Security Boulevard

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Uncanceled Units’ appeared first on Security Boulevard.

Cohesity has extended its Cyber Event Response Team (CERT) service to include third-party providers of incident response platforms, including Palo Alto Networks Unit 42, Arctic Wolf, Sophos, Fenix24 and Semperis.

The post Cohesity Extends Services Reach to Incident Response Platforms appeared first on Security Boulevard.

by Source Defense In 2024, Magecart attacks reached new levels of sophistication, targeting thousands of e-commerce websites worldwide. At Source Defense Research, we tracked dozens of campaigns leveraging advanced techniques, from exploiting Google Tag Manager to innovative uses of WebSockets and payment form forgeries. These attacks highlight the adaptability of attackers in the face of

The post Unveiling 2024’s Attack Trends: Insights from Source Defense Research appeared first on Source Defense.

The post Unveiling 2024’s Attack Trends: Insights from Source Defense Research appeared first on Security Boulevard.

AI in Cybersecurity: Leveraging Generative AI and AI Agents to Stay Ahead of Threats AI in Cybersecurity: Leveraging Generative AI and AI Agents to Stay Ahead of Threats Artificial Intelligence (AI) is revolutionizing the cybersecurity landscape, offering advanced tools to predict, detect, and respond to threats with unprecedented speed and accuracy. Among these advancements, Generative […]

The post AI in Cybersecurity: Leveraging Generative AI and AI Agents to Stay Ahead of Threats appeared first on Cyber security services provider, data privacy consultant | Secureflo.

The post AI in Cybersecurity: Leveraging Generative AI and AI Agents to Stay Ahead of Threats appeared first on Security Boulevard.

Authors/Presenters: Ege Feyzioglu & Andrew M

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – RFID 101 appeared first on Security Boulevard.

We created a new tool to help you install and manage BloodHound instances, BloodHound CLI!

GitHub - SpecterOps/bloodhound-cli

Written entirely in Go, this command-line tool can be cross-compiled to support Windows, macOS, and Linux, so you can use whichever operating system you like as your host system for BloodHound. You only need to have Docker installed.

BloodHound CLI dramatically simplifies installation and server management. You can use BloodHound CLI to pull logs and monitor your containers. Read on to learn more about a few of the specific commands.

$ ./bloodhound-cli
BloodHound CLI is a command line interface for managing BloodHound and
associated containers and services. Commands are grouped by their use.

Usage:
bloodhound-cli [command]

Available Commands:
completion Generate the autocompletion script for the specified shell
config Display or adjust the configuration
containers Manage BloodHound containers with subcommands
help Help about any command
install Builds containers and performs first-time setup of BloodHound
logs Fetch logs for BloodHound services
running Print a list of running BloodHound services
version Displays BloodHound CLI's version information

Flags:
-h, --help help for bloodhound-cli

Use "bloodhound-cli [command] --help" for more information about a command. Installing BloodHound

Recently, we talked with some of our community members to learn about their experiences with BloodHound Community Edition. One problem they reported was retrieving the initial password for the default admin user. Previously, installing BloodHound required pulling down the Docker YML file, running the Docker Compose commands, and monitoring the output to grab the initial password.

Now, you only need to run ./bloodhound-cli install and wait. BloodHound CLI will pull the Docker Compose file (if it doesn’t exist), randomly generate an initial password, and then display the initial credentials at the end of the installation.

$ ./bloodhound-cli install
[+] Checking the status of Docker and the Compose plugin...
[+] Starting BloodHound environment installation
[+] Downloading the production YAML file from https://raw.githubusercontent.com/SpecterOps/BloodHound_CLI/refs/heads/main/docker-compose.yml
[+] Downloading the development YAML file from https://raw.githubusercontent.com/SpecterOps/BloodHound_CLI/refs/heads/main/docker-compose.dev.yml
graph-db Pulling
app-db Pulling
bloodhound Pulling
graph-db Pulled
app-db Pulled
bloodhound Pulled
Container bloodhound_cli-graph-db-1 Running
Container bloodhound_cli-app-db-1 Running
Container bloodhound_cli-bloodhound-1 Running
Container bloodhound_cli-app-db-1 Waiting
Container bloodhound_cli-graph-db-1 Waiting
Container bloodhound_cli-app-db-1 Healthy
Container bloodhound_cli-graph-db-1 Healthy
[+] BloodHound is ready to go!
[+] You can log in as `admin` with this password: JqNmrSuFWb5k8qj5EVL0f2OtUppzmZ4Y
[+] You can get your admin password by running: bloodhound-cli config get default_password
[+] You can access the BloodHound UI at: http://127.0.0.1:8080/ui/login

You can customize your installation by setting your initial password or adjusting the default username.

Customizing BloodHound

The config command is here to help you manage your server settings. As mentioned above, you can use it to set the initial username and password manually or set any other value you need in the bloodhound.config.json file. You can also use the config and config get commands to retrieve all config or individual values.

Wrap Up

Whether you’re starting fresh with BHCE or a veteran user, BloodHound CLI makes everything simpler. The tool can manage your configuration, monitor running containers, and pull logs. We will continue developing this new tool to simplify server updates and other maintenance tasks.

You can grab the first release, v0.1.0, here:

Release BloodHound CLI v0.1.0 · SpecterOps/bloodhound-cli

Introducing BloodHound CLI was originally published in Posts By SpecterOps Team Members on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post Introducing BloodHound CLI appeared first on Security Boulevard.

Advanced persistent threats (APTs) use sophisticated tools and techniques to breach systems and maintain access—all while remaining undetected. Unlike other cyberattacks, APTs work over an extended period, using more resources to achieve specific objectives, such as stealing sensitive data or bringing down operations.

The post Advanced Persistent Threat (APT): Examples and Prevention appeared first on Security Boulevard.

As software applications are built and developed over the years, engineering teams continuously shift perspective on what features to prioritize or de-prioritize. A feature developed five years ago may have no significance today. However, features deemed low priority may still be kept operational for legacy, compatibility, or business requirement reasons. Praetorian discovered such a legacy […]

The post Tarbomb Denial of Service via Path Traversal appeared first on Praetorian.

The post Tarbomb Denial of Service via Path Traversal appeared first on Security Boulevard.

As Southern California continues to battle devastating wildfires, cybercriminals have seized the opportunity to exploit the chaos, targeting vulnerable individuals and organizations.

The post California Wildfires Spark Phishing Scams Exploiting Chaos appeared first on Security Boulevard.

Shopping for OT systems? A new CISA guide outlines OT cyber features to look for. Meanwhile, the U.S. government publishes a playbook for collecting AI vulnerability data. Plus, a White House EO highlights AI security goals. And get the latest on IoT security; secure app dev; and tougher HIPAA cyber rules.

Dive into six things that are top of mind for the week ending Jan. 17.

1 - How to choose cybersecure OT products

Is your organization evaluating operational technology (OT) products for purchase? If so, a new guide from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) aims to help OT operators choose OT products designed with strong cybersecurity features.

The publication, titled “Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products,” highlights 12 cybersecurity elements that OT products should have, including:

• Support for controlling and tracking modifications to configuration settings
• Logging of all actions using open-standard logging formats
• Rigorous testing for vulnerabilities and timely provision of free and easy-to-install patches and updates
• Strong authentication methods such as role-based access control and phishing-resistant multi-factor authentication to prevent unauthorized access
• Protection of the integrity and confidentiality of data at rest and in transit

According to CISA, many OT products aren’t designed and developed securely, so they ship with security issues such as weak authentication, known vulnerabilities and insecure default settings. 

In fact, the agency says it’s common for hackers to target handpicked OT products instead of going after specific organizations. Thus, it’s critical for organizations, especially those in critical infrastructure sectors, to pick OT products built securely by using CISA’s “Secure by Design” principles.

“When security is not prioritized nor incorporated directly into OT products, it is difficult and costly for owners and operators to defend their OT assets against compromise,” reads the guide, published in collaboration with other U.S. and international agencies.

For more information about OT systems cybersecurity, check out these Tenable resources: 

• “What is operational technology (OT)?” (guide)
• “Discover, Measure, and Minimize the Risk Posed by Your Interconnected IT/OT/IoT Environments” (on-demand webinar)
• “How To Secure All of Your Assets - IT, OT and IoT - With an Exposure Management Platform” (blog)
• “Blackbox to blueprint: The security leader’s guidebook to managing OT and IT risk” (white paper)
• “OT Security Master Class: Understanding the Key Principles, Challenges, and Solutions” (on-demand webinar)

2 - JCDC publishes playbook to collect AI security info 

A new playbook published by the U.S. government aims to facilitate the collective, voluntary sharing of information among AI providers, developers and users about AI vulnerabilities and cyber incidents.

The “AI Cybersecurity Collaboration Playbook” from CISA’s Joint Cyber Defense Collaborative (JCDC) details ways in which AI community members in government and in the private sector – both in the U.S. and abroad – can collaborate to help boost AI security for everybody.

“The development of this playbook is a major milestone in our efforts to secure AI systems through active collaboration,” CISA Director Jen Easterly said in a statement.

AI systems introduce unique cybersecurity challenges which make them vulnerable to attacks including model poisoning, data manipulation and malicious inputs. “These vulnerabilities, coupled with the rapid adoption of AI systems, demand comprehensive strategies and public-private partnership to address evolving risks,” the 33-page playbook reads.

By collecting, analyzing and enriching information on AI vulnerabilities and cyber incidents, CISA would be able to help the AI community in a variety of ways, including by:

• Sharing information to improve detection and prevention of AI threats
• Exposing attackers’ tactics and infrastructure
• Identifying and notifying victims
• Generating threat advisories and intelligence reports
• Offering tailored recommendations, vulnerability management strategies and cyber defense best practices

The playbook’s target audience is operational cybersecurity professionals, including incident responders and security analysts, and its goal is to help them collaborate and share information with CISA and JCDC about AI security.

In addition, CISA also envisions organizations adopting the document’s guidance internally “to enhance their own information-sharing practices, contributing to a unified approach to AI-related threats across critical infrastructure.”

For more information about industry efforts for collaborating on AI security:

• Cloud Security Alliance’s “AI Safety Initiative”
• MITRE’s “AI Incident Sharing initiative”
• Open Worldwide Application Security Project’s “AI Exchange”
• U.S. government’s “Testing Risks of AI for National Security (TRAINS) Taskforce”

3 - New White House cybersecurity EO includes AI requirements

The Biden Administration issued a sweeping cybersecurity executive order (EO) this week aimed at boosting U.S. cyberdefenses, and AI security is one area that it says must be strengthened.

The “Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity” calls for promoting security “with and in” AI, saying it can speed up the identification of new vulnerabilities, scale up threat detection and automate cyberdefenses.

“The Federal Government must accelerate the development and deployment of AI, explore ways to improve the cybersecurity of critical infrastructure using AI, and accelerate research at the intersection of AI and cybersecurity,” the executive order reads.

Among the executive order’s requirements for AI are:

• Launching a pilot program on using AI to improve cyberdefense of critical infrastructure in the energy sector. The Secretaries of Energy, Defense and Homeland Security would be in charge of the program, in collaboration with private-sector critical infrastructure organizations. The program may include:
  • vulnerability detection
  • automatic patch management
  • identification and categorization of anomalous and malicious activity across IT or OT systems
• The Secretary of Defense must establish a program to use advanced AI models for cyberdefense.
• The Secretaries of Commerce, Energy and Homeland Security, and the National Science Foundation Director, must prioritize funding for their respective programs that encourage the development of “large-scale, labeled datasets needed to make progress on cyber defense research.”
• The Secretaries of Defense and Homeland Security, and the Director of National Intelligence must incorporate management of AI software vulnerabilities and compromises into their agencies’ process and “and interagency coordination mechanisms for vulnerability management.” These efforts should include incident tracking, response, reporting and sharing AI systems’ indicators of compromise.

These AI-related actions all must be completed at various dates during 2025.

The executive order covers multiple other areas. To get all the details and expert analysis, read our blog “New Cybersecurity Executive Order: What It Means for Federal Agencies” from Robert Huber, Tenable’s Chief Security Officer, Head of Research and President of Tenable Public Sector.

4 - CISA publishes secure software development best practices

Software makers interested in improving the security of their development process and of their products have fresh guidance to peruse.

As part of its “Secure by Design” program, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published cybersecurity recommendations for protecting organizations’ software development lifecycle.

The best practices are organized into two categories — Software development process goals; and Product design goals — and include:

• Software development process goals:
  • Address vulnerabilities before releasing the software product, and publish a vulnerability disclosure policy.
  • Separate all software development environments, including development, build and test, to reduce the lateral movement risk.
  • Enforce multi-factor authentication across all software development environments.
  • Securely store and transmit credentials.
• Product design goals
  • Reduce entire classes of preventable vulnerabilities, such as SQL injection vulnerabilities, memory safety vulnerabilities and cross-site scripting vulnerabilities.
  • Provide timely security patches to customers.
  • Don’t use default password in your products.
  • Let users know when your products are nearing end-of-life status and you will no longer provide security patches for them.

The recommendations “will help to protect the sector from cyber incidents, identify and address vulnerabilities prior to product release, improve incident response, and significantly improve software security,” reads a CISA statement.

To get more details, read the full “Information Technology (IT) Sector-Specific Goals (SSGs)” fact sheet.

For more information about secure software development:

• “CISA Tells Tech Vendors To Squash Command Injection Bugs, as OpenSSF Calls on Developers To Boost Security Skills” (Tenable)
• “Secure Development” (Software Engineering Institute, Carnegie Mellon Univ.)
• “Secure Software Development Framework” (NIST)
• “Secure development and deployment guidance” (UK NCSC)
• “OWASP Developer Guide” (Open Worldwide Application Security Project )

5 - U.S. gov’t launches security label for IoT products

To encourage the development of safer internet of things (IoT) devices for consumers, the U.S. government has introduced a new label for IoT products that meet National Institute of Standards and Technology (NIST) cybersecurity standards.

Called the U.S. Cyber Trust Mark, the label will also help U.S. consumers know which IoT products are more secure, as they shop for internet-connected ware, such as baby monitors, security cameras, refrigerators, garage door openers and thermostats.

“These devices are part of Americans’ daily lives. But Americans are worried about the rise of criminals remotely hacking into home security systems to unlock doors, or malicious attackers tapping into insecure home cameras to illicitly record conversations,” reads a White House statement.

IoT manufacturers will soon be able to seek the U.S. Cyber Trust Mark label by submitting their IoT products to accredited labs for testing. Tests will cover areas including password authentication, data protection, software updates and incident detection. 

IoT products that earn the label will also have a QR code that’ll link consumers to information such as:

• How to change default passwords
• How to configure the device securely
• How to access software updates and patches if they’re not delivered automatically
• The end date of the product’s support period

Participation in the U.S. Cyber Trust Mark program is voluntary for IoT manufacturers. IoT devices excluded from the program include motor vehicles, medical devices, and products used for manufacturing, industrial control and enterprise applications.

To get more details, visit the U.S. Cyber Trust Mark home page.

For more information about securing consumer IoT devices, check out resources from the IoT Security Foundation; the European Telecommunications Standards Institute; TechAccord; Internet Society; the U.K. National Cyber Security Centre; and the International Organization for Standardization (ISO). 

6 - U.S. gov’t seeks tougher cybersecurity rules for health providers

Doctors, hospitals, health insurers and other healthcare organizations may face stricter cybersecurity regulations in the U.S.

That’s because the U.S. government is seeking to tighten the cybersecurity requirements in the Health Insurance Portability and Accountability Act (HIPAA).

The new cybersecurity rules proposed by the Department of Health and Human Services (HHS) include:

• Develop and revise on an ongoing basis a technology asset inventory and a network map that illustrates the movement of electronic protected health information (ePHI) throughout the organization’s electronic information systems.
• Make risk analysis more specific by submitting written assessments that include:
  • A review of the technology asset inventory and network map
  • Reasonably anticipated threats to ePHI’s confidentiality, availability and integrity
  • Potential vulnerabilities to the organization’s electronic information systems
  • A risk-level assessment of identified threats and vulnerabilities
• Strengthen contingency planning and security incident response with steps including:
  • Draft written plans to restore certain electronic information systems and data within 72 hours.
  • Prioritize restoration by analyzing criticality of systems and tech assets.
  • Outline in writing how employees and the organization will respond to known or suspected security incidents.
• Conduct an audit at least once per year to ensure the organization’s compliance with HIPAA’s cybersecurity rules.
• With limited exceptions, encrypt ePHI at rest and in transit and require the use of multi-factor authentication.
• Conduct vulnerability scanning at least every six months, and penetration testing at least once a year.

For more details about HHS’ new proposed HIPAA cybersecurity rules and to submit public comments about them, go to the Federal Register’s “HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information” page. The comment period ends on March 7, 2025.

The post Cybersecurity Snapshot: CISA Lists Security Features OT Products Should Have and Publishes AI Collaboration Playbook appeared first on Security Boulevard.

The dark web is a thriving underground market where stolen data and corporate vulnerabilities are openly traded. This hidden economy poses a direct and growing threat to businesses worldwide. Recent breaches highlight the danger.  

The post How Much of Your Business is Exposed on the Dark Web?  appeared first on Security Boulevard.

While cloud adoption continues to drive digital transformation, the shift to the cloud introduces critical security challenges that organizations must address.

The post Security Concerns Complicate Multi-Cloud Adoption Strategies appeared first on Security Boulevard.

Most consumers are still unaware of their own role in cybersecurity incidents and continue to place primary blame on external bad actors.

The post Cybersecurity Breaches Degrade Consumer Trust, but Apathy Rises appeared first on Security Boulevard.

Dear blog readers,

In this post I'll provide some actionable
intelligence on the current state of active BitCoin Exchanges landscape
with the idea to assist everyone on their way to properly attribute a
fraudulent or malicious transaction or to dig a little bit deeper inside
the infrastructure and financial infrastructure behind these BitCoin Exchanges.

Sample BitCoin Exchanges URLs:

hxxp://bisq.network
hxxp://blockdx.net
hxxp://boltz.exchange
hxxp://changenow.io
hxxp://coinswap.click
hxxp://crp.is
hxxp://exch.cx
hxxp://exchanger.infinity.taxi
hxxp://exolix.com
hxxp://fixedfloat.com
hxxp://godex.io
hxxp://hodlhodl.com
hxxp://letsexchange.io
hxxp://localmonero.co
hxxp://majesticbank.at
hxxp://mandala.exchange
hxxp://peachbitcoin.com
hxxp://sideshift.ai
hxxp://stealthex.io
hxxp://tradeogre.com
hxxp://unstoppableswap.net
hxxp://vexl.it
hxxp://bitswitch.io
hxxp://wizardswap.io
hxxp://xchange.me

Sample known responding IPs:

172.67.172.108
91.195.240.19
51.68.37.66
188.165.1.80
104.21.80.1
104.21.64.1
36.86.63.182
172.67.69.184
188.114.99.236
188.114.96.18
185.178.208.163
3.24.66.78
188.114.98.229
104.26.7.14
188.114.99.229
103.154.123.132
172.67.68.152
188.114.98.224
182.23.79.195
203.119.13.75
203.119.13.76
186.2.163.71
91.215.41.54
176.9.158.211
188.114.98.128
146.112.61.107
188.114.99.192
162.241.216.218
128.242.250.148
208.101.21.43
202.160.130.52
202.160.128.210
146.112.61.106
89.41.182.24
89.41.182.99
193.168.141.179
193.168.141.55
72.52.178.23
13.248.148.254
104.21.58.171
206.189.58.26
167.99.246.105
54.66.176.79
157.245.84.7
188.114.97.4
188.114.96.4
188.114.97.12
95.214.53.250
159.89.122.145
104.21.60.147
172.67.197.200
172.64.86.149
15.235.75.245
104.18.45.100
188.114.97.1
104.31.82.18
192.29.39.98
107.154.236.60
107.154.141.60
172.67.70.100
192.29.39.48
65.8.227.25
13.225.229.65
18.160.144.91
13.35.245.111
13.249.64.117
172.217.12.179
172.217.16.179
198.18.1.141
34.196.254.27
92.242.140.6
185.66.143.187
188.114.96.6
188.114.97.10
188.114.96.14
104.31.83.21
104.21.34.110
188.114.97.14
192.186.250.199
188.114.97.11
18.102.16.191
13.50.141.112
176.9.29.194
104.26.1.187
34.234.52.18
65.0.79.182
173.236.182.137
104.244.46.93
198.18.1.164
108.160.165.211
52.25.92.0
86.35.3.193
50.63.202.31
104.21.112.1
184.168.221.26
50.63.202.19
172.67.134.215
255.255.255.255
23.217.138.108
149.202.88.23
184.168.221.42
45.60.153.115
15.165.119.196
188.114.96.0
15.164.135.176
18.173.233.64
104.26.13.101
188.114.97.20
108.160.170.41
104.21.81.250
188.114.97.6
188.114.97.3
104.21.32.1
172.67.128.64
104.26.7.183
184.168.221.44
172.64.80.1
23.202.231.167

The post A Peek Inside the Current State of BitCoin Exchanges appeared first on Security Boulevard.

Dear blog readers,

In this post I'll provide some actionable intelligence on the current state of active BitCoin Mixers landscape with the idea to assist everyone on their way to properly attribute a fraudulent or malicious transaction or to dig a little bit deeper inside the infrastructure and financial infrastructure behind these BitCoin Mixers.

Sample known BitCoin Mixer URLs:

hxxp://anonymixer.com
hxxp://bitmixer.online
hxxp://chipmixer.com
hxxp://coinomize.biz
hxxp://coinomize.co
hxxp://coinomize.is
hxxp://cryptomixer.io
hxxp://gingerwallet.io
hxxp://jambler.io
hxxp://jokermix.to
hxxp://medusamixer.io
hxxp://blindmixer.com
hxxp://mixer.money
hxxp://mixerdream.com
hxxp://mixero.io
hxxp://mixtum.io
hxxp://mixtura.money
hxxp://mixy.money
hxxp://puremixer.io
hxxp://sparrowwallet.com
hxxp://swamplizard.io
hxxp://tengricrypto.com
hxxp://thormixer.io
hxxp://unijoin.io
hxxp://webmixer.io
hxxp://whir.to

Sample known responding IPs:
104.21.14.15
172.67.133.191
136.228.192.103
172.64.101.28
172.64.98.33
104.21.36.129
172.67.158.129
188.114.97.3
188.114.97.1
172.67.142.24
185.205.69.10
135.181.110.78
93.95.231.89
34.102.136.180
172.67.188.123
104.26.3.240
198.177.120.27
104.21.58.174
188.114.99.229
188.114.98.224
104.21.79.112
34.102.155.139
216.246.46.117
172.67.170.136
172.67.172.23
108.167.189.28
162.241.61.115
108.167.189.61
192.185.4.130
188.114.97.0
172.67.180.202
188.114.96.4
104.21.34.115
172.67.160.123
46.101.27.21
108.160.143.236
188.114.96.3
172.67.170.175
104.21.63.126
65.109.166.143
103.224.212.100
93.95.231.80
199.59.243.226
37.120.206.181
172.64.174.24
152.89.162.34
188.114.96.0
46.17.96.4
103.224.212.210
186.2.163.238
101.99.91.215
172.67.154.113
104.21.69.169
185.178.208.78
172.67.210.143
 

188.114.98.229
188.114.97.4
188.114.96.14
172.67.158.73
188.114.97.2
172.67.70.29
188.114.97.14
104.26.5.134
186.2.163.228
23.202.231.167
104.21.96.1
198.54.117.210
188.114.97.22
198.54.117.200
188.114.97.7
149.28.138.23
45.180.20.12
185.86.149.239
218.93.250.18
185.178.208.139
172.67.191.198
188.114.99.224
104.21.43.207
46.28.207.19
104.26.3.196
13.248.151.237
104.21.36.95
172.64.80.1
36.86.63.182
172.64.165.7
23.217.138.112
 

185.178.208.159
172.67.206.39
104.21.16.160
172.67.154.213
104.21.6.88
5.61.48.183
172.67.154.211
104.239.213.7
45.76.91.219
46.101.124.25
23.195.69.112
104.21.6.90
164.92.229.238

Stay tuned.

The post A Peek Inside the Current State of BitCoin Mixers appeared first on Security Boulevard.

We are excited to announce a significant Salt Security API Protection Platform upgrade. We have recently introduced a new detection feature targeting a prevalent yet often neglected vulnerability: open redirect attacks. This issue is so severe that it is highlighted in the OWASP Top 10 API Security Risks!

What Makes Open Redirects So Dangerous?

Consider this: you receive a link in an email that appears to be from your bank. Instead of reaching your account page, you are led to a convincing fraudulent site designed to steal your login information. This is the deceptive nature of an open redirect attack.

Such attacks occur when an application uncritically accepts user-provided URLs and redirects users based on this unreliable input. Attackers take advantage of this by inserting harmful URLs, which can result in:

• Phishing attacks: Users are diverted to fake websites that resemble legitimate ones, tricking them into revealing sensitive information.
• Malware distribution: Users are sent to sites that host malware, endangering their devices and potentially the entire network.
• Data theft: Attackers can create URLs that extract sensitive information from the application during the redirect process.

Open redirects often serve as an initial step in a more extensive attack sequence. Think of the redirect as a way for attackers to gain initial access, leading to more harmful activities.

Why Are They So Common?

Although it seems straightforward to avoid, open redirects are alarmingly widespread. Developers frequently find it challenging to validate every URL that comes from user input. This task is tedious; updating validation as the application changes can be a significant burden.

This vulnerability is so common that it features in the OWASP API Top 10 2023 under API10:2023 Unsafe Consumption of APIs, underscoring its importance in the realm of API security. The category spotlights the risks associated with integrating with external APIs that may have poor security, potentially exposing your application by association. Open redirects directly fall into this category, as they exploit trust relationships between applications.

Salt Security Shuts Down the Threat

With our upcoming detection capability, Salt Security is elevating standards for API protection. Our platform employs advanced AI and machine learning to examine URL patterns and detect suspicious redirection attempts. This allows us to:

• Identify open redirect attacks in real-time: Stopping malicious redirects before they can affect your users or business.
• Provide comprehensive insights into attack attempts: Equipping your security team with essential information to understand the attack and respond appropriately.
• Mitigate your overall risk: We help you secure your APIs and protect sensitive data by neutralizing this frequent attack vector.

A Competitive Edge in API Security

We are confident that this new detection feature distinguishes us in the market. Many security solutions fail to address open redirects with the same level of precision and sophistication. By directly confronting this often-ignored vulnerability, Salt Security delivers a truly holistic API security solution.

You can use this new detection and all our other detection capabilities that make our intent engine industry-leading. This is just one more instance of how Salt Security continually innovates to remain ahead of the curve and ensure that our customers receive the best API protection possible.

If you want to learn more about Salt and how we can help you on your API Security journey through discovery, posture governance, and run-time threat protection, please contact us, schedule a demo, or check out our website.

The post Open Redirect? Game Over! Salt Security Neutralizes a Sneaky API Attack Vector appeared first on Security Boulevard.

3 min readWhen a single API key compromise spiraled into a broader attack, it exposed how overlooked non-human identities can become gateways for escalating threats.

The post BeyondTrust Breach Exposes API Key Abuse Risks appeared first on Aembit.

The post BeyondTrust Breach Exposes API Key Abuse Risks appeared first on Security Boulevard.

Textual's Pipeline workflow preps your data for AI, Structural's sensitivity scan is now customizable, and Ephemeral can be deployed on Azure or Google Cloud!

The post Tonic.ai product updates: July 2024 appeared first on Security Boulevard.

SQL Server support on Tonic Ephemeral, Db2 LUW on Tonic Structural, LLM synthesis in Tonic Textual, and expanded LLM access in Tonic Validate! Learn more about all the latest releases from Tonic.ai.

The post Tonic.ai product updates: April 2024 appeared first on Security Boulevard.

Tonic is now Tonic Structural and can output directly to Tonic Ephemeral, subsetting arrives for Snowflake, + Tonic Cloud is HIPAA certified!

The post Tonic.ai product updates: March 2024 appeared first on Security Boulevard.