Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label DevSecOps. Show all posts
Technology
Artifcial Intelligence CISO Cyber Attacks CyberCrime DevSecOps Privacy and Security Technology

AI's Dark Side: Splunk Report Forecasts Troubled Trends in Privacy and Security

 




There is no doubt that AI is going to be very beneficial to security professionals, but cybercriminals will be looking for ways to harness the power of AI to their advantage as well. As bad actors push artificial intelligence to new extremes, Splunk's Security Predictions 2024 report predicts that it will certainly expand organisations' attack surfaces. 
As a result of the advancement of artificial intelligence, malicious actors will have a better chance of enhancing their portfolios and strategies. As it is anticipated that new threats will emerge in 2024, a new wave of attack methods spawning not only from artificial intelligence but also from the robust adoption of 5G in India is anticipated.

As a result, cybercriminals will have more opportunities to exploit cybercriminals since the attack surface is already wide. According to Robert Pizzari, Group Vice President, Strategic Advisor, Asia Pacific, Splunk, cybercriminals will have more opportunities. Among the key trends in security and observability that Splunk has identified for 2024, are the following: 

It is anticipated that, by 2024, CISOs will also have a greater stake at stake due to the increasing stringency, complexity, and difficulty of navigating the regulatory environment. According to the State of Security 2023, 79% of line-of-business stakeholders see the security team as either a trusted resource for information or as one of the most critical enablers of the organisation's mission. 

It was recently found in a recent Splunk report that 86% of security leaders believe that generative AI will help alleviate skill gaps and talent shortages. AI will take on security tasks. It will become more of a virtual assistant than an assistant, as it will take care of repetitive, mundane, and labour-intensive tasks that are not necessary to perform. 

While the majority of people are excited about AI, they are also nervous - CIOs and CTOs will feel the pressure to get more from less in this year's budget, making it the year of mindful budgets and massive disruption. People are excited about AI, but they are also nervous - and there will be tremendous pressure on CIOs and CTOs. With artificial intelligence, users can better understand what's going on in an environment by detecting and identifying anomalies. 

However, it would not replace manual troubleshooting. Many companies are going to use artificial intelligence to detect anomalies first, then move on to investigation and respond automatically. 

Automated remediation is something people can expect to see shortly. It has become apparent that observability can be a meaningful signal for security operations: There are a significant number of vendors who sell security products separate from one another. 

The lack of interoperability of their products is often a cause of frustration for their customers. There's no question that a DevSecOps mindset will lead the organisation - whether it's big or small - towards digital resilience, no matter if the servers are in the cloud or in the back corner of your garage.
Read more »
Palo Alto Networks
Check Point CSP Cyber Crime DevSecOps JavaScript Log4Shell Palo Alto Networks

Challenges With Software Supply Chain & CNAPP


In 2021, sales of CNAPP exceeded $1.7 billion, an increase of roughly 49% over 2020, according to a recent Frost & Sullivan analysis. According to Frost & Sullivan, CNAPP revenue growth will average over 26% annually between 2021 and 2026.

Anh Tien Vu, industry principal for international cybersecurity and the author of the report, projects that by 2026, revenues will surpass $5.4 billion "due to the increasing demand for a unified cloud security platform that strengthens cloud infrastructure security and protects applications and data throughout their life cycle."

How Does CNAPPs Function?

CNAPP platforms combine many security technologies and features to cut down on complexity and expense, offering:
  • The capabilities of the CSPM, CIEM, and CWPP tools are combined across the development life cycle, correlation of vulnerabilities, context, and linkages.
  • Identifying high-risk situations with detailed context.
  • Automatic and guided cleanup to address flaws and configuration errors.
  • Barriers to stopping unauthorized alterations to the architecture.
  • Simple interaction with SecOps ecosystems to quickly deliver notifications.
Security teams must transition from guarding infrastructure to guarding workload-running applications in order to maximize cloud security and compliance, enable DevOps, and reduce friction. That entails, at the very least, protecting the security of the production environment and cloud service configurations, with runtime protection serving as an important extra layer of security.

Attackers are focusing more and more on cloud-native targets in an effort to find vulnerabilities that may be used to compromise the software supply chain. The widespread effect that a vulnerability of this kind can have on the application environment was demonstrated by the Log4Shell flaw in the widely used Log4j Java runtime library last year.

Melinda Marks, a senior analyst at Enterprise Strategy Group, claims that while CNAPP helps businesses to set up DevSecOps processes where software engineers take the initiative to find potential bugs in code before delivering application runtimes into production, it also goes beyond. Before you release your applications to the cloud, this is crucial for preventing security risks since once you do, hackers can access them.

The scanning of development artifacts like containers and infrastructure as code (IaC), cloud infrastructure management (CIEM), runtime cloud workload protection platforms, and cloud security posture management (CSPM) are just a few of the siloed capabilities that CNAPPs combine. Together with a more uniform approach and improved awareness of the risk associated with cloud-native computing environments, CNAPP offers standard controls to reduce vulnerabilities.

Significantly, CNAPP also promotes communication between teams working on application development, cybersecurity, and IT infrastructure, opening the door to finding and fixing flaws before apps are put into use. CNAPP features are being added to security platforms by security manufacturers like Check Point and Palo Alto Networks. Marks cautions against the common misunderstanding that shifting security left is all about putting security first during the software development and build process.





Read more »
Vulnerabilities and Exploits
Application Security DevSecOps Malicious Codes Vulnerabilities and Exploits

Newly Discovered Flaw in GitHub Actions Allows Code to Bypass Review Mechanism

 

A newly uncovered security vulnerability in GitHub Actions allows software code to bypass the required reviews mechanism to a secured branch, allowing it into the pipeline to production. 

Omer Gil and his team of researchers at security startup Cider Security discovered the flaw in GitHub actions during research into novel attack vectors in the arena of DevSecOps, which evades security protections and exists even in the installations of companies that have not enabled the recently introduced feature.

"An attacker compromising a GitHub user account, or simply a developer that wants to bypass this restriction, can simply push code to a protected branch. Since code in protected branches is usually used in production systems by many users or by other systems, the impact is high," Gil explained.

Vulnerability in GitHub Actions 

GitHub Actions is GitHub's continuous integration/continuous delivery offering, which offers a mechanism to automate, customize and implement software development workflows right in the repository from development to production systems, Cider Security explained in a blog post on Medium. 

Furthermore, the GitHub Actions is installed by default on any GitHub organization, and on all of its repositories, and any user who has the privilege to push code to the repositories can design a workflow that operates when code is pushed. 

“Anyone with write access to a repository can modify the permissions granted to the GITHUB_TOKEN, adding or removing access as required, by editing the permissions key in the workflow file,” Cider Security explained.

“As the PR is created, it cannot be merged since approval is required. However, the workflow immediately runs and the PR is approved by the GitHub-actions bot, which the GITHUB_TOKEN belongs to. It’s not an organization member, but counts as PR approval, and effectively allows the attacker to approve their own PR, basically bypassing the branch protection rules.,” Cider Security further said.

"The issue is not fixed. GitHub said they'll work on fixing it. I believe adversaries can definitely take advantage of this issue in their attempts to reach production systems and expand their hold in their victims' assets," Gil noted. 

To mitigate the risks, Cider Security has advised organizations to consider disabling GitHub Actions across their whole enterprise or for particular (more sensitive) repositories. Additionally, the issue can be solved by requiring the approval of Code Owners, or by requiring two or more approvals to merge a pull request.
Read more »
Subscribe to: Posts (Atom)