Accountability, Authentication, Engineering and Firewall

VulnRecap 1/16/24 – Major Firewall Issues Persist

eSecurity Planet

JANUARY 16, 2024

Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light. The problem: Juniper Networks released a bulletin about a remote code execution vulnerability in its SRX firewalls and EX switches. This vulnerability is tracked as CVE-2024-21591.

Firewall

Firewall Firmware IoT Authentication

As 2-factor authentication falls short, ‘adaptive multi-factor authentication’ goes mainstream

The Last Watchdog

JUNE 28, 2018

The use of an additional form of authentication to protect the accessing of a sensitive digital system has come a long way over the past decade and a half. An Israeli start-up, Silverfort , is seeking to make a great leap forward in the state-of-the-art of authentication systems. LW: Let’s come back to ‘adaptive authentication.’

Authentication

Authentication Digital transformation Mobile Technology

Trick or Treat: The Choice is Yours with Multifactor Authentication

Thales Cloud Protection & Licensing

OCTOBER 28, 2021

Trick or Treat: The Choice is Yours with Multifactor Authentication. Whether you want the ‘trick’ of a malevolent threat actor infiltrating your network by exploiting a compromised password or the ‘treat’ from the peace of mind associated with multifactor authentication, the choice is yours. Fri, 10/29/2021 - 05:29. Colonial Pipeline.

Authentication

Authentication VPN Passwords Accountability

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Steps to Take If Your WordPress Site Is Hacked

SecureWorld News

MARCH 12, 2024

This means not just updating your WordPress dashboard password but also changing your database, Secure File Transfer Protocol (SFTP) setup, and hosting provider account credentials. Ensure all admin and standard user accounts have new passwords. Delete those accounts immediately if you discover any users who should not be there.

Hacking

Hacking Passwords Backups Firewall

Cybersecurity First: #BeCyberSmart at Work and Home

Security Through Education

OCTOBER 27, 2021

Build a Human Firewall. Securing your work environment requires you to create what is referred to among security professionals as a human firewall. A human firewall is made up of the defenses the target presents to the attacker during a request for information. Use company-approved/vetted devices and applications.

Cybersecurity

Cybersecurity Social Engineering Firewall Engineering

FBI Issues Private Industry Notification in Light of Florida Water Plant Hack

Hot for Security

FEBRUARY 10, 2021

The TeamViewer app itself was suffering no vulnerabilities, but it helped the attacker following an initial intrusion, likely through compromised account credentials or remote access accounts with weak passwords. The notice further warns about the use of Windows 7, which Microsoft stopped supporting in January of last year.

Hacking

Hacking Social Engineering System Administration Passwords

Critical flaws in defibrillator management tool pose account takeover, credential risk for hospitals

SC Magazine

JUNE 17, 2021

The dashboard is designed for the biomedical engineering departments within the hospital environment. If hard-coded cryptographic keys are used, it is almost certain that malicious users will gain access through the account in question,” according to the alert.

Accountability

Accountability Risk Passwords Encryption

Vulnerability Recap 4/15/24 – Palo Alto, Microsoft, Ivanti Exploits

eSecurity Planet

APRIL 15, 2024

You can strengthen your cybersecurity defenses by using reliable antivirus software, firewalls, intrusion detection systems, and virtual private networks (VPNs). Employ robust password management techniques, two-factor authentication (2FA), and regular backups of essential data.

Firewall

Firewall VPN Software Risk

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

The Last Watchdog

DECEMBER 31, 2019

All the encryption , firewalls , cryptography, SCADA systems , and other IT security measures would be useless if that were to occur. Some of the countermeasures that can be considered are CCTV, alarms, firewalls, exterior lighting, fences, and locks. One such measure is to authenticate the users who can access the server.

Cyber Risk

Cyber Risk Risk Firewall Surveillance

U.S. Security Agencies Release Network Security, Vulnerability Guidance

eSecurity Planet

MARCH 4, 2022

Privilege and other vulnerabilities in Microsoft Windows, Exchange Server, Excel, Office, PowerPoint, Malware Protection Engine, Internet Explorer and more (27 in all). Use centralized authentication, authorization, and accounting (AAA) servers to manage administrative access to devices. Limit authentication attempts.

Network Security

Network Security Architecture Authentication Firewall

Microsoft Targets Critical Outlook Zero-Day Flaw

eSecurity Planet

MARCH 16, 2023

. “An attacker who successfully exploited this vulnerability could access a user’s Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user,” the company wrote. Consider using it for high value accounts such as Domain Admins when possible.

Energy and Utilities

Energy and Utilities Authentication Firewall Engineering

Understanding the Essential Pillars of Phishing Mitigation

SecureWorld News

JUNE 6, 2023

These attacks can come from malicious instructions, social engineering, or authentication attacks, as well as heavy network traffic. The most common root causes for initial breaches stem from social engineering and unpatched software, as those account for more than 90% of phishing attacks.

Phishing

Phishing Social Engineering Security Awareness Engineering

How Cisco Duo Helps Mitigate Common MITRE ATT&CK® Techniques

Duo's Security Blog

JULY 27, 2023

For example, MITRE ID: T1621 identifies multi-factor request generation and focuses on using MITRE ID: T1078 valid accounts to generate unsolicited requests to a user(s) to gain unauthorized access to specific or multiple accounts. Here are a few ways Cisco Duo can assist in mitigating popular MITRE ATT&CK techniques: 1.

Authentication

Authentication Passwords Accountability Firewall

Security Affairs newsletter Round 422 by Pierluigi Paganini – International edition

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware

Spyware Hacking Malware Social Engineering

What is WAAP? – A Quick Walk Through

CyberSecurity Insiders

JUNE 15, 2022

Web Application and API protection (WAAP) , the next generation of Web Application Firewall (WAF) comes to the rescue. Without proper functions, security testing, authentication checks, and input validation, APIs can become a perfect target. This is simply an extension of the requirement for VLANs, firewalls, RASPs, and WAFs.

Firewall

Firewall DDOS Authentication Threat Detection

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 13, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

VPN

VPN Cybercrime Ransomware Hacking

Prevention Maintenance: Strategies To Bolster Your Organisation’s Cybersecurity

IT Security Guru

MAY 20, 2024

Implement Multi-Factor Authentication Multi-factor authentication (MFA) requires multiple verification methods to access an account online, significantly enhancing protection. Activate for all employees: Ensure all employees activate MFA on their accounts to maintain high security across the company.

Cybersecurity

Cybersecurity Backups Cyber threats Mobile

Vulnerability Recap 4/29/24 – Cisco, Microsoft, Palo Alto & More

eSecurity Planet

APRIL 29, 2024

Siemens issued a notice that the RUGGEDCOM APE 1808, an industrial platform hardened for harsh physical environments, could come pre-installed with Palo Alto next generation firewalls vulnerable to the Pan-OS vulnerability. There is no workaround available, and the published proof of concept will probably allow attacks in the near future.

Firewall

Firewall Software Ransomware Penetration Testing

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

OpenFire vulnerability persists Open-source chat server OpenFire has been affected by an authentication bypass vulnerability (CVE-2023-32315) since May. An attacker creates a new admin user and logs into an OpenFire account. This highlights the importance of enabling multi-factor authentication (MFA) in VPN implementations.”

VPN

VPN Authentication Mobile Firewall

CISA updates ransomware guidance

Malwarebytes

MAY 23, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its #StopRansomware guide to account for the fact that ransomware actors have accelerated their tactics and techniques since the original guide was released in September of 2020. Consider subscribing to services that monitor the dark web for compromised credentials.

Ransomware

Ransomware Backups Social Engineering Accountability

FBI’s alert warns about using Windows 7 and TeamViewer

Security Affairs

FEBRUARY 14, 2021

The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords. Use multiple-factor authentication. Ensure anti-virus, spam filters, and firewalls are up to date, properly configured and secure. “The attempt on Friday was thwarted. Windows 10).

Passwords

Passwords Social Engineering Software System Administration

Stories from the SOC: Fighting back against credential harvesting with ProofPoint

CyberSecurity Insiders

JUNE 29, 2023

Phishing is a type of social engineering attack that tricks victims into disclosing personal information or downloading malicious software. After conducting an OSINT analysis, it was determined that the sender’s email fails to pass DMARC (Domain Message Authentication Reporting and Conformance), and MX record authentication.

Phishing

Phishing Authentication Cyber threats DNS

Digital Banking - Case Study

Approachable Cyber Threats

FEBRUARY 8, 2023

Additionally, with many banks now offering digital-only accounts that are opened and managed entirely online, it’s easier than ever to keep track of your money from anywhere in the world! Firewalls and intrusion detection/prevention systems: These are used to monitor and block unauthorized access to a network.

Banking

Banking Social Engineering Cyber threats Encryption

Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

Security Affairs

JANUARY 24, 2020

This vulnerability is pre-authentication and requires no user interaction. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” Scanning for vulnerable RDP Gateway servers with Shodan, the search engine has found over 15,500.

Advertising

Advertising Firewall Education Engineering

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

The directive applies to any networking devices — such as firewalls, routers and load balancers — that allow remote authentication or administration. “This is reachable pre-authentication, on every SSL VPN appliance,” French vulnerability researcher Charles Fol tweeted. “Patch your #Fortigate.”

Risk

Risk VPN Internet Internet

MY TAKE: Why COVID-19 ‘digital distancing’ is every bit as vital as ‘social distancing’

The Last Watchdog

APRIL 28, 2020

That, of course, presents the perfect environment for cybercrime that pivots off social engineering. Social engineering invariably is the first step in cyber attacks ranging from phishing and ransomware to business email compromise ( BEC ) scams and advanced persistent threat ( APT ) hacks. It’s already happening.

Social Engineering

Social Engineering Cyber Attacks Scams Engineering

SUPERNOVA malware discovered on SolarWinds Orion server

Malwarebytes

APRIL 23, 2021

The attacker(s) authenticated to the VPN appliance through several user accounts that did not have multi-factor authentication (MFA) enabled and were able to masquerade as legitimate teleworking employees. Use separate administrative accounts on separate administration workstations. HF 5, 2020.2 HF 1 are affected.

Malware

Malware VPN Authentication Passwords

Threat Trends: Firewall

Cisco Security

OCTOBER 19, 2021

In any perimeter defense a key component is firewalls—the proverbial guard towers in your fortifications. In this Threat Trends release, we’ll be looking at Cisco Secure Firewall. The goal is to highlight the common threats that organizations encounter and block with Secure Firewall. Secure Firewall version 7.0

Firewall

Firewall Authentication DNS Accountability

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

OpenFire vulnerability persists Open-source chat server OpenFire has been affected by an authentication bypass vulnerability (CVE-2023-32315) since May. An attacker creates a new admin user and logs into an OpenFire account. This highlights the importance of enabling multi-factor authentication (MFA) in VPN implementations.”

VPN

VPN Authentication Mobile Firewall

Spear Phishing Prevention: 10 Ways to Protect Your Organization

eSecurity Planet

AUGUST 23, 2023

Spear phishing is a highly effective technique as it uses personalization, mind manipulation, and social engineering to exploit human vulnerabilities. Using Social Engineering Methods Social engineering involves the manipulation of people’s psychology so that they respond in a specific way.

Phishing

Phishing Social Engineering Authentication Security Awareness

What We Can Learn from the Capital One Hack

Krebs on Security

AUGUST 2, 2019

According to a source with direct knowledge of the breach investigation, the problem stemmed in part from a misconfigured open-source Web Application Firewall (WAF) that Capital One was using as part of its operations hosted in the cloud with Amazon Web Services (AWS).

Hacking

Hacking Firewall Data breaches Software

Update now! MOVEit Transfer vulnerability actively exploited

Malwarebytes

JUNE 2, 2023

The security bulletin states: “a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an un-authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Review, Delete and Reset Delete unauthorized files and user accounts Delete any instances of the human2.aspx

Accountability

Accountability Software Healthcare Firewall

Three Ways to Protect Unfixable Security Risks

eSecurity Planet

FEBRUARY 23, 2022

Network engineers use network segmentation rules to restrict sections of the network to specific users, security controls, or devices. Here are a few examples of network segmentation in use: finance computers could be restricted to a user group defined as accounting employees. Different IT engineers have different specialties.

Risk

Risk Healthcare IoT Firewall

RSAC insights: SolarWinds hack illustrates why software builds need scrutiny — at deployment

The Last Watchdog

MAY 11, 2021

We talked about how the capacity to, in essence, rapidly reverse engineer new software and software updates — without unduly hindering agility — could make a big difference. I had assumed that they either stole or spoofed a SolarWinds digital certificate, which they then used to authenticate the tainted update. Acohido.

Software

Software Hacking Malware Engineering

Cost-Effective Steps the Healthcare Industry Can Take To Mitigate Damaging Ransomware Attacks

CyberSecurity Insiders

OCTOBER 25, 2022

Phishing is the most formidable social engineering tactic that cybercriminals use to persuade employees to disclose sensitive information, whether it be clicking a suspicious link, downloading an attachment or visiting a malicious website – not to mention simply providing credential information outright.

Healthcare

Healthcare Ransomware Social Engineering Identity Theft

Extreme Networks ExtremeControl: NAC Product Review

eSecurity Planet

APRIL 5, 2023

Users, guests and internet-of-things (IoT) devices can be located, on-boarded, authenticated, and evaluated for compliance. ExtremeControl integrates into the customer’s major third party ecosystems for private cloud orchestration, mobile device management (MDM), enterprise mobility management (EMM), content filter, and firewall solutions.

Wireless

Wireless IoT Mobile Firewall

What do Cyber Threat Actors do with your information?

Zigrin Security

OCTOBER 11, 2023

As we mentioned in the previous part, there are six major data types; credit card and payment information, credentials of accounts, government secrets, personally identifiable information (PII), corporate intellectual Property (IP), and critical infrastructure data. The second scenario is about account credentials.

Cyber threats

Cyber threats Penetration Testing Passwords Backups

Is The Cost Of Predictive Cyber Security Worth The Investment?

Security Boulevard

MAY 12, 2022

The Livingston firewall rapidly became replaced with Checkpoint running on Windows NT server, (Stop laughing, I actually set one up once). Cisco came to market with the PIX firewall, Netscreen came to market with the ASIC based firewall, and suddenly, security had a voice. Social engineering through LinkedIn still works.

Cyber Insurance

Cyber Insurance Insurance Marketing Firewall

Coverage Advisory for CVE-2023-34362 MOVEit Vulnerability

Security Boulevard

JUNE 9, 2023

This ASPX file stages an SQL database account to be used for further access. Once the malicious webshell is installed, it creates a random 36 characters long password which later is used for the authentication purpose. aspx - on port 80 Access WebShell - GET /human2.aspx aspx - on port 443 The name of the malicious file, human2.aspx,

Software

Software Internet Internet Authentication

CIS 18 Critical Security Controls Version 8

NopSec

AUGUST 16, 2022

Most cyber attacks are carried out using a combination of social engineering, phishing emails, and vulnerabilities — Java, Adobe Flash and Acrobat, Firefox and Chrome plugins, 0-day client-side / browser vulnerabilities. This can help organizations prevent sensitive information from falling into the wrong hands.

Penetration Testing

Penetration Testing Social Engineering Firewall Software

5 Things Retailers Should Know About Cybersecurity

Duo's Security Blog

FEBRUARY 16, 2022

Retailers must comply with the Payment Card Industry Data Security Standard (PCI DSS), which mandates the use of multi-factor authentication (MFA) to help protect customers from data breaches. CSOonline.com reports that 94% of malware is delivered via email, and phishing attacks account for more than 80% of security incidents.

Retail

Retail Cybersecurity Data breaches Passwords

What are Network Firewalls?

eSecurity Planet

OCTOBER 7, 2021

The network firewall is the first line of defense for traffic that passes in and out of a network. The firewall examines traffic to ensure it meets the security requirements set by the organization, and unauthorized access attempts are blocked. Firewall protection has come a long way in recent years. Next-generation firewalls.

Firewall

Firewall Marketing Technology Social Engineering

Identity and Access Management (IAM) in Payment Card Industry (PCI) Data Security Standard (DSS) environments.

CyberSecurity Insiders

APRIL 6, 2023

There are, at minimum, two schemes that need to be reviewed, but consider if you have more from this potential, and probably incomplete, list: Cloud service master account management AWS (Amazon Web Services), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Architecture (OCA), Name Service Registrars (E.g., PCI DSS v4.0 PCI DSS v4.0

Accountability

Accountability DNS DDOS VPN

NEW TECH: Data Theorem helps inventory sprawling APIs — as the first step to securing them

The Last Watchdog

MARCH 25, 2019

Instead, what it did was allow anyone with a usps.com account to modify a wildcard search without authentication permissions. Because companies can’t protect APIs with traditional means, like firewalls, they must find other ways to secure them. Big white elephant. For security to work, there needs to be 24/7 awareness.

Digital transformation

Digital transformation Software Data breaches Authentication

VulnRecap 1/16/24 – Major Firewall Issues Persist

As 2-factor authentication falls short, ‘adaptive multi-factor authentication’ goes mainstream

Webinars

Trending Sources

Trick or Treat: The Choice is Yours with Multifactor Authentication

Webinars

Steps to Take If Your WordPress Site Is Hacked

Cybersecurity First: #BeCyberSmart at Work and Home

FBI Issues Private Industry Notification in Light of Florida Water Plant Hack

Critical flaws in defibrillator management tool pose account takeover, credential risk for hospitals

Vulnerability Recap 4/15/24 – Palo Alto, Microsoft, Ivanti Exploits

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

U.S. Security Agencies Release Network Security, Vulnerability Guidance

Microsoft Targets Critical Outlook Zero-Day Flaw

Understanding the Essential Pillars of Phishing Mitigation

How Cisco Duo Helps Mitigate Common MITRE ATT&CK® Techniques

Security Affairs newsletter Round 422 by Pierluigi Paganini – International edition

What is WAAP? – A Quick Walk Through

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Prevention Maintenance: Strategies To Bolster Your Organisation’s Cybersecurity

Vulnerability Recap 4/29/24 – Cisco, Microsoft, Palo Alto & More

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

CISA updates ransomware guidance

FBI’s alert warns about using Windows 7 and TeamViewer

Stories from the SOC: Fighting back against credential harvesting with ProofPoint

Digital Banking - Case Study

Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

CISA Order Highlights Persistent Risk at Network Edge

MY TAKE: Why COVID-19 ‘digital distancing’ is every bit as vital as ‘social distancing’

SUPERNOVA malware discovered on SolarWinds Orion server

Threat Trends: Firewall

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Spear Phishing Prevention: 10 Ways to Protect Your Organization

What We Can Learn from the Capital One Hack

Update now! MOVEit Transfer vulnerability actively exploited

Three Ways to Protect Unfixable Security Risks

RSAC insights: SolarWinds hack illustrates why software builds need scrutiny — at deployment

Cost-Effective Steps the Healthcare Industry Can Take To Mitigate Damaging Ransomware Attacks

Extreme Networks ExtremeControl: NAC Product Review

What do Cyber Threat Actors do with your information?

Is The Cost Of Predictive Cyber Security Worth The Investment?

Coverage Advisory for CVE-2023-34362 MOVEit Vulnerability

CIS 18 Critical Security Controls Version 8

5 Things Retailers Should Know About Cybersecurity

What are Network Firewalls?

Identity and Access Management (IAM) in Payment Card Industry (PCI) Data Security Standard (DSS) environments.

NEW TECH: Data Theorem helps inventory sprawling APIs — as the first step to securing them

Stay Connected