Security Boulevard

See how a SafeBreach Labs researcher bypassed the anti-tampering mechanism of a leading EDR to execute malicious code within one of the EDR's own processes and altered the mechanism to gain unique, persistent, and fully undetectable capabilities.

The post QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share appeared first on SafeBreach.

The post QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share appeared first on Security Boulevard.

It's 2009 and I just stumbled upon the extremely sophisticated Xedant Human Emulator (XHE) (hxxp://humanemulator.info) which basically automates human interactions with Web and online properties to the point of sophisticated and was in a way heavily advertised on various cybercrime-friendly forum communities back in the day.

Primary project's contact points:

[email protected]

ICQ:  420-444-071

WebMoney: Z898663059839

Some of its features include:

submission of information to the web - for example: registration in various directories and sites, adding posts to the forum, etc.

site audit (validity check);

collecting data from other sites;

emulation of traffic to the site;

automation of Internet surfing tasks;

checking website content updates;

website performance testing;

autologin, auto-posting on several forums;

management of advertising companies in Google Adwords;

cheating counters, auto clicking;

transferring a website/blog from one engine to another;

integration of offline and online applications;

working with AJAX or closed areas of sites;

complete human emulation, down to mouse movement and keystrokes;

Sample screenshots:

If it's everything that you ever wanted in the context of emulating a human or human actions targeting a specific Web site or web property including all the joys of outsourced as always CAPTCHA recognition in a cost-effective manner this is the tool that you really need in 2009.

The post Emulating Humans for Cybercrime Purposes appeared first on Security Boulevard.

Кой е човека който дава определение на това какво е циганин? Ако си циганин да ти еба майката путката мръсна и да не си измисля работи от на майка ти путката мръсна мизерстващи цигани такива. Специален поздрав от отдел "Ахахахаха не се притеснявайте много ама това е обида". Настройване на честотите на тези, които наистина са го направили, тези, които наистина го правят, и на тези, които наистина мислят, че го правят. Циганските крале, които ги разрешават, са тези, които наистина го правят. Хуят който разрешава майка ти е хуят който майка ти позволява на цигански циганин като теб псевдо-европейско мизерстващ циганин такъв. И циганите да "прередиш" майка ти циганската няма да я прецениш. Ти си просто един тъп ниско платен необразован безсперспективен безсмислен необразован и ниско платен циганин на който нито майка му нито безспеспективното му образование е признато някъде другаде освен в тоалетната. В тоалетната с огледало където когато сереш гледаш себе си и си мислиш дори и без да мислиш защото си тъп за лайното което си. А то е? Безсмислено като "теб". Неудачно и безсперспектовно унужаващо лайно за обществото което си. Едно лайно. Да направим състезание. Купете си огледало и се изсерете пред него. Сега погледнете себе си. Това сте вие. Сега да направим друго. Пред майчиното изсиране на майка ти нечистоплътната и мизерстваща гъзообразия и на майка ти мизерстващите простотий това си ти. Един мизерстващ мозъчно некадърен лайнясал неудачен мизерстващ циганин. На майка ти мизерстващата цицеща педерастия е на майка ти живота и нейната педерастия. Значи? Поздрави на теб. Нейния неудачен необразован ниско платен и безспеспективен наудачен цигански нещастник който те наричат по име? Какво ти е името? Ти си просто един тъп циганин в илюзията на майка ти циганската и в собствената си циганска илюзия. Поздрави на всички. Явор Колев е най-големия и издънен педераст в Република България начело с най големият педераст в Република България Бойко Борисов. Да ми целуване асматичните задница ама да ги изселвате много некадърни и безработни улични педерастки копелета такива и дано ви се изсерат през газъ и да ви излезе през носъ и да ви излезе през носъ провинциални селски копеленца цигански некадърдни копелета такъва.

The post Специални Поздрави За Всички Който "Го Правят" В България appeared first on Security Boulevard.

Authors/Presenters:Seunghoon Woo, Eunjin Choi, Heejo Lee, Hakjoo Oh

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – V1SCAN: Discovering 1-day Vulnerabilities in Reused C/C++ Open-Source Software Components Using Code Classification Techniques appeared first on Security Boulevard.

We’ve written extensively before about FedRAMP’s impact levels. As a brief refresher, there are four: Li-SaaS, the lowest of the low-security levels, is made for non-critical cloud applications that handle no tangible CUI. Low Impact, which can handle some CUI, but is largely focused solely on very basic and public information like the basic information […]

The post Move From FedRAMP to DoD with Impact Level Assessment appeared first on Security Boulevard.

The post Cyber attacks 2024: The biggest attacks of the first half of 2024 appeared first on Click Armor.

The post Cyber attacks 2024: The biggest attacks of the first half of 2024 appeared first on Security Boulevard.

Sonatype kicked off its Summer of Software Regulations & Compliance webinar series this week with a broad look at some of the key regulations on improving cybersecurity. Jen Ellis, one of the hosts of the Distilling Cyber Policy podcast, moderated a discussion with Alex Botting, her co-host and EU Engagement Officer at the Center for Cybersecurity Policy, and Sonatype's Ilkka Turunen.

The post Sonatype’s summer webinar series: Future cybersecurity requirements appeared first on Security Boulevard.

Authors/Presenters:Santiago Cuéllar, Bill Harris, James Parker, Stuart Pernsteiner, Eran Tromer

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – Cheesecloth: Zero-Knowledge Proofs of Real World Vulnerabilities appeared first on Security Boulevard.

The post Behind the Scenes at Black Hat 2024 appeared first on AI-enhanced Security Automation.

The post Behind the Scenes at Black Hat 2024 appeared first on Security Boulevard.

Hewlett Packard Enterprise (HPE) this week at the Black Hat USA 2024 conference extended its network detection and response (NDR) capabilities that make use of artificial intelligence (AI) models to enable behavioral analytics.

The post HPE Infuses AI Into Network Detection and Response Platform appeared first on Security Boulevard.

Aqua Security this week at the Black Hat USA 2024 conference revealed that it has discovered six vulnerabilities in the cloud services provided by Amazon Web Services (AWS).

The post Aqua Security Researchers Disclose Series of AWS Flaws appeared first on Security Boulevard.

via the comic & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘University Age’ appeared first on Security Boulevard.

Understand the security status of GitHub Actions workflows and how to mitigate the risk.

The post Preview of State of GitHub Actions Security Report: Security of GH Workflows Building Blocks appeared first on Security Boulevard.

Authors/Presenters:Nicholas Boucher, Ross Anderson

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – Trojan Source: Invisible Vulnerabilities appeared first on Security Boulevard.

Optimizing Kubernetes security and efficiency of through granular control Kubernetes stands out as a powerful and versatile platform amongst application systems, allowing organizations to efficiently manage containers. However, enterprises face security challenges as they adopt Kubernetes in the context of network segmentation. Microsegmentation, a strategic approach to network security, plays a pivotal role in this...

The post The Role of Microsegmentation in Kubernetes Environments appeared first on TrueFort.

The post The Role of Microsegmentation in Kubernetes Environments appeared first on Security Boulevard.

Insight #1  

As I watch the sea of news out of Black Hat, from CrowdStrike fallout to the ever-present-flow of AI tools (both threat and savior?), one announcement stands out. Software now powers the world, but it's also the simplest way for attackers to breach an organization. Despite this, we've lacked visibility into the inner workings of applications beyond passive log analysis. Application Detection and Responseis the solution we've been missing! 

The post Cybersecurity Insights with Contrast CISO David Lindner | 8/9/24 appeared first on Security Boulevard.

Hello, My name is Chen, and I work as a threat intelligence analyst at Salt Security.

Every day, I dive into the complex world of cybersecurity, uncovering the hidden threats that hide in our digital lives. Today, I'd like to take you on a journey through the evolving landscape of API threats.

APIs are the quiet helpers of the digital world, allowing software applications to communicate easily with each other. They bring convenience and functionality to our digital interactions but also open doors to various vulnerabilities and risks.

Imagine APIs as bridges connecting islands of data and services. These bridges are essential for the smooth flow of information, but if not properly secured, they can allow unwanted people in or expose private information.

So now that we all agree that APIs, while super helpful, can also involve many risks, the question to be asked is, what are those risks, and how can we effectively map them?

Since API security is a relatively new domain, there is no standard methodology for achieving it. In this blog post, I want to share some standard techniques I use in my day-to-day job.

CVEs - Vulnerabilities By Type

Our first destination is the world of Common Vulnerabilities and Exposures (CVEs). Consider CVEs a lighthouse, highlighting hidden security flaws that we must recognize and understand to navigate the cybersecurity field safely.

One great resource for better understanding CVEs is CVEdetails. This site is a collection of detailed visualizations and valuable insights. It includes many interesting details, including this table:

The table summarizes all the CVEs found over the past decade, revealing the rise of various types of vulnerabilities. Web vulnerabilities like SQL injection and XSS truly stand out with their remarkable growth over the years.

In 2020, SQL injection-related CVEs were at 466. Fast forward to 2023, and this number has soared to 2,159—a staggering increase of 363.30% in just three years. Similarly, XSS has seen an impressive climb, with CVEs jumping from 2,203 in 2020 to 5,179 in 2023, marking a substantial 135.08% rise.

But our story doesn’t end there. As we delve deeper, we encounter CSRF, which saw its CVEs grow from 416 in 2020 to an astounding 1,398 in 2023, marking an increase of 236.05%. SSRF, too, has its tale of growth, with CVEs rising from 132 in 2020 to 248 in 2023, reflecting an 87.87% increase.

While this table provides great insights, as always in our domain, one source of information is rarely enough.

Take, for example, OAuth vulnerabilities. Salt-Labs' previous publications indicate that OAuth is a popular and rising attack vector. However, this table does not seem to reflect this.

When looking at the raw CVE data from this website, it seems this information is available. I gathered all the CVEs related to OAuth over the past few years and calculated their numbers for each year. Here are the results of my investigation:

I’ve observed a significant increase in OAuth vulnerabilities. In 2012, there was just one CVE, whereas in 2023, there were 42 CVEs. This significant rise had a notable impact on our product, influencing its detection. For further details about our OAuth Protection Package, you can find more information right here.

Bug Bounty Reports

The second destination for better understanding the threat landscape is Bug Bounty reports. The bug bounty community has grown substantially over the past few years, and looking into the public reports and available information from them can yield fascinating insights.

If you inspect all of the categories related to web vulnerabilities and count the number of reports from 2014 to 2022. It's important to note that I excluded 2023 from my analysis due to incomplete data.

You can quickly notice a clear rise in SSRF reports when delving into the data. In 2022, there was a significant increase, fitting well with the broader trends in the OWASP API 2023.

On the other hand, there's been a sharp decline in reports of CSRF vulnerabilities. Once a significant concern, CSRF saw a substantial drop of 79.27% in reports from 2017 to 2022. This downward trend contrasts with the results from our CVE research. However, given that bug bounty data is typically more accurate, I suggest that CSRF might no longer be a focal point in the threat landscape in 2024.

Internal DB of Salt Security

So now that we have a better understanding of the API threat landscape from several different sources, we must ask ourselves how this correlates with the internal telemetry data we collect at Salt-Labs.

Focusing on categories such as 'SQL injection',  'Code Injection',  'XSS', and 'Path Traversal', based on 2023, we saw an increase in web vulnerabilities every month. At the beginning of 2024, the numbers within these key categories were 1.5 times higher than those recorded in 2023.

Our journey ends here, and what we've learned is alarming: web vulnerabilities are escalating and remain a significant threat in the security landscape. As we move into 2024, these issues will persist and potentially affect more companies.

How Salt Can Help

From day one, Salt Security could detect OAuth vulnerabilities and code injections. Recently, we extended these capabilities, launching a new, multi-layered OAuth protection package that can detect attempts to exploit OAuth and proactively fix vulnerabilities. We have enhanced our API protection platform with a comprehensive suite of new OAuth threat detections and posture rules to address the growing challenge of OAuth exploitation. The first API security vendor to launch deep OAuth threat detection capabilities. These innovations will empower organizations to identify and mitigate malicious attempts to exploit OAuth flows, ultimately safeguarding sensitive data and user accounts.

If you would like to learn more about Salt and how we can help you on your API Security journey through discovery, posture management, and run-time threat protection, please contact us, schedule a demo, or check out our website.

Action Items

• Keep Software Updated: Regularly update your operating system, browsers, and applications to protect against security vulnerabilities.
• Educate Yourself and Others: Stay informed about common cyber threats and educate friends and family about safe internet practices.
• Beware of Suspicious Links: Avoid clicking links or opening attachments from unknown sources, as these may lead to malicious sites that exploit these vulnerabilities.
• Boost Your Cybersecurity with Expert Partners: To enhance your protection against cyber threats, consider partnering with third-party companies specializing in cybersecurity. These experts can offer tailored solutions, continuous monitoring, and advanced threat detection, ensuring your systems stay secure and resilient.

The post Exploring the dynamic landscape of cybersecurity threats appeared first on Security Boulevard.

Penetration testing plays a key role in evaluating a company’s infrastructure security, and this blog focuses on web penetration testing. The process has an impact on four main steps: gathering information, researching and exploiting vulnerabilities, writing reports with suggestions, and fixing issues while providing ongoing support. These tests are vital to ensure secure software development […]

The post Automated vs Manual: Web Penetration Testing appeared first on Kratikal Blogs.

The post Automated vs Manual: Web Penetration Testing appeared first on Security Boulevard.

Entrust, a once-trusted Certificate Authority (CA), has faced a significant setback as Google and Mozilla have announced they will no longer trust Entrust's SSL/TLS certificates due to security concerns. This move leaves current Entrust customers scrambling to find alternative CAs to ensure secure digital connections. The article emphasizes the urgency of transitioning to a new, reliable CA, such as Sectigo, to avoid potential cybersecurity risks and ensure continued protection. It also outlines steps for migrating certificates, stressing the importance of active management and automation in maintaining digital security.

The post Entrust distrust: How to move to a new Certificate Authority appeared first on Security Boulevard.

Reading Time: 5 min PowerDMARC now integrates with SecLytics to deliver advanced threat intelligence. Strengthen your email security with our powerful combination.

The post PowerDMARC Integrates with SecLytics for Predictive Threat Intelligence Analysis appeared first on Security Boulevard.