Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Web Services. Show all posts
Web Services
AI integration Artificial Intelligence Cyber Crime CyberCrime CyberThreat Cyersecurity AI Data Data Protectoin Technology Google LLM. Okta Web Services

AI Integration Raises Alarms Over Enterprise Data Safety

 


Today's digital landscape has become increasingly interconnected, and cyber threats have risen in sophistication, which has significantly weakened the effectiveness of traditional security protocols. Cybercriminals have evolved their tactics to exploit emerging vulnerabilities, launch highly targeted attacks, and utilise advanced techniques to breach security perimeters to gain access to and store large amounts of sensitive and mission-critical data, as enterprises continue to generate and store significant volumes of sensitive data.

In light of this rapidly evolving threat environment, organisations are increasingly forced to adopt more adaptive and intelligent security solutions in addition to conventional defences. In the field of cybersecurity, artificial intelligence (AI) has emerged as a significant force, particularly in the area of data protection. 

AI-powered data security frameworks are revolutionising the way threats are detected, analysed, and mitigated in real time, making it a transformative force. This solution enhances visibility across complex IT ecosystems, automates threat detection processes, and supports rapid response capabilities by identifying patterns and anomalies that might go unnoticed by human analysts.

Additionally, artificial intelligence-driven systems allow organisations to develop risk mitigation strategies that are scalable as well as aligned with their business objectives while implementing risk-based mitigation strategies. The integration of artificial intelligence plays a crucial role in maintaining regulatory compliance in an era where data protection laws are becoming increasingly stringent, in addition to threat prevention. 

By continuously monitoring and assessing cybersecurity postures, artificial intelligence is able to assist businesses in upholding industry standards, minimising operations interruptions, and strengthening stakeholder confidence. Modern enterprises need to recognise that AI-enabled data security is no longer a strategic advantage, but rather a fundamental requirement for safeguarding digital assets in a modern enterprise, as the cyber threat landscape continues to evolve. 

Varonis has recently revealed that 99% of organisations have their sensitive data exposed to artificial intelligence systems, a shocking finding that illustrates the importance of data-centric security. There has been a significant increase in the use of artificial intelligence tools in business operations over the past decade. The State of Data Security: Quantifying Artificial Intelligence's Impact on Data Risk presents an in-depth analysis of how misconfigured settings, excessive access rights and neglected security gaps are leaving critical enterprise data vulnerable to AI-driven exploitation. 

An important characteristic of this report is that it relies on extensive empirical analysis rather than opinion surveys. In order to evaluate the risk associated with data across 1,000 organisations, Varonis conducted a comprehensive analysis of data across a variety of cloud computing environments, including the use of over 10 billion cloud assets and over 20 petabytes of sensitive data. 

Among them were platforms such as Amazon Web Services, Google Cloud Services, Microsoft Azure Services, Microsoft 365 Services, Salesforce, Snowflake, Okta, Databricks, Slack, Zoom, and Box, which provided a broad and realistic picture of enterprise data exposure in the age of Artificial Intelligence. The CEO, President, and Co-Founder of Varonis, Yaaki Faitelson, stressed the importance of balancing innovation with risk, noting that, even though AI is undeniable in increasing productivity, it also poses serious security issues. 

Due to the growing pressure on CIOs and CISOs to adopt artificial intelligence technologies at a rapid rate, advanced data security platforms are in increasing demand. It is important to take a proactive, data-oriented approach to cybersecurity to prevent AI from becoming a gateway to large-scale data breaches, says Faitelson. It is important to note that researchers are also exploring two critical dimensions of risk as they relate to large language models (LLMs) as well as AI copilots: human-to-machine interaction and machine-to-machine integrity, which are both critical aspects of risk pertaining to AI-driven data exposure. 

A key focus of the study was on how sensitive data, such as employee compensation details, intellectual property rights, proprietary software, and confidential research and development insights able to be unintentionally accessed, leaked, or misused by using just a single prompt into an artificial intelligence interface if it is not protected. As AI assistants are being increasingly used throughout departments, the risk of inadvertently disclosing critical business information has increased considerably. 

Additionally, two categories of risk should be addressed: the integrity and trustworthiness of the data used to train or enhance artificial intelligence systems. It is common for machine-to-machine vulnerabilities to arise when flawed, biased, or deliberately manipulated datasets are introduced into the learning cycle of machine learning algorithms. 

As a consequence of such corrupted data, it can result in far-reaching and potentially dangerous consequences. For example, inaccurate or falsified clinical information could lead to life-saving medical treatments being developed, while malicious actors may embed harmful code within AI training pipelines, introducing backdoors or vulnerabilities to applications that aren't immediately detected at first. 

The dual-risk framework emphasises the importance of tackling artificial intelligence security holistically, one that takes into account the entire lifecycle of data, from acquisition and input to training and deployment, not just the user-level controls. Considering both human-induced and systemic risks associated with generative AI tools, organisations can implement more resilient safeguards to ensure that their most valuable data assets are protected as much as possible. 

Organisations should reconsider and go beyond conventional governance models to secure sensitive data in the age of AI. In an environment where AI systems require dynamic, expansive access to vast datasets, traditional approaches to data protection -often rooted in static policies and role-based access -are no longer sufficient. 

Towards the future of AI-ready security, a critical balance must be struck between ensuring robust protection against misuse, leakage, and regulatory non-compliance, while simultaneously enabling data access for innovation. Organisations need to adopt a multilayered, forward-thinking security strategy customised for AI ecosystems to meet these challenges. 

It is important to note that some key components of a data-tagging and classification strategy are the identification and categorisation of sensitive information to determine how it should be handled depending on the criticality of the information. As a replacement for role-based access control (RBAC), attribute-based access control (ABAC) should allow for more granular access policies based on the identity of the user, context, and the sensitivity of the data. 

Aside from that, organisations need to design data pipelines that are AI-aware and incorporate proactive security checkpoints into them so as to monitor how their data is used by artificial intelligence tools. Additionally, output validation becomes crucial—it involves implementing mechanisms that ensure outputs generated by artificial intelligence are compliant, accurate, and potentially risky before they are circulated internally or externally. 

The complexity of this landscape has only been compounded by the rise of global regulations and regional regulations that govern data protection and artificial intelligence. In addition to the general data privacy frameworks of GDPR and CCPA, businesses will now need to prepare themselves for emerging AI-specific regulations that will put a stronger emphasis on how AI systems access and process sensitive data. As a result of this regulatory evolution, organisations need to maintain a security posture that is both agile and anticipatable.

Matillion Data Productivity Cloud, for instance, is a solution that embodies this principle of "secure by design". As a hybrid cloud SaaS platform tailored to enterprise environments, Matillion has created a platform that is well-suited to secure enterprise environments. 

With its standardised encryption and authentiyoucation protocols, the platform is easily integrated into enterprise networks through the use of a secure cloud infrastructure. This platform is built around a pushdown architecture that prevents customer data from leaving the organisation's own cloud environment while allowing advanced orchestration of complex data workflows in order to minimise the risk of data exposure.

Rather than focusing on data movement, Matillion's focus is on metadata management and workflow automation, providing organisations with a secure, efficient data operation, allowing them to gain insights faster with a higher level of data integrity and compliance. Organisations must move towards a paradigm shift—where security is woven into the fabric of the data lifecycle—as AI poses a dual pressure on organisations. 

A shift from traditional governance systems to more adaptive, intelligent frameworks will help secure data in the AI era. Because AI systems require broad access to enterprise data, organisations must strike a balance between openness and security. To achieve this, data can be tagged and classified and attributes can be used to manage access precisely, attribute-based access controls should be implemented for precise control of access, and AI-aware data pipelines must be built with security checks, and output validation must be performed to prevent the distribution of risky or non-compliant AI-generated results. 

With the rise of global and AI-specific regulations, companies need to develop compliance strategies that will ensure future success. Matillion Data Productivity Cloud is an example of a platform which offers a secure-by-design solution, as it combines a hybrid SaaS architecture with enterprise-grade security and security controls. 

Through its pushdown processing, the customer's data will stay within the organisation's cloud environment while the workflows are orchestrated safely and efficiently. In this way, organisations can make use of AI confidently without sacrificing data security or compliance with the laws and regulations. As artificial intelligence and enterprise data security rapidly evolve, organisations need to adopt a future-oriented mindset that emphasises agility, responsibility, and innovation. 

It is no longer possible to rely on reactive cybersecurity; instead, businesses must embrace AI-literate governance models, advance threat intelligence capabilities, and secure infrastructures designed with security in mind. Data security must be embedded into all phases of the data lifecycle, from creation and classification to accessing, analysing, and transforming it with AI. Developing a culture of continuous risk evaluation is a must for leadership teams, and IT and data teams must be empowered to collaborate with compliance, legal, and business units proactively. 

In order to maintain trust and accountability, it will be imperative to implement clear policies regarding AI usage, ensure traceability in data workflows, and establish real-time auditability. Further, with the maturation of AI regulations and the increasing demands for compliance across a variety of sectors, forward-looking organisations should begin aligning their operational standards with global best practices rather than waiting for mandatory regulations to be passed. 

A key component of artificial intelligence is data, and the protection of that foundation is a strategic imperative as well as a technical obligation. By putting the emphasis on resilient, ethical, and intelligent data security, today's companies will not only mitigate risk but will also be able to reap the full potential of AI tomorrow.
Read more »
Web Services
Amazon AWS Bling Libra Cloud Attacks Cloud Vulnerabilities CyberCrime Cybersecurity CyberThreat Microsoft GitHub Privacy Web Services

Bling Libra Shifts Focus to Extortion in Cloud-Based Attacks

 


It was observed during an incident response engagement handled by Unit 42, that the threat actor group Bling Libra (which was responsible for distributing ShinyHunters ransomware) had shifted from extortion to extortion of victims rather than its traditional tactic of selling/publishing stolen data in an attempt to increase their profits. 

During this engagement, it was also demonstrated how the group was able to acquire legitimate credentials, which were accessed from public repositories, to gain initial access to an organization's Amazon Web Services (AWS) environment through its public username and password. The compromised credentials had limited impact due to the limited permissions associated with them, but Bling Libra managed to infiltrate the organization's AWS environment and conduct reconnaissance operations on it during this time. 

The threat actor group used various tools for gaining information and accessing S3 bucket configurations, interacting with S3 objects, as well as deleting files from the service using tools such as the Amazon Simple Storage Service (S3) Browser and WinSCP. As a result of previous jobs with high-profile data breaches, including the Microsoft GitHub and Tokopedia incidents in 2020, Bling Libra has developed a special part of their business model that enables them to monetize stolen data through underground marketplaces. 

There has, however, been a significant change in the methods that Unit 42 implements, which have been reported in a recent report. As of 2024, Bling Libra has revitalized its business model from data theft to extortion, primarily targeting vulnerabilities within cloud-based environments to heighten its revenue. As Unit 42 explained in its latest report, Bling Libra obtained AWS credentials from a sensitive file that was exposed online to perform the latest attack. 

AWS account credentials were obtained from an Identity and Access Management (IAM) user, which would have provided the attackers with access to the victim's account on Amazon Web Services (AWS). While the permissions for accessing Amazon S3 resources were restricted, Bling Libra exploited them to gain a foothold in the cloud environment even though they were limited. Even though Bling Libra uses the same method of accessing victims for the first few minutes, it has instead instigated the double-extortion tactics normally associated with ransomware gangs - they initially steal data from victims and threaten to publish it online if they do not pay the ransom. 

According to the researchers, Bling Libra used credentials from a sensitive file exposed by the attacker on the Internet as a way of stealing the credentials, even though this file contained a variety of credentials. Aside from these exposed AWS access keys, the group also alleged that it "targeted a few other one-time credentials that were exposed by this individual as well as a few other exposed AWS access keys belonging to this individual.". 

Using these credentials, it is possible for the threat actors to gain access to the AWS account where the IAM user resides and to use the AWS API call to interact with the S3 bucket under the context of the AmazonS3FullAccess policy, which allows all permissions to be granted to users. The attackers in this case sat on the network and lurked for about a month before launching an attack that led to the exfiltration of information, its deletion from the environment, and the recovery of an extortion note demanding ransom payment. 

Their ransom note gave them a week to make their payment. It has been reported that Bling Libra also created new S3 buckets in the aftermath of their attack, presumably to mock the organization about the attack, as well. Ticketmaster's attack in June was notable because of how much data Bling Libra was able to obtain during this attack. At the time, the organization claimed that a total of more than half a million records were stolen, some of which contained Personal Identifiable Information (PII) such as names, emails, addresses, and partial credit card information. 

In May, the same group also claimed responsibility for several other attacks on other companies, including Ticketek Entertainment Group (TEG), in Australia, that occurred around the same period as Ticketmaster. Like Ticketmaster, TEG was attacked at the beginning of May. This group has been associated with several significant data breaches that have affected millions of records of data, and the implications have been severe. 

In the final phase of the attack, Bling Libra created new S3 buckets with mocking names to signify their control over the environment, illustrating their ability to manipulate the system. The threat group known as Bling Libra has adopted a new tactic, pivoting to extortion as a primary method for monetizing their cyber breaches. 

Following their recent cloud-based attacks, the group sent out extortion emails demanding payment in exchange for the return of stolen data and the cessation of further malicious activities. This shift in strategy underscores their focus on using extortion as a central means to profit from their operations. A recent report by Unit 42 offers a comprehensive analysis of Bling Libra's operational tools, particularly emphasizing their use of S3 Browser and WinSCP. 

These tools enable the threat actors to interact seamlessly with Amazon Web Services (AWS) environments. The report provides in-depth insights that assist incident responders in distinguishing between legitimate tool usage and activities indicative of a security breach. To counteract such threats, Unit 42 strongly advises organizations to adhere to the principle of least privilege, ensuring that users have only the minimal level of access necessary to perform their functions. 

Additionally, they recommend implementing robust security measures, including the use of AWS IAM Access Analyzer and AWS Service Control Policies. These tools are essential for mitigating the risks associated with similar attacks on cloud infrastructure. As businesses increasingly depend on cloud technologies, maintaining a proactive and vigilant cybersecurity posture is critical. Organizations must be diligent in their efforts to protect their cloud environments from sophisticated threat actors like Bling Libra.
Read more »
Web Services
AI tools Artificial Intelligence Chatbots Cyber Security Healthcare Data Oracle Web Services

Oracle and Cohere Collaborate for New Gen AI Service

 

During Oracle's recent earnings call, company founder Larry Ellison made an exciting announcement, confirming the launch of a new generation AI service in collaboration with Cohere. This partnership aims to deliver powerful generative AI services for businesses, opening up new possibilities for innovation and advanced applications.

The collaboration between Oracle and Cohere signifies a strategic move by Oracle to enhance its AI capabilities and offer cutting-edge solutions to its customers. With AI playing a pivotal role in transforming industries and driving digital transformation, this partnership is expected to strengthen Oracle's position in the market.

Cohere, a company specializing in natural language processing (NLP) and generative AI models, brings its expertise to the collaboration. By leveraging Cohere's advanced AI models, Oracle aims to empower businesses with enhanced capabilities in areas such as text summarization, language generation, chatbots, and more.

One of the key highlights of this collaboration is the potential for businesses to leverage the power of generative AI to automate and optimize various processes. Generative AI has the ability to create content, generate new ideas, and perform complex tasks, making it a valuable tool for organizations across industries.

The joint efforts of Oracle and Cohere are expected to result in the development of state-of-the-art AI models that can revolutionize how businesses operate and innovate. By harnessing the power of AI, organizations can gain valuable insights from vast amounts of data, enhance customer experiences, and streamline operations.

This announcement comes in the wake of Oracle's recent acquisition of Cerner, a healthcare technology company, further solidifying Oracle's commitment to revolutionizing the healthcare industry through advanced technologies. The integration of AI into healthcare systems holds immense potential to improve patient care, optimize clinical processes, and enable predictive analytics for better decision-making.

As the demand for AI-powered solutions continues to rise, businesses are seeking comprehensive platforms that can deliver sophisticated AI services. With Oracle and Cohere joining forces, organizations can benefit from an expanded suite of AI tools and services that can address a wide range of industry-specific challenges.

The collaboration between Oracle and Cohere highlights the growing importance of AI in driving innovation and digital transformation across industries. As businesses increasingly recognize the value of AI, partnerships like this one are crucial for pushing the boundaries of what AI can achieve and bringing advanced capabilities to the market.

The partnership between Oracle and Cohere signifies a significant step forward in the realm of AI services. The collaboration is expected to deliver powerful generative AI solutions that can empower businesses to unlock new opportunities and drive innovation. With Oracle's expertise in enterprise technology and Cohere's proficiency in AI models, this collaboration holds great promise for businesses seeking to leverage the full potential of AI in their operations and strategies.
Read more »
Web Services
Apps Cyber Security Malicious actor saaS Supply Chain Attack Unauthorized access Web Services

DoControl: Growing its SaaS Security Platform

DoControl offers an integrated, automated, and risk-aware SaaS Security Platform that protects apps and data which are essential to corporate operations promotes operational efficiency and boosts productivity. Protecting data and business-critical SaaS apps through automated remediation is DoControl's key strength.

DoControl's newest module adds shadow SaaS application identification, monitoring, and remediation to build on earlier advancements that target mission-critical use cases and better defend companies from SaaS supply chain assaults. By establishing machine identities that are frequently overprivileged, unapproved of, and unmonitored, SaaS application-to-application communication capabilities raise the risk. To address regulatory gaps and automatically close supply chain-based attack vectors, DoControl's SaaS Security Platform extension offers total control and transparency across all authorized and unauthorized SaaS apps.

One service platform that delivers unified security across various apps is required by the industry as a result of the rapid expansion of SaaS applications, the need to integrate them, or the economic pressures to integrate vendors. DoControl has established itself as the end-to-end SaaS security platform supplier, including CASB, DLP, Insider Risk, and Workflows, so now Shadow Apps enable security teams to accomplish more with less effort.

Extensive shadow application governance is aided by the DoControl SaaS Security Platform's expansion:

Facts and Awareness: All interlinked  SaaS applications within a company's estate can be found by organizations, both sanctioned and unsanctioned. Businesses can spot issues of non-compliance and comprehend the high-risk SaaS platforms, apps, or users vulnerable inside the SaaS estate with rigorous surveying and inventories.

Analyze and Operate: Utilizing pre-approval rules and workflows that demand end users present a business explanation for acquiring new apps, companies can conduct app reviews with business users. Security staff can also place suspect applications in quarantine, limit a user's access rights, and revoke such privileges.

Automated Cleanup: Organizations can automate the application of security policies throughout the entire SaaS application stack by using low-code/no-code solutions. Through automated patching of various threat vectors, DoControl's Security Workflows limit vulnerability brought on by third-party apps and stop unauthorized or high-risk app usage.

Data security is essential, but several systems lack the level of specificity and set of capabilities modern businesses require to secure sensitive data and operations, particularly in the intricate and linked world of SaaS apps. DoControl finds every SaaS user, partner company, asset, and metadata, as well as OAuth applications, groups, and activity events. Without hindering business enablement, DoControl helps to lower risk, prevent data breaches, and manage insider risk.


Read more »
Web Services
CircleCI Cyber Attacks Cybersecurity Software Tracking Web Services

After a Security Incident, CircleCI Urges Customers to Rotate Secrets

 


There has been a security threat affecting CircleCI, an American software development service, and the service has urged its users to rotate their secrets to avoid this kind of catastrophe. 

Security Issue Alerts for CircleCI Users

It has recently been announced that the American DevOps platform CircleCI is urging its users after a security incident to rotate their secrets. CircleCI is one of the most popular CI/CD platforms today, providing developers with continuous integration and delivery, enabling them to create code more quickly. A million people use this tool each year, and thousands of companies rely on it for their business. However, in the wake of this security breach, they have been warned. 

Rob Zuber, the Chief Technology Officer of CircleCI, has stated on the CircleCI blog that all secrets stored in CircleCI should be rotated immediately. This includes variables in the project environment variables and contexts that may contain cryptographic information. This issue was also addressed by CircleCI on Twitter, warning customers to take precautions. 

CircleCI assured its users that building applications with CircleCI was safe and that the company offered a secure platform. 

Besides sharing tools intended to assist teams in tracking down all the potentially compromised secrets, CircleCI has also announced it is working with Amazon Web Services to notify those customers who might have their tokens breached. 

Earlier, CircleCI warned customers regarding the circulation of a credential harvesting scam. This scam was attempting to trick users into entering their GitHub login credentials through what was presented as updated Terms of Service. 

Zuber mentioned in a blog that it would be wise for customers from December 21, 2022, to January 4, 2023, to review their internal logs for their systems and ensure that no unauthorized access was made to them. A further point that Zuber brought up was that all API tokens associated with Projects have been invalidated, and as a result, users will have to replace them. 

Details on CircleCI Security Incident Not Provided

It is imperative to note that CircleCI has notified users of a security issue. It has offered advice on how to protect data. However, further details have yet to be released about what the problem is and what it entails. Despite this, as Rob Zuber stated in the blog post he wrote about CircleCI, it appears that the company intends to provide more details about the incident shortly. 

CircleCI Security Incidents Are Not New

CircleCI has dealt with breaches that have occurred in the past, although it is not clear what the details of the incident were. A breach occurred in 2019 when a third-party analytics vendor gained access to sensitive data through the infiltration of the company's network. 

Furthermore, an attacker gained access to several usernames, email addresses, branch names, repository URLs, and IP addresses that can be used as attack credentials. According to the company, users were warned to review their repository and branch names when the issue occurred.
Read more »
Web Services
Cyber Security Default Access Port Exposed Servers Security Risk Web Services

Over 3.6M MySQL Servers Found Unguarded Online

 

Researchers at The Shadowserver Foundation have unearthed over 3.6 million MySQL susceptible MySQL servers on the internet, making them a lucrative target to attackers and extortionists. 

In scans conducted last week, researchers identified 3.6 million exposed MySQL servers using the default port, TCP port 3306. Out of 3.6 million, 2.3 million of these servers are linked over IPv4, while 1.3 million devices are connected over IPv6.

"While we do not check for the level of access possible or exposure of specific databases, this kind of exposure is a potential attack surface that should be closed," explains the report from Shadow Server.

The country with the most accessible IPv4 servers is the United States (at more than 740,000), followed by China (just shy of 300,000), and Germany (at roughly 175,000). 

The US also leads when it comes to accessible IPv6 MySQL servers (with close to 461,000 instances) followed by the Netherlands (at over 296,000), and Singapore (at 218,000). A detailed explanation of the results of the scan is mentioned below:  

• Total exposed population on IPv4: 3,957,457 
• Total exposed population on IPv6: 1,421,010 
• Total "Server Greeting" responses on IPv4: 2,279,908 
• Total "Server Greeting" responses on IPv6: 1,343,993 
• MySQL services can be accessed through the internet in 67% of cases. 

According to researchers, it is common for web services and applications to connect to remote databases. To mitigate the risks, servers should be guarded properly so only authorized devices can connect to them. 

Furthermore, public server exposure should always be accompanied by strict user policies, altering the default access port (3306), enabling binary logging, monitoring all queries closely, and enforcing encryption. Administrators are also recommended to keep their MySQL servers updated at all times especially since attacks targeting MySQL servers are not uncommon. 

"It is unlikely that you need to have your MySQL server allowing for external connections from the Internet (and thus a possible external attack surface)," Shadowserver explained in a post regarding the MySQL findings. "If you do receive a report on your network/constituency, take action to filter out traffic to your MySQL instance and make sure to implement authentication on the server." 

Failing to secure MySQL database servers can result in data breaches, ransom demands, remote access trojan (RAT) infections, or even Cobalt Strike compromises.
Read more »
Subscribe to: Posts (Atom)