Suspected MFA Bombing Attacks Target Apple iPhone Users
Multifactor bombing attacks — also known as multifactor fatigue attacks — are a
social engineering exploit in which attackers flood a target's phone, computer,
or email account with push notifications to approve a login or a password reset.
The idea behind these attacks is to overwhelm a target with so many
second-factor authentication requests that they eventually accept one either
mistakenly or because they want the notifications to stop. Typically, these
attacks have involved the threat actors first illegally obtaining the username
and password to a victim account and then using a bombing or fatigue attack to
obtain second-factor authentication to accounts protected by MFA. In 2022, for
instance, members of the Lapsus$ threat group obtained the VPN credentials for
an individual working for a third-party contractor for Uber. They then used the
credentials to repeatedly try and log in to the contractor's VPN account
triggering a two-factor authentication request on the contractor's phone each
time — which the contractor ultimately approved. The attackers then used the VPN
access to breach multiple Uber systems.
Finding software flaws early in the development process provides ROI
Unfortunately, enterprise software development teams at many organizations are
not finding security-related software flaws as they write their software. As a
result, such flaws get shipped in the applications used by customers, partners,
suppliers, and employees. This creates serious security risks as threat actors
might find and use these flaws to breach enterprise applications and move
laterally throughout their target environments. Once a security-related flaw is
published to software used in production, the race is on to find the bug first.
If a company is lucky, the flaw will be found during a software security
assessment by its internal security team or perhaps a third-party provider. If
the flaw lingers too long, it’s more likely to be found by an attacker targeting
the organization in the hopes of stealing data or perhaps conducting a
ransomware attack. The security and increased trust associated with quality
software are clear. The return on investment and the business benefits of
high-quality and secure software are not always well understood.
7 tips for leading without authority
Leading without authority starts with individuals deciding to create change then
bringing people together over a shared goal. If you believe in this strategy and
want it to work, make it fundamental to your organizational structure. “We made
an intentional transition at the onset of the pandemic to be a fully remote
organization,” says Elaine Mak, chief people and performance officer at
Valimail. “At the same time, we transitioned from a founder-led to a team-led
model.” That transition involved democratizing decision-making, relying on
experts within the organization, and leaning into letting people create outcomes
through collaboration. “I brought the phrase, ‘Don’t be right, get it right,’
into the organization,” says Seth Blank, Valimail’s CTO. “It’s at the crux of
the question of how to lead without authority. If you’re the expert and you
bring a team together, come in with humility and ask, ‘How do we do this? How do
we learn together?’ If you do that, you can move mountains from anywhere on the
organization — if the organization is set up to respond. You need the culture,
and you need leaders who expect that. Then people can do amazing things,” Blank
says.
Chainguard: Outdated Containers Accumulate Vulnerabilities
EOL software is software that is no longer supported by the creator of the
application, either because it is an older version of the software that is no
longer maintained, or because the entities that maintained the software are no
longer around at all. In either case, vulnerabilities can still be found in
these applications, and since they are no longer patched, they soon become a
focus for actors with malicious intent. “And the problem becomes aggravated when
using container images,” Dunlap writes. “Using a container often means adding
additional components from underlying ‘base images,’ which can easily lead to
images with hundreds of components, each a part of the attack surface.” The
problem only grows worse over time for users, as without regular updates,
applications get harder and harder to update to the latest version over time.
Looking at software projects listed on endoflife.date, Dunlap found that the
longer a project has been EOL, the more vulnerabilities that image will collect.
This inspection included images for Traefik, F5’s NGINX, Rust, and Python.
Cisco: Security teams are ‘overconfident’ about handling next-gen threats
Part of the problem that most companies are facing, according to Cisco, is the
complicated nature of their security stacks. More than two-thirds of respondents
said that their company had more than 10 separate offerings in their security
stack, and a quarter said they had 30 or more. “This reflects the way in which
the industry has evolved over the years,” the report read. “As new threats
emerged, new solutions were developed and deployed to counter them, either by
existing vendors or new ones.” Frank Dickson, group vice president for IDC’s
security and trust research practice, said that the concern about complicated
tool stacks is far from a new one. “We’ve been having that debate in security
for ten years,” he said. Efforts to centralize security systems have been around
for just as long, he said, but for too long, the offerings peddled as
“platforms” weren’t really anything of the sort — more bundles of interrelated
products than true foundations for all-around security. That’s finally beginning
to change, however, Dickson said.
Saga Pattern in Microservices Architecture
In a typical microservice-based architecture, where a single business use case
spans multiple microservices, each service has its own local datastore and
localized transaction. When it comes to multiple transactions, and the number
of microservices is vast, there comes the requirement to handle the
transaction spanning various services. ... The Saga Pattern is an
architectural pattern for implementing a sequence of local transactions that
helps maintain data consistency across different microservices. The local
transaction updates its database and triggers the next transaction by
publishing a message or event. If a local transaction fails, the saga executes
a series of compensating transactions to roll back the changes made by the
previous transactions. This ensures that the system remains consistent even
when transactions fail. ... The Saga Pattern can be implemented in two
different ways. Choreography: In this pattern, the individual microservices
consume the events, perform the activity, and pass the event to the next
service. ... Orchestration: In this pattern, all the microservices are linked
to the centralized coordinator that orchestrates the services in a predefined
order, thus completing the application flow.
Cisco warns of password-spraying attacks targeting VPN services
Security researcher Aaron Martin told BleepingComputer that the activity
observed by Cisco is likely from an undocumented malware botnet he named
‘Brutus.’ The connection is based on the particular targeting scope and attack
patterns. Martin has published a report on the Brutus botnet describing the
unusual attack methods that he and analyst Chris Grube observed since March
15. The report notes that the botnet currently relies on 20,000 IP addresses
worldwide, spanning various infrastructures from cloud services to residential
IPs. The attacks that Martin observed initially targeted SSLVPN appliances
from Fortinet, Palo Alto, SonicWall, and Cisco but have now expanded to also
include web apps that use Active Directory for authentication. Brutus rotates
its IPs every six attempts to evade detection and blocking, while it uses very
specific non-disclosed usernames that are not available in public data dumps.
This aspect of the attacks raises concerns about how these usernames were
obtained and might indicate an undisclosed breach or exploitation of a
zero-day vulnerability.
Understanding Polyglot Persistence: A Necessity for Modern Software Engineers and Architects
Unlock the Power of Polyglot Persistence with ‘Polyglot Persistence
Unleashed.’ This comprehensive guide embarks you on a transformative journey,
illustrating the integration of MongoDB, Cassandra, Neo4J, Redis, and
Couchbase within Enterprise Java Architecture. It delves deep into NoSQL
databases, Jakarta EE, and Microprofile, empowering you with the prowess to
architect and implement sophisticated data storage solutions for robust and
scalable Java applications. From in-depth exploration to practical examples,
optimization strategies, and pioneering insights, this book is your ultimate
guide to revolutionizing data management in your Java applications. ... The
Jakarta Data specification is a beacon of innovation for Java developers. It
offers a potent API that effortlessly bridges the diverse worlds of relational
and NoSQL databases. It fosters seamless integration of data access and
manipulation, adhering to a domain-centric architecture that simplifies
persistence complexities.
What Is AI TRiSM, and Why Is it Time to Care?
The goal of AI TRiSM is to place the necessary trust, risk and security
guardrails around AI systems so that enterprises can ensure that these systems
are accurate, secure and compliant. This can be a daunting undertaking, for
while there are many years of governance experience and best practices for
traditional applications and structured system of records data, there are few
established best practices when it comes to managing and analyzing AI
structured and unstructured data, and their applications, algorithms and
machine learning. How, for instance, do you vet all of the incoming volumes of
data from research papers all over the world that your AI might be analyzing
in an effort to develop a new drug? Or how can you ensure that you are
screening databases for the best job candidates if you are only using
your company’s past hiring history as your reference? ... In contrast, AI
systems have few established maintenance practices. When AI is first deployed,
it’s checked against what subject matter experts in the field would conclude,
and it must agree with what these experts conclude 95% of the time. Over time,
business, environmental, political and market conditions change.
Graph Databases: Benefits and Best Practices
The problems that can develop when working with graph databases include using
inaccurate or inconsistent data and learning to write efficient queries.
Accurate results rely on accurate and consistent information. If the data
going in isn’t reliable, the results coming out cannot be considered
trustworthy. This data query issue can also be a problem if the stored data
uses non-generic terms while the query uses generic terminology. Additionally,
the query must be designed to meet the system’s requirements. Inaccurate data
is based on information that is simply wrong. Blatant errors have been
included. Inaccurate data may include a wrong address, a wrong gender, or any
number of other errors. Inconsistent data, on the other hand, describes a
situation with multiple tables in a database working with the same data, but
receiving it from different inputs with slightly different versions
(misspellings, abbreviations, etc.). Inconsistencies are often compounded by
data redundancy. Graph queries interrogate the graph database, and these
queries need to be accurate, precise, and designed to fit the database model.
The queries should also be as simple as possible.
Quote for the day:
“Accomplishments will prove to be a
journey, not a destination.” -- Dwight D. Eisenhower
No comments:
Post a Comment