Security Boulevard

via the inimitable Daniel Stori at Turnoff.US!

Permalink

The post Daniel Stori’s Turnoff.US: ‘Security Engineer Interview’ appeared first on Security Boulevard.

In the wake of Cisco’s recent data breach involving exposed API tokens - amongst other sensitive information -  the cybersecurity community is reminded once again of the significant risks associated with unsecured APIs. Though Cisco has asserted that the damage was limited to a public-facing environment, such breaches demand a more cautious evaluation. Exposing sensitive information like API tokens, credentials, and even source code can have broader security implications than initially apparent. These compromises, even in ostensibly low-risk environments, can act as gateways for attackers to launch more sophisticated intrusions.

Similarly, Deloitte experienced a breach perpetrated by the same actor, issuing reassuring statements about the extent of the impact. However, both cases illustrate a critical truth: even if the compromised systems are "public-facing," the exposure of sensitive materials creates dangerous opportunities for attackers.

Why Even Minor Breaches Are Major Threats

At first glance, it may seem that breaches involving public-facing environments aren’t as severe as those involving highly sensitive internal systems. However, the real danger lies in what attackers can do with the seemingly minor details uncovered in these intrusions. In the case of the Cisco breach, the exposed API tokens offer more than just access to the breached system itself—they can serve as stepping stones to deeper, more sensitive areas of a network.

Here’s why this is so concerning:

• Exposed Source Code: When source code is exposed, attackers can scrutinize it for security vulnerabilities. These vulnerabilities can then be leveraged in more targeted attacks on other systems, applications, or even other organizations using similar codebases.
• Hardcoded Credentials and API Tokens: These are especially dangerous as they provide attackers direct access to sensitive resources and data. With valid tokens, hackers can bypass traditional security barriers and authenticate as legitimate users, allowing them to navigate undetected in systems they weren’t meant to access.
• Seemingly Harmless Data: Information like Jira tickets or internal documents may appear insignificant, but they can offer valuable intelligence. Attackers can use this information to build more effective phishing campaigns or gain insights into how an organization operates, helping them tailor attacks for higher success rates.

Pivotal Points for Attackers

One of the main problems with breaches like Cisco’s is that they create openings for attackers to escalate their attacks. What starts as a minor exposure can quickly lead to a full-scale data breach if attackers use the information they’ve accessed to exploit vulnerabilities elsewhere.

This is why the Cisco incident—and others like it—underscore the urgent need for strong API security measures, even in environments considered to be less critical or public-facing. Attackers thrive on exploiting seemingly minor oversights, and by the time an organization realizes the full impact of the breach, the damage can be severe.

Why Exposed API Tokens Are So Dangerous

In the case of API tokens, the security implications are especially grave. API tokens grant authorized access to systems and services, but when exposed, they provide attackers with the same level of access. Whether the system is public-facing or not, these tokens can allow unauthorized users to retrieve sensitive data, execute unauthorized transactions, or even manipulate systems. Attackers can pivot from these compromised environments to more sensitive ones, potentially gaining access to mission-critical assets.

Common Ways Sensitive Data Gets Exposed

One of the critical questions raised by incidents like the Cisco breach is: How do sensitive pieces of information like source code, credentials, and API tokens end up on public-facing sites? Some common factors include:

• Misconfigurations: Inadequate access control settings during deployment or changes in system architecture can lead to the exposure of sensitive information that should be kept private.
• Human Error: Simple mistakes, like hardcoding credentials in code or accidentally uploading sensitive files to public repositories, can leave data exposed.
• Inadequate Security Testing: Without thorough testing before deploying systems, organizations may fail to catch vulnerabilities or misconfigurations that leave data exposed.
• Third-party Services: Integrations with third-party platforms or services can sometimes unintentionally expose data if those services are compromised or not properly secured.

Mitigating API Security Risks Requires a Multi-Layered Approach

The key lesson from breaches like these is that securing APIs must be a top priority for all organizations. Here are some ways to reduce the risk:

• Enforce Strict Access Controls: Ensure that APIs are only accessible to authenticated and authorized users. Use robust authentication mechanisms like OAuth or API gateways with strict access policies.
• Promote Secure Coding Practices: Secure coding practices can prevent developers from hardcoding credentials or leaving other vulnerabilities in the codebase.
• Security Testing and Posture Governance: Conduct thorough security testing of your APIs before deployment, and establish posture governance standards to monitor and enforce security controls.
• Secrets Management: Implement secure secrets management solutions that allow API keys, tokens, and credentials to be stored and accessed securely, reducing the likelihood of exposure.
• Continuous Monitoring: Use continuous monitoring and threat detection tools to identify any unauthorized access or suspicious behavior in real-time. This ensures that threats can be addressed before they escalate into full-blown breaches.
• Regular Security Assessments: Organizations should routinely assess their security posture through audits, vulnerability scans, and penetration tests to identify and address potential gaps.

Proactive API Security

The Cisco breach is a stark reminder that even seemingly insignificant vulnerabilities can be leveraged for much larger attacks. Public-facing systems must be treated with the same level of security as internal environments, especially when they house sensitive information like API tokens or credentials. Organizations need to take a proactive approach to API security, ensuring that all APIs, regardless of their exposure level, are adequately protected.

By implementing strong authentication, maintaining a comprehensive API inventory, securing secrets, and continuously monitoring for threats, organizations can safeguard their systems against breaches like the one experienced by Cisco. Ultimately, taking a holistic and forward-looking approach to API security is critical to protecting an organization's most valuable assets.

Salt Security delivers comprehensive API protection, helping businesses identify vulnerabilities, prevent attacks, and secure sensitive data. Salt’s platform uses AI-infused behavioral analysis to automatically detect and block API threats in real time - safeguarding against data leakage, fraud and abuse.

Salt Security empowers organizations to confidently secure their APIs, reduce their attack surface, ensure proper API posture governance and mitigate risks -  even in complex, modern environments. Learn how today.

The post Lessons from the Cisco Data Breach—The Importance of Comprehensive API Security appeared first on Security Boulevard.

Dimon’s dollars (not yours): No, Chase Bank isn’t going to let you cash bad checks. It’s fraud—no matter what X and TikTok tell you.

The post TikTok ‘Infinite Money Glitch’ — Idiots Chased by JPMorgan appeared first on Security Boulevard.

Authors/Presenters:Cassie Crossley

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their timely DEF CON 32 erudite content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – AppSec Village – The Missing Link – How We Collect And Leverage SBOMs appeared first on Security Boulevard.

Starlink encountered a high-profile outage in April that caused service to go down for several hours. The reason was an expired digital certificate. Digital certificates have emerged as the currency of digital trust in the hyper-connected world of today. These electronic credentials enable devices to recognize, trust and interoperate with each other. The certificates keep..

The post DigiCert – It’s a Matter of Trust appeared first on Security Boulevard.

Securing IT infrastructure is a continual journey for every security team. A resilient infrastructure enables organizations to not only defend against modern cyber threats but also to quickly recover from attacks or system failures. Building and maintaining such an infrastructure is an iterative and predictable process that relies on solid foundations in asset management, change management, integrity baselining, system hardening, and effective change detection and rollback capabilities. Here's a step-by-step guide to help you chart a secure and resilient IT infrastructure strategy.

The post How to Achieve a Secure and Resilient IT Infrastructure in 6 Steps appeared first on Security Boulevard.

Announcing an exclusive partnership between Mend.io and HeroDevs to provide support for deprecated packages.

The post Mend.io & HeroDevs Partnership: Eliminate Risks in Deprecated Package appeared first on Security Boulevard.

The digital certificate lifecycle is undergoing significant changes, with a push towards shorter validity periods for SSL/TLS certificates. Currently, the lifespan of certificates is about 398 days, but companies like Google and Apple are advocating for much shorter terms, with Apple proposing to reduce lifespans to just 45 days by 2027. This shift aims to enhance security by limiting the time a compromised key can be exploited, but it poses challenges for IT teams accustomed to longer renewal periods. Organizations must prepare for this transition by adopting automated certificate management solutions to manage the increased administrative burden effectively.

The post Preparing for the future: Apple’s 45-Day certificate lifespan proposal appeared first on Security Boulevard.

Leading information and communication technology provider is now offering an AI/ML-powered threat detection and response platform and services across Italy, Spain and DACH regions. Milan, Italy and Westford, MA, USA – Seceon, the pioneer of the first cybersecurity platform that augments and automates security operations services with an AI/ ML-powered aiSIEM, aiXDR platform, announces a

The post Exprivia Partners With Seceon to Offer Seceon’s Cybersecurity Platform and Exprivia Cybersecurity Services Powered by Seceon appeared first on Seceon Inc.

The post Exprivia Partners With Seceon to Offer Seceon’s Cybersecurity Platform and Exprivia Cybersecurity Services Powered by Seceon appeared first on Security Boulevard.

Modern vehicles are essentially computers on wheels, with interconnected software-enabled systems such as advanced driver assistance systems (ADAS), keyless entry, onboard diagnostics, infotainment, and battery management functions. Many of these components support internet connectivity for over-the-air (OTA) software updates, remote access, and real-time monitoring.

The post Connected car security: Software complexity creates bumps in the road appeared first on Security Boulevard.

Halloween-themed spam has risen sharply this season, with Bitdefender reporting that 40% of these emails contain malicious content designed to scam users or harvest personal data. In the first half of October alone, spam volumes increased by 18% compared to September, signaling the start of a cybercrime spike that is expected to continue through the..

The post Spooky Spam, Scary Scams: Halloween Threats Rise appeared first on Security Boulevard.

Data should stay within a company’s control, whether it’s in a cloud account or data center, to meet security, residency and sovereignty needs.

The post October Cybersecurity Awareness Month: Ensuring Data Security and Compliance is an Ongoing Concern appeared first on Security Boulevard.

Application Programming Interfaces (APIs) have become the backbone of modern enterprises, facilitating seamless communication between both internal systems and external partners.

Related: Biden-Harris administration opens Supply Chain Resilience Center

As organizations increasingly rely on APIs, the number of APIs in … (more…)

The post Guest Essay: API security-related exposures rose steeply across all industries in Q3 2024 first appeared on The Last Watchdog.

The post Guest Essay: API security-related exposures rose steeply across all industries in Q3 2024 appeared first on Security Boulevard.

The rising occurrence of SaaS data breaches has emerged as a major concern for businesses globally. A report from AppOmni reveals that 31% of organizations experienced a SaaS data breach in 2024, marking a notable increase from the previous year. These breaches present significant risks, especially as many businesses underestimate the complexity of their SaaS […]

The post 49% of Enterprises Fail to Identify SaaS Vulnerabilities appeared first on Kratikal Blogs.

The post 49% of Enterprises Fail to Identify SaaS Vulnerabilities appeared first on Security Boulevard.

Get data on the SaaS governance gap and learn why managing shadow SaaS and ensuring secure, compliant usage is critical in today’s cloud-driven landscape.

The post The SaaS Governance Gap | Grip Security appeared first on Security Boulevard.

Is your legacy SOAR putting you at risk? Uncover the hidden dangers of outdated SOAR tools and how they could be jeopardizing your security.

The post Outdated SOAR Is Putting Your Organization at Risk appeared first on D3 Security.

The post Outdated SOAR Is Putting Your Organization at Risk appeared first on Security Boulevard.

Cary, NC, Oct. 28, 2024, CyberNewswire — As the year-end approaches, it’s common for enterprises to discover they still have funds that must be utilized. Often, these L&D dollars are “use or lose,” meaning they will be returned to the … (more…)

The post News alert: INE shares guidance to help companies invest in year-end cybersecurity, networking training first appeared on The Last Watchdog.

The post News alert: INE shares guidance to help companies invest in year-end cybersecurity, networking training appeared first on Security Boulevard.

Cary, NC, 28th October 2024, CyberNewsWire

The post INE Launches Initiative to Optimize Year-End Training Budgets with Enhanced Cybersecurity and Networking Programs appeared first on Security Boulevard.

Enzoic has partnered with CIS CyberMarket to enhance cybersecurity offerings for public sector organizations.

The post Protecting Public Sector Organizations from the Threat of Compromised Credentials appeared first on Security Boulevard.

Authors/Presenters:Ravid Mazon, Jay Chen

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their timely DEF CON 32 erudite content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – AppSec Village – BOLABuster-Harnessing LLMs for Automating BOLA Detection appeared first on Security Boulevard.