BU-CERT – Page 4 – Bournemouth University Computer Emergency Response Team

Cloud security threats CISOs need to know about

Posted on 25 July 2024

From helpnetsecurity.com

In this Help Net Security interview, Ava Chawla, Head of Cloud Security at AlgoSec, discusses the most significant cloud security threats CISOs must be aware of in 2024. These threats include data breaches, misconfiguration, insider threats, advanced persistent threats, ransomware, API vulnerabilities, and supply chain vulnerabilities.

These threats impact various sectors, including finance, healthcare, and retail, and Chawla provides insights into effective mitigation strategies.

What are the most significant cloud security threats CISOs must know in 2024? How do these threats impact different sectors, such as finance, healthcare, and retail?

The most significant cloud security threats right now are data breaches, misconfiguration, insider threats, advanced persistent threats, ransomware, API vulnerabilities and supply chain and third-party vulnerabilities. Financial institutions, healthcare organizations and retailers face specific risks that are worth noting:

Financial institutions face substantial risks, including financial loss, regulatory penalties, and loss of customer trust due to breaches and insider threats. Misconfigurations can expose sensitive financial data, violating compliance with regulations like SOX and GDPR.
Healthcare organizations are particularly vulnerable to data breaches, risking patient safety and violating HIPAA regulations. Misconfigurations and insider threats can lead to unauthorized disclosure of patient information, causing privacy violations and significant fines.
Retailers are susceptible to operational disruptions and loss of customer loyalty due to data breaches and ransomware attacks, which can also impact PCI compliance.

Zest Security Aims to Resolve Cloud Risks

Posted on 25 July 2024

From darkreading.com

Organizations have plenty of tools to identify cloud risks, vulnerabilities, and misconfigurations, but not so much for remediating cloud risks. For most organizations, significant back-and-forth is needed between DevOps and security teams to validate the risk, understand the root cause, and determine the best resolution.

Remediating risk usually involves a series of manual and time-consuming processes. Cybersecurity startup Zest Security wants to change that with its AI-powered platform designed to simplify and automate risk resolution. The platform correlates and pinpoints the root cause of cloud risks to craft resolution paths that eliminate cloud vulnerabilities and misconfigurations that attackers can exploit, Zest said in a statement.

How a cheap barcode scanner helped fix CrowdStrike’d Windows PCs in a flash

Posted on 25 July 2024

From theregister.com

Not long after Windows PCs and servers at the Australian limb of audit and tax advisory Grant Thornton started BSODing last Friday, senior systems engineer Rob Woltz remembered a small but important fact: When PCs boot, they consider barcode scanners no differently to keyboards.

That knowledge nugget became important as the firm tried to figure out how to respond to the mess CrowdStrike created, which at Grant Thornton Australia threw hundreds of PCs and no fewer than 100 servers into the doomloop that CrowdStrike’s shoddy testing software made possible.

All of Grant Thornton’s machines were encrypted with Microsoft’s BitLocker tool, which meant that recovery upon restart required CrowdStrike’s multi-step fix and entry of a 48-character BitLocker key.

The firm prioritized recovery for its servers, and tackled that task manually. But infrastructure manager Ben Watson and Woltz felt the sheer number of PCs at the firm meant an automated response would be required.

New Chrome Feature Scans Password-Protected Files for Malicious Content

Posted on 25 July 2024

From thehackernews.com

Google said it’s adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser.

“We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions,” Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said.

To that end, the search giant is introducing a two-tier download warning taxonomy based on verdicts provided by Google Safe Browsing: Suspicious files and Dangerous files.

AI-Driven Continuous Monitoring: The Future of Third-Party Risk Management

Posted on 11 July 2024

From medium.com

In the modern interconnected business landscape, third-party vendors play a crucial role in boosting efficiency and fostering innovation. However, this reliance also exposes businesses to substantial risks that can compromise security and compliance. The rising number of incidents involving breaches of duty by third parties highlights the inadequacy of traditional periodic assessments in effectively managing these risks. The future of third-party risk management lies in harnessing the power of AI-driven continuous monitoring systems.

On the security of Google Secrets

Posted on 11 July 2024

From cryptax.medium.com

Google Secrets Gradle plugin is “for providing your secrets securely to your Android project”. I would like to make it clear in this article that it does not make your secrets safe to reverse engineering and that they remain very easy to recover. The intent is only to deport the secrets in a file that you do not commit in your versioning system. If this is clear to you, skip to the last section “how can I keep my secrets confidential”.

The disclaimer on the Google Secrets GitHub page is explicit:

DISCLAIMER: This plugin is primarily for hiding your keys from version control. Since your key is part of the static binary, your API keys are still recoverable by decompiling an APK. So, securing your key using other measures like adding restrictions (if possible) are recommended.

However, titles such as “How to Hide API and Secret Keys in Android Studio”, or “Hide your API keys on Android” can mislead developers and make them think this is sort of a secure storage facility. Don’t misunderstand me: I am not saying those links are wrong/bad, just that someone who reads them quickly will probably think Google Secrets is more than it is really.

Testing Google Secrets

I tested Google Secrets in a simple Android application. The secrets are stored in an external file, e.g secrets.properties, which should not be committed to git. That’s the whole and unique purpose of Google Secrets. The filename is configurable in your module build gradle. Follow this link to setup your Android project, and this link for a working example.

When spear phishing met mass phishing

Posted on 11 July 2024

From securelist.com

Attackers starting to use spear phishing tactics in bulk phishing campaigns

Introduction

Bulk phishing email campaigns tend to target large audiences. They use catch-all wordings and simplistic formatting, and typos are not uncommon. Targeted attacks take greater effort, with attackers sending personalized messages that include personal details and might look more like something you’d get from your employer or a customer. Adopting that approach on a larger scale is a pricey endeavor. Yet, certain elements of spear phishing recently started to be used in regular mass phishing campaigns. This story looks at some real-life examples that illustrate the trend.