InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!
Learning attacker Tactics, Techniques and Procedures (TTPs) are imperative in defending modern networks. This hands on guide will help guide you through these with step by step tutorials using numerous pictures for clarity.
For the past few weeks, Russia has been deploying military forces into strategic positions on Ukraine’s borders. However, there is another, virtual dimension to the escalating conflict: cyber-attacks on Ukrainian government and business websites and services.
Although it is impossible to confirm the Russian state is behind these attacks, commentators have suggested that similar tactics form part of a type of hybrid warfare that Russia has been fine tuning for the past couple of decades.
Cyber-espionage and information warfare have become an intrinsic part of recent conflicts and happen on a regular basis between conflicting powers. However, governments do not usually publicly claim responsibility for this type of activity, since this could put them in a position of declaring war against the targeted country and provoking counterattacks and sanctions from the international community. Therefore, evidence that Russia is definitely behind these attacks is hard to establish.
Cyber-attacks are often attributed to hacker groups with nationalist motivations, who justify their political agendas without explicitly verifying any state backing.
In January, there was a spate of attacks by Belarusian hackers believed to be supporting Russia. They launched a series of malware attacks against Ukrainian computer systems with many government and other websites being defaced with provocative and intimidating messages.
In mid February, there was another round of cyber-attacks, this time targeting the Ukrainian army website, ministerial websites and some of the major banks, including PrivatBank, preventing online payments and use of banking apps.
These latest attacks were mainly distributed denial of service (DDOS) attacks, where a huge number of small packets of information are sent to websites and servers from multiple sources. This information overload causes the servers and computer systems targeted to slow down or collapse because of the swarm of information requests.
Russian involvement in those cyber-attacks is suspected, but is hard to confirm. The attacks follow the pattern of similar tactics with alleged Russian backing over the past two decades in Ukraine, Estonia and Georgia, including attacks on communications infrastructures and power grids.
The US president and EU officials are now discussing increasing cyberspace defences against such attacks or imposing sanctions, if required.
Despite all of this, Ukrainian officials have refrained from explicitly mentioning the Russian state as being behind these attacks.
A searing look inside the rise of cyberwarfare as the primary way nations now compete with and sabotage one another – The Perfect Weapon
As technology progresses, our daily activities are moving online. This includes tasks that we may not think of as being particularly sensitive, such as shopping and banking. While this makes our lives easier in many ways, it also leaves us vulnerable to identity theft. Here are seven tips to protect your data and reduce your risk of it showing up on the dark web.
1) Shred sensitive documents
Shredding sensitive documents is an easy way to protect yourself against identity theft or data breaches. For example, when you receive junk mail that contains your personal information (such as pre-approved credit card offers), it’s best to cut up the document into pieces rather than just throw it in the garbage bin. This also goes for unsolicited checks in the mail and other unwanted or unsolicited offers. By cutting up or shredding these types of documents, you prevent someone else from stealing your personal information and more easily disposing of them. The same principle can be applied with old papers containing important information such as bank statements and tax returns – before throwing something away, ask yourself if anyone could get access to it if they took the paper out of your garbage can. If so, shred it!
2) Be cautious about what you post online
Before posting anything on Facebook or Twitter, ask yourself if you would be comfortable if everyone in the world read the information. The Internet is an amazing resource that can provide us with huge amounts of information right at our fingertips. However, it’s important to be aware that just because something is “just for friends” doesn’t mean that someone else won’t see your posts. Remember that this includes any selfies you may take – anyone could grab a picture off of your page, re-post it elsewhere, or even print it out and keep a copy long after you have deleted the original from your computer.
3) Ensure your passwords are strong
When choosing a password, it is very important to use diverse information that is difficult for others to guess. Avoid using real words or meaningful personal information in your passwords, even when combined with numbers or symbols. For example, “ilovemycat” might seem like an unlikely password choice at first glance, yet there are websites out there designed to reveal simple passwords such as these within seconds. A stronger approach would be to create a random string of characters and numbers, such as the phrase “I l@ve mY cAt.” You could then add on some additional characters or numbers if you preferred that people not know which type of animal you love so much! The more complex and unique your password is, the better chance you have of keeping it safe.
4) Use two-factor authentication
An easy way to add another level of security when signing into websites such as Facebook or Gmail is to enable “two-factor authentication.” For example, after entering in your password, a unique code will be sent by text message to the phone number you provided when setting up two-factor authentication. The code must then be entered before you can access your account. This adds a layer of protection since a hacker would need more than just your password in order to get into your accounts – they would also need access to your cell phone! Note that certain banks may also offer this feature for accessing protected accounts via their online banking portal. If you are unsure, contact your bank to find out more about two-factor authentication.
5) Password protect your devices
Another way to prevent unauthorized access is by password-protecting your cell phone or tablet. You may think that this is unnecessary or unimportant, but it can actually be a very important step in securing your data and preventing others from accessing it without consent. For example, if you lose your phone somewhere where someone could pick it up off the ground (such as on public transit), they wouldn’t be able to access your device without knowing the PIN code for unlocking it first. This is an easy step that many people neglect yet protects against any potential personal information leaks through lost or stolen electronic devices.
6) Be mindful of when your software is updated
Another easy way to protect yourself from the latest security risks is by updating your software and programs promptly. Both Mac and PC users can agree that it’s not always fun to spend time shutting down what you’re doing to update your computer or phone, but it is important! You may even receive updates through your system itself, such as Apple OS X – make sure you accept all updates when they are available so that you can keep up with the latest versions of all programs installed on your devices.
7) Take precautions offline as well
While online precautions are important for protecting yourself against identity theft, physical protection of personal information at home should also be taken. If confidential documents are kept anywhere around the house, consider using security safes that can be locked. This makes it difficult for someone to come along and take your information or documents without checking first.
The U.S. CISA has created a list of free cybersecurity tools and services that can help organizations increase their resilience.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced this week that it has compiled a list of free cybersecurity tools and services that can help organizations to reduce cybersecurity risk and increase resilience.
The list is part of an ongoing project, it will be continuously updated by CISA that also plans to allow third parties to propose their resources to include in the list.
The list includes open source tools and free resources provided by government organizations and private cybersecurity firms.
The tools cover a broad range of activities normally conducted by defenders, from incident response to threat detection.
“As part of our continuing mission to reduce cybersecurity risk across U.S. critical infrastructure partners and state, local, tribal, and territorial governments, CISA has compiled a list of free cybersecurity tools and services to help organizations further advance their security capabilities. This living repository includes cybersecurity services provided by CISA, widely used open source tools, and free tools and services offered by private and public sector organizations across the cybersecurity community. CISA will implement a process for organizations to submit additional free tools and services for inclusion on this list in the future.” reads the announcement published by CISA. “The list is not comprehensive and is subject to change pending future additions.”
Reducing the likelihood of a damaging cyber incident;
Detecting malicious activity quickly;
Responding effectively to confirmed incidents; and
Maximizing resilience.
The list already includes cybersecurity tools and services from major IT and cybersecurity firms, including ones provided by CISA, AT&T Cybersecurity, Cloudflare, Cisco, Center for Internet Security, CrowdStrike, Google, IBM, Microsoft, Mandiant, Splunk, SANS, Secureworks, Tenable, and Palo Alto Networks. The list also includes tens of tools are open source.
CISA pointed out that it does not endorse any commercial product or service.
Google announced Privacy Sandbox on Android to limit user data sharing and prevent the use of cross-app identifiers. The company states that the Privacy Sandbox technologies are still in development.
“Privacy Sandbox on Android will strengthen privacy, while providing tools app developers need to support and grow their businesses. It will introduce new solutions that operate without cross-app identifiers – including Advertising ID – and limit data sharing with third parties.” reads the announcement.
Google is also committed tp fighting and reducing covert data collection.
The goals of the Privacy Sandbox are:
Build new technology to keep your information private
Enable publishers and developers to keep online content free
Collaborate with the industry to build new internet privacy standards
Google will continue to support existing ads platform features for at least two years. The IT giant is inviting developers to review the proposed solution and provide their feedback through the Android developer portal.
“Starting today, developers can review our initial design proposals and share feedback on the Android developer site. We plan to release developer previews over the course of the year, with a beta release by the end of the year. We’ll provide regular updates on designs and timelines, and you can also sign up to receive updates.” concludes the announcement. “We know this initiative needs input from across the industry in order to succeed. We’ve already heard from many partners about their interest in working together to improve ads privacy on Android, and invite more organizations to participate.”
Canonical’s Snap software packaging and deployment system are affected by multiple vulnerabilities, including a privilege escalation flaw tracked as
CVE-2021-44731
(CVSS score 7.8).
Snap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel. The packages, called snaps, and the tool for using them, snapd, work across a range of Linux distributions
The flaws have been discovered by Qualys researchers, the CVE-2021-44731 is the most severe one and is a race condition in the snap-confine’s setup_private_mount() function.
The snap-confine is a program used internally by snapd to construct the execution environment for snap applications. An unprivileged user can trigger the flaw to gain root privileges on the affected host.
“Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host.” reads the post published by the experts.“As soon as the Qualys Research Team confirmed the vulnerability, we engaged in responsible vulnerability disclosure and coordinated with both vendor and open-source distributions in announcing this newly discovered vulnerability.”
Qualys experts also developed a PoC exploit for this issue that allows obtaining full root privileges on default Ubuntu installations.
Below is the full list of vulnerabilities discovered by the experts:
CVE
DESCRIPTION
CVE-2021-44731
Race condition in snap-confine’s setup_private_mount()
CVE-2021-44730
Hardlink attack in snap-confine’s sc_open_snapd_tool()
CVE-2021-3996
Unauthorized unmount in util-linux’s libmount
CVE-2021-3995
Unauthorized unmount in util-linux’s libmount
CVE-2021-3998
Unexpected return value from glibc’s realpath()
CVE-2021-3999
Off-by-one buffer overflow/underflow in glibc’s getcwd()
CVE-2021-3997
Uncontrolled recursion in systemd’s systemd-tmpfiles
Almost every part of our everyday lives is closely connected to the internet – we depend on it for communication, entertainment, information, running our households, even running our cars.
Not everyone in the world has access to the same features and content on the internet, though, with some governments imposing restrictions on what you can do online. This severely limits internet freedom and, with it, the quality of life and other rights of the affected users.
Internet freedom is a broad term that covers digital rights, freedom of information, the right to internet access, freedom from internet censorship, and net neutrality.
To cover this vast subject, we’ve compiled 50 statistics that will give you a pretty clear picture about the state of internet freedom around the world. Dig into the whole thing or simply jump into your chosen area of interest below:
The European Data Protection Supervisor authority called for a ban on the development and the use of Pegasus-like commercial spyware.
The European Data Protection Supervisor (EDPS) authority this week called for a ban on the development and the use of surveillance software like the Pegasus spyware in the EU.
Pegasus is a surveillance malware developed by the Israeli surveillance NSO Group that could infect both iPhones and Android devices, it is sold exclusively to the governments and law enforcement agencies.
The abuse of this kind of solution poses a serious threat to fundamental rights, particularly on the rights to privacy and data protection.
“It comes from the EDPS’ conviction that the use of Pegasus might lead to an unprecedented level of intrusiveness, which threatens the essence of the right to privacy, as the spyware is able to interfere with the most intimate aspects of our daily lives.” states the European Data Protection Supervisor (EDPS).
“Pegasus constitutes a paradigm shift in terms of access to private communications and devices, which is able to affect the very essence of our fundamental rights, in particular the right to privacy.”
Privacy advocated and cybersecurity experts demonstrated the use of the Pegasus in surveillance campaigns worldwide targeting journalists, political figures, dissidents, and activists.
Pegasus was used by governments with dubious human rights records and histories of abusive behaviour by their state security services.
The surveillance software allows to completely take over the target device and spy on the victims. Developers of surveillance solutions leverage zero-click zero-day exploits to silently compromise the devices without any user interaction. Pegasus is known to have used KISMET and FORCEDENTRY exploits to infect the devices of the victims.
NSO Group has repeatedly claimed that its software is sold exclusively to law enforcement and intelligence agencies to fight crime and terrorism, in so-called “life-saving mission.”
According to a series of disclosures by the business publication Calcalist in recent weeks, dozens of citizens in the country were targeted by Israel Police with the NSO Group’s spyware to gather intelligence without a search warrant authorizing the surveillance.
“National security cannot be used as an excuse to an extensive use of such technologies nor as an argument against the involvement of the European Union.” continues EDPS.
EDPS urges tight control over the use of surveillance and hacking tools to prevent and disincentive unlawful use.
Researchers disclose a now-patched remote code execution (RCE) vulnerability in the Apache Cassandra database software.
JFrog researchers publicly disclosed details of a now-patched high-severity security vulnerability (CVE-2021-44521) in Apache Cassandra database software that could be exploited by remote attackers to achieve code execution on affected installations.
Apache Cassandra is an open-source NoSQL distributed database used by thousands of companies.
“JFrog’s Security Research team recently disclosed an RCE (remote code execution) issue in Apache Cassandra, which has been assigned to
(CVSS 8.4).” reads the analsyis published by JFrog. “This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra.”
Cassandra offers the functionality of creating user-defined-functions (UDFs) that allow to perform custom processing of data in the database.
Admins can use Java and JavaScript to write UDFs. In JavaScript it leverages the Nashorn engine in the Java Runtime Environment (JRE) which is not guaranteed to be secure when accepting untrusted code
JFrog researchers that discovered that when the configuration for user-defined functions (UDFs) are enabled, threat actors could leverage the Nashorn engine to escape the sandbox and achieve remote code execution.
“For example, running the following Nashorn JavaScript code allows execution of an arbitrary shell command –
Cassandra’s development team decided to implement a custom sandbox around the UDF execution which uses two mechanisms to restrict the UDF code” states the report.“
Experts noticed that the exploitation is possible when the cassandra.yaml configuration file contains the following definitions:
enable_user_defined_functions: true
enable_scripted_user_defined_functions: true
enable_user_defined_functions_threads: false
“When the option is set to false, all invoked UDF functions run in the Cassandra daemon thread, which has a security manager with some permissions. We will show how to abuse these permissions to achieve sandbox escape and RCE.” continues the analysis.
Experts shared a PoC to create a new file named “hacked” on the Cassandra server
Apache released versions 3.0.26, 3.11.12, and 4.0.2 to address the vulnerability, it adds a new flag “allow_extra_insecure_udfs” that’s set to false by default, it prevents turning off the security manager and blocks access to java.lang.System..
Certified ISO 27001 ISMS Lead Auditor Training Course
ISO 27001 Lead Auditor is the qualification of choice for ISO 27001 professionals, recognized by employers worldwide.
Implementing and maintaining compliance with the Standard requires comprehensive knowledge of ISO 27001.
ITG Certified ISO 27001 ISMS Lead Auditor Training Course gives participants a solid understanding of the requirements of an ISO 27001 audit and the knowledge to ensure conformity to the Standard.
If you are already a qualified ISO 27001 auditor, enhance your career by taking ITG Certified ISO 27701 PIMS Lead Auditor Training Course, which will teach you how to conduct audits against ISO 27701, in line with international data protection regimes.
Concerning e-mails, pay attention to the following features:
Impersonal form of address:The sender of the e-mail does not know your correct name. The mail begins with “Dear costumer” instead of “Dear Mrs. / Mr. XY”. Perhaps you name is inserted, but misspelled.
The sender is using threads:The sender threatens you, e.g. “if you don’trefresh your password you account will be locked”.
Request for confidential data:You are straightforwardly asked for confidential data like your PIN / password, your online bank access or your credit card number.The whole thing is backed up with a threat.
Links and forms:The e-mail contains forms and links which you are obliged to use if you do not want to receive any disadvantages.
Bad language:Sometimes, not always, the messages are written in bad English, sometimes interspersed with Cyrillic letters or special character like $ or &.
Be vigilant even with well-worded texts! If in doubt, always check with the alleged sender, for example you house bank or Amazon. Go to the original website to contact the real customer service, don’t use any links or e-mail-addresses you find in the mail.
Google fixed a high-severity zero-day flaw, tracked as CVE-2022-0609, actively exploited with the release of Chrome emergency update for Windows, Mac, and Linux. This is the first Chome zero-day fixed this year by Google.
The zero-day is a use after free issue that resides in Animation, the bug was reported by Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group.
“Use after free in Animation. Reported by Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group on 2022-02-10 [$TBD][1285449]” reads the security advisory published by Google. “Google is aware of reports that an exploit for
CVE-2022-0609
exists in the wild.”
The emergency patches will be rolled out in the next weeks. Users could update their browser manually by visiting the entry Chrome menu > Help > About Google Chrome.
Google did not disclose technical details for the CVE-2022-0609 to avoid massive exploitation of the bug. The IT giant also avoided disclosing info regarding the attack in the wild exploiting the flaw.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google added.
There’s a remote code execution hole in Adobe e-commerce products – and cybercrooks are already exploiting it.
Using the Adobe Commerce online selling platform?
Using Magento, the free, open-source variant of the same product?
Buying products from online stores that use either of these?
Using online services that themselves use services that (…repeat up the supply chain as needed…) ultimately depend upon Magento or Adobe’s paid version?
If so, make sure that the site where Magento or Adobe Commerce is actually running has downloaded and applied Adobe’s latest patches.
Note that these are so-called out-of-band updates, meaning that they’re new enough not to have made it into last week’s regular Patch Tuesday updates, but critical enough not to be left until next month’s Patch Tuesday comes round.
Adobe has released security updates for Adobe Commerce and Magento Open Source. These updates resolve a vulnerability rated critical. Successful exploitation could lead to arbitrary code execution.
Adobe is aware that CVE-2022-24086
has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.
Upgrade now
Of course, the words “limited attacks targeting merchants” shown above don’t automatically imply that “minimal damage has been done”.
Also, until we know what the attackers did when they exploited this hole, we can’t tell how much data they made off with, how many users might be affected, or what follow-up crimes – such as identity theft, password recovery and account takeover – the crooks might be able to try next.
According to Adobe, it seems that any Adobe Commerce or Magento installation running a version later than 2.3.3 that hasn’t received the latest patches is vulnerable.
The patches provided are listed as tested for all of these versions: 2.3.3-p1 to 2.3.7-p2, and 2.4.0 to 2.4.3-p1.
Quite what version number will show up after patching we can’t tell you; the patch files themselves are identified as 2.4.3-p1_v1, so our assumption is that’s the version string you’ll see.
Every day everybody receives many phishing attacks with malicious docs or PDFs. I decided to take a look at one of these files. I did a static analysis and I went straight to the point to make this reading simple and fast.
Here is the received email as it was from the Caixa Economica Federal bank, but we can see the sender uses Gmail services and a strange name.
verified this e-mail header using MXtoolbox, and we can see the IP used by the sender (attacker).
Below is the reputation of the IP used by the attacker.
We can see this IP has a lot of mentions about malicious activities.
I downloaded this file in my VPS (Kali Linux) and used peepdf to do an analysis of the file structure, and I found 2 URIs in objects 3 and 5.
After I checked objects 3 and 5 using pdf-parser, I discovered a malicious URL in the 3.
I transcribed a recent interview, here some questions and answers about nation-state hacking, spyware, and cyber warfare. Enjoy”
How has spyware changed the rules of cyber security in recent years? What will cyber security look like now that those tools are all over the internet?
In the last decade, we have observed a progressive weaponization of cyberspace. NATO recognized cyberspace as a new domain of warfare. Cyberspace is the new battlefield for nation-state actors, the digital place where international crime rings operate threatening the pillars of our digital society.
Spyware are powerful weapons in the arsenal of governments and cybercrime gangs. These tools are even more sophisticated and are able to evade detection by using so-called zero-day exploits allowing attackers to bypass the defense of government organizations and businesses. Spyware allows attackers to steal sensitive info from the targets, and perform a broad range of malicious activities.
Is the Pegasus spyware as a game-changer?
Pegasus is probably the most popular surveillance software on the market, it has been developed by the Israeli NSO Group. Anyway, it is not the only one. Many other surveillance firms develop spyware that are every day abused in dragnet surveillance and target journalists, dissidents, and opponents of totalitarian regimes. These software are developed for law enforcement and intelligence agencies, but they are often abused by many governments worldwide cyber espionage operations. The surveillance business is growing in the dark and is becoming very dangerous.
Which are devices of cyber warfare and cyber espionage?
Every technological device can be abused for cyber warfare and cyber espionage. Malware, spyware are the most common means but do not forget the power of social network platforms that can be used for surveillance and misinformation purposes.
Many governments have fallen victim to massive ransomware attacks from groups linked to organized crime, how bad can this new trend of hacking get?
Every day we read about major attacks targeting organizations worldwide with severe impact on their operations. The situation is going worse despite the numerous operations of law enforcement on a global scale. The number of ransomware attacks spiked in the last couple of years due to the implementation of the Ransomware-as-a-Service model, this means that tens of ransomware gangs have created a network of affiliates and provided them their malware. Almost any criminal group could become an affiliate, obtain ransomware from a gang, and spread it, this is amplifying the damages. Critical infrastructure are even more exposed to a new generation of threats that are more aggressive and sophisticated.
Reports are coming out linking North Korea to illegal online activities related to cryptocurrency. How are some governments using the Internet to threaten world peace in one way or another?
When dealing with nation-state actors you must consider the main motivation behind the attacks and distinguish the technique, tactics, and procedure adopted by the different state-sponsored groups.
For example, China-linked nation-state actors are more focused on cyberespionage aimed at stealing intellectual property, while Russia-linked Advanced Persistent Threat groups often operate to destabilize the political contest of foreign states, carry out cyber espionage activities, and conduct disinformation campaigns. North Korea-linked threat actors carry out financially motivated attacks against banks and cryptocurrency firms worldwide to steal funds to re-invest in their military industry.
What about the resilience of countries’ infrastructure to face such kind of war?
We need norms of state behavior in the cyber space and more information sharing on cyber threats. We need to share information about the attacks in an early stage, profiling the threat actors to mitigate and prevent their campaigns. It is essential to increase the level of security of critical infrastructure like power grids, power plants and hospitals. Critical infrastructure are the main targets of nation-state actors in a cyber warfare contest.
Is making the internet a safe place technically possible?
Let me use the title of a famous book, “No place to hide”. I mean that both nation-state actors and cybercriminal organizations are spending a growing effort to increase their hacking capabilities and evasion techniques. Unfortunately, today most of the organizations still consider cybersecurity a cost to cut and this approach gives the attackers an immense advantage. We need a cultural change and we must consider that a security by design approach is the unique way to make the Internet a safe place. We also need globally recognized norms of responsible state behavior in cyberspace.
French data protection authority says Google Analytics is in violation of GDPR
The French national data protection authority, CNIL, issued a formal notice to managers of an unnamed local website today arguing that its use of Google Analytics is in violation of the European Union’s General Data Protection Regulation, following a similar decision by Austria last month.
The root of the issue stems from the website’s use of Google Analytics, which functions as a tool for managers to track content performance and page visits. CNIL said the tool’s use and transfer of personal data to the U.S. fails to abide by landmark European regulations because the U.S. was deemed to not have equivalent privacy protections.
European regulators including CNIL have been investigating such complaints over the last two years, following a decision by the EU’s top court that invalidated the U.S.’s “Privacy Shield” agreement on data transfers. NOYB, the European Center for Digital Rights, reported 101 complaints in 27 member states of the EU and 3 states in the European Economic Area against data controllers who conduct the transatlantic transfers.
Privacy Shield, which went into effect in August of 2016, was a “self-certification mechanism for companies established in the United States of America,” according to CNIL.
Originally, the Privacy Shield was considered by the European Commission to be a sufficient safeguard for transferring personal data from European entities to the United States. However, in 2020 the adequacy decision was reversed due to no longer meeting standards.
An equivalency test was used to compare European and U.S. regulations which immediately established the U.S.’s failure to protect the data of non-U.S. citizens. European citizens would remain unaware that their data is being used and how it is being used, and they cannot be compensated for any misuse of data, CNIL found.
CNIL concluded that Google Analytics does not provide adequate supervision or regulation, and the risks for French users of the tool are too great.
“Indeed, if Google has adopted additional measures to regulate data transfers within the framework of the Google Analytics functionality, these are not sufficient to exclude the possibility of access by American intelligence services to this data,” CNIL said.
The unnamed site manager has been given a month to update its operations to be in compliance with GDPR. If the tool cannot meet regulations, CNIL suggests transitioning away from the current state of Google Analytics and replacing it with a different tool that does not transmit the data.
The privacy watchdog does not call for a ban of Google Analytics, but rather suggests revisions that follow the guidelines. “Concerning the audience measurement and analysis services of a website, the CNIL recommends that these tools be used only to produce anonymous statistical data, thus allowing an exemption from consent if the data controller ensures that there are no illegal transfers,” the watchdog said.
Technological advancements have come a long way – from when internet utility was very limited to when internet connection was achieved only through internet protocol (IP) version 4 (IPv4) addresses to this modern age where IPv6 is the next big thing.
IPv6 stands for internet protocol version 6, as you might have figured out by now, and was first introduced in 2012.
It became imperative after developers discovered that IPv4 had a finite number and addresses. It would not take long before we ran out of possible commutations for the fourth IP version.
As such, a new version that would allow humanity to generate an infinite number of IP addresses was born; IPv6. And several technologies have been built and designed in its wake.
IPv6 proxy, for instance, was subsequently developed to make things easy. IPv6 had several benefits, such as routing traffic and packet headers conveniently and attracting many organizations to start hosting their servers on it.
However, traffic and connections coming from the older IPv4 could not reach or interact with these new servers because they operated on different standards.
Therefore, it became necessary to build a tool that could translate all IPv4 traffic to reach IPv6 hosted servers, hence the IPv6 proxy.
What Is A Proxy?
A proxy is a device or computer that can serve as the middleman between different servers or networks.
It can stand anywhere between the user and the internet and transfer data and connections back and forth quickly and securely.
This traffic transfer is often done using its IP and location while concealing the user’s details. This helps to provide necessary security and anonymity for the internet user.
How Do Proxies Work?
Proxies are not the only tools used in re-routing users’ connections, but they are one of the most effective, and this is evident in the way they work:
The user sends out a request using a proxy
The proxy accepts the incoming traffic and remodels it to ensure lesser errors and better speed
Then it masks the user’s IP and transfers the traffic using its IP instead
The request reaches the final server, and the results are collected and returned to the user via the proxy network
The proxy again accepts this traffic and screens it for possible malware. Once it certifies that it is healthy, it sends it to the user.
The user receives the result quickly as a web page.
All these happen so quickly and seamlessly that users can’t even tell there have been interceptions at different levels and points.
What Are Proxies Used For?
Proxies are essential for several reasons, and below are some of the most common:
To Boast Internal Security
The internet may be a lovely place for both individuals and brands, but it can also turn sour quickly.
There are cybercriminals monitoring traffic at every turn and waiting for what data to breach.
Proxies are used because they can hide your IP and sensitive data and filter traffic to ensure the user is protected at all times.
To Reduce Server Load
Servers are just like every other type of machine – they can only handle what is within their capacity.
When a server has to deal with too much traffic every day, it doesn’t take long before it crashes.
Proxies are helpful because they are excellent at reducing the workload on servers. For instance, proxies can allocate traffic to the available server to prevent one server from taking too much load.
Proxies can also deploy caching mechanisms where they store results from past queries. This way, they can pull the data from what has been stored instead of disturbing the servers.
To Bypass Restrictions
There are several limitations and restrictions that people face when surfing the internet. Some users can get banned or blocked when they use the same IP to interact with a website or server repeatedly.
Other users can get restricted from using particular services or accessing specific content because of where they live.
Proxies are used to prevent both types of limitations as they can supply users with an extensive collection of IPs to prevent bans and multiple locations from bypassing geo-restrictions.
What Is An IPv6 Proxy?
An IPv6 proxy can be defined as a type of proxy that translates IPv4 traffic into IPv6 traffic. It could be software or hardware that stands between users and the internet and translate this older traffic into the IPv6 version.
The purpose is often to allow traffic from devices using the older IP versions to reach servers hosted on the IP6 standard.
Without this tool, it would be impossible for anyone using the older IP versions to interact with IPv6 standards.
The IPv6 proxy can also perform other essential functions of a regular proxy, including concealing the user’s networks to provide online privacy and filtering traffic to boost online security.
How Do IPv6 Proxies Work?
As the world adopts IPv6 standards and gradually moves towards it, several users, including organizations and service providers still using the IPv4 standard, need a tool to help them translate and forward their traffic.
IPv6 proxies work by intercepting traffic from the older IP standard, translating the address and header, and routing the information before forwarding them to an IPv6 server or target device.
The Main Use Cases of IPv6 Proxies
There are several ways the IPv6 proxy can be used (visit Oxylabs for more info), including the following:
Maximizing Online Security and Privacy
Like all significant proxies, the IPv4 proxies also play a massive role in boosting your security and that of your data. Whatever your online activity, you can hide your identity using these proxies with zero cost to your browsing speed and performance.
Bypassing Censorship and Constraints
If you experience bans, blockings, and restrictions very often online, you may want to consider switching to the IPv6 proxies as they can easily bypass these challenges. You can easily choose a different IP and location to appear like a completely different user.
Web Scraping
IPv4 proxies can also be used with a dedicated scraper to harvest a large amount of data from different sources at once. This capability comes from the fact that an IPv6 proxy can translate and re-route any traffic to help it reach any server. It can also provide you with multiple IP addresses and locations to help you perform these repetitive tasks without using an IP twice.
Colorado and Virginia passed new data privacy laws in 2021. Connecticut and Oklahoma are among the states that could enact new legislation around data privacy protections in 2022. California, which kicked off the conversation around data privacy at the state level, is updating its laws. Couple that with the EU’s GDPR and other data privacy laws enacted worldwide, and it is clear that data privacy has become incredibly important within cybersecurity. And that includes within the DevSecOps process.
It’s been enough of a challenge to integrate security into the DevOps process at all, even though it is now recognized that adding security early in the SDLC can eliminate issues further along in app development and deployment. But adding data privacy? Is it really necessary? Yes, it is necessary, said Casey Bisson, head of product growth at BluBracket, in email commentary. Applications now include more and more personal data that needs protection, such as apps that rely on medical PII. Those apps must have security and privacy baked into each phase of the SLDC via DevSecOps.
“There have been far too many examples of leaks of PII within code, for instance, because many companies don’t secure their Git repositories,” said Bisson. “As more sensitive information has made its way into code, it’s natural that hackers will target code. True DevSecOps will bake privacy concerns into every stage and will make these checks automated.”
Data in the Test Process
In DevSecOps, applications are developed often by using test data. “If that data is not properly sanitized, it can be lost,” said John Bambenek, principal threat hunter at Netenrich, in an email interview. “There is also the special case of secrets management and ensuring that development processes properly secure and don’t accidentally disclose those secrets. The speed of development nowadays means that special controls need to be in place to ensure production data isn’t compromised from agile development.” Beyond test data, real consumer data has to be considered. Ultimately, every organization has information they need to protect so it’s important to focus on data privacy early in development so the team working on the platform can build the controls necessary into the platform to support the privacy requirements the data has, explained Shawn Smith, director of infrastructure at nVisium, via email. “The longer you wait to define the data relationships, the harder it is to ensure proper controls are developed to support them.”
Bringing Privacy into DevSecOps
Putting a greater emphasis on privacy within DevSecOps requires two things—data privacy protocols already in place within the organization and a strong commitment to the integration of cybersecurity with data privacy. “An organization needs to start with a strong privacy program and an executive in charge of its implementation,” said Bambenek. “Especially if the data involves private information from consumers, a data protection expect should be embedded in the development process to ensure that data is used safely and that the entire development pipeline is informed with strong privacy principles.” The DevSecOps team and leadership should have a strong understanding of the privacy laws and regulations—both set by overarching government rules and by industry requirements. Knowing the compliance requirements that must be met offers a baseline to measure how data must be handled throughout the entire app development process, Smith pointed out, adding that once you have the base to build upon, the controls and steps to actually achieve the privacy levels you want will fall into place pretty easily. Finally, Bisson advised DevSecOps professionals to shift security left and empower developers to prevent any credentials or PII from being inadvertently accessible through their code before it makes it to the cloud. “DevSecOps teams should scan code both within company repositories and outside in public repos; on GitHub, for instance. It’s so easy to clone code that these details and secrets can easily be leaked,” said Bisson.
Consumers don’t understand how or where in the development process security is added, and it’s not entirely necessary for them to understand how the sausage is made. The most important concern for them is that their sensitive data is protected at all times. For that to happen most efficiently, data privacy has to be an integral part of DevSecOps.
The master decryption keys for the Maze, Egregor, and Sekhmet ransomware families were released on the BleepingComputer forums by the alleged malware developer.
The Maze group was considered one of the most prominent ransomware operations since it began operating in May 2019. The gang was the first to introduce a double-extortion model in the cybercrime landscape at the end of 2019. At the end of 2019, the Maze ransomware implemented data harvesting capabilities and started threatening the victims to release the stolen data for all those victims who refuse to pay the ransom.
In November 2020, the Maze ransomware operators announced that they have officially shut down their operations and denied the creation of a cartel.
Maze operation then rebranded in September as Egregor, but on February 2021 several members of the Egregor group were arrested in Ukraine.
The Sekhmet operation was launched in March 2020 and it has some similarities with the above ransomware operations.
While TTP’s of Egregor operators are almost identical to that of ProLock, the analysis of Egregor ransomware sample obtained during an incident response conducted by Group-IB revealed that the executable code of Egregor is very similar to Sekhmet. The two strains share some core features, use similar obfuscation technique. Egregor source code bears similarities with Maze ransomware as well.
Now the decryption keys for these operations have now been leaked in theBleepingComputer forums. The keys were shared by a user named ‘Topleak’ who claims to be the developer for all three operations.
“Hello, It’s developer. It was decided to release keys to the public for Egregor, Maze, Sekhmet ransomware families. also there is a little bit harmless source code of polymorphic x86/x64 modular EPO file infector m0yv detected in the wild as Win64/Expiro virus, but it is not expiro actually, but AV engines detect it like this, so no single thing in common with gazavat.” the user wrote on the forum.
“Each archive with keys have corresponding keys inside the numeric folders which equal to advert id in the config. In the “OLD” folder of maze leak is keys for it’s old version with e-mail based. Consider to make decryptor first for this one, because there were too many regular PC users for this version. Enjoy!”
TopLeak user pointed out that it is a planned leak, and is not linked to recent arrests and takedowns conducted by law enforcement. The alleged ransomware developer added that none of the ransomware gang will ever return in ransomware operation and that the source code of tools ever made is wiped out.
In one of the archives leaked by the user there is the source code for a malware dubbed ‘M0yv’ that was part of the gang’s arsenal.
The popular malware researchers Michael Gillespie and Fabian Wosar confirmed to BleepingComputer that they are decryption keys are legitimate and allow to decrypt files encrypted by the three ransomware families for free.
Emsisoft has released a decryptor a free decryption tool for the Maze, Egregor, and Sekhmet ransomware
The world relies on technology. So, a strong cybersecurity program is more important than ever. The challenge of achieving good cyber hygiene can be especially acute for small- and medium-sized businesses. This is particularly true for those with fully remote or hybrid work environments. Add to the mix limited resources and limited talent focused on cybersecurity, and the challenges can seem overwhelming.
Considering this, we’ve simplified things down to three key elements of a strong cybersecurity program. You need to know how to assess, remediate, and implement security best practices at scale. In more detail, this means:
Assessing your organization’s current cybersecurity program and its prioritization
Remediating endpoints at scale, bringing them into compliance with security best practices
Implementing cybersecurity policies and monitoring them to stay in compliance
1. Assess your organization’s current cybersecurity program
Taking the first step toward better cyber hygiene means understanding where your organization stands today. Conduct an honest assessment of your strengths and weaknesses in order to prioritize where to focus your efforts for your cybersecurity program. The challenge here is finding the right bar to measure yourself against. There are several frameworks that will do the job. Thus, it can be daunting to figure out which one is the right fit, especially if this is the first time you’re doing an assessment. Starting with the CIS Controls and CIS Benchmarks can help take the guesswork out of your assessment and provide peace of mind that you’re covering all of your bases.
Here’s what makes these two sets of best practices especially useful:
They tell you the “what” and the “how”: Many frameworks tell you what you should do, but not how to do it. CIS best practices give you both.
They are comprehensive and consensus-based: CIS best practices are developed in collaboration with a global community of cybersecurity experts. They’re also data-driven as explained in the CIS Community Defense Model.
They are mapped to other industry regulatory frameworks: CIS best practices have been mapped or referenced by several other industry regulatory requirements, including: NIST, FINRA, PCI DSS, FedRAMP, DISA STIGs, and many others. This means you can get the proverbial “two birds with one stone” by assessing against CIS best practices.
The CIS Controls are a prioritized and prescriptive set of safeguards that mitigate the most common cyber-attacks against systems and networks. The CIS Benchmarks are more than 100 configuration guidelines across 25+ vendor product families to safeguard systems against today’s evolving cyber threats. Both are available as free PDF downloads to help you get started.
2. Remediate endpoints at scale with CIS Build Kits
One of the challenges in applying any best practice framework is dedicating the time and resources to do the work. Luckily, CIS offers tools and resources to help automate and track the assessment process. The CIS Controls Self Assessment Tool (CIS CSAT) helps organizations assess the implementation of the CIS Controls. Additionally, the CIS Configuration Assessment Tool (CIS-CAT Pro Assessor) scans target systems for conformance to the CIS Benchmarks. CIS-CAT Pro Assessor allows you to move more quickly toward analyzing results and setting a strategy to remediate your gaps.
CIS resources and tools are designed to help you move toward compliance with best practices by remediating the gaps. Once you understand where your gaps are and how to fix them, you can use CIS Build Kits to achieve compliance at scale. CIS Build Kits are automated, efficient, repeatable, and scalable resources for rapid implementation of CIS Benchmark recommendations. You can apply them via the group policy management console in Windows, or through a shell script in Linux (Unix,*nix) environments.
Interested in trying out a Build Kit? CIS offers sample Build Kits that contain a subset of the recommendations within the CIS Benchmark. They provide you a snapshot of what to expect with the full CIS Build Kit.
3. Implement cybersecurity policies and monitor for compliance
Lastly, creating strong policies and monitoring conformance helps ensure that an organization is working toward a more robust cybersecurity program. Regularly monitoring conformance over time is critical. It helps you avoid configuration drift, and helps identify any new issues quickly. CIS tools can help monitor conformance and identify gaps.
CIS-CAT Pro Dashboard provides an easy-to-use graphical user interface for viewing CIS Benchmark conformance assessment results over time. Similarly, CIS CSAT Pro enables an organization to monitor implementation of the CIS Controls over time.
A strong cybersecurity program with CIS SecureSuite Membership
Any organization can start improving its cyber hygiene by downloading CIS’s free best practices, like the PDF versions of the CIS Benchmarks. But it’s important to know that you don’t have to go it alone. A cost-effective CIS SecureSuite Membership can be both a solution to your immediate security needs, as well as a long-term resource to help optimize your organization’s cybersecurity program.
You’ll get access to:
CIS-CAT Pro Assessor and Dashboard
CIS CSAT Pro
CIS Build Kits
CIS Benchmarks in various formats (Microsoft Word, Microsoft Excel, XCCDF, OVAL, XML) and more
Get the most out of CIS best practices for your cybersecurity program by signing up for a cost-effective CIS SecureSuite Membership.
