Kategorie

Introduction In the previous part of this series, we set up our free-tier account and then configured AWS CLI. In this article, we will discuss S3 buckets and the security concepts associated with them. What is Amazon S3? Amazon Simple Storage Service (Amazon S3) is storage for the Internet. You can use Amazon S3 to […]

The post AWS Cloud Security for Beginners — Part 2 appeared first on InfoSec Resources.

AWS Cloud Security for Beginners — Part 2 was first posted on July 19, 2018 at 5:18 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

How much does a data breach cost? It isn’t a simple question, but the answer is the only way to transmit the urgency of the situation to C-level executives. The 2018 Cost of a Data Breach Study, the 2018 edition of the annual study sponsored by IBM Security and conducted by the Ponemon Institute, provides […]

The post How Much Does a Data Breach Cost? Reading the 2018 Cost of a Data Breach Study appeared first on InfoSec Resources.

How Much Does a Data Breach Cost? Reading the 2018 Cost of a Data Breach Study was first posted on July 19, 2018 at 5:09 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Introduction Cloud computing has gained enormous attention during the past few years, and a lot of companies are shifting their infrastructure into the cloud environments. With most of the cloud service providers, security comes as a part of their design. Nevertheless, people make mistakes and introduce misconfigurations and vulnerable applications into their cloud environments, leading […]

The post AWS Cloud Security for Beginners — Part 1 appeared first on InfoSec Resources.

AWS Cloud Security for Beginners — Part 1 was first posted on July 19, 2018 at 4:56 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Introduction To reduce attack surfaces and improve one’s cybersecurity posture, organizations can adopt two stances: a reactive approach and a proactive approach. The reactive approach involves traditional methods of detection (e.g., IDS and IPS) and prevention (e.g., firewalls and SIEM), whereas the proactive approach uses offensive tactics, such as those found in a threat-hunting program. […]

The post Threat Hunting vs. SIEM appeared first on InfoSec Resources.

Threat Hunting vs. SIEM was first posted on July 19, 2018 at 4:53 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Introduction The current reality is that numerous organizations don’t realize hackers have already compromised their systems. Today, enterprises routinely fail to detect attacks in an effective and timely manner. As a result, companies have had to suffer a massive loss in terms of penalties or compliance issues. Even governmental organizations are no exception. In 2010, […]

The post Threat Hunting as an Active Defense appeared first on InfoSec Resources.

Threat Hunting as an Active Defense was first posted on July 19, 2018 at 4:48 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Introduction As cybercriminals constantly develop new, more advanced attacks and become as organized as any other crime syndicate, it makes perfect sense that most intelligence-driven SOCs (Security Operations Center) have embraced both threat intelligence and threat hunting. Threat intelligence gathers information from multiple sources on the most recent attack techniques, tendencies, and both Indicators of […]

The post Types of Threats That Can Be Hunted appeared first on InfoSec Resources.

Types of Threats That Can Be Hunted was first posted on July 19, 2018 at 4:41 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Introduction Organizations are constantly being challenged by an increasing number of cybersecurity threats. As the severity and frequency of attacks rise, there is a call for a more proactive approach: threat hunting. Threat hunting incorporates tools-based and human-driven detection to fend off computer-related cyberattacks. This is rapidly becoming a key function for modern security operations […]

The post 10 Benefits of Threat Hunting appeared first on InfoSec Resources.

10 Benefits of Threat Hunting was first posted on July 19, 2018 at 4:29 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Introduction Cyberthreat-hunting is a way of scouring through a network and finding sophisticated threats that could cause harm to systems and data, and which are not detectable to already existing security measures such as antiviruses and malware protection. Threat hunting requires advanced skills in cybersecurity, systems administration, programming and penetration testing. Because advanced threats are […]

The post Threat Hunting Techniques appeared first on InfoSec Resources.

Threat Hunting Techniques was first posted on July 19, 2018 at 4:18 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Over two billion credentials were stolen in 2017 and contributed to the complex problem of credential spills, credential stuffing and account takeover fraud.

Microsoft said it detected and helped the US government to block Russian hacking attempts against at least three congressional candidates this year, a Microsoft executive revealed speaking at the Aspen Security Forum today. Although the company refused to name the targets but said, the three candidates were "people who, because of their positions, might have been interesting targets from an

Hackers are embedding malicious code within compromised, uploaded images on trusted Google sites – weaponizing the website and staying under the radar.

Two vulnerabilities were discovered on Dongguan Diqee-branded vacuum cleaners, Thursday.

New! AwareEd Auto Reports Dashboard   SecurityIQ just released a new Auto Reports Dashboard feature for AwareEd. Track your campaigns in real-time and assess your data with clear and insightful metrics to determine next training steps. Automated dashboard analytics include: Learner Grades Internationalization & Localization Training Timeline Training Module Performance Mandatory Policy Acceptance Browser Vulnerability […]

The post New AwareEd Auto Reports & Creating Security Champions Training! appeared first on InfoSec Resources.

New AwareEd Auto Reports & Creating Security Champions Training! was first posted on July 19, 2018 at 1:33 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

In a stalking or random criminal scenario, the ability to guide someone to an out-of-the-way, isolated location could be a precursor to kidnapping or worse.

In this InfoSec Insider cyber insurance expert Nick Sanna discusses how to balance threat exposures and protecting assets with insurance against hacking, breaches and vulnerabilities.

Posted by Charlie Reis, Site Isolator

Speculative execution side-channel attacks like Spectre are a newly discovered security risk for web browsers. A website could use such attacks to steal data or login information from other websites that are open in the browser. To better mitigate these attacks, we're excited to announce that Chrome 67 has enabled a security feature called Site Isolation on Windows, Mac, Linux, and Chrome OS. Site Isolation has been optionally available as an experimental enterprise policy since Chrome 63, but many known issues have been resolved since then, making it practical to enable by default for all desktop Chrome users.

This launch is one phase of our overall Site Isolation project. Stay tuned for additional security updates that will mitigate attacks beyond Spectre (e.g., attacks from fully compromised renderer processes).

What is Spectre?

In January, Google Project Zero disclosed a set of speculative execution side-channel attacks that became publicly known as Spectre and Meltdown. An additional variant of Spectre was disclosed in May. These attacks use the speculative execution features of most CPUs to access parts of memory that should be off-limits to a piece of code, and then use timing attacks to discover the values stored in that memory. Effectively, this means that untrustworthy code may be able to read any memory in its process's address space.

This is particularly relevant for web browsers, since browsers run potentially malicious JavaScript code from multiple websites, often in the same process. In theory, a website could use such an attack to steal information from other websites, violating the Same Origin Policy. All major browsers have already deployed some mitigations for Spectre, including reducing timer granularity and changing their JavaScript compilers to make the attacks less likely to succeed. However, we believe the most effective mitigation is offered by approaches like Site Isolation, which try to avoid having data worth stealing in the same process, even if a Spectre attack occurs.

What is Site Isolation?

Site Isolation is a large change to Chrome's architecture that limits each renderer process to documents from a single site. As a result, Chrome can rely on the operating system to prevent attacks between processes, and thus, between sites. Note that Chrome uses a specific definition of "site" that includes just the scheme and registered domain. Thus, https://google.co.uk would be a site, and subdomains like https://maps.google.co.uk would stay in the same process.

Chrome has always had a multi-process architecture where different tabs could use different renderer processes. A given tab could even switch processes when navigating to a new site in some cases. However, it was still possible for an attacker's page to share a process with a victim's page. For example, cross-site iframes and cross-site pop-ups typically stayed in the same process as the page that created them. This would allow a successful Spectre attack to read data (e.g., cookies, passwords, etc.) belonging to other frames or pop-ups in its process.

When Site Isolation is enabled, each renderer process contains documents from at most one site. This means all navigations to cross-site documents cause a tab to switch processes. It also means all cross-site iframes are put into a different process than their parent frame, using "out-of-process iframes." Splitting a single page across multiple processes is a major change to how Chrome works, and the Chrome Security team has been pursuing this for several years, independently of Spectre. The first uses of out-of-process iframes shipped last year to improve the Chrome extension security model.
A single page may now be split across multiple renderer processes using out-of-process iframes.
Even when each renderer process is limited to documents from a single site, there is still a risk that an attacker's page could access and leak information from cross-site URLs by requesting them as subresources, such as images or scripts. Web browsers generally allow pages to embed images and scripts from any site. However, a page could try to request an HTML or JSON URL with sensitive data as if it were an image or script. This would normally fail to render and not expose the data to the page, but that data would still end up inside the renderer process where a Spectre attack might access it. To mitigate this, Site Isolation includes a feature called Cross-Origin Read Blocking (CORB), which is now part of the Fetch spec. CORB tries to transparently block cross-site HTML, XML, and JSON responses from the renderer process, with almost no impact to compatibility. To get the most protection from Site Isolation and CORB, web developers should check that their resources are served with the right MIME type and with the nosniff response header.

Site Isolation is a significant change to Chrome's behavior under the hood, but it generally shouldn't cause visible changes for most users or web developers (beyond a few known issues). It simply offers more protection between websites behind the scenes. Site Isolation does cause Chrome to create more renderer processes, which comes with performance tradeoffs: on the plus side, each renderer process is smaller, shorter-lived, and has less contention internally, but there is about a 10-13% total memory overhead in real workloads due to the larger number of processes. Our team continues to work hard to optimize this behavior to keep Chrome both fast and secure.

How does Site Isolation help?

In Chrome 67, Site Isolation has been enabled for 99% of users on Windows, Mac, Linux, and Chrome OS. (Given the large scope of this change, we are keeping a 1% holdback for now to monitor and improve performance.) This means that even if a Spectre attack were to occur in a malicious web page, data from other websites would generally not be loaded into the same process, and so there would be much less data available to the attacker. This significantly reduces the threat posed by Spectre.

Because of this, we are planning to re-enable precise timers and features like SharedArrayBuffer (which can be used as a precise timer) for desktop.

What additional work is in progress?

We're now investigating how to extend Site Isolation coverage to Chrome for Android, where there are additional known issues. Experimental enterprise policies for enabling Site Isolation will be available in Chrome 68 for Android, and it can be enabled manually on Android using chrome://flags/#enable-site-per-process.

We're also working on additional security checks in the browser process, which will let Site Isolation mitigate not just Spectre attacks but also attacks from fully compromised renderer processes. These additional enforcements will let us reach the original motivating goals for Site Isolation, where Chrome can effectively treat the entire renderer process as untrusted. Stay tuned for an update about these enforcements! Finally, other major browser vendors are finding related ways to defend against Spectre by better isolating sites. We are collaborating with them and are happy to see the progress across the web ecosystem.

Help improve Site Isolation!

We offer cash rewards to researchers who submit security bugs through the Chrome Vulnerability Reward Program. For a limited time, security bugs affecting Site Isolation may be eligible for higher rewards levels, up to twice the usual amount for information disclosure bugs. Find out more about Chrome New Feature Special Rewards.

Cisco also pushed out seven high-severity fixes for its SD-WAN solution for business users, and a patch for a DoS flaw in the Cisco Nexus 9000 Series Fabric Switches.

Believe it or not, but any computer connected to the Internet is vulnerable to cyber attacks. With more money at risk and data breaches at a rise, more certified cybersecurity experts and professionals are needed by every corporate and organisation to prevent themselves from hackers and cyber thieves. That's why jobs in the cybersecurity field have gone up 80% over the past three years than

To its fans, Venmo is a hassle-free P2P app that lets anyone living in the US send money to friends, split a restaurant bill, pay for a ride on Uber, or buy a hotel room. To the security conscious, it's a privacy nightmare.

This could mean the end of free Android. In the meantime, Google plans to appeal.