access

now browsing by tag

 
 

#cybersecurity | #hackerspace | Zero Networks Launches Industry’s First Autonomous Network Access Orchestrator, Announces $4.65 Million in Funding

Source: National Cyber Security – Produced By Gregory Evans

Debuting at the RSA® Conference’s Launch Pad, the platform delivers adaptive user and machine-level policy enforcement to make a zero trust network model at scale a reality  

NEW YORK and TEL AVIV – February 20, 2020 – Zero Networks (www.zeronetworks.com), the pioneer in zero trust network access, today unveiled the Zero Networks Access Orchestrator, the first network security platform that automatically defines, enforces and adapts user- and machine-level network access policies to create a continuous airtight zero trust network model, at scale. The company was named one of three finalists for the prestigious RSAC Launch Pad, where it will debut the platform, on February 26th, during the RSA Conference, the world’s leading information security conference.

Zero Networks also announced it has raised $4.65 million in seed funding, led by F2 Capital and Pico Venture Partners. This funding will be used to accelerate product development and hire key positions in engineering, marketing, sales and business development.

Assuming users and machines inside the network can be completely trusted leaves the door open for malicious insiders and hackers to do almost anything they want. Zero Networks minimizes these risks, with the click of a button, constraining access in the network to only what users and machines should be doing. The Zero Networks Access Orchestrator is the first of its kind to deliver:

  • Autonomous policy enforcement – observes how users and machines normally communicate to automatically enforce a zero trust networking stance throughout your environment, with a two-factor authentication (2FA) mechanism to allow new or rare access, so users can always get what they need, when they need it.
  • Airtight security – establishes least privilege access for each and every user and machine, so they can only access only what they need, and nothing more. This provides a scalable and cost-efficient way for enterprises to establish user and machine-level perimeters that put an end to excessive allowances within the network. It also eliminates many internal attack vectors, such as network discovery, lateral movement, remote code execution and the introduction of commodity malware.
  • Access control at scale – provides a single source for all network access policies, so the entire environment is protected from managed and unmanaged devices, at scale, with the click of a button. There are no agents to deploy and no policies for IT to configure or manage.

“Zero Networks is making a zero trust security model at scale a reality,” said Jonathan Saacks, managing partner from F2 Capital. “Their approach is a radical change for the market, but not a radical change for enterprises, which is why it is so effective,” added Tal Yatsiv, operating partner at PICO Venture Partners. “Enterprises can go about their business and lock down the access of each of their users and machines to only what they need, without agents, without intervention, and without disruptions.”

Zero Networks founders Benny Lakunishok and Jossef Harush came up with the Zero Networks Access Orchestrator when they saw the burden that IT and security teams face in trying to maintain real-time access requirements for all users and machines across their environment. With deep experience in cybersecurity, they knew there had to be better, more scalable solution.

Mr. Lakunishok has been in cybersecurity for the past decade and was part of the leadership team of Aorato, which was acquired by Microsoft. Mr. Harush previously led the architecture and engineering team at CyberX. Together, they established Zero Networks to make it easy for enterprises to adapt and scale airtight, internal network access policies that keep attackers out and the business going.

The Zero Networks Access Orchestrator is currently being used by beta customers in the manufacturing, energy, retail and public sectors to defend their internal networks and will be commercially available at the end of Q1 2020.

About Zero Networks

Zero Networks automates the creation, enforcement and maintenance of zero trust network access policies for each user and machine to make zero trust security model at scale a reality. The Zero Networks Access Orchestrator enables organizations to keep up with the changes in their dynamic environment and prevent breaches from impacting operations, so they can be confident their users and machines are able to go about their business and nothing more. With Zero Networks, there are zero hassles, disruptions or worries - there’s just trust. For more information, please visit www.zeronetworks.com or follow Zero Networks on LinkedIn at https://www.linkedin.com/company/zero-networks or Twitter at https://twitter.com/ZeroNetworks.

 

Source link

The post #cybersecurity | #hackerspace |<p> Zero Networks Launches Industry’s First Autonomous Network Access Orchestrator, Announces $4.65 Million in Funding <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #infosec | WeLeakInfo, the site which sold access to passwords stolen in data breaches, is brought down by the FBI

Source: National Cyber Security – Produced By Gregory Evans

FBI seizes control of WeLeakInfo.com which sold passwords stolen in data breaches

Law enforcement agencies have seized control of the domain of WeLeakInfo, a website offering cheap access to billions of personal credentials stolen from approximately 10,000 data breaches.

For as little as $2 per day, anyone could search the controversial website’s database of records and in many instances extract names, email addresses, phone numbers, and passwords. These passwords could then be used by unscrupulous hackers to break into other accounts where users had made the mistake of reusing the same credentials.

Weleakinfo

With the seizure of the WeLeakInfo.com domain, the website’s operations are effectively suspended.

Visitors to the WeLeakInfo.com website are now greeted by a message from the various law enforcement agencies who have been investigating the website’s activities.

Seized website

A 22-year-old man was arrested by police on Wednesday in Fintona, County Tyrone, Northern Ireland, in connection with the website, and another 22-year-old male has been arrested by East Netherland Cyber Crime Unit (Politie) in Arnhem.

According to an NCA press release, the two individuals are suspected by police of having made profits in excess of £200,000 from the site.

Prosecutors are likely to argue that those behind the website were profiting from the unlawful sale of stolen data, and assisting third-parties in also accessing sensitive details.

It’s important to recognise that there is a clear difference between the likes of WeLeakInfo and legitimate services like Troy Hunt’s HaveIBeenPwned.

WeLeakInfo allowed anyone to scoop up the passwords of those involved in a data breach, meaning they could be used in future security breaches.

HaveIBeenPwned, on the other hand, doesn’t store or share anybody’s password – instead the service, which I heartily recommend individuals and organisations sign up for, informs you if your email address has been included in a data breach. And that’s it. The onus is then on you to take steps to protect yourself (which may mean resetting passwords, and ensuring that you are not using the password you use on the hacked website anywhere else).

Authorities say they continue to investigate WeLeakInfo, and one can’t help but wonder if there will be more arrests if the site’s customer details are extracted from the seized infrastructure.

Source link

The post #cybersecurity | #infosec | WeLeakInfo, the site which sold access to passwords stolen in data breaches, is brought down by the FBI appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Microsoft Access can change the way you work with data. Master it for $30

Source: National Cyber Security – Produced By Gregory Evans

TLDR: The Ultimate Microsoft Access Mastery Bundle collects the best training in the world’s top database management tool for only $29.99.

What’s the most popular Microsoft Office app? While it’s tough to make that call with certainty, it’s hard to imagine Microsoft Word doesn’t lead that pack. Ask for other Office features that get lots of use and you’ll likely hear plenty of votes cast for Excel, Outlook, or PowerPoint. 

One app you don’t hear cited nearly as often is Microsoft Access. But in an age where data is king, you may be shocked at the everyday utility of the industry-leading information management tool.

The Ultimate Microsoft Access Mastery Bundle ($29.99, over 90 percent off from TNW Deals) can help open your eyes to the power of databases and what they can mean to your daily workflow as well as your professional future.

With 224 lectures covering over 50 hours of training, this bundle pulls together all the best recent Access 2019, 2016 and 2013 training, offering up a fully-rounded view of how to get the most out of this sneaky,  powerful software.

Filled with exercises and testing, this training delves into everything you need to know, from creating and maintaining Access databases; to using Access tables, relationships and keys; to task automation and customization; to producing advanced reports that dig deep into your data.

Regularly $594, this coursework can turn you an advanced Access user for just $29.99.

Software not included. Prices are subject to change.

You can’t beat free! Get $70+ worth of premium Mac apps for free today!

Source link
——————————————————————————————————

The post #deepweb | <p> Microsoft Access can change the way you work with data. Master it for $30 <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | New Insights into Privileged Access Management (PAM) Best Practices

Source: National Cyber Security – Produced By Gregory Evans

The increasingly sophisticated and persistent nature of cyber threats underscores the importance of protecting your privileged accounts, along with their respective privileged users and privileged credentials. Privileged accounts, by their very nature, tend to be the sort of digital “crown jewels” that are much sought-after by hackers. Best practices for Privileged Access Management (PAM), the main countermeasure for this risk, are thus evolving as the threats become better understood.

A Brief Overview of Privileged Access Management

PAM comprises a collection of practices, policies and technologies that protect administrative or “privileged” access to the back ends of critical systems. Privileged users operate privileged accounts, where they are authorized to set up, configure, reconfigure or delete systems, e.g. servers, databases and storage volumes. They can also set up, modify or erase user accounts—or promote regular users to privileged status and so forth.

Privileged users are necessary for the proper functioning of your IT department. However, their power makes them very attractive targets for hackers. Some of the most notorious data breaches in recent memory resulted from the abuse of privileged accounts and the impersonation of privileged user identities. Protecting privileged credentials is therefore a major goal of cyber security policy and security operations (SecOps).

PAM Best Practices

The basic idea of PAM is easy to understand: Restrict privileged access only to privileged users. It seems simple enough. Indeed, some companies still use spreadsheets and common sense to manage privileged accounts. This is no longer a viable approach though, operationalizing PAM will take focus and effort, along with the right tools.

Virtually all organizations that take PAM seriously have acquired dedicated PAM solutions. In some cases, it’s a good practice to integrate PAM with your Identity and Access Management (IAM) system. This approach creates a single source of user data. From this master data set, you can then elevate access privileges while tracking all user identities in the same place

#1 Map your privileged accounts

It’s wise to know where your privileged accounts are and who has access to them. This may seem unnecessary, but in today’s IT world of cloud servers, APIs and mobile endpoints, you might be surprised to learn how many previously unknown systemic backdoors you have. If your organization has distributed management of business units, the problem can be even worse than you imagine. Furthermore, if outside entities like IT consultants have privileged access, that expands the attack surface area that much more. In many cases, a privileged user might even be a machine, not a human being.

#2 Establish Privileged Account Governance

This may seem a bit overly formal, but governance is an essential element of an effective PAM program. The execution of PAM governance doesn’t have to be fancy, but it’s a good idea to commit rules and policies to writing and then make sure that stakeholders understand them. One reason this is so important has to do with the circumstances in which privileged access is granted. For example, if an IT admin gets a call at home on the weekend, with someone asking to be given access to the email server, how should he or she respond? If you’ve established that privileged access can never be granted based on a call to a personal cell phone, you’ll be protected against a potential social engineering hack.

#3 Get organization-wide buy-in

Everyone has to be aware of your PAM program and how it works. This includes senior executives. PAM should factor into general security training, so people will understand and follow privileged access policies. They’ll know it’s happening for everyone’s benefit.

#4 Create a written privileged account password policy

This falls under governance, but it’s worth calling out on its own. Hackers thrive in ambiguity, particularly when there’s turnover of personnel and a lack of clarity about who is allowed to do what. For instance, if your company has an external IT provider managing the ERP system, a hacker can impersonate one of their employees to gain back end access. However, if you have a written policy that requires sign-off from a senior executive at the IT contractor, then you have taken a step toward mitigating that risk. Privileged password policies templates are available from SANS, NIST, GLBA and the ISO (e.g. ISO17799 and ISO9000).

#5 Protect the PAM Solution

Understand that the PAM solution itself is a major target for hackers. What better way is there to get inside an organization and steal its data or wreak utter havoc? If hackers can penetrate the PAM solution, they can create privileged users at will. Or, they can switch off privileged account access for actual privileged users—blunting incident response capabilities at the same time. A compromised but functioning PAM system could mask unauthorized privilege assignments and erase privileged account sessions. For these reasons, it’s a highly recommended practice to devise countermeasures that provide defense in depth for the PAM solution.

The breach events of 2019 only serve to heighten the importance of robust privileged access management. The threats aren’t likely to get any less serious or advanced. Bad actors are coming for your privileged accounts. Now is the time to increase the depth and intensity of your countermeasures.

Are your current privileged access management efforts enough? Learn how Hysolate isolates PAM access for top grade endpoint security. Request a demo with a specialist today.

The post New Insights into Privileged Access Management (PAM) Best Practices appeared first on Hysolate.

*** This is a Security Bloggers Network syndicated blog from Blog – Hysolate authored by Jessica Stanford. Read the original post at: https://www.hysolate.com/blog/new-insights-into-privileged-access-management-pam-best-practices/

Source link

The post #cybersecurity | #hackerspace |<p> New Insights into Privileged Access Management (PAM) Best Practices <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Idaptive Brings Next-Gen Access to Government Agencies with GSA Designation

Source: National Cyber Security – Produced By Gregory Evans

To cap off an incredible first year for Idaptive’s sales and channel program, we’re proud to announce that Idaptive is now on the  U.S. General Services Administration (GSA) Schedule, so we are now able to offer GSA government agencies and state and local governments the identity and access management services they need to benefit from true Zero Trust security. With this designation, Idaptive can bring the future of identity and access to the public service sector, empowering government agencies to enable seamless and secure access to public servants and citizens alike through our Next-Gen Access Cloud. 

The GSA is the purchasing arm of the U.S. Government, and lists contracts or schedules available for vendors to bid on. To become eligible to bid on a GSA schedule, Idaptive had to complete a series of steps that included obtaining a DUNS number, registering in the government’s SAM (System for Award Management), and providing previous customer contact information as a means for the GSA to perform a past performance evaluation. 

GSA status is a non-industry specific designation, and Idaptive was able to earn its GSA approval through the help of our strategic channel partner ImmixGroup. This partnership marks the next chapter for Idaptive’s blossoming channel program, which we launched from scratch earlier this year. Since then, it has grown to include a total of 152 incredible solution providers and technology integrators and accounts for nearly 80 percent of our sales to date. All while racking up a number of channel-based awards wins and accolades along the way (check those out below). 

Brian Krause, Idaptive’s Director of Worldwide Channels, explains that GSA is an important next step for both Idaptive and for Federal, state and local governments when it comes to bringing much-needed innovation and security to the country’s most important public service agencies. 

“There’s no one more at risk to data breaches than government agencies, and the stakes are often far higher,” said Krause. “With GSA designation, we’re proud to deliver Next-Gen Access identity technology to help more government organizations implement a Zero Trust security posture while also improving employee productivity, enhancing citizen and partner experiences, and reducing the risk of data breaches.” 

2019 was a huge year for Idaptive and our channel program, and we look forward to seeing what next year has in store! Stay tuned in 2020 for more updates on the future of identity from Idaptive. 

 

Check out all of Idaptive’s channel program news and recognitions this year here: 

Source link

The post #cybersecurity | #hackerspace |<p> Idaptive Brings Next-Gen Access to Government Agencies with GSA Designation <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Privileged Access Abuse at the Heart of Latest Malicious Insider Incidents

Source: National Cyber Security – Produced By Gregory Evans While many companies spend a lot of energy protecting their business from external threats, security events initiated by insiders can be just as costly. Malicious insiders not only have intimate knowledge of corporate systems and infrastructure, but they also have something far more powerful: legitimate privileged […] View full post on AmIHackerProof.com

Protecting programmatic access to user data with Binary Authorization for Borg

Source: National Cyber Security – Produced By Gregory Evans

Binary Authorization for Borg, or BAB, is an internal deploy-time enforcement check that reduces insider risk by ensuring that production software and configuration deployed at Google is properly reviewed and authorized, especially when that code has the ability to access user data. BAB ensures that code and configuration deployments meet certain standards prior to being deployed. BAB includes both a deploy-time enforcement service to prevent unauthorized jobs from starting, and an audit trail of the code and configuration used in BAB-enabled jobs.

BAB ensures that Google’s official software supply chain process is followed. First, a code change is reviewed and approved before being checked into Google’s central source code repository. Next, the code is verifiably built and packaged using Google’s central build system. This is done by creating the build in a secure sandbox and recording the package’s origin in metadata for verification purposes. Finally, the job is deployed to Borg, with a job-specific identity. BAB rejects any package that lacks proper metadata, that did not follow the proper supply chain process, or that otherwise does not match the identity’s predefined policy.

BAB can be used for many kinds of deploy-time security checks. Some examples include:

  • Is the binary built from checked in code?
  • Is the binary built verifiably?
  • Is the binary built from tested code?
  • Is the binary built from code intended to be used in the deployment?

After deployment, a job is continuously verified for its lifetime, to check that jobs that were started (and any that may still be running) conform to updates to their policies.
Binary Authorization for Borg provides other security benefits
Though the primary purpose of BAB is to limit the ability of a potentially malicious insider to run an unauthorized job that could access user data, BAB has other security benefits. BAB provides robust code identity for jobs in Google’s infrastructure, tying a job’s identity to specific code, and ensuring that only the specified code can be used to exercise the job identity’s privileges. This allows for a transition from a job identity—trusting an identity and any of its privileged human users transitively—to a code identity—trusting a specific piece of reviewed code to have specific semantics and which cannot be modified without an approval process.

BAB also dictates a common language for data protection, so that multiple teams can understand and meet the same requirements. Certain processes, such as those for financial reporting, need to meet certain change management requirements for compliance purposes. Using BAB, these checks can be automated, saving time and increasing the scope of coverage.

Binary Authorization for Borg is part of the BeyondProd model
BAB is one of several technologies used at Google to mitigate insider risk, and one piece of how we secure containers and microservices in production. By using containerized systems and verifying their BAB requirements prior to deployment, our systems are easier to debug, more reliable, and have a clearer change management process. More details on how Google has adopted a cloud-native security model are available in another whitepaper we are releasing today, “BeyondProd: A new approach to cloud-native security.”
In summary, implementing BAB, a deploy-time enforcement check, as part of Google’s containerized infrastructure and continuous integration and deployment (CI/CD) process has enabled us to verify that the code and configuration we deploy meet certain standards for security. Adopting BAB has allowed Google to reduce insider risk, prevent possible attacks, and also support the uniformity of our production systems. For more information about BAB, read our whitepaper, “Binary Authorization for Borg: how Google verifies code provenance and implements code identity.”

Additional contributors to this whitepaper include Kevin Chen, Software Engineer; Tim Dierks, Engineering Director; Maya Kaczorowski, Product Manager; Gary O’Connor, Technical Writing; Umesh Shankar, Principal Engineer; Adam Stubblefield, Distinguished Engineer; and Wilfried Teiken, Software Engineer; with special recognition to the entire Binary Authorization for Borg team for their ideation, engineering, and leadership

Source link

The post Protecting programmatic access to user data with Binary Authorization for Borg appeared first on National Cyber Security.

View full post on National Cyber Security

Ransomware attack freezes health records access at 110 nursing homes – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

Happy Thanksgiving: your elder loved one’s life may be at risk.

About 110 nursing homes and acute-care facilities have been crippled by a ransomware attack on their IT provider, Virtual Care Provider Inc. (VCPI), which is based in the US state of Wisconsin and which serves up data hosting, security and access management to nursing homes across the country.

The attack was still ongoing on Monday, when cybersecurity writer Brian Krebs first reported the assault.

Krebs says it involves a ransomware strain called Ryuk, known for being used by a hacking group that calculates how much ransom victimized organizations can pay based on their size and perceived value.

Whoever it was who launched the attack, they got it wrong in this case. VCPI chief executive and owner Karen Christianson told Krebs that her company can’t afford to pay the roughly $14 million Bitcoin ransom that the attackers are demanding. Employees have been asking when they’ll get paid, but the top priority is to wrestle back access to electronic medical records.

The attack affected virtually all of the firm’s core offerings: internet service, email, access to patient records, client billing and phone systems, and even the internal payroll operations that VCPI uses to pay its workforce of nearly 150. Regaining access to electronic health records (EHR) is the top priority because without that access, the lives of the seniors and others who reside in critical-care facilities are at stake.

This is dire, Christianson said:

We’ve got some facilities where the nurses can’t get the drugs updated and the order put in so the drugs can arrive on time. In another case, we have this one small assisted living place that is just a single unit that connects to billing. And if they don’t get their billing into Medicaid by December 5, they close their doors. Seniors that don’t have family to go to are then done. We have a lot of [clients] right now who are like, ‘Just give me my data,’ but we can’t.

As Krebs notes, recent research suggests that death rates from heart attacks spike in the months and years following data breaches or ransomware attacks at healthcare facilities. A report from Vanderbilt University Owen Graduate School of Management posits that it’s not the attacks themselves that lead to the death rate rise, but rather the corrective actions taken by the victimized facilities, which might include penalties, new IT systems, staff training, and revision of policies and procedures.