Archive for December 19, 2024

Over 1.2 TB of Data Exposed by Builder.Ai

Posted in Commentary with tags on December 19, 2024 by itnerd

A significant data exposure involving Builder.ai, a London based company offering AI software and app development solutions, was recently uncovered by cybersecurity researcher Jeremiah Fowler. 

What happened: 

A database totaling 1.2TB and containing over 3 million records was exposed. The data exposed includes secret access keys, customer PII, cost proposals, NDA agreements, invoices, tax documents, email correspondence screenshots, and more. 

Why it matters: 

This exposure presents serious risks, such as invoice fraud, phishing attempts, and potential business privacy breaches. 

To learn more, read the detailed report here: https://www.websiteplanet.com/news/builderai-breach-report/

Leave a comment »

2025 Predictions From Some Leading Cybersecurity Experts

Posted in Commentary on December 19, 2024 by itnerd

As the year draws to a close, we have gathered predictions from an array of cybersecurity experts who have given insights into trends they see in 2025.

Marina Segal, CEO, Tamnoon

Shift to Cloud-Based Risk Management

Cloud adoption doesn’t show any signs of slowing down in 2025. CISOs and security leaders will be hyper-focused on reducing cloud threat exposure. After all, no CISO wants to be in the spotlight of a high-profile data breach.

As a result, more companies will shift to cloud-based risk management. This change will largely be driven by: 

  • Geopolitical tension and threats to critical infrastructure
  • Sophisticated AI-driven attacks
  • Governments adopting stricter regulations
  • Economic pressures forcing companies to optimize cloud spend and security budgets
  • Consolidation of cloud providers

This will lead to stricter cloud security standards and compliance requirements for all industries — a trend private enterprises will be ready to capitalize on through compliance-friendly solutions. 

More importantly, this trend will highlight the need for more diversified risk management strategies.

Piotr Kupisiewicz, CTO Elisity

In 2025 some verticals will be highly relevant for new microsegmenation projects that enable least-privilege zero trust security policies.

Manufacturing, industrial, and healthcare organizations are prime candidates for microsegmentation projects due to their complex, interconnected environments and high-value assets. These sectors often have a mix of legacy systems, IoT and IoMT devices, and critical infrastructure that require granular access control. Microsegmentation enables the implementation of least-privilege zero trust policies, effectively isolating critical assets and limiting lateral movement in case of a breach. For manufacturing and industrial environments, it helps protect operational technology (OT) systems from IT-based threats. In healthcare, microsegmentation safeguards sensitive patient data and ensures compliance with strict regulatory requirements. The ability to maintain service continuity during cyber incidents is crucial for these sectors, making microsegmentation an essential security strategy.

In 2025 the top cybersecurity frameworks and security regulations and government agencies will increase their pressure for organizations to adopt microsegmentation.

Several prominent cybersecurity frameworks, regulations, and government agencies recommend microsegmentation or network segmentation as critical security measures. These include the NIST Cybersecurity Framework, ISO 27001, HIPAA, PCI DSS, CMMC 2.0, IEC 62443, HHS 405(d), and the EU’s GDPR. The NSA and CISA in the United States strongly advocate for these practices, particularly in the context of zero-trust architecture. The Purdue Model, while not a regulation, is widely used in industrial control systems for segmentation. Additionally, the Federal Zero Trust Strategy mandates network segmentation for U.S. government agencies. These frameworks and agencies recognize the importance of segmentation in limiting lateral movement during cyberattacks and enhancing overall network security posture.

SecureWorks

Ransomware

Opportunistic ransomware and data exfiltration attacks will continue at a high tempo into 2025 as ransomware affiliates, displaced in 2024 from disrupted ransomware operations such as LockBit and ALPHV/BlackCat, continue to form new allegiances with new entrants, previously lower profile groups, or rebranded returnees. Many affiliates will continue to work with multiple groups, some continuing to experiment with operating on their own behalf using leaked ransomware builders. Being able to detect and disrupt attacks at an early stage before data can be stolen or encrypted will remain essential for organizations in all sectors.

China

China will continue to focus on its political, military and economic priorities when collecting intelligence via cyber (or any other) means. The targeting will therefore change little but can always be swayed by political developments around the world.

In terms of more tactical elements: Chinese state sponsored threats will develop zero-day exploits for network perimeter devices that are deemed to be vulnerable targets (there are several firewall and VPN devices/vendors that fall into this category). Chinese state sponsored threats will be driven toward further emphasizing stealth in its operations by the continuing strategy of the U.S. to employ sanctions and indict specific named individuals connected with cyber intrusions.

China will continue to seek to understand as much as it can about Western (particularly U.S.) technology used on the battlefield in Ukraine to prepare countermeasures for a possible future invasion of Taiwan. Its cyberespionage operations will likely be similarly geared to such preparations.

More predictions from Secureworks can be found here.

Leave a comment »

Action1 Makes Its Full-Featured Patch Management Platform Free for Everyone Including Home Users

Posted in Commentary with tags on December 19, 2024 by itnerd

Action1, a leading provider of real-time vulnerability discovery and automated patch management solutions, today announced a significant expansion of its free patch management offering. Previously available exclusively to business users, Action1 is now breaking down barriers to advanced endpoint security for everyone—including nonprofits, independent consultants, small businesses, and home users—ensuring no one is left vulnerable to cyber threats. 

With 100 endpoints free forever, Action1 makes itsrobust, cloud-native patch management solution equitable for both individuals and organizations worldwide, empowering them to combat cyberattacks and safeguard their digital environment.

 Small Targets, Big Risks

Cybercriminals are increasingly targeting the most vulnerable among us—small businesses, nonprofits, and independent professionals. According to Cybersecurity Ventures, more than 60% of ransomware attacks now focus on organizations with fewer than 100 employees. Unpatched vulnerabilities, which account for nearly 60% of all cyberattacks,according to the Ponemon Institute, are particularly harmful to small businesses and individuals with limited resources. Action1 addresses these challenges by delivering automated patching and vulnerability management across both operating systems and third-party applications, ensuring the broader community stays protected without requiring extensive IT or budget resources.

With Action1, users gain the benefits of an autonomous endpoint management solution for the first 100 endpoints at no cost, with features including:

  • Ease of Use: Start patching endpoints in under five minutes and rapidly scale to as many endpoints as needed. No dependency on legacy tools, clunky integrations, or on-premise software.
  • Unified Cross-OS and Third-Party Patching: Automate the entire patching process for remote and onsite endpoints, from identifying and deploying missing updates to real-time reporting. 
  • Vulnerability Discovery and Remediation: Prevent security breaches and ransomware attacks. Detect vulnerabilities in OS and applications in real-time and enforce remediation. 

With this initiative, Action1 now accepts both personal and business emails for new account registration at https://www.action1.com/signup.

To learn more about Action1 Patch Management, visit https://www.action1.com/free-edition/.

Leave a comment »

Legit Security Enhances Secrets Detection & Prevention with a Single, Integrated View of All Secrets Findings and Recovery Actions Across the SDLC

Posted in Commentary with tags on December 19, 2024 by itnerd

Legit Security, the definitive application security posture management (ASPM) leader providing end-to-end visibility and protection across the entire software factory, today announced enhancements to its secrets scanning product. Available as either a stand-alone product or as part of a broader ASPM platform, Legit released a new secrets dashboard for an integrated view of all findings and recovery actions taken to remediate secrets. In addition, Legit released new discovery and remediation capabilities for secrets found within developers’ personal GitHub repositories.

Secrets – from API keys and tokens to credentials and PII – play a vital role in application development. However, the high value of secrets makes them a prime target for attackers and creates risk across the organization, from security operations to cloud and platform engineering. Legit’s new capabilities greatly improve the ability to mitigate risk and reduce the attack surface associated with secrets.

The explosive growth in non-human identities (NHIs), which need credentials to manage authentication and authorization, has increased the prevalence of secrets. While security teams typically focus on secrets in source code, they are increasingly emerging in ticket systems, artifact registries, and other systems, such as Confluence, Jira, and Slack. Organizations are challenged with protecting secrets from exposure while enabling developers to build services that rely on them. This challenge is further exacerbated by compliance requirements, such as HIPPA, PCI DSS and GDPR, that direct organizations to secure secrets.

Legits’ enhancements are the latest in the company’s track record of delivering innovative capabilities to secure the modern software factory. With the earlier release of its AI-powered capabilities to detect and protect secrets across the software development pipeline, Legit was the first to apply AI/ML to significantly reduce noise associated with secrets scanning.

Legit’s new secrets dashboard gives teams: 

  • Centralized visualization: Provides the most complete view of all secrets detection and prevention activities across the enterprise to prioritize remediation and ensure guardrails are in place. 
  • Secrets analytics: Prioritizes secrets remediation based on factors such as severity, source, repo/product, and user.
  • Secrets prevention: Provides insights into potential new secrets that have been prevented based on an organization’s policies and established guardrails, and identifies developers actively using preventative measures. 
  • Secrets growth and remediation trends: Insights into new secrets, issues resolution, and backlog trends, so that organizations can measure the effectiveness of AppSec programs in preventing and remediating secrets. 

Legit’s new ability to discover secrets in personal GitHub repositories gives teams:

  • Secrets discovery: Identifies and monitors secrets within a developer’s personal GitHub and the organization’s account, ensuring that developers do not expose secrets.
  • Personal repository discovery: Identifies and builds an inventory of all personal repositories owned by an organization’s developers for a comprehensive list of assets used by developers.
  • Consolidated triage and remediation: Integrates findings from business and personal accounts into the Legit platform to provide a single view of the risk associated with secrets, regardless of where they reside.

With Legit’s new and enhanced capabilities, organizations gain critical insights into the enterprise’s secrets posture to understand risk and remediation trends over time. They are also provided with the broadest coverage to strengthen their security posture and protect their development environment from end to end.

Legit offers a free trial of its secrets detection and prevention solution. To register, visit https://info.legitsecurity.com/secrets-detection-and-prevention-free-trial.

Leave a comment »