Cybersecurity Funding Rebounds, Cloud Threats, and BeyondTrust Vulnerability
Introduction
In the world of cybersecurity, staying informed about the latest developments is crucial. While some stories may capture headlines, others may slip under the radar but are nonetheless significant. This weekly roundup aims to bring attention to noteworthy stories from the week of July 31, 2023. This week’s stories include an increase in malware-related security threats, the launch of managed security services for operational technology (OT), a rebound in cybersecurity funding for early-stage companies, and vulnerabilities and threats in various cloud platforms and technologies.
Nozomi OT/IoT Security Report Reveals Surge in Malware and Access Control Issues
Nozomi Networks’ latest OT & IoT Security Report for the first half of 2023 highlights a tenfold increase in malware-related security threats. Additionally, access control and authorization issues have also surged. However, the report also shows a decrease in authentication and password issues, as well as OT-specific threats and suspicious network behavior. This reveals a shift in the threat landscape, with attackers focusing more on exploiting vulnerabilities and weaknesses in access control systems and malware deployment.
Schneider Electric Launches Managed Security Services for OT
To address the risks associated with remote access and connectivity technologies in operational technology (OT) organizations, Schneider Electric has launched a vendor-agnostic Managed Security Services (MSS) offering. Powered by Schneider’s Cybersecurity Connected Service Hub (CCSH), this service provides monitoring and response capabilities. By leveraging MSS, OT organizations can enhance their security posture and proactively detect and respond to potential cyber threats.
Early-Stage Cybersecurity Funding Rebounds
DataTribe’s latest cybersecurity funding report reveals a positive trend in early-stage cybersecurity funding. In the second quarter of 2023, deal volume for seed, Series A, and Series B increased by 47% compared to the first quarter. This rebound in funding indicates growing investor confidence in the cybersecurity industry and highlights the importance of innovative solutions and technologies in addressing evolving cyber threats.
The Cybersecurity Risks Associated with Large Sporting Events
Microsoft’s fifth installment of the Cyber Signals report focuses on the cyber risks associated with large sporting events. The report provides an overview of these risks and offers recommendations on how sports associations, teams, and venues can safeguard against cybersecurity threats. A key recommendation is the implementation of a multilayered security framework. Microsoft’s experience providing cybersecurity defenses during the FIFA World Cup in 2022, where they performed over 634 million authentications in Qatar, serves as a reference for the importance of robust security measures.
Abusing the SSM Agent as a Remote Access Trojan
Mitiga warns of a new post-exploitation technique in Amazon Web Services (AWS) where the Systems Manager (SSM) agent can be abused as a remote access trojan (RAT) to control Linux and Windows machines from another AWS account. The SSM agent is a legitimate tool that administrators can use to manage instances. However, threat actors may exploit this tool to carry out malicious activities on an ongoing basis. This highlights the importance of continuous monitoring, access control, and secure configuration management in cloud environments.
Authorities Alerted to Extremists’ Use of Flipper Zero Hacking Tool
Local authorities in major US cities have been put on alert regarding the potential use of the Flipper Zero hacking tool by racially and ethnically motivated violent extremists (REMVEs). The Flipper Zero tool can be utilized to hack radio protocols, access control systems, clone RFID cards, and bypass the security of electronic safes. This highlights the need for law enforcement agencies to stay vigilant and take proactive measures to mitigate the risks posed by such tools in the hands of malicious actors.
New Azure Active Directory Attack Vector Discovered
Security firm Vectra has detailed a new attack vector against Azure Active Directory that could allow attackers to move laterally to other Microsoft tenants. The technique targets Cross-Tenant Synchronization, a newly introduced functionality that exists in every Microsoft deployment, allowing organizations to synchronize users and groups between tenants. To demonstrate the exploit, Vectra has published a proof-of-concept (PoC). This discovery underscores the importance of ongoing vulnerability management and secure configuration practices for cloud-based services.
Google’s Threat Horizons Report for Cloud Enterprise Users
Google has released its August 2023 Threat Horizons report, providing intelligence about threats to cloud enterprise users and recommendations to improve cloud security. The report highlights the evolving threat landscape and offers insights into the tactics, techniques, and procedures employed by threat actors. It emphasizes the importance of collaboration between service providers and organizations to enhance cloud security measures.
VMware Patches Vulnerabilities in Horizon Server
VMware has announced patches for two medium-severity vulnerabilities in Horizon Server. The vulnerabilities could potentially allow attackers to perform HTTP smuggle requests and access information concerning internal network configurations. While neither flaw has been observed to be exploited in attacks, prompt patching is essential to mitigate any potential risks and maintain a secure environment.
BeyondTrust Addresses Command Injection Vulnerability
BeyondTrust recently informed customers of a command injection vulnerability in Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2. This critical vulnerability could enable a remote attacker to execute operating system (OS) commands without authentication. Given the maximum severity rating and the potential for unauthorized access, it is crucial for affected users to apply patches promptly to protect their systems.
Editorial: The Complex Landscape of Cybersecurity
The rapid advancement of technology continues to bring both opportunities and risks. As seen in this roundup of cybersecurity news, the threat landscape is evolving, and new vulnerabilities and attack techniques are constantly emerging. The increase in malware-related threats and access control issues emphasizes the need for organizations to prioritize robust cybersecurity measures and maintain a proactive security posture. Additionally, the rebound in early-stage cybersecurity funding highlights the recognition of the importance of innovative solutions in addressing the evolving cyber threat landscape.
Conclusion and Recommendations
To navigate the complex landscape of cybersecurity effectively, organizations must prioritize the following:
1. Stay informed: Regularly monitor cybersecurity news, reports, and updates to keep abreast of the latest threats and vulnerabilities.
2. Implement a multilayered security framework: Cybersecurity measures should incorporate multiple layers of defense, including access controls, network monitoring, vulnerability management, and incident response capabilities.
3. Continuous monitoring and secure configuration management: Regularly monitor cloud environments for unauthorized activities, access control issues, and misconfigurations. Implement strong access controls and regularly review and update security configurations.
4. Prompt patching: Stay up to date with the latest security patches and updates for all software and systems. Vulnerability assessment programs can help organizations prioritize and apply patches promptly.
5. Invest in innovative cybersecurity solutions: Consider partnering with early-stage cybersecurity companies that offer cutting-edge solutions to address evolving cyber threats.
6. Promote cybersecurity awareness and training: Educate employees about best security practices, including strong password management, phishing prevention, and device security.
By following these recommendations and staying vigilant, organizations can enhance their cybersecurity posture and mitigate risks in an increasingly interconnected world.
<< photo by Dan Nelson >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- The Art of Persuasion: Unlocking Effective Communication with Your CISO
- Unmasking the Dark Side: Exploiting Cloudflare Tunnel for Sustained Breaches and Confidential Data Breach
- Navigating the Murkiness: Strategies for Addressing Ambiguity in New Cyber Regulations
- “Google and Microsoft Embrace Rust: Enhancing Security in the World of Tech Giants”
- Microsoft in the Hot Seat: Analyzing the Criticism Surrounding their Handling of the Power Platform Vulnerability
- Points.com: Unveiling the Vulnerabilities Behind Customer Data Theft and Rewards Program Hacking
- “A Shady Scheme Uncovered: NYC Couple Pleads Guilty in Massive Bitfinex Hack”
- The Changing Landscape of Cybersecurity: A Look at July 2023’s M&A Activity
- The Future of Cybersecurity M&A: A Deep Dive into the 42 Deals of July 2023
- Exploring the Importance of Data Security Posture Management (DSPM)
