FISA

Zero Trust You’ve heard about it. A lot. But there are quite a few nuances when it comes to how Zero Trust security is defined and discussed. Is it a platform or a principle? It’s one of those terms that’s so widely cited that it has the tendency these days to elicit eye rolls within the cybersecurity industry and to be referred to as a buzzword by those sitting at the cool kids’ lunch table. At its core, though,  Zero Trust  is a strategic cybersecurity model enabled to protect modern digital business environments, which increasingly include public and private clouds, SaaS applications, DevOps and robotic process automation (RPA). It’s a critical framework, and every organization should adopt it and understand the fundamentals of how it works. Identity-based Zero Trust solutions like  single sign-on  (SSO) and  multi-factor authentication  (MFA) are designed to ensure that only authorized individuals, devices and applications can access an organization's s...

Phishing bypassed MFA in attacks against 10,000 orgs Microsoft says a massive series of phishing attacks has targeted more than 10,000 organizations starting with September 2021, using the gained access to victims' mailboxes in follow-on business email compromise (BEC) attacks. The threat actors used landing pages designed to hijack the Office 365 authentication process (even on accounts protected by multifactor authentication (MFA) by spoofing the Office online authentication page. In some of the observed attacks, the potential victims were redirected to the landing pages from phishing emails using HTML attachments that acted as gatekeepers ensuring the targets were being sent via the HTML redirectors. After stealing the targets' credentials and their session cookies, the threat actors behind these attacks logged into the victims' email accounts. They subsequently used their access in business email compromise (BRC) campaigns targeting other organizations. "...

 Online raiders are stealing IP addresses and converting them to cash by selling them to so-called proxyware services. Malicious actors are planting proxyware on computers without the owner’s knowledge, then selling the unit’s IP address to a proxyware service, making as much as US$10 a month for every compromised device, the threat research team at Sysdig reported Tuesday. Proxyware services allow a user to make money by sharing their internet connection with others, the researchers explained in a company blog. Attackers, however, are leveraging the platforms to monetize the internet bandwidth of victims, similar to how malicious cryptocurrency mining attempts to monetize the CPU cycles of infected systems. “Proxyware services are legitimate, but they cater to people who want to bypass protections and restrictions,” observed Michael Clark, director of threat research at Sysdig, a San Francisco-based maker of a SaaS platform for threat detection and response.“They use residential a...

Expansions in the cloud aren’t slowing down, and when an issue arises in these hybrid environments, log data is critical to help engineering teams understand the ‘why’ behind the incident. Paired with real-time metrics in a single, unified experience, log data can help teams speed troubleshooting and resolution and optimize performance to prevent future incidents. But often teams may end up paying twice for the same log data they’re already using to support IT and security use cases.  If your organization already uses Splunk Platform for logs, Log Observer Connect within Splunk Observability Cloud can seamlessly integrate your log data from Splunk Cloud or Splunk Enterprise. And with the new log timeline feature, along with log view, users can import their logs into their Splunk Observability Cloud dashboards and troubleshooting workflows to find and solve problems faster–without having to pay for the same data twice.  Explore Your Logs and Metrics in a Single Vie...

  What is the Service Location Protocol (SLP)? SLP is a protocol that was created in 1997 through  RFC 2165   to provide a dynamic configuration mechanism for applications in local area networks. SLP allows systems on a network to find each other and communicate with each other. It does this by using a directory of available services, which can include things like printers, file servers, and other network resources. SLP works by having a system register itself with a directory agent, which then makes that system's services available to other systems on the network. Daemons providing SLP are bound to the default port 427, both UDP and TCP. SLP was not intended to be made available to the public Internet. According to RFC 2165, "Service Location provides a dynamic configuration mechanism for applications in local area networks. It is not a global resolution system for the entire Internet; rather, it is intended to serve enterprise networks with shared services." However, th...

  A financially-motivated North Korean threat actor is suspected to be behind a new Apple macOS malware strain called  RustBucket . "[RustBucket] communicates with command and control (C2) servers to download and execute various payloads," Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said in a technical report published last week. The Apple device management company attributed it to a threat actor known as BlueNoroff, a subgroup within the infamous Lazarus cluster that's also tracked under the monikers APT28, Nickel Gladstone, Sapphire Sleet, Stardust Chollima, and TA444. The connections stem from tactical and infrastructure overlaps with a prior campaign exposed by Russian cybersecurity company Kaspersky in late December 2022 likely aimed at Japanese financial entities using fake domains impersonating venture capital firms. BlueNoroff, unlike other constituent entities of the Lazarus Group, is known for its sophisticated cyber-...

The ultimate goal of Identity Security is to provide secure access to every identity for any resource or environment, from any location, using any device. Yet ever-evolving technology and dynamic threats can make executing a comprehensive Identity Security program a complex undertaking. According to the new Enterprise Strategy Group (ESG) research report “The Holistic Identity Security Maturity Model,” most organizations (42%) are still in the early days of their Identity Security journeys. Understanding your business’s current Identity Security maturity in relation to its ideal state is vital because, in the words of Henry Kissinger, “If you do not know where you are going, every road will get you nowhere.” So, where do you start? What assessment factors matter most? How do you stack up against industry peers and track improvement over time? To help eliminate some of this guesswork, ESG created a data-driven Identity Security Maturity Model that measures maturity levels across four di...