Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Since 2009, more than 12 years ago, all major Linux distributions have been incorporating a high severity security hole that remained unnoticed until just recently. The vulnerability and exploit, dubbed “PwnKit” (CVE-2021-4034), uses the vulnerable “pkexec” tool, and allows a local user to gain root system privileges on the affected host. Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems.

Cryptocurrency mining has become very popular among malicious actors that aim to profit by exploiting cloud attack surfaces. Exposed Docker APIs have become a common target for cryptominers to mine various cryptocurrencies. According to the Google Threat Horizon report published Nov. 29, 2021, 86% of compromised Google Cloud instances were used to perform cryptocurrency mining.

Threat actors go to great lengths to hide the intentions of the malware they produce. For instance, binaries are often encrypted or packed. Typically, encrypting binaries is enough to thwart automated analysis platforms such as Cuckoo or other automated malware sandboxes. The implication is that automated detection of malicious programs might not be successful.

Today’s privacy and security conversations often happen in silos, but key privacy principles from decades ago remind us that they are intertwined, especially in the face of today’s risks. January 28, 2022, marks 15 years since the first Data Protection Day was proclaimed in Europe and 13 years since Data Privacy Day was first recognized by the United States. Since then, dozens more countries recognize the day, including Canada and Israel.

Building an application security program can be overwhelming. The steady stream of content encouraging teams to shift left is inspiring, but it doesn’t help you get started. Looking toward organizations with mature AppSec initiatives can make the gap seem insurmountable — all while an actionable plan remains elusive. Like anything else in software development, application security is a journey. A journey that’s much more enjoyable with some guiding principles.

This is a follow-up to our previous blogposts covering the Log4j vulnerability and the Deep Scan tool we made available to help identify vulnerable systems. As we close the first month of 2022, we looked into the activity related to the Log4Shell vulnerability CVE-2021-44228 observed across our 2,3000+ customers. Many of you will empathize with the struggle to find all instances of the vulnerable Log4j component, especially at the scale that comes with having a large customer base.

During an investigation of a malware campaign, I discovered that multiple emails were bypassing a specific email security system. Interestingly, there were no bypass techniques used. Instead, the flood of spear-phishing emails made the email security system allow some of the emails, at which point I began my research on Microsoft Outlook. The issue in this case was that the specially crafted malicious link parsing on the security system was weak.

Machine data analytics is the process of parsing data generated by software from a wide variety of sources including servers, networks, applications and financial records. These, and many other similar sources, produce massive amounts of data including from local operating systems, identity/access management tools, cloud consoles and their associated log files, alerts, scripts and profiles.

Technology has advanced our world in countless ways. Every day we bank, shop, conduct business and exchange photos and messages with family and friends online. While digital devices and services offer great convenience, they also pose risks to our data and privacy as the separation between our offline and online lives converges. Data Privacy Week, spanning January 24-28, serves as an important reminder of the importance of protecting our privacy and safeguarding personal information.

A Canadian man has been handed a three year prison sentence after being found guilty of buying and selling over 1700 stolen identities on a dark web marketplace. 29-year-old Slava Dmitriev, who went by the online handle of “GoldenAce”, bought and sold individuals’ personal private information, including social security numbers, on the AlphaBay dark web marketplace in 2016 and 2017.