Just Reboot Your Stuff – ESW #208
This week in the Enterprise Security News, Why Companies Should Outsource Cybersecurity During COVID and Beyond, Sectigo Adds Five PKI DevOps Integrations, a Drupal vulnerability press statement from ExtraHop, Palo Alto Networks launches Industry’s first 5G-Native Security offering, And Passwords exposed for almost 50,000 vulnerable Fortinet VPNs! We discuss Which Multifactor Authentication is the Right One with Matt Barnett, Chief Strategist at SEVN-X!, and then we gain some insights into Sharpening CVSS with Asset Context, with Clayton Fields and Michael Assraf of Vicarius!
Visit https://securityweekly.com/vicarius to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Why Companies Should Outsource Cybersecurity During COVID and Beyond, Sectigo Adds Five PKI DevOps Integrations, a Drupal vulnerability press statement from ExtraHop, Palo Alto Networks launches Industry’s first 5G-Native Security offering, And Passwords exposed for almost 50,000 vulnerable Fortinet VPNs!
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
- 1. Why Companies Should Outsource Cybersecurity During COVID and Beyond - Data Point Reason No. 2: The remote workforce expands the threat surface. Data Point Reason No. 3: Cybersecurity experts that meet your needs are hard to find, nurture and retain. Data Point Reason No. 4: It takes too much time and money to get in-house SOCs up and running. Data Point Reason No. 5: Businesses and other organizations want to lower their liability.
- 2. Sectigo Adds Five PKI DevOps Integrations - Sectigo released Chef, Jenkins, JetStack Cert-Manager, Puppet, and SaltStack integrations for its certificate management platform. The new integrations, which expand upon Sectigo's first round of DevOps integrations, seize the benefits of automation for DevOps environments and further aid DevSecOps teams in speeding application deployment by using automation to provision certificates.
- 3. Canonical publishes set of secure container application images – Help Net Security - “We address high and critical CVEs in LTS offerings, and fix critical issues within 24 hours.” The Snyk report finds the average time for enterprises to remediate homegrown images is 68 days.
- 4. Drupal vulnerability press statement from ExtraHop - A malicious file with a double extension (e.g., php.txt) could be “interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations,” the Drupal security team noted.
- 5. Respond Software Joins the FireEye Team - Today, FireEye announced that Respond Software is joining our Team. Respond is the creator of an AI Based Cloud native XDR Engine that automates the investigation of security alerts at machine speed. Respond Software is a perfect fit with our Mandiant Advantage platform, adding proven automation technology in the fast-growing category of Extended Detection and Response (XDR) to help secure our customers.
- 6. FireEye receives USD 400 mln investment from Blackstone, buys Respond Software
- 7. Splunk to Acquire Network Performance Monitoring Leader Flowmill - With this acquisition, Splunk will continue to deliver on its vision to offer the world’s most comprehensive Observability Suite. With Flowmill, Splunk further expands its existing observability capabilities, giving customers the ability to ingest, analyze and take action on additional cloud network and infrastructure data to quickly resolve network-related issues, optimize network performance and reduce network costs.
- 8. Palo Alto Networks launches Industry’s first 5G-Native Security offering
- 9. Digital Shadows launches sensitive document alerts with added context - Digital Shadows SearchLight™ already detects exposure of a protectively marked document (i.e. a document that says "private and confidential" or another identifier). From December 1st, two new alert types will be added for exposed technical documents (including security assessments and product designs) and exposed commercial documents (such as legal and payroll data). These documents do not need to have protective markings to be identified and associated with their organizations.
- 10. McAfee launches app marketplace, developer portal
- 11. Passwords exposed for almost 50,000 vulnerable Fortinet VPNs - The exploitation of critical FortiOS vulnerability CVE-2018-13379 lets an attacker access the sensitive "sslvpn_websession" files from Fortinet VPNs. These files contain session-related information, but most importantly, may reveal plain text usernames and passwords of Fortinet VPN users. Today, threat intelligence analyst Bank_Security has found another thread on the hacker forum where a threat actor shared a data dump containing "sslvpn_websession" files for every IP that had been on the list.
It's widely-accepted that multifactor is a best practice for authentication, but there are a variety of implementations (e.g., smart cards, push notifications, OTPs). We'll talk through the benefits and drawbacks of each and explore why Microsoft 's director of identity security just published a blog post about abandoning text messages for Office365/Azure authentication.
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
After years in IT, performing network and system administration, software development, and architecting cloud migrations, Matt began to focus his efforts in cybersecurity. Matt draws on his technical competency and law enforcement background to assist clients, in both proactive and incident response capacities. In addition, Matt has developed an arsenal of applications, strategies, policies, and procedures to assist clients in achieving better cybersecurity.
3. Beyond Subjectivity: Sharpening CVSS with Asset Context – Clayton Fields, Michael Assraf – ESW #208
Vulnerability prioritization has traditionally relied on CVSS scores and other subjective measurements (e.g. asset tagging) that don't factor in internal context. A new approach integrates asset context and application activity to derive rich, internal data.
This segment is sponsored by Vicarius.
Visit https://securityweekly.com/vicarius to learn more about them!
Tomorrow is the big day! The virtual doors open for the first-ever Security Weekly Unlocked virtual event at 10:30am and the last round table should end around 9:30pm! We have an outstanding line-up of presenters, who will be answering questions LIVE in our Discord server during their presentations! Make sure you register for this FREE event before it's too late! Visit https://securityweekly.com/unlocked to view the line-up and register!
For 15 years, Clayton has been a technologist and client advocate. He helped launch the first intrusion prevention system for Active Directory. Clayton brings a breadth of acquisition experience focused on market truths and buyer languages.
Michael has more than ten years of experience in the startup world. He has been part of six different startups, filling out several positions up to VP R&D, both on the tech and operational sides. In his last position at Atlis, Michael built and managed an R&D department. He led the Israeli team of the startup on a daily basis from day one to the release of the product’s GA. In his professional experience, Michael filled multiple positions from Network Engineer at Deltathree, Automation Engineer at Secure Islands (later acquired by Microsoft), Software Developer at Idomoo to VP R&D at Cellxpert and Atlis. Michael holds an MBA from Tel Aviv University and a BSc from the Jerusalem College of Engineering.