Security Boulevard

Discover all of the exciting events you can find us at this March and April!

The post Spring 2025 Events Spotlight appeared first on Security Boulevard.

Lock Out Hackers: Why Every School Needs Strong Passwords We recently hosted a live webinar to help kick off 2025, encouraging you to strengthen your school district’s cybersecurity and online safety systems. This webinar featured two expert K-12 guest panelists: Skip Cooley, Director of Technology at Clinton School District, and Tyler Derickson, Cybersecurity & Systems ...

The post Lock Out Hackers: Why Every School Needs Strong Passwords appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post Lock Out Hackers: Why Every School Needs Strong Passwords appeared first on Security Boulevard.

Author/Presenter: Angelina Tsuboi

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – How I Developed A Low Cost Raspberry Pi Based Device For ADS B Spoof appeared first on Security Boulevard.

Discover how JSON Web Tokens (JWT) revolutionize web authentication. This guide covers everything from basic concepts to advanced security measures, helping you implement secure, scalable authentication in modern applications.

The post Understanding JWT: From Basics to Advanced Security appeared first on Security Boulevard.

In an increasingly adversarial threat landscape, software security can't be just one more checkpoint on the road to your next release. It should be integral to how every member of your development team works, from developers and DevOps professionals to quality assurance testers and project managers. As your organization faces increasingly sophisticated threats, a security-minded development team has evolved from a "nice-to-have" into a business imperative.

The post Building a security-minded development team: DevSecOps tools and SDLC best practices appeared first on Security Boulevard.

Sophisticated OT threats, like living-off-the-land (LotL) attacks, exploit identity vulnerabilities to infiltrate critical infrastructure. Find out how robust identity security and unified exposure management can help you detect, prioritize and mitigate risks across IT and OT environments.

The attack surface that today’s security leaders have to defend is growing at an unprecedented rate, and the situation is particularly challenging for organizations managing critical infrastructure: almost 70% of cyber attacks in 2023 targeted critical infrastructure, according to IBM’s “X-Force Threat Intelligence Index 2024” report. What was once a manageable task of protecting a defined network perimeter has transformed into a complex challenge of securing a vast, interconnected web of cyber-physical systems – IT, operational technology (OT), internet-of-things (IoT) devices, and more. These devices and their associated networks are under increasing pressure from sophisticated threat actors, who are leveraging advanced techniques such as living-off-the-land (LotL) attacks to infiltrate critical infrastructure networks.

LotL techniques are especially dangerous in OT networks because they usually house “insecure by design” legacy and unmanaged systems that may not support the latest patches or cannot be easily upgraded without affecting operations. Additionally, these OT networks may share resources or trusted zones with IT environments. These two elements create an ideal landscape for attackers to move laterally and undetected between IT and OT networks.

Advanced attack techniques blur the boundaries between historically separate security domains

Operational technology (OT) refers to the hardware and software systems that monitor and control physical devices, processes and events in environments such as industrial operations, building facilities, energy and water infrastructure, data centers and transportation systems. Unlike IT, which focuses on data and information, OT systems interact directly with the physical world. 

LotL attacks and similar modern attack strategies exploit legitimate, trusted applications pre-installed on many devices that control OT devices, as well as credentials within a system to avoid traditional detection methods. Rather than deploying new malware, these attacks rely on exploiting tools that are already present in the breached network.

 

 

With legacy OT systems often lacking detailed logging or monitoring of user activities, attackers target over-privileged accounts to perform critical actions like modifying system configurations, disabling security controls or accessing sensitive data using legitimate permissions. This allows them to evade traditional IT-based security tools that rely on identifying malicious software and that are separate from the OT environment.

Common LotL tactics include:

• Misusing legitimate tools: Attackers leverage tools pre-loaded onto operating systems such as Certutil, Ntdsutil and XCOPY to achieve their goals while masking as regular system activity.
• Hands-on-keyboard attacks: Human attackers directly manipulate compromised systems instead of relying on automated or programmed tools to evade detection by common security tools, such as endpoint detection and response (EDR).

These techniques are particularly dangerous in OT environments, where: 

• Legacy systems may lack robust logging and monitoring capabilities, and may share resources or trusted zones with IT. 
• Shared or default accounts make it difficult to track user activity and identify unauthorized access. 

These conditions result in an ideal landscape for attackers to move laterally across IT and OT undetected.

Case in point: The Volt Typhoon group

The state-sponsored Chinese hacking group Volt Typhoon (first identified in May 2023), exemplifies the threat posed by LotL attacks. The group targeted critical infrastructure organizations in the U.S., including in the energy, communications and maritime sectors, using legitimate tools and native Windows commands to avoid detection. By exploiting existing system tools like PowerShell and WMI and not using malware, Volt Typhoon seeks to evade traditional defenses. Its focus on credential harvesting and maintaining persistent access highlights the importance of securing identities as a cornerstone of OT security, alongside robust OT network monitoring and configuration change tracking.

Identity security: the missing ingredient for securing cyber-physical systems

Understanding what assets you have and the vulnerabilities associated with them helps ensure you are closing your exposure to stop attackers from getting a foothold in the first place. Attackers typically exploit identity and access systems—especially Microsoft’s Active Directory, a common entry point and target—to escalate privileges, maintain access and execute their strategies. Other common identity exploits that can impact OT systems include shared credentials, default passwords and lack of multi-factor authentication. 

Effective OT security requires a holistic approach that prioritizes identity security. Such an approach helps you:

• Understand your assets: By identifying and assessing vulnerabilities across your OT environment, you can prevent attackers from gaining a foothold.
• Monitor for anomalies: This allows you to monitor credential usage for unusual activity, such as logins from unexpected locations or outside of normal work hours.
• Limit privilege escalation: Proactively identifying privileged accounts and enforcing least privilege policies helps you restrict access to sensitive resources, even if an account is compromised.
• Harden AD: Given attackers’ focus on AD, it’s key for you to regularly audit AD for misconfigurations and enforce strong access controls. Consider dedicated AD domains for OT environments for enhanced security.
• Identify attack paths: Using exposure management tools can help you identify potential attack paths involving compromised identities and OT assets, allowing for proactive intervention. 

Closing the gap with exposure management

The role of the CISO continues to evolve in parallel with today’s expanding threat landscape. No longer limited to safeguarding traditional IT environments, security leaders find themselves increasingly responsible for securing OT environments, along with cloud infrastructures, mobile devices, IoT and smart devices, advanced AI systems and shadow IT assets. Each component introduces vulnerabilities, making comprehensive security more difficult.

Securing an organization today requires a far-reaching approach – it’s no longer sufficient to rely on basic defenses. Instead, security leaders must address a continuously shifting environment where attackers use sophisticated techniques and exploit diverse entry points.

However, siloed security tools fail to provide a comprehensive view of the entire attack surface. Such fragmented solutions for security make it difficult for security teams to collaborate across IT and OT to identify risky connections that enable attackers to gain initial access, move laterally across the network and escalate privileges.

The Tenable One Exposure Management Platform offers a unified solution to address this challenge by providing security teams with a set of critical capabilities:

• Complete attack surface visibility, which gives you insights across the modern attack surface, including OT, IoT, and IT assets
• Prioritized risk management, which lets you identify and prioritize the exposures most likely to have a significant impact on critical infrastructure
• Bridging of security silos, which brings together data across Tenable products – including Tenable OT Security and Tenable Identity Exposure – and combines it with third-party data to generate a holistic and real-time view of identities, risks, and configurations
• Attack path visualization, which identifies and closes potential attack paths that allow threat actors to traverse across converged IT and OT environments

 

(Source: Internal Tenable survey, July 2024)

Incorporating identity security and OT security monitoring as part of any security strategy is critical—through real-time monitoring, anomaly detection, privilege controls, and AD hardening to proactively close risk exposures. By adopting a comprehensive exposure management approach, organizations can gain the visibility and context needed to effectively protect critical infrastructure from evolving threats.

To see how Tenable One helps organizations bridge the gap between securing OT and identities, check out this video, where we demonstrate how Tenable’s AI-powered capabilities help you identify likely attack paths and close risky exposures before attackers can exploit them.
 

For a deeper dive into how exposure management helps bolster your security posture, download the whitepaper "Hackers Don't Honor Security Silos: 5 Steps To Prioritize True Business Exposure" and read the blog post "CISA Finding: 90% of Initial Access to Critical Infrastructure Is Gained Via Identity Compromise. What Can You Do About It?"

The post Identity Security Is the Missing Link To Combatting Advanced OT Threats appeared first on Security Boulevard.

The fintech industry has revolutionized the way we manage money, invest, and conduct financial transactions. With the rise of digital banking, mobile wallets, and investment...Read More

The post Biggest Challenges in Developing Fintech Apps & How to Overcome Them appeared first on ISHIR | Software Development India.

The post Biggest Challenges in Developing Fintech Apps & How to Overcome Them appeared first on Security Boulevard.

The Cybersecurity Maturity Model Certification (CMMC) process is just around the corner and is expected by most to go into effect early next year. This is why defense tech companies need to act today to start their compliance journey.

The post It’s Time for Defense Tech Companies to Get Ahead of CMMC Before They Get Left Behind    appeared first on Security Boulevard.

The rise of AI co-pilots is exposing a critical security gap: sensitive data sprawl and excessive access permissions.

Related: Weaponizing Microsoft’s co-pilot

Until now, lackluster enterprise search capabilities kept many security risks in check—employees simply couldn’t find much of the … (more…)

The post GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must first appeared on The Last Watchdog.

The post GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must appeared first on Security Boulevard.

Starting in Q3 2024, Cofense Intelligence detected an ongoing campaign targeting employees working in social media and marketing positions. In this campaign, marked employees were encouraged to apply to a social media manager position in a Fortune 500 company. Meta, Coca-Cola, PayPal, and other brand name companies were spoofed to send fake job applications to prospects.

The post Job Application Spear Phishing appeared first on Security Boulevard.

How Secure Are Your Cloud Secrets? Is your organization truly protecting its cloud secrets, or are there gaps that might be exploited by malicious cyber actors? Non-Human Identities (NHIs) and Secrets Security Management is emerging as an essential cybersecurity strategy to safeguard these crucial data assets. In this blog post, we delve into the intricacies […]

The post Are Your Cloud Secrets Truly Protected? appeared first on Entro.

The post Are Your Cloud Secrets Truly Protected? appeared first on Security Boulevard.

Are We Ready to Embrace NHI Innovation? Cybersecurity within various industry verticals has witnessed remarkable transformations due to rapid advancements in technology. But, amidst all the buzz, have we been successful in fully embracing the NHI innovation? Non-Human Identities (NHIs) and Secrets Security Management have surfaced as an unexpected game-changer in the cybersecurity ecosystem, offering […]

The post Harnessing Innovation for Better NHIs? appeared first on Entro.

The post Harnessing Innovation for Better NHIs? appeared first on Security Boulevard.

Is Your Organization Achieving Scalable Secrets Management? How well does your organization manage its Non-Human Identities (NHIs) and their secrets? A cybersecurity expert often asked about the best methods for managing NHIs, especially where the need for scalable and robust security measures is increasing. This post explores why a comprehensive approach to NHI and Secrets […]

The post Is Your Secrets Management Scalable? appeared first on Entro.

The post Is Your Secrets Management Scalable? appeared first on Security Boulevard.

KEY TAKEAWAYS

• Sophistication of BEC Attacks: Business Email Compromise (BEC) attacks are becoming increasingly sophisticated, leveraging advanced social engineering, AI-driven personalization, and phishing kits in order to overcome MFA protections.
• Exploitation of Trust: Some threat actor groups have been discovered levering a technique that involves embedding phishing lures within email signature blocks on user accounts. This deceptive tactic exploits recipients’ trust and attention to the benign nature of signature sections by replacing it with a formatted email. It can also remain undetected during certain investigative steps as it's not considered an inbox rule change which could be associated with specific audit logging and alerting.
• Cascading Impact: Once initial credentials are compromised, attackers often use these accounts to launch secondary phishing campaigns, expanding their reach and escalating financial and reputational damage to organizations. Additionally, even after a password change and a threat actor has lost access to a previously compromised account, if the signature block alteration is not caught and remediated quickly, then normal sending of emails by the user may unknowingly perpetuate the attack forward.

Business email compromise attacks have become increasingly common in recent years, driven by sophisticated social engineering tactics that make it easier to dupe victims. This is in part to the believability that the threat actors are able to achieve by collecting sensitive information from publicly available sources, including corporate websites and social media. Criminals leverage this information to pose as trusted colleagues or business partners, using stolen or spoofed email accounts to deliver convincing messages that prompt recipients to transfer funds or disclose confidential information. The evolving nature of these schemes is characterized by their high success rate, low technological barriers to entry for threat actors, and the substantial financial losses incurred by victim organizations. Advancements in automation, AI-driven personalization, and ready-to-use phishing kits have further accelerated the proliferation of BEC attacks, creating a lucrative marketplace for cybercriminals.

The post Deceptive Signatures: Advanced Techniques in BEC Attacks appeared first on Security Boulevard.

Authors/Presenters: Yso & Martin Strohmeier

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Exploiting Bluetooth: From Your Car To The Bank Account$$ appeared first on Security Boulevard.

Kernel Panic in the Rust Belt. Memory safety: GOOD. Cheese motion: BAD.

The post Rust vs. C — Linux’s Uncivil War appeared first on Security Boulevard.

Cloud security covers a wide range of tools and frameworks, which makes it hard to implement. Cloud security posture management (CSPM) organizes the process.

The post 7 CSPM Tools to Secure Your Cloud Infrastructure appeared first on Security Boulevard.

Non-human identities (NHIs) power automation, cloud services, and DevOps workflows for many organizations. These digital entities enable seamless system interactions and even outnumber human identities in some cases.

The post What Are Non-Human Identities? Challenges and Best Practices appeared first on Security Boulevard.

At Seceon’s 2025 Q1 Innovation and Certification Days, Khaled Al Najjar of Seceon engaged in an insightful discussion with Tech First Gulf (TFG) leaders Ram Reddy, Dolly Lakhani, and Pratik Patel about their partnership and the expansion of Seceon’s cybersecurity solutions across the Middle East, Africa, and India. The conversation highlighted the growing demand for

The post Expanding Seceon’s Reach: A Strategic Partnership with Tech First Gulf appeared first on Seceon Inc.

The post Expanding Seceon’s Reach: A Strategic Partnership with Tech First Gulf appeared first on Security Boulevard.

via the inimitable Daniel Stori at Turnoff.US!

Permalink

The post Daniel Stori’s Turnoff.US: ‘Ubuntu Core’ appeared first on Security Boulevard.