, GuidePoint offers Data Identification workshops to identify sensitive data types in the environment, including trade secrets, intellectual property, and sensitive business communications.
  • Data Security Governance Program Assessment: For organizations with existing Data Security Governance or Data Protection programs, GuidePoint Security experts will assess the program to identify policy non-compliance, gaps in data protection requirements—whether legal, regulatory, contractual, or business—and program maturity levels.
  • Data Security Governance Program Strategy Development: The GuidePoint team will work with an organization’s key stakeholders to design a program strategy aligned with relevant requirements. The outputs of this effort include delivering ongoing sensitive data discovery, automated classification and labeling, the application of required sensitive data protections, restrictions on where sensitive data can be stored and sent, and data retention policy enforcement.
  • Merger and Acquisition Data Identification: This offering provides the ability to identify sensitive data within an M&A target or recent acquisition (including locations, amounts, and access rights) and then perform penetration testing on the storage repositories where that sensitive data exists to determine the risk of data compromise.

For more information on GuidePoint Security’s Data Security Governance services:

Leave a comment »

Horizon3.ai Assesses The Impact Of The Jenkins Arbitrary File Leak Vulnerability

Posted in Commentary with tags on January 30, 2024 by itnerd

Naveen Sunkavally, chief architect at Horizon3.ai, has just published “CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability,” an analysis of the vulnerability for which Jenkins issued a security advisory on January 24, 2024 re CVE-2024-23897, affecting the Jenkins continuous integration/continuous development (CI/CD) software development tool. 

Naveen notes that the advisory set off alarm bells among the infosec community because the potential impact is huge: Jenkins is widely deployed, with tens of thousands of public-facing installs, and the Jenkins advisory was clear that this vulnerability could lead to remote code execution. Jenkins is a common target for attackers, and, as of this writing, there are four prior Jenkins-related vulnerabilities in CISA’s catalog of Known Exploited Vulnerabilities.

His analysis and advice, issued today for users of Jenkins is: “Don’t panic… unless you need to. This is a textbook example of a vulnerability whose true impact can only be accurately assessed within the context of your environment. The typical Jenkins install will not be exploitable by unauthenticated attackers. However, there are a few factors that could significantly increase the potential for damage, elevating this to a truly critical vulnerability.” 

His post discusses those factors and how to gain an accurate assessment of risk.

Links:

Horizon3.ai Red Team Blog  – CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability: https://www.horizon3.ai/cve-2024-23897-assessing-the-impact-of-the-jenkins-arbitrary-file-leak-vulnerability/

Jenkins Security Advisory 2024-01-24 – Arbitrary file read vulnerability through the CLI can lead to RCE – CVE-2024-23897: https://www.jenkins.io/security/advisory/2024-01-24/

NIST National Vulnerability Database – CVE-2024-23897 Detail: https://nvd.nist.gov/vuln/detail/CVE-2024-23897

Leave a comment »

Ransomware The Most Pressing Security Issue Worldwide: Cisco Talos

Posted in Commentary with tags on January 30, 2024 by itnerd

According to the latest quarterly Trends report by Cisco Talos, ransomware was back on top as the #1 cyber threat in 2023, with education and manufacturing tied as the most targeted verticals, “accounting for nearly 50% … of incident response engagements, closely followed by healthcare and public administration.”

The company’s findings say ransomware rose significantly in Q4 2023, with the education sector now one of the biggest targets.

Ransomware and pre-ransomware activity together accounted for more than 28% of all Cisco Talos Incident Response engagements, a rise of 17%, compared to the third quarter of the year.

Initial access:
Compromised credentials on valid accounts and exploiting public-facing applications accounted for 28% of access methods, with phishing running a close second place. Phishing attacks using malicious links and QR codes leading to fake login sites were the most widely seen.

Security Weaknesses:
Researchers report “a lack of MFA or proper MFA implementation” and “misconfigured or unpatched systems” accounted for fully 36% of all attacks responded to.

“attacks that could have been prevented if MFA was enabled on critical services, such as RDP.”

Stephen Gates, Principal Security SME, Horizon3.ai:

   “From what I observe, (and due to no fault of their own,) when journalists hear that someone got ransomed, the community tends to jump on the “it must have been some super-special malware” bandwagon. However, the vast majority of human-operated, ransom-based attacks have little if anything to do with “malware”. Instead, the real cause of the problem is due to easily compromised and reused credentials, effortlessly discovered, and unprotected data, software and hardware misconfigurations, unpatched yet fully known software vulnerabilities, poorly implemented security controls, and weak and/or unenforceable security policies. These issues are the primary cause of attackers gaining access and maintaining footholds in someone’s networks.

   “Once attackers gain a foothold, administrative access is next obtained (think domain admin). Then attackers proceed with their objectives of exfiltrating your data, encrypting your data, proving they have your data, sabotaging your backup/recovery processes, and telling you to pay up to get your data back. If you don’t pay their initial ransom demands, they effectively take your entire enterprise offline by either crashing your systems (since they have admin access) or they make it impossible to recover your data on your own. This is Big Game hunting that can generate extremely high payouts. That is why it is the most pressing security issue worldwide – and rightfully so.

For those in education who want to learn more about what human-operated ransom-based attacks are all about, they should consider reading this paper.


Steve Hahn, Executive VP, BullWall had this comment:

   “Companies must keep their systems up to date with the latest security patches, use strong and complex passwords, implement MFA, maintain regular backups of critical data and also consider implementing a rapid containment strategy. Ransomware Containment tools are becoming a critical part of this overall strategy.”

Mark Campbell, Sr. Director, Cigent adds this comment:

   “It is not surprising to see Education and Manufacturing at the top of the list for ransomware targets. Both verticals often operate legacy operational infrastructure and lack adequate cybersecurity controls. The combination of their interconnected systems and a general lack of cybersecurity awareness among staff make them ideal targets for attackers.

   “Once inside, the attackers can move laterally to gain additional access to strategic systems to exfiltrate data and execute ransomware. Stopping initial access is the single most effective cybersecurity measure and MFA is a proven, cost-effective control to thwart initial access. And, in most cases, can be implemented on top of existing systems using their users’ phones.”


Troy Batterberry, CEO and Founder, EchoMark follows with this:

   “Threats to our critical infrastructure and attacks on education, manufacturing, healthcare, and public administration sectors emphasize the need for greater attention to cybersecurity. The fact that nearly one-third of successful adversary access methods were through compromised credentials and the exploitation of public-facing applications is a clear call for organizations to reinforce their frontline defenses and enforce strict security measures such as MFA and other password policies.

   “However, these security changes aren’t enough on their own. Employees must be trained to recognize and respond appropriately to threats, especially as it relates to their roles and responsibilities within their organization. These are not just technical measures but fundamental aspects of an organization’s security culture. If companies desire to empower their people to work effectively, there must be protective measures in place to safeguard intellectual property, devices, accounts, and any other areas that employees can access and manage, to enable the secure flow of information.”

MFA or better yet a passwordless solution is a great way to secure your network. Not having one of these systems, or ensuring that it is properly configured is a sure route to getting pwned.

Leave a comment »