Exposed Blob Storage in Azure, (Thu, Nov 12th)

With the headline “Improperly Configured AWS S3 Bucket Exposes 10 Million Hotel Guest Records” in this week’s SANS NewsBites, I wanted to shed a little light on the same problem, but in Azure.

Microsoft Azure Blob Storage is very similar to AWS S3, and comes in three access control flavors:

• “Private” is thankfully the default. and turns off anonymous public access
• “Blob” allows unauthenticated public access to a file, as long as you know its name
• “Container” is the same as blob, but also allows to list the folder contents

You can check the configured access level by looking at your Azure resources, clicking on the storage accounts, and then drilling down into the storage containers present:

An access level of “Blob” can be sufficient for something like a public website. It behaves very similar to a web server – if someone knows or can guess the file name, they can access the file, no questions asked.  For business data, this level of access is dangerous though, because its “security” basically just relies on your assumption that nobody else knows or can guess the file name. More often than not, this assumption turns out to be ill-advised. Other files that you intentionally share publicly might have a similar naming structure, or you maybe are using easily guessable names to begin with. In a nutshell: If you would consider a file too sensitive to store on your public web server, don’t store it in a Azure container with “Blob” access, either.

An access level of “Container” is the same as “Blob”, but worse. An attacker just needs to know the name of the Storage Account itself. That’s the part of the name in front of the *.blob.core.windows.net URLs that you certainly have encountered before. That name space is pretty small, because the Storage Account Name has to be unique across all Azure tenants (Microsoft Azure Customers).  While creating a new storage account, “name collisions” are therefore quite frequent:

The container name itself (one level below the storage account) only needs to be unique per storage account though, and cannot be directly enumerated. Therefore, even accounts that are exposed at access level “Container” retain a tiny modicum of security-by-obscurity, presumed that your container is indeed named obscurely. In my example shown, the container is named “logs”, and would likely be discovered real quick once someone develops any interest in my “temporaryexampleonly” container. Enumerating the contents is then only one API call away, and the resulting XML/JSON is readily machine parseable to extract the URLs of all the files in the container. Once the file and path names are known, the files can be obtained even if the access level is later changed back to “Blob”.

One way to quickly find out if you have exposed Containers in your Azure Storage setup is to use Azure Security Center (ASC).  Even at the “Free” tier, you will see recommendations like these:

If your ASC displays this recommendation for any of your storage accounts, take it seriously, and investigate if the flagged resource is public-by-design, or public-by-mistake. 

In the next diary, I’m going to show how you can reliably prevent the problem from occurring in the first place.
 

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post Exposed Blob Storage in Azure, (Thu, Nov 12th) appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/exposed-blob-storage-in-azure-thu-nov-12th/?utm_source=rss&utm_medium=rss&utm_campaign=exposed-blob-storage-in-azure-thu-nov-12th

NSF-Funded Research Aims to Help Disrupt Cybercrime Supply Chains

The National Science Foundation awarded a grant to Georgia State University (GSU) to come up with innovative ways to thwart the supply chains for counterfeiting, loan- and unemployment fraud.

The post NSF-Funded Research Aims to Help Disrupt Cybercrime Supply Chains appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/nsf-funded-research-aims-to-help-disrupt-cybercrime-supply-chains/?utm_source=rss&utm_medium=rss&utm_campaign=nsf-funded-research-aims-to-help-disrupt-cybercrime-supply-chains

Want to Avoid an Extreme Cyberloss? Focus on the Basics

New analysis of attacks and breaches — to the tune of more than $20 million in damages and losses of at least 20 million records — underscores the importance of planning for these events.

The post Want to Avoid an Extreme Cyberloss? Focus on the Basics appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/want-to-avoid-an-extreme-cyberloss-focus-on-the-basics/?utm_source=rss&utm_medium=rss&utm_campaign=want-to-avoid-an-extreme-cyberloss-focus-on-the-basics

Security Hiring Plans Remain Constant Despite Pandemic

Although we saw workforce gains this year, 56% of businesses surveyed report staff shortages are putting their organization at risk.

The post Security Hiring Plans Remain Constant Despite Pandemic appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/security-hiring-plans-remain-constant-despite-pandemic/?utm_source=rss&utm_medium=rss&utm_campaign=security-hiring-plans-remain-constant-despite-pandemic

3 Tips For Successfully Running Tech Outside the IT Department

When marketing opts for “extra-departmental IT,” coordination and communication are required to keep things secured.

The post 3 Tips For Successfully Running Tech Outside the IT Department appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/3-tips-for-successfully-running-tech-outside-the-it-department/?utm_source=rss&utm_medium=rss&utm_campaign=3-tips-for-successfully-running-tech-outside-the-it-department

New to Identity Governance? Here’s What to Look for in a Modern Identity Governance Solution

You likely have an identity governance and administration (IGA) solution in place to address data privacy and regulatory requirements. “Identity governance” refers to identity needs like  access request approvals and certifying user access levels, and “administration” refers to the back-end user account provisioning processes in place to meet those needs. In this blog, we’ll look at the requirements that have driven the adoption of identity governance and administration, how the changing identity landscape is posing challenges for legacy IGA solutions, and how modern IGA approaches fill those gaps.

Why You Need an Identity Governance and Administration Solution

You have to manage user access requirements, ensure compliance with an ever-increasing number of regulations, protect your organizational data and intellectual property, and maintain a seamless customer experience across multiple devices. IGA solutions have evolved over the years to address this broad set of needs.

A robust identity governance and administration solution should enable the certification of appropriate user access levels and allow you to govern that access with policy-based controls. Additionally, it should enable your security and compliance teams to handle access requests, access approvals, and role administration. An effective IGA solution should also help your organization achieve regulatory compliance.

IGA Landscape Challenges 

You’ve likely had your existing identity governance and administration solution in place for a long time, and you’ve seen the identity landscape change drastically around it. Accelerating changes in enterprise technologies, cyberthreats, and the user landscape are putting growing pressure on traditional IGA solutions and, in turn, on your security and compliance teams.

The identity landscape today encompasses a growing number and type of users, accounts, devices, applications, and systems. Applications and systems are no longer just on-premises. They live in a dizzying hybrid of on-premises, cloud, and SaaS environments – and your users, encompassing your workforce, consumers, and partners, access them from many different devices and networks. On top of these complexities, you’re protecting your data and users against an increasing number of internal and external threats while the number of compliance regulations mounts. 

You’re left with a critical question: Can your IGA solution keep up? 

• Identity Silos Leave you with Poor Visibility
  Enterprise IT environments become more complex every year, increasing the number of applications and systems you provide user access to. Most legacy identity governance solutions don’t connect and manage all applications, especially with systems living in a hybrid of on-premises and cloud environments. Combined with your user identity information scattered across multiple identity silos, this can lead to poor enterprise user access visibility, a lack of context, and an inability to recommend appropriate access privileges, like entitlements and role assignments. It’s difficult to secure identities, user access and maintain compliance when you don’t have – and can’t achieve – complete visibility.
• Compliance Becomes Challenging
  Your IGA solution should enable you to understand who has access to what, but with fragmented visibility, your security and compliance teams don’t have the information needed to be compliant with the increasing number of regulations. Longstanding regulations like the Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley (SOX) have been joined by new legislation like General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), are increasing the pressure on your security and compliance teams. Breaching these regulations comes at a high cost. Noncompliance with SOX can cost organizations up to $25 million in fines as well as criminal or civil prosecution. It’s estimated that $192 million in GDPR violations have been levied against companies since the legislation went into effect. 
• Resources are Exhausted
  Identity governance solutions are expected to work across multiple siloed environments with tens of millions of access privileges spread across legacy and modern applications on both on-premise and cloud environments. Automation is critical to preventing your teams from over provisioning or granting inappropriate access privileges. Unfortunately, many legacy systems can’t be automated, resulting in an overflow of access requests for your team. Requests that require manual, human reviews and fulfillment.

The shortcomings of existing  IGA solutions can lead to identity governance fatigue and leave your organization more vulnerable. When considering a new, modern IGA solution, here are a few best practices to look for:  

• AI-Driven IGA Solution – A modern identity lifecycle management solution that simplifies and automates the access request, access approval, certification and role modeling processes. By leveraging an AI-driven analytics engine, the solution identifies and applies appropriate user access, automates high-confidence access approvals, recommends low risk accounts for certification, re-certifies high-risk accounts, and automates the removal of unnecessary roles. 

A solution that automates access and governance controls to more easily manage the demands of today’s dynamic workforce throughout the entire users’ lifecycle.

• Data Agnostic – A solution that does not include data bias, a data model that reflects the entire user access landscape. A solution that provides the ability to contextually examine all identity-related data, identify and recommend the right level of user access rights via high, medium, and low confident scores while providing the ability to apply appropriate birthright and or leaver user access rights to accounts, applications, systems, roles, and entitlements across the enterprise. 

A solution that reduces overall request volumes by predicting appropriate user access at the right time, to the right resources. 

• Extensible Data Model – A solution with a highly scalable identity model for managing all users, devices, and things. A solution that enables data aggregation from diverse identity authoritative sources combined with an identity relationship model. A data visualization model that automatically identifies contextual relationships across users, devices, and things. 

A solution that automates identity orchestration and automation across access management, identity governance, and identity management via AI-based remediation recommendations. 

ForgeRock Identity Governance and Administration

The ForgeRock Identity Governance and Administration solution is an integral part of the  ForgeRock Identity Platform. The solution provides real-time, continuous enterprise-wide user access visibility, control, and remediation. A solution that simplifies the manual access request, access approval, certification, and role mining processes while providing full identity lifecycle management for creating, managing, and restricting identity access to accounts, systems, applications, and infrastructure. A solution you can strengthen your security posture and automatically drive regulatory compliance.

Amplify Your Existing IGA Solutions with AI-Driven Identity Analytics

ForgeRock Autonomous Identity is an AI-driven identity analytics solution that can be layered on top of, and integrated with, your existing IGA solution. The solution provides contextual, enterprise-wide visibility by collecting and analyzing all identity data, enabling contextual insight of low, medium, and high-risk user access at scale. It identifies and alerts your security and compliance teams about high-risk access or policy violations. By automating much of what is being done manually today, your team is freed up to focus on higher priority tasks and projects. And, by automatically examining enterprise-wide identity data, Autonomous Identity helps break down identity silos. You get an always updated contextual view of your entire user access identity landscape – what good access should and shouldn’t look like.

With ForgeRock Identity Governance and Administration and Autonomous Identity solutions, you can overcome identity governance fatigue, keep pace with user access demands, mitigate risk, and achieve regulatory compliance.   

Learn more by watching The Evolution and Modernization of Identity Governance and reading Maximize the Value of Your Identity Solution with AI-Driven Identity Analytics to see how ForgeRock Autonomous Identity can address your dynamic IGA challenges.

 

The post New to Identity Governance? Here’s What to Look for in a Modern Identity Governance Solution appeared first on Security Boulevard.

Read More

The post New to Identity Governance? Here’s What to Look for in a Modern Identity Governance Solution appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/new-to-identity-governance-heres-what-to-look-for-in-a-modern-identity-governance-solution/?utm_source=rss&utm_medium=rss&utm_campaign=new-to-identity-governance-heres-what-to-look-for-in-a-modern-identity-governance-solution

SWVHSC Micro Interviews: Secure Circle & Vicarius – Jeff Capone, Roi Cohen – ESW #206

Secure Circle:
For a true Zero-Trust environment, it isn’t enough to think about data in cloud services and SaaS applications, we also must protect, control and audit data that egresses form these services onto endpoints.

– How do you protect data that egresses from your cloud services (i.e., Github, Workday, SalesForce, Box, OneDrive)?
– Do you control access to your data after it egresses from your cloud services?

This segment is sponsored by SecureCircle.

Visit https://securityweekly.com/securecircle to learn more about them!

Vicarius:
Pentesting is littered with politics, bias reporting, and human error. So how do you clean up the trash? A former IDF engineer shares how his stint as a pentester changed the way he thinks about it – and ultimately led to the development of a new technology.

This segment is sponsored by Vicarius.

Visit https://securityweekly.com/vicarius to learn more about them!

Start your free trial today, visit: https://www.vicarius.io/sign/up
Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw206

The post SWVHSC Micro Interviews: Secure Circle & Vicarius – Jeff Capone, Roi Cohen – ESW #206 appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/swvhsc-micro-interviews-secure-circle-vicarius-jeff-capone-roi-cohen-esw-206/?utm_source=rss&utm_medium=rss&utm_campaign=swvhsc-micro-interviews-secure-circle-vicarius-jeff-capone-roi-cohen-esw-206

Contrast Security’s Approach to SCA Enables Vulnerability Prioritization and Faster Remediation

Open Source Is a Mainstay in Modern Development

It goes without saying that modern applications are rarely built from scratch today. Open-source software (OSS) communities are well-organized and licensing is usually pretty clear. Thus, when developers build applications, their first instinct is to use open source. Open source can provide most of the functionality required in an application, reducing the amount of custom code required to a mere fraction of the codebase. 

The post Contrast Security’s Approach to SCA Enables Vulnerability Prioritization and Faster Remediation appeared first on Security Boulevard.

Read More

The post Contrast Security’s Approach to SCA Enables Vulnerability Prioritization and Faster Remediation appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/contrast-securitys-approach-to-sca-enables-vulnerability-prioritization-and-faster-remediation/?utm_source=rss&utm_medium=rss&utm_campaign=contrast-securitys-approach-to-sca-enables-vulnerability-prioritization-and-faster-remediation

Nexus Repository Helps Developers Overcome New Docker Hub Rate Limits

Development teams building applications use Nexus Repository (Nexus) to store and manage all of their components, build artifacts, and containers. It provides an efficient way to locally cache myriad types of software packages, and enables users to proxy public registries such as Maven Central, npm, and Docker Hub to reduce duplicate downloads and improve speeds to developers and CI servers. 

The post Nexus Repository Helps Developers Overcome New Docker Hub Rate Limits appeared first on Security Boulevard.

Read More

The post Nexus Repository Helps Developers Overcome New Docker Hub Rate Limits appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/nexus-repository-helps-developers-overcome-new-docker-hub-rate-limits/?utm_source=rss&utm_medium=rss&utm_campaign=nexus-repository-helps-developers-overcome-new-docker-hub-rate-limits

BotRx Widgets, New Kasada API, & White Ops Bot Protection – ESW #206

In the Enterprise News, BotRx widgets provide analytical context on how attacks impact business operations, New Kasada API protects from botnet attacks and targeted fraud, White Ops Offers Expanded Protection Against Sophisticated Bot Attacks and Fraud through the AWS Marketplace, SentinelOne, an AI-based endpoint security firm, confirms $267M raise on a $3.1B valuation, ZeroNorth unites security and DevOps teams with Defect Density Dashboard, and much more!

Timestamps:

2:58 – “JumpCloud Raises $75M to Advance Zero-Trust Security Based on Identity”
7:25 – “British cybersecurity firm Darktrace targets $5bn London IPO”
9:50 – “Enso Security raises $6 million seed funding for AppSec management”
12:20 – “SentinelOne, an AI-based endpoint security firm, confirms $267M raise on a $3.1B valuation”
14:59 – “Neustar Agrees to Buy Verisign’s Public DNS Service ”
16:00 – “Ping Identity Buys Symphonic Software To Add Policy-Driven Authorization”
16:36 – “PKWARE acquires Dataguise to expand global footprint – Help Net Security”
17:20 – “Palo Alto Networks introduces Enterprise Data Loss Prevention”
19:47 – “Barracuda Networks acquires zero trust cybersecurity startup Fyde to protect remote employees”
24:00 – “New Kasada API protects from botnet attacks and targeted fraud”
26:29 – “Accelerate Malware Detection, Remediation with LogRhythm and Cisco AMP”
29:20 – “Auto-Scaling Network Visibility in AWS Cloud”
31:17 – “Radware Announces Expanded Elastic Scalability and Resiliency for its Virtual DDoS Protection in AWS”
34:14 – “White Ops Offers Expanded Protection Against Sophisticated Bot Attacks and Fraud through the AWS Marketplace”

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw206

The post BotRx Widgets, New Kasada API, & White Ops Bot Protection – ESW #206 appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/botrx-widgets-new-kasada-api-white-ops-bot-protection-esw-206/?utm_source=rss&utm_medium=rss&utm_campaign=botrx-widgets-new-kasada-api-white-ops-bot-protection-esw-206

Silver Peak SD-WAN Bugs Allow for Network Takeover

Three security vulnerabilities can be chained to enable unauthenticated remote code execution.
Read More

The post Silver Peak SD-WAN Bugs Allow for Network Takeover appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/silver-peak-sd-wan-bugs-allow-for-network-takeover/?utm_source=rss&utm_medium=rss&utm_campaign=silver-peak-sd-wan-bugs-allow-for-network-takeover

9 New Tactics to Spread Security Awareness

Employees are often your first line of security defense when the bad guys come calling — providing your workers are properly trained. Security leaders share how they’re raising awareness.

The post 9 New Tactics to Spread Security Awareness appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/9-new-tactics-to-spread-security-awareness/?utm_source=rss&utm_medium=rss&utm_campaign=9-new-tactics-to-spread-security-awareness

Nvidia Warns Windows Gamers of GeForce NOW Flaw

Both Nvidia and Intel faced severe security issues this week – including a high-severity bug in Nvidia’s GeForce NOW.
Read More

The post Nvidia Warns Windows Gamers of GeForce NOW Flaw appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/nvidia-warns-windows-gamers-of-geforce-now-flaw-2/?utm_source=rss&utm_medium=rss&utm_campaign=nvidia-warns-windows-gamers-of-geforce-now-flaw-2

Nvidia Warns Windows Gamers of GeForce NOW Flaw

Both Nvidia and Intel faced severe security issues this week – including a high-severity bug in Nvidia’s GeForce NOW.
Read More

The post Nvidia Warns Windows Gamers of GeForce NOW Flaw appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/nvidia-warns-windows-gamers-of-geforce-now-flaw/?utm_source=rss&utm_medium=rss&utm_campaign=nvidia-warns-windows-gamers-of-geforce-now-flaw

Gartner 2020 CASB Magic Quadrant – CipherCloud’s Visionary Performance

According to most definitions, attaining the label of “visionary” indicates that you have arrived as someone who can actively “envision the future”; by some observations it even implies that you may be one having “unusual foresight and imagination”. In the world of advanced cloud security and data protection solutions – an industry marked by constant […]

The post Gartner 2020 CASB Magic Quadrant – CipherCloud’s Visionary Performance appeared first on CipherCloud.

The post Gartner 2020 CASB Magic Quadrant – CipherCloud’s Visionary Performance appeared first on Security Boulevard.

Read More

The post Gartner 2020 CASB Magic Quadrant – CipherCloud’s Visionary Performance appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/gartner-2020-casb-magic-quadrant-cipherclouds-visionary-performance/?utm_source=rss&utm_medium=rss&utm_campaign=gartner-2020-casb-magic-quadrant-cipherclouds-visionary-performance

Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic

Following a Nov. 3 ransomware attack against Campari, Ragnar Locker group took out public Facebook ads threatening to release stolen data.
Read More

The post Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/ragnar-locker-ransomware-gang-takes-out-facebook-ads-in-key-new-tactic/?utm_source=rss&utm_medium=rss&utm_campaign=ragnar-locker-ransomware-gang-takes-out-facebook-ads-in-key-new-tactic

Total Cost of Ownership: Why It’s Important for Businesses

A total cost of ownership (TCO) analysis is vital to examine the financial impact of implementing new technologies in business. In information technology, assessing the TCO provides a broader view of the investment and the value of the product over its lifespan.

The post Total Cost of Ownership: Why It’s Important for Businesses appeared first on Security Boulevard.

Read More

The post Total Cost of Ownership: Why It’s Important for Businesses appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/total-cost-of-ownership-why-its-important-for-businesses/?utm_source=rss&utm_medium=rss&utm_campaign=total-cost-of-ownership-why-its-important-for-businesses

A Comprehensive Checklist for Windows Hardening

What is hardening? Hardening involves reducing risk through the identification and remediation of vulnerabilities across the attack surface of a system. A system tends to have more vulnerabilities or a larger attack surface as its complexity or functionality increases.  Hardening is necessary in a production environment in order to reduce any risk and loss […]

The post A Comprehensive Checklist for Windows Hardening appeared first on Hurricane Labs.

The post A Comprehensive Checklist for Windows Hardening appeared first on Security Boulevard.

Read More

The post A Comprehensive Checklist for Windows Hardening appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/a-comprehensive-checklist-for-windows-hardening/?utm_source=rss&utm_medium=rss&utm_campaign=a-comprehensive-checklist-for-windows-hardening

12th November 2020: Identity Methods partners with ColorTokens to Provide UK Enterprises with Industry-Leading Zero Trust Security in the Cloud

UK consultancy Identity Methods Ltd., an end-to-end provider of identity, privacy, governance and security solutions, has signed a partnership with California-based ColorTokens Inc., a leader in cloud-delivered Zero Trust security.  Through its award-winning Xtended ZeroTrust Platform™, ColorTokens delivers solutions that help businesses accurately assess and drastically improve their security posture, ensuring business resiliency to cyber..

The post 12th November 2020: Identity Methods partners with ColorTokens to Provide UK Enterprises with Industry-Leading Zero Trust Security in the Cloud appeared first on Security Boulevard.

Read More

The post 12th November 2020: Identity Methods partners with ColorTokens to Provide UK Enterprises with Industry-Leading Zero Trust Security in the Cloud appeared first on Malware Devil.

https://malwaredevil.com/2020/11/10/12th-november-2020-identity-methods-partners-with-colortokens-to-provide-uk-enterprises-with-industry-leading-zero-trust-security-in-the-cloud/?utm_source=rss&utm_medium=rss&utm_campaign=12th-november-2020-identity-methods-partners-with-colortokens-to-provide-uk-enterprises-with-industry-leading-zero-trust-security-in-the-cloud

DeXRAY 2.23 update

I got bored again and as a result added support for G-Data Q files that start with a xCAxFExBAxBE magic. The decrypted files (apart from the main sample) use extensions […]
Read More

The post DeXRAY 2.23 update appeared first on Malware Devil.

https://malwaredevil.com/2020/11/10/dexray-2-23-update-2/?utm_source=rss&utm_medium=rss&utm_campaign=dexray-2-23-update-2