Zack Allen’s Post

For those of you that are detection engineers, check out the latest Detection Engineering weekly! The Cybersleuth Chronicles #infosec #cybersecurity #detectionengineering #blueteam #shieldsup

Microsoft names new CISO in a major security shakeup https://lnkd.in/dRzZWGaB #TechCircleInsights #TechCircle #techcommunity #techleaders #technologists #TechCircleUpdate #ciocommunity #CISOAppointment #CybersecurityLeadership #TechSecurity #CorporateSecurity #SecurityShakeup #TechLeadership #InfoSec #CyberDefense #SecurityNews #MicrosoftUpdates

Want to save up to 40 percent of your time on core security operations tasks with capabilities such as writing complex queries based only on natural language questions and summarizing security incidents? Need to protect your organization at machine speed and scale that is built on the latest in large language models and harnesses Microsoft’s security expertise and global threat intelligence to help security teams outpace their adversaries?

The 2-year challenge to build AI-powered defense highlights the White House and Defense Advanced Research Projects Agency (DARPA) underscores the vital role that #artificialintelligence will play in mitigating #cyberthreats and #risks to #criticalinfrastructure, demonstrating AI's potential as a force for good, safeguarding basic services to the nation's communities. Pubic/private partnerships within these types of initiatives, that include Google, Microsoft, OpenAI, and Anthropic, brings not only credibility to the challenge, but also ensures that the outcomes are not only innovative but also have real-world applicability. The additional involvement of The Linux Foundation Open Source Security Foundation (OSSF) in an advisory role shows emphases on #opensource solutions, and associated levels of development and security, being very important to #SBOM and software #supplychain considerations. It will be very interesting to track the progress and success of the program, and the opportunity to bolster the Nation's defense of critical infrastructure, utilizing #AI to "...create systems that can automatically defend any kind of software from attack,” #DARPA program manager Perry Adams, who conceived of the AI Cyber Challenge, emphasizing the importance of adaptability and comprehensiveness in #cybersecurity solutions. #informationsecurity #infosec #infosecurity #appsecurity #datasecurity #dataprotection #databreach #security #technology #cyberwarfare #cyberdefense #riskmanagement #riskmitigation #riskassessment #ICSsecurity #OTsecurity #innovation #IndustrialSecurity #Cyberthreats #IndustrialIoT #ControlSystemsSecurity #OperationalTechnology #dataprotection #dataprivacy #appsecurity #cybersecuritysummit #css13

Finding some useful resources from this post.. Do check out if you are in need of these.. #cyber #cybersecurity #hacking #penetrationtesting #hacker #securityawareness

Open season "Since early October 2023, Microsoft has observed two North Korean nation-state threat actors – Diamond Sleet and Onyx Sleet – exploiting CVE-2023-42793, a remote-code execution vulnerability affecting multiple versions of JetBrains TeamCity server. TeamCity is a continuous integration/continuous deployment (CI/CD) application used by organizations for DevOps and other software development activities. In past operations, Diamond Sleet and other North Korean threat actors have successfully carried out software supply chain attacks by infiltrating build environments. Given this, Microsoft assesses that this activity poses a particularly high risk to organizations who are affected. JetBrains has released an update to address this vulnerability and has developed a mitigation for users who are unable to update to the latest software version. While the two threat actors are exploiting the same vulnerability, Microsoft observed Diamond Sleet and Onyx Sleet utilizing unique sets of tools and techniques following successful exploitation."

Social engineering is a malicious attempt to trick you into giving away sensitive information (like financial data or a password). With a password manager like LastPass, you can generate unique and secure passwords for all your accounts and store them in one central vault that can be accessed wherever and whenever you need it. Learn more tips to help protect yourself in our recent blog. Please spread the word for Password[less]! #lastpass #passtronauts #devops #platformengineering

There are a couple of important points about this attack. 1. social engineering "The attack started with the attackers doing some social engineering to convince a DevOPS engineer to downgrade to an earlier version of the MinIO software that is impacted by the two vulnerabilities." 2. persistence "Once installed, the hackers exploited CVE-2023-28432 to remotely access the server's environment variables, including the MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD variables. These administrative credentials allow the hackers to access the MinIO admin console using the MinIO client. Using this client, the threat actors modify the software update URL to one they crontrol, to push a malicious update." 3. control "Having breached the object storage system, the attackers establish a communication channel with the command and control (C2) server from where it fetches additional payloads that support post-compromise activity." So far, a couple of considerations on my side. 1. there's no real "air-gap" if your object storage is "vulnerable" by default. You may have a very secure road towards a dead city with ghouls. Not a great holiday. 2. social engineering to DevOps people - unexpected? Be careful: DevOps might not have enough security background to double check any source - I can testify. Principle of least privilege and security controls for any change - major or minor - can help. 3. protocol air gapping is good - I still believe that network air-gapping is better for a bunch of reasons. #secureyourdata #security

Good links to cyber and tech information!

Here is some insight into how innovative features like RPP from Cyber Crucible have come into being. Give us a little of your time to see how these new, unique, and successfully working solutions can protect you and give you peace of mind for your security practices.