Atlassian Confluence under botnet attack

iTnews | April 28, 2019

Atlassian Confluence under botnet attack
Upgrade to avoid AESDDoS malware infestations. A large botnet is currently targeting vulnerable versions of Atlassian's Confluence collaboration server, and tries to abuse these for distributed denial of service attacks, remote code execution and crypto-currency mining, researchers warn. Security vendor Trend Micro said its honeypots caught a variant of the AESDDoS malware that exploits a critical server-side template injection vulnerability in the Confluence Widget Connector macro. Upgrade to avoid AESDDoS malware infestations. A large botnet is currently targeting vulnerable versions of Atlassian's Confluence collaboration server, and tries to abuse these for distributed denial of service attacks, remote code execution and crypto-currency mining, researchers warn. Security vendor Trend Micro said its honeypots caught a variant of the AESDDoS malware that exploits a critical server-side template injection vulnerability in the Confluence Widget Connector macro.

Spotlight

The 2019 Cyberthreat Defense Report surveyed 1,200 IT and security decision makers about cyberthreats and their plans to defend against them. The report revealed: 88% of mid-size enterprises reported a successful cyberattack. Nearly two-thirds of IT and security professionals believe a successful cyberattack is imminent. Detecting insider threats remains an enormous challenge for virtually every security organization.

Related News

DATA SECURITY

WafCharm on Microsoft Azure Launches Cyber Security Cloud

businesswire | December 01, 2020

Cyber Security Cloud, Inc. (CSC) is pleased to announce the availability of WafCharm on Microsoft Azure. Already available to over one million Amazon AWS users around the world, this launch provides Azure users with AI operation of Web Application Firewall (WAF) rules, expanding WafCharm’s availability to 60% of the world’s cloud users. Microsoft Azure users now have access to the same WafCharm benefits for securing their web applications in the cloud as do their Amazon AWS counterparts. By making WafCharm available on two of the industry’s top cloud platforms, businesses benefit by being able to select the cloud service that best fits their needs while enjoying the ease-of-use WafCharm offers. “WafCharm automates WAF rules using machine learning and big data without requiring security experts to customize the system,” CSC’s CTO, Yoji Watanabe, stated. “With CSC’s expertise in the cloud-WAF industry, Azure users can optimize their cloud functionality and focus resources on their businesses instead of constantly fine-tuning WAF rules to the latest security threats.” WafCharm automatically customizes WAF rules based on their applications and system, and continuously adjusts and manages them. Users can now focus on business operations with fewer security worries as WafCharm takes care of: building, testing and tuning rules; researching vulnerabilities, and creating new rules. “Deploying and operating WAF without a purpose-built tool like WafCharm is a time- and resource-intensive operation. And companies with limited resources are not able to respond immediately when problems happen,” said Yosuke Matsuura, Infrastructure Team Leader of CAST PLATFORM at Hachidori, Inc., developer of chatbot and shift and attendance tools. “With CSC’s WafCharm, we've been able to maximize WAF's security features in a hassle-free way. I highly recommend it to anyone deploying WAF.”

Read More

DATA SECURITY

Perfect storm of cybersecurity risks threatens the hybrid workplace

HP Wolf Security | November 01, 2021

HP Inc. today released its latest HP Wolf Security report: Out of Sight & Out of Mind, a comprehensive global study highlighting how the rise of hybrid work is changing user behavior and creating new cybersecurity challenges for IT departments. The research shows that a growing number of users are buying and connecting unsanctioned devices outside of IT’s purview. It also highlights that threat levels are rising, with attackers increasingly successful at bypassing defenses and tricking users into initiating attacks through phishing. All of this is making IT support more complex, time-consuming, and costly than ever. The report combines data from a global YouGov online survey of 8,443 office workers who shifted to Working from Home (WFH) during the pandemic, and a global survey of 1,100 IT decision makers conducted by Toluna. Key findings include: New Shadow IT buying and installing endpoints with security out of mind: ‘Shadow IT’ typically refers to non-IT departments deploying software beyond the purview of IT. This shadow is now spreading, with individuals procuring and connecting devices without being checked by IT. 45% of office workers surveyed purchased IT equipment (such as printers and PCs) to support home working in the past year. However, 68% said security wasn’t a major consideration in their purchasing decision, while 43% didn’t have their new laptop or PC checked or installed by IT, and 50% said the same of their new printer. Phishing becoming increasingly successful: 74% of IT teams have seen a rise in the number of employees opening malicious phishing links or attachments on emails in the last 12-months. 40% of office workers surveyed aged 18-to-24 have clicked on a malicious email with almost half (49%) saying they have done so more often since working from home. Of office workers that clicked or nearly clicked a link, 70% didn’t report it to IT – 24% didn’t think it was important, 20% cited the “hassle factor”, while 12% had a fear of reprisal or being punished. Increase in devices being compromised fuels growth in rebuild rates: 79% of IT teams report rebuild rates increased during the pandemic. Rebuild rates directly correlate to the number of endpoints that require wiping and reimaging because they have been compromised, which implies more attackers are successfully breaching outer defenses. The real figure could be higher still: 80% of IT teams worry that employee devices might be compromised and they don’t know about it. "People often don't know if they have clicked on something malicious, so the real numbers are likely much higher," comments Ian Pratt, Global Head of Security for Personal Systems, HP Inc. "Threat actors don't always announce themselves, as playing the 'long game' to move laterally and infiltrate higher-value infrastructure has proven to be more lucrative. For example, by using cloud backups to exfiltrate sensitive data in bulk, encrypting data on servers, then demanding a multi-million-dollar ransom.” Pratt continues: "It shouldn't be this easy for an attacker to get a foothold - clicking on an email attachment should not come with that level of risk. By isolating and containing the threat you can mitigate any harmful impact, preventing persistence and lateral movement." With threats rising, it’s becoming more difficult for IT teams to deliver security support. 77% of IT teams said the time it takes to triage a threat has increased in the past year, while an estimated 62% of alerts relating to the endpoint are false positives, leading to wasted time. With IT teams tied up dealing with alerts, it’s becoming harder for them to onboard employees and identify threats: 65% of IT teams said that patching endpoint devices is more time-consuming and difficult due to the mass shift to home working, while 64% said the same of provisioning and onboarding new starters with secure devices. As a result, IT teams estimate the cost of IT support in relation to security has risen by 52% in the last 12-months. 83% of IT teams said the pandemic has put even more strain on IT support because of home worker security problems, while 77% of IT teams say homeworking is making their job much harder and that they fear teams will burnout and consider quitting. “As IT continues to grow in complexity, security support is becoming unmanageable,” Pratt concludes. "For hybrid working to be a success, IT security teams need to be freed from spending hours provisioning and fielding user access requests so they can focus on tasks that add value. We need a new security architecture that not only protects against known and unknown threats, but that helps to reduce the burden to liberate cybersecurity teams and users alike. By applying the principles of Zero Trust, organizations can design resilient defenses to keep the business safe and recover quickly in the event of a compromise.” HP is helping organizations to secure the hybrid workplace by delivering endpoint security that provides teams with greater visibility and management tools. With HP Wolf Security1 organizations benefit from robust, built-in protection from the silicon to the cloud, and BIOS to browser. HP Wolf Security provides the ideal support for securing the hybrid workplace – for example HP Sure Click Enterprise2 reduces the attack surface by rendering malware, delivered via email, browser or downloads, harmless through threat containment and isolation. HP Wolf Security enables teams to deliver defense-in-depth and enhanced protection, privacy, and threat intelligence, gathering data at the endpoint to help protect the business at large. About HP Wolf Security From the maker of the world’s most secure PCs3 and Printers4, HP Wolf Security is a new breed of endpoint security. HP’s portfolio of hardware-enforced security and endpoint-focused security services are designed to help organizations safeguard PCs, printers, and people from circling cyber predators. HP Wolf Security provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services.

Read More

NETWORK THREAT DETECTION

Detectify Teams up with Hackers for Change to Benefit Security and Ethical Hacking Communities, Bolster Security for Non-profit Organizations

Detectify | August 19, 2021

Detectify, the SaaS security company powered by ethical hackers, today announced its partnership with Hackers for Change. The collaboration will equip non-profit organizations with the tools required to strengthen security and decrease the likelihood of cyber-attacks, supporting the mission of Hackers for Change to provide charities and nonprofits with industry-quality cybersecurity services at no cost. By combining each organizations' experience and hacking knowledge, the partnership aims to better serve customers and positively impact the security and ethical hacking communities. Charities and non-profit organizations are becoming increasingly susceptible to cyber-attacks as cybercriminals seek to access and exploit their massive datasets. According to one report, 26 percent of charities experienced a cyber-attack or breach last year. As philanthropies collect more data, there is a growing need for nonprofits to stay ahead of cyber criminals and protect confidential information. However, many nonprofits lack the financial resources required to properly secure their networks. This is where Hackers for Change comes in. The Toronto-based volunteer-operated organization provides other charities and nonprofits with industry-quality cybersecurity services for free. In doing so, Hackers for Change also trains Canada's next generation of cybersecurity professionals, making the digital community more resilient. For individuals seeking employment in the security industry, a lack of formal work experience can be a significant barrier to entry. By volunteering with Hackers for Change, volunteers not only gain invaluable hands-on work experience to jumpstart their careers, but also make a positive social impact on the community. Partnering for a stronger community "By teaming up with Hackers for Change, we're helping nonprofits improve their security posture while simultaneously sharing knowledge between us that will benefit customers, hacker volunteers linked to Hackers for Change, and the security industry overall," said Rickard Carlsson, co-founder and CEO at Detectify. "Collaboration is essential within the security space, and by marrying our strengths, we can't wait to see what strides we can make together." Detectify's web application scanner, Deep Scan, lets non-profit organizations stay on top of critical patching; a vital component to improving security posture. Deep Scan allows organizations to automatically scan custom-built apps, find critical security vulnerabilities, and strengthen web application security with automated security findings sourced from leading ethical hackers that make up the Detectify Crowdsource community. In addition to empowering nonprofits to find, fix, and prevent critical security vulnerabilities, Deep Scan also helps determine which vulnerabilities to prioritize and provides remediation guidance. About Detectify At Detectify, we believe that world-class cybersecurity knowledge should be accessible to everyone. Detectify automates the latest security findings from leading ethical hackers and brings it into the hands of security defenders and web application teams. Powered by a network of handpicked ethical hackers, Detectify's security solutions check your application beyond the OWASP Top 10 and helps you stay on top of threats in the cloud.

Read More

Spotlight

The 2019 Cyberthreat Defense Report surveyed 1,200 IT and security decision makers about cyberthreats and their plans to defend against them. The report revealed: 88% of mid-size enterprises reported a successful cyberattack. Nearly two-thirds of IT and security professionals believe a successful cyberattack is imminent. Detecting insider threats remains an enormous challenge for virtually every security organization.