Security Boulevard

The post 8 Must-Ask Questions for AI Security Vendors  appeared first on AI-enhanced Security Automation.

The post 8 Must-Ask Questions for AI Security Vendors  appeared first on Security Boulevard.

Analyst firms play an important role in the tech vendor landscape. Their reports help buyers and would-be buyers learn about vendors and their offerings. In cybersecurity, in particular, buyers use analysts’ outputs to build shortlists prior to thee kick-offs of their individual deep dive evaluations — in some categories of tools, the field is simply […]

The post Five Gartner Reports. Four Categories. What Does OX Security Do Anyway? appeared first on OX Security.

The post Five Gartner Reports. Four Categories. What Does OX Security Do Anyway? appeared first on Security Boulevard.

See These CVEs: Patch Tuesday—ten zero-days, seven Critical vulns, zero time to waste.

The post August Patch Pileup: Microsoft’s Zero-Day Doozy Dump appeared first on Security Boulevard.

Your home or small office (SOHO router) is likely being targeted by cybercriminals, malware, and nation-state actors alike. Though this targeting often has nothing to do with wanting to spy on you, your SOHO router can be a valuable resource for threat actors looking to conceal their malicious traffic and activity.

Unfortunately, targeting of SOHO routers is growing primarily due a multifaceted problem - which includes vendors selling routers with poor security and many users not understanding the importance of updating their devices.

TABLE OF CONTENTS

• Who targets SOHO routers?
• The poor state of SOHO router security
• • Misconfigurations, poor updating practices, and use of EOL devices
  • ISP routers are even less "safe"
• State-backed threat actors targeting SOHO routers
• Malware targeting SOHO routers
• Cybercriminals targeting SOHO routers
• Mitigating threats to SOHO routers
• • Resources
• Final thoughts

Who targets SOHO routers?

Malware, cybercriminals, and state-backed threat actors target SOHO routers. They've done so increasingly over the last few years.

To backtrack a little , it's important to understand that a lot of threat actors target routers - which can include modems and gateways - alongside internet-of-things (IoT devices). Here I will focus on "routers" as general term, as this can include gateways (which are router/modem combinations and extremely popular for home/small offices users).

For simplicity's sake, I'll also focus on malware, cybercriminals, and state-backed threat actors. (Yes, state-backed APTs or hackers have and do target SOHO routers in pursuing their own goals.)

To be fair, malware, botnets and cybercriminals often go together; botnets are often used by cybercriminals to carry out their goals, whether that is overloading servers to keep a service offline or launching distributed credential stuffing attacks. However, botnets regularly use malware like Mirai variants - which are considered a self-replicating worm - to "automatically" launch attacks and recruit devices into the botnet, so it felt important enough to make the distinction.

The poor state of SOHO router security

Before diving into why threat actors find "regular" consumer routers interesting enough to bother "hacking" them, it's important to understand the security landscape of the SOHO router market. Admittedly, this topic itself could be an entire post (or website - check out routersecurity.org, but put simply - it's not good.

Without even considering the technical ability of the end user, SOHO routers are routinely plagued with issues - top of the list are security vulnerabilities. While it is not reasonable or feasible to expect firmware and software to be completely free of security issues, perhaps in the modern age some shouldn't be as prevalent as they are (ex: failing to sanitize input or straight up broken security controls). There are many reasons security vulnerabilities can crop up in SOHO routers, but I am willing to bet many are due to lack of security-oriented review and/or just insecure design.

Security vulnerabilities in router firmware is too large of a topic to cover in just a section of this post. Fortunately, there are many examples where consumer routers had some pretty nasty vulnerabilities I can point you to:

• In April 2024, unpatched TP-Link Archer routers were targeted by attackers for mass exploitation of a previously disclosed and patched command injection vulnerability. Specifically, the vulnerability was in the web management interface of this model.
• In September 2023, multiple high-end ASUS routers marketed to gamers had format strong vulnerabilities, which could be exploited remotely and without authentication. Exploitation could lead to remote code execution.
• In July 2023, 900,000 MikroTik devices were exposed to a privilege escalation bug, which when exploited could lead to code execution. The researching firm (VulnCheck) noted: "It wasn’t until RouterOS 6.49 (October 2021) that RouterOS started prompting administrators to update blank passwords. Even when an administrator has set a new password, RouterOS doesn’t enforce any restrictions..."

The problem has not gone unnoticed by agencies in the US - and some other government agencies from other governments.

In light of the nation-state actor Volt Typhoon exploiting security vulnerabilities in SOHO routers (there's more information on that later in this post), the US Cybersecurity and Infrastructure Security Agency (CISA) has urged vendors to incorporate "Secure by Design" principles into their firmware/software. The Federal Communications Commission (FCC) has proposed the "US Cyber Trust Mark" for smart devices - though it could (and should) include SOHO routers.

Misconfigurations, poor updating practices, and use of EOL devices

This section primarily pertains to end user behavior, which when combined with router manufacturer blunders, makes quite the interesting (and compounded) issue.

While misconfigurations can certainly be default values, users may misconfigure their routers by enabling or disabling features. For example, some SOHO routers may support remote management. Some users may enable this despite not truly needing it while not understanding the risk of exposing the administrator login panel of their router to the public internet.

In fact, even CISA has described the risks of exposing administrative interfaces of devices like routers to the public internet. While their guidance is directed towards more sophisticated organizations, the basics do apply here.

Many people do not know or understand that router firmware should be updated regularly, as updated firmware can include security fixes for vulnerabilities. As such, millions of SOHO routers either do not have the most recent updates installed or updates are installed after a considerable amount of time has passed - enough time for possible exploitation by attackers. As I've noted in other posts, this is important as the time between vulnerability disclosure and exploitation attempts continues to shorten.

Automatic updates can fix this, but the availability of automatic updates (and whether they are even enabled by default) depends on manufacturer, model, and submodel. Of course, users should realize (automatically) updating is not without slight risk of introducing new bugs or inconveniences, but it's certainly better than the alternative in most situations - on the receiving end of n-day vulnerability exploitation.

Just like with any other device, router models eventually become "old" or "legacy" after a number of years. Eventually, manufacturer support - including updates for the firmware - for some models ceases, reaching end of life (EOL). Since devices may not be "broken" or "dead" when the EOL period arrives, many people fail to replace their devices. As such, vulnerabilities discovered in these EOL models often do not get updates, leaving them open for exploitation by attackers:

• In June 2024, it was reported that hackers exploiting a vulnerability affecting all D-Link DIR-859 WiFi routers to collect information, such as passwords, from the device. D-Link released a security advisory but did not release a patch for the vulnerability as this...

The post Your SOHO Router is a Juicy Target for Hackers appeared first on Security Boulevard.

This article provides a comprehensive overview of threat intelligence services, highlighting the importance, methodology, benefits, etc.

The post What is Threat Intelligence? appeared first on Security Boulevard.

via the respected Software Engineering expertise of Mikkel Noe-Nygaard and the lauded Software Engineering / Enterprise Agile Coaching work of Luxshan Ratnaravi at Comic Agilé!

Permalink

The post Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #303 — The Scrum Master To-Do List appeared first on Security Boulevard.

Software bill of materials (SBOMs) are essential elements for managing software security and compliance, especially in light of increasing open source risks.

The post How to audit SBOMs for enhanced software security appeared first on Security Boulevard.

As businesses enhance their risk management techniques, the importance of efficient audit procedures and robust internal controls cannot be overstated. Audit procedures are used by audit teams to identify and assess risks. Auditors can also recommend mitigation, such as a control effectiveness deficiency that could impact an organization’s operations and financial health. But how do...

The post How Audit Procedures and Internal Controls Improve Your Compliance Posture appeared first on Hyperproof.

The post How Audit Procedures and Internal Controls Improve Your Compliance Posture appeared first on Security Boulevard.

As we move through 2024, three events are causing significant disruption in the Public Key Infrastructure (PKI) landscape – the Entrust CA distrust incident, Google’s proposal for 90-day TLS certificate validity, and post-quantum cryptography (PQC) standardization. These events come with unique challenges and opportunities and are compelling organizations to rethink their approach to PKI and […]

The post Top Trends in 2024 Reshaping the PKI Landscape appeared first on Security Boulevard.

DigiCert today announced it is acquiring Vercara, a provider of Domain Name System (DNS) and distributed denial-of-service (DDoS) security services delivered via the cloud.

The post DigiCert Acquires Vercara to Extend Cybersecurity Services appeared first on Security Boulevard.

In the fast-paced world of cybersecurity, every second counts. When an API attack occurs, the speed at which your security team can detect, understand, and respond to the threat can mean the difference between a minor incident and a major data breach. This is where Mean Time to Resolve (MTTR) comes into play. MTTR is a key performance indicator (KPI) that measures the average time it takes to resolve a security incident, from the moment it's detected to the point where it's fully mitigated.

The Importance of MTTR in API Security

APIs are vital for modern applications as they enable smooth communication and data exchange. However, they also pose a significant security risk. API attacks can result in data breaches, service disruptions, and financial losses. The longer an attack remains undetected and unresolved, the more severe the potential damage.

A high MTTR indicates that your security team is struggling to keep up with the pace of attacks. This may be due to a variety of factors, including:

• Alert overload: Many security tools produce an overwhelming number of alerts, making it difficult for analysts to identify and prioritize legitimate threats.
• Lack of context: Without sufficient context about an attack, understanding its scope and impact, which can lead to response delays, can be challenging.
• Manual processes: Depending on manual processes for incident response can be time-consuming and prone to errors.

How Salt Security Helps Reduce MTTR

The Salt Security Platform is designed to help organizations minimize MTTR and improve their API security incident response capabilities. The platform achieves this through several key features.

• High-Fidelity Alerts: Our AI-infused API security platform generates fewer high-fidelity alerts, which are more likely to indicate actual threats. This reduces alert fatigue and enables analysts to focus on the most critical incidents.
• Rapid Investigation Tools: Salt offers powerful investigation tools to aid analysts in rapidly comprehending the context and impact of an attack. These tools include features such as attack timelines, attacker profiles, and API-specific insights.
• Automated Response: We facilitate automated attack blocking and resolution, reducing the necessity for manual intervention and expediting incident response. Additionally, we seamlessly integrate with other security tools, such as SIEMs.
• LLM-driven Attacker Insights: The Salt Security platform uses a custom-built large language model to automatically create detailed profiles of attacker behavior, including their origins, methods, targets, and potential motivations. This gives security teams valuable intelligence for quick and decisive action, improving their ability to understand and respond to API threats effectively. The insights from the language model can help analysts quickly understand the nature of an attack, even if they are unfamiliar with the specific techniques being used, further reducing MTTR (Mean Time to Respond).

The Impact of Reduced MTTR

By reducing MTTR, Salt Security helps organizations:

• Minimize the impact of attacks: Faster incident response means less time for attackers to exploit vulnerabilities and cause damage.
• Improve operational efficiency: Salt Security streamlines incident response processes, freeing security teams to focus on other critical tasks.
• Enhance overall security posture: A lower MTTR demonstrates a strong security posture and a commitment to protecting critical assets.

Conclusion

In the context of API security, time is of the essence. Salt Security's AI-infused platform, focuses on reducing MTTR by providing high-quality alerts, faster investigation capabilities, automated responses, and insights into attackers powered by AI. This allows organizations to promptly and effectively deal with threats. By doing so, not only is the impact of attacks minimized, but it also enhances their overall security posture, ensuring the protection of their valuable APIs.

If you want to learn more about Salt and how we can help you on your API Security journey through discovery, posture management, and run-time threat protection, please contact us, schedule a demo, or check out our website.

The post Time is of the Essence: Shrinking MTTR in API Security appeared first on Security Boulevard.

As software development reaches new heights, ensuring the security and management of your code is more crucial than ever. Seeing the need of the hour, Strobes CTEM is now integrated...

The post Strobes Integrates with Azure Repos: Enhancing Code Security appeared first on Strobes Security.

The post Strobes Integrates with Azure Repos: Enhancing Code Security appeared first on Security Boulevard.

The National Institute of Standards and Technology (NIST) released its first three post-quantum cryptography (PQC) standards, a world-first designed to meet the threat of powerful quantum computers as well as the increasing encryption vulnerability to AI-based attacks.

The post NIST Releases Post Quantum Cryptography Standards appeared first on Security Boulevard.

By pushing past the hurdles that can make threat modeling challenging, business leaders can take full advantage of threat models to give their organizations a leg up in the battle against cyberattacks.

The post Putting Threat Modeling Into Practice: A Guide for Business Leaders appeared first on Security Boulevard.

Authors: Rui Ataide, Hermes Bojaxhi GuidePoint’s DFIR team is frequently called upon to respond to Ransomware incidents. While many such […]

The post Update from the Ransomware Trenches appeared first on Security Boulevard.

Learn How Kaseya is Changing the Game for MSPs

The post Transform Your MSP’s Financial Future appeared first on Kaseya.

The post Transform Your MSP’s Financial Future appeared first on Security Boulevard.

The FBI and law enforcement agencies from the UK and Germany seized servers and domains belonging to the Dispossessor ransomware gang, which had emerged into the spotlight following a similar operation against the notorious LockBit gang in February.

The post FBI Disrupts Operations of the Dispossessor Ransomware Group appeared first on Security Boulevard.

Authors/Presenters:Chao Wang, Yue Zhang, Zhiqiang Lin

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – One Size Does Not Fit All: Uncovering and Exploiting Cross Platform Discrepant APIs in WeChat appeared first on Security Boulevard.

By Deb Radcliff, DevSecOps analyst and editor of CodeSecure’s TalkSecure educational content (syndicated at Security Boulevard & YouTube)LAS VEGAS – One day before the Black Hat Briefings started in Vegas last week, a group of experts met at the Wynn Las Vegas to talk about SBOMs (software bills of materials) during the Software Supply Chain Security Summit hosted by Lineage. Despite…

The post SBOMs Critical to Software Supply Chain Security appeared first on CodeSecure.

The post SBOMs Critical to Software Supply Chain Security appeared first on Security Boulevard.

Securing your API ecosystem is increasingly complex, leaving organizations unsure where to begin. Gartner's®  2024 Market Guide for API Protection offers clear guidance:

"Start using API protection products to discover and categorize your organization's APIs. Identify critical APIs that are publicly exposed and provide access to sensitive data."

Understanding your API attack surface and prioritizing your security efforts is crucial. Once you have visibility into your API landscape, you can implement appropriate security measures to protect your APIs from abuse and access violations. This might involve deploying an API protection product, implementing security best practices, and conducting regular security assessments.  It also becomes critical to design and develop APIs from the start that meet your organization’s governance standards.

The API protection market is undergoing a period of rapid evolution, with consolidation and new entrants from various sectors. According to one of the findings in the 2024 Gartner® Market Guide for API Protection,

"While the early adopters of API protection have been acquiring products from specialized vendors, the market is rapidly consolidating with offerings from web application and API protection (WAAP), API management and cloud infrastructure and platform service (CIPS) providers competing with stand-alone API protection providers."

While these traditional application security providers offer some API security capabilities, they often don’t have the depth and specialization of dedicated API security vendors such as Salt Security.

Salt Security is a specialized API security vendor uniquely positioned to address the evolving API threat landscape. Our platform is purpose-built for API security, leveraging deep API expertise and cutting-edge AI-infused technology to provide comprehensive visibility and protection for all APIs. We are committed to staying ahead of the curve, ensuring our customers have the best API security solution.

Salt Security's API Protection Platform makes it easy to get started with API protection. Our platform quickly and easily discovers all your APIs, giving you the visibility you need to secure them. We also offer comprehensive security posture governance and runtime protection capabilities to help you mitigate API risks and prevent attacks. Take action now to protect your APIs and safeguard your sensitive data before it's too late.

If you would like to learn more about Salt and how we can help you on your API Security journey through discovery, posture management and run time threat protection, please contact us, schedule a demo, or check out our website.

*Gartner, Market Guide for API Protection, Dionisio Zumerle, Aaron Lord, et al., 29 May 2024 GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

The post Gartner® Insights: Navigating the Evolving API Protection Market and Taking Action appeared first on Security Boulevard.