Android security: Multiple bootloader bugs found in major chipset vendors' code

ZDNet | September 04, 2017

Smartphone bootloader firmware should be secure even if the operating system is compromised. But researchers have found five flaws in major chipset vendors' code that leave the process vulnerable. The vulnerabilities have been found by a group of researchers from the University of California, Santa Barbara, who've built a tool called BootStomp to automatically detect security flaws in bootloaders, which load the OS kernel when devices are turned on.

Spotlight

As IT organizations begin to plan and implement their BYO programs for employee-owned Macs, PCs, smartphones and tablets in the workplace, the introduction of non-corporate devices opens up a veritable Pandora's box of liability that should be carefully addressed prior to any program's roll out. Confidentiality, compliance, data security, privacy, and litigation obligation are key concerns for safely implementing any mobility-based system, but they become even more critical when the device is personally owned. Taking the time now to ensure proper controls are in place can protect your organization from a world of trouble down the line.


Other News
PLATFORM SECURITY

SentinelOne and Okta Integration Accelerates Incident Response with XDR and Identity Security

SentinelOne | May 31, 2022

SentinelOne, an autonomous cybersecurity platform company, today announced SentinelOne XDR Response for Okta, enabling security teams to quickly respond to credential compromise and identity-based attacks. The integration of SentinelOne’s XDR platform with Okta’s identity management capabilities offers a powerful new solution to accelerate response and minimize enterprise risk. “Attackers exploit endpoint and identity security and access gaps. SentinelOne and Okta are leaders in securing both of these enterprise domains. “Incorporating SentinelOne Singularity XDR into the Okta identity platform improves the contextual awareness of our solution, ensuring that every identity is verified and malicious actors cannot advance laterally in pursuit of high-value targets. With SentinelOne across enterprise attack surfaces and Okta enforcing identity policies, organizations enjoy the best of both worlds in a single solution.” Stephen Lee, VP Technical Strategy & Partnerships, Okta According to the 2022 Verizon Data Breach Investigations Report, 82% of breaches involved the human element including the use of stolen credentials. While there are existing solutions that secure various pieces of the enterprise they are often siloed, causing gaps in visibility and making it difficult to achieve a holistic understanding of an organization’s security posture. “Groupon is on a constant journey of modernization, adopting new and cutting-edge cloud technologies like SentinelOne Singularity XDR and Okta to best protect our employees and customers,” said Ryan Ogden, Director of Information Security, Groupon. “Consolidating context from various tools and automating response force multiplies our team to address the growing scale and speed of threats.” SentinelOne’s StorylineTM observes all concurrent processes across OSs and cloud workloads, providing rich context for any potential endpoint security incident. When a threat is detected, Singularity XDR informs Okta of the last logged-in user for that endpoint and Okta provides identity context from Okta data. By combining XDR and identity context, the joint solution helps security analysts quickly determine who is doing what on which device, significantly reducing the risk of endpoint or identity-based attacks. SentinelOne XDR Response for Okta provides a fully automated remediation process, alleviating the burden on the SOC team and allowing analysts to focus on higher-value tasks. Other key use cases include: Threat Enrichment - automatically enriches threats within Singularity XDR with recent login information via Okta to make security data actionable. User Suspension - terminates active sessions originating from compromised devices to minimize response time for prevention and remediation. Reset Password - forces password resets, preventing SSO-enabled lateral movement across corporate applications. Force Reauthentication - initiates a multi-factor authentication (MFA) workflow within Okta, locking the account until the user re-authenticates with a valid MFA token for identity verification. “Compromising identities and moving laterally to exploit an organization’s ‘crown jewels’ is the blueprint of modern attacks,” said Yonni Shelmerdine, Vice President of Product Management, SentinelOne. “Organizations need robust endpoint protection and visibility into user sessions to respond effectively to malicious activity. With SentinelOne and Okta, enterprises gain enterprise-grade context for effective security operations.” About SentinelOne SentinelOne’s cybersecurity solution encompasses AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform.

Read More

SOFTWARE SECURITY

BlastWave Unifies Remote Cloud Security with Bulk Onboarding and Login Convenience Through BlastShield Software Update

BlastWave | June 17, 2022

BlastWave, a zero-trust networking solution provider that reduces the cost and complexity of remote access VPN management, today announced enhancements to its zero-trust security software solution, BlastShield™. The enhancements include added security capability for the three main cloud service providers, identity manager unification, Azure gateway security integration and easy bulk onboarding. BlastWave sees these updates as increasingly important with the global workforce shift to remote cloud environments on multiple vendor platforms. The recent update allows BlastShield users to link with hybrid cloud network providers like AWS, Google, and the most recent addition, Azure, in one secure environment without forcing a user to rely on the respective security measures of each provider. This means users can have workloads distributed across provider environments but only one user authentication system. The update continues BlastWave's mission of convenient, cutting-edge cybersecurity, all while offering enhanced protection within identity management systems. Most importantly, users can take advantage of BlastShield's heightened speed and functionality, two vital features in multi-functional, cloud environments. This latest update also adds support for gateway security in Azure environments, expanding on BlastShield's previous gateway security capabilities in GCP, AWS, ESXi and COTS hardware systems. This new gateway security integration increases functionality for Azure users, allowing them to rely on password-less authentication instead of dated VPN security measures within their cloud-based Azure environments. BlastShield's latest update streamlines bulk onboarding, a typically arduous process, leveraging customers' SSO functionality. This update's features rely on an industry-standard API, System for Cross-domain Identity Management (SCIM), designed to simplify the management of user identities in cloud-based services as well as applications. It enables the automatic exchange of user information between identity domains, eliminating the insecure provisioning of identity managers when onboarding large numbers of users in distributed cloud environments. Identity managers have conventionally suffered from potential exposure to credential theft, SIM jacking, and other threat vectors. BlastShield's update addresses these vulnerabilities without hampering the convenience of identity managers. "BlastShield's latest update enhances our proven security mechanisms with single sign-on identity management tools and offers simplified bulk onboarding. "Many competitors are focusing more on endpoint security in these hybrid cloud environments, but we're offering a macro-level security approach that combines the convenience of identity management systems like Okta and One Identity with the proven agile security of BlastShield's network-level ZTNA and microsegmentation." Michael Bacon, BlastWave Solution Engineer The recent software update and resulting functionality are automatic for new subscribers and can be implemented with the click of a button in the BlastShield interface for current professional and enterprise customers. "In the past, cybersecurity may have elicited groans from providers, largely due to its perceived inconvenience. This update lends BlastWave's proven security stack to the login convenience offered by established identity managers," said Mel Knight, Brier and Thorn CISO. "Once again, whether through bulk onboarding via secure provisioning or enhanced Azure environment security, BlastWave continues to imbue existing technologies with their patented, proven ZTNA security solution. We are excited for our customers to experience this update's improved, secure convenience, bulk onboarding, and multi-vendor cloud security." About BlastWave Founded by former executives and technologists from Apple and Cisco, BlastWave is taking a fundamentally different approach to security aimed at protecting privacy and connected devices from cyberattacks. BlastWave's patented product, BlastShield™️, is an integrated, zero-trust stack that combines state-of-the-art passwordless multi-factor authentication with high-performance, resilient encrypted connectivity and built-in microsegmentation. BlastWave is backed by Rocket Strategies, Lucas Venture Group, and Millennium Investments. The company is headquartered in Palo Alto, California.

Read More

WEB SECURITY TOOLS

Indusface Enhances its Web Application & API Protection (WAAP) platform AppTrana with Industry's First Risk-Based Protection to APIs

Indusface | May 19, 2022

Indusface, a leading application security SaaS company that continually detects security risks, provides real-time protection, and improves the performance of Websites and Applications, today announced that it is adding Risk-Based API Protection to its WAAP platform, AppTrana. APIs are the lifeline of the digital economy with many companies adopting the API-first approach. However, the growth of APIs is also opening up new risk vectors that they are not aware of. According to Gartner, more than 90% of applications have more attack surface exposed through API than UI and by 2022, API Abuse will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications. Indusface is revolutionizing the API security space by building on its API Protection capabilities. The company is doing so through the most comprehensive API protection to date by extending its risk-based approach to the same. "AppTrana's risk-based approach is unique and something that resonates with our customers. What customers are really interested in is knowing how well their application is protected based on the risk posture of their application. Building on this, we are now enhancing our API Protection capabilities by providing a risk-based approach to API security which we believe would revolutionize the market. With this, customers will be able to identify vulnerabilities found in their public APIs and quickly correlate how these are protected through API-specific policies and positive security policies applied in AppTrana providing the most comprehensive protection for APIs." Ashish Tandon, Founder and CEO, Indusface As with any security, you can protect only what you know and protection is as strong as the weakest link. The major challenges with APIs are discoverability and the ability to understand the context of APIs so that security can be tailored accordingly. It is to address these challenges that Indusface is enhancing its API protection in AppTrana. Collectively through a multi-step approach, customers get to discover APIs, understand risk posture and ensure comprehensive protection of APIs. With Indusface AppTrana's Risk-based API Protection, you get: To understand the risk posture of the APIs through unlimited automated API scans including manual tests for identifying business logic vulnerabilities. This enables organization to understand the weakest links of the APIs and get clear visibility around how these links are protected. Visibility into API traffic patterns and discovery of shadow APIs, so that you are no longer blindsided by what you don't know To protect APIs with API-specific rules written specifically to protect against OWASP Top 10 API vulnerabilities Behavioral-based protection against DDoS attacks on APIs by analyzing API traffic pattern Behavioral-based protection against BOT attacks Positive security for APIs through analysis of swagger (OpenAPI 2.0) files and creation of automated positive security policies Accurate, real-time view of vulnerabilities blocked by API specific rules, positive security policies, custom rules, and those that need fixes in the application About Indusface Indusface is a leading application security SaaS company that secures critical Web, Mobile, and API applications of 3000+ global customers using its award-winning fully managed platform that integrates web application scanner, web application firewall, DDoS & BOT Mitigation, CDN, and threat intelligence engine. Indusface has been funded by Tata Capital Growth Fund II, is the only vendor to be named Gartner Peer Insights™ Customers' Choice' in all the 7 segments for Voice of Customer WAAP (Web Application and API Protection) Report 2022, is a "Great Place to Work" certified SaaS product company, is PCI, ISO27001, SOC 2, GDPR certified, and has been the recipient of many prestigious start-up awards such as the Economic Times Top 25, NASSCOM DSCI Top Security Company, Deloitte Asia Top 100, among others.

Read More

SOFTWARE SECURITY

BlackBerry Helps Channel Partners Tap Exploding Managed Security Service Market

BlackBerry | June 09, 2022

BlackBerry Limited today announced a number of enhancements to the BlackBerry Partner Program to help Managed Security Service Providers (MSSPs) capture the exploding demand among small and medium-sized businesses (SMBs) for 24x7x365 Managed Extended Detection and Response (XDR) services, a market which industry experts expect will grow from $22.45 billion in 2020 to $77.01 billion by 2030. BlackBerry's 2022 Threat Report found SMBs experience 11-13 attacks every day. Amidst this growing threat landscape, the company has significantly increased its MSSP focus, launching new marketing incentives, a global hiring campaign to boost partner support and a revamped curriculum of training, tools and enablement resources to aid overall go-to-market efforts. Enhancements include: Greater Cybersecurity Protection for Customers & More to Sell – New products and services now available to MSSPs include CylanceGUARD®, CylancePERSONA™, and CylanceGATEWAY™. This will enable new service opportunities and help MSSPs secure their client environments. Increased Support & Field Seller Alignment – Commitment to significantly increase the size of BlackBerry's channel team, doubling employee headcount in roles such as partner management, customer success and channel enablement to ensure partners have the technical and sales support to compete and win in the crowded EDR/XDR market. BlackBerry has also introduced seller compensation on MSSP deals to encourage field alignment and to embrace MSSPs as a critical route to market. More Comprehensive Training – New BlackBerry Cyber Security Administrator (BCSA) technical training – aimed at MSSPs who will be configuring, managing, and troubleshooting BlackBerry UES products. Representing the next-generation evolution of the popular Cylance Security Professional Certification, the new program includes a blend of videos, instructor-led training, and online assessments on BlackBerry's industry-leading, AI-based, prevention-first solutions focused on preventing breaches before they happen. Lucrative Marketing Incentives – Expanded the generous 'Protect and Earn' partner incentive program that rewards MSSPs for uncovering and closing net-new BlackBerry logos. Partners earn cash-based rewards which are determined by the qualifying closed deal's Total Contract Value, with no limits. New Pricing – New flexible licensing and pricing options built to match the way MSSPs do business with customers. New MSSP-focused aid in partner business development including demand generation & sales support via proposal-based marketing funds, case studies, strategic Go-To-Market engagement and access to inside sales resources. The expanded investment and support for MSSPs comes following last month's joint warning from the Five Eyes Alliance of security authorities from the United Kingdom, Australia, Canada, New Zealand and the United States, highlighting an increase in malicious cyber activity targeting managed service providers (MSPs) and urging them to protect the IT supply chain with a fresh set of cybersecurity measures. "With headline-grabbing hacks and a cybersecurity talent gap showing no signs of letting up, SMBs have never been more under-staffed or ill-prepared to meet the challenges posed by the continuously evolving threat landscape. "Our top 20 MSSPs have grown more than 50 per cent year over year and demand for human threat experts is through the roof. To that end, BlackBerry is doubling down and increasing our focus on our MSSP partners to ensure they're set up for success." Colleen McMillan, VP, Global Channel Sales at BlackBerry About BlackBerry BlackBerry provides intelligent security software and services to enterprises and governments around the world. The company secures more than 500M endpoints including over 195M vehicles. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy solutions, and is a leader in the areas of endpoint management, endpoint security, encryption, and embedded systems. BlackBerry's vision is clear - to secure a connected future you can trust.

Read More

Spotlight

As IT organizations begin to plan and implement their BYO programs for employee-owned Macs, PCs, smartphones and tablets in the workplace, the introduction of non-corporate devices opens up a veritable Pandora's box of liability that should be carefully addressed prior to any program's roll out. Confidentiality, compliance, data security, privacy, and litigation obligation are key concerns for safely implementing any mobility-based system, but they become even more critical when the device is personally owned. Taking the time now to ensure proper controls are in place can protect your organization from a world of trouble down the line.

Resources