Microsoft has begun the forced rollout of its Windows 11 22H2 ‘Moment 3’ update, which introduces several new features and improvements to the operating system […] Read More
BleepingComputer
The all in one place for non-profit security aid.
Microsoft has begun the forced rollout of its Windows 11 22H2 ‘Moment 3’ update, which introduces several new features and improvements to the operating system […] Read More
BleepingComputer
Top 10 AWS Security Tools – 2023
To store the data with high standard security, there several AWS security tools are available to manage, scan, and audit the data that’s been stored.
AWS is nothing but Amazon Web Services, which is undoubtedly revolutionary and implemented by millions of businesses around the world to store and manage data.
It has the ability to take companies to a dynamic scale with its infrastructure and application.
Amazon is great when you include security features in it
Amazon is always responsible because it secures its infrastructure with the help of dedicated AWS security tools.
The organization always does a thing very clearly and the user must ensure that AWS services do their best.
Many others have provided a lot of suggestions, to make this application easy and possible.
After taking all suggestions this application operating system has become very easy.
Amazon takes Cloud computing services very seriously, and it has to be layered security.
This company also provides the administrator to ensure their AWS deployment to make it secure. You only need to subscribe to the service.
AWS’s main work is to build the level high very quickly and securely.
You only need to add new AWS Security Tools and services to be ready to fight new challenges.
As per the report, 70% of IT leaders get concerned about how secure their cloud is. And medium-sized businesses always think that their cloud data is always at risk.
AWS has much different security tools which help customer to keep their AWS safe and secure.
here we have listed some of the most important AWS security tools that help you to manage and secure your AWS infrastructure.
AWS Security Tools are essential for protecting your AWS infrastructure since they offer a variety of features and functionality that handle various security concerns.
Here are several methods in which these technologies assist in protecting your AWS infrastructure:
You may control user identities and their access to AWS resources using IAM. Strong authentication measures can be imposed, permissions can be assigned, and user accounts can be created and managed.
IAM helps minimize the risk of unauthorized access by ensuring that only authorized users have access to your AWS resources.
Virtual Private Clouds (VPC), security groups, and network access control lists (ACLs) are just a few of the network security capabilities that AWS provides.
With the help of these tools, you can establish network borders, set up rules for inbound and outbound traffic, and limit who has access to your resources using IP addresses, ports, and protocols.
You can keep tabs on and track activity inside your AWS environment with the aid of AWS security tools like AWS CloudTrail and AWS Config.
You can identify malicious or harmful actions by using the audit logs of API calls that CloudTrail offers.
Compliance Frameworks – AWS offers compliance frameworks and tools that adhere to a variety of industry standards and laws, including GDPR, HIPAA, PCI DSS, ISO 27001, and others.
Audit and Logging: Detailed logs of API calls, configuration changes, and resource activity within your AWS environment are captured by AWS services like AWS CloudTrail and AWS Config.
Compliance Reports and Certifications: AWS provides compliance reports and certifications, such as SOC 1, SOC 2, ISO 27001, and PCI DSS
Top 10 AWS Security ToolsFeatures1. GuardDuty1. Threat detection
2. Continuous monitoring
3. Real-time alerts
4. Anomaly detection
5. AWS integration2 AWS Shield1. DDoS protection
2. Global threat intelligence
3. Traffic filtering
4. Anomaly detection
5. Application layer protection3. CloudWatch1. Monitoring
2. Logging
3. Dashboard creation
4. Metric collection
5. Alarms and notifications
6. Event-driven automation4. AWS Inspector1. Security assessment
2. Vulnerability scanning
3. Automated security checks
4. Compliance scanning
5. Agent-based architecture5. Macie1. Data discovery
2. Data classification
3. Data protection
4. Sensitive data identification
5. PII (Personally Identifiable Information) detection6. Prowler1. Security assessment
2. AWS configuration scanning
3. Best practice evaluation
4. Compliance checks
5. Security posture analysis7. ScoutSuite1. AWS security and compliance assessment
2. Configuration auditing
3. Resource visibility
4. Inventory management
5. Best practice evaluation8. AWS Secrets Manager1. Secure storage of secrets
2. Centralized secrets management
3. Encryption at rest and in transit
4. Access control and permission management
5. Secret rotation9. AWS Web Application Firewall1. Web traffic filtering
2. DDoS protection
3. Application layer firewall
4. Bot mitigation
5. Real-time monitoring10. AWS Config1. Configuration management
2. Resource inventory
3. Configuration compliance checking
4. Change tracking
5. Continuous monitoring
GuardDuty
AWS Shield
CloudWatch
AWS Inspector
Macie
Prowler
ScoutSuite
AWS Secrets Manager
AWS Web Application Firewall
AWS Config
GuardDuty
This is well-known as a wall watcher, which detects the threat.
It is a service that you can deploy, and this always perfectly scales with the infrastructure.
GurdDuty analyzes your logs in their full service and ensures that everything is protected.
As per Amazon, this can analyze the ten of billions of various AWS.
This is a leverage machine learning which makes sure that you get actionable and accurate alerts.
This service can only detect the activities related to account compromise, reconnaissance, and instance compromise.
It also encompasses few things like data exfiltration, disabling logins, port scanning, malware, etc.
GuardDuty has designed a hands-off tool where it analyzes your logs so that you can save the hustle.
GuardDuty analyzes events and network traffic data to detect potential security threats and malicious activity.
GuardDuty generates real-time alerts when it detects suspicious behavior or possible security threats.
It uses machine learning algorithms to identify deviations from normal patterns and detect anomalies in your environment.
GuardDuty seamlessly integrates with other AWS services, allowing you to leverage its threat detection capabilities across your AWS resources.
ProsConsReal-time Threat DetectionFalse PositivesEasy Deployment and IntegrationLimited to AWSAutomated Threat AnalysisReliance on AWS InfrastructureScalability and FlexibilityLimited Customization
you can get a free and personalized demo from here..
GuardDuty – Trial / Demo
AWS Shield
This application is managed by DDoS protection, which provides security to EC2, Route 53 resources, Load balancers, Global Accelerator, and CloudFront.
DDoS did not seem to do the revolutionary. Anyways, Amazon claims that 99% of food attacks got detected through AWS Shield.
This is more than the CloudFront.
Many time attack happens due to prevent the specific company for the business.
AWS security tool allows you to stay up without any engagement with the security team to give you a substantial competitive edge.
It can protect the website which is not hosted in the Amazon Web Services.
AWS Shield provides protection against DDoS attacks by automatically detecting and mitigating volumetric, state-exhaustion, and application-layer attacks.
It leverages AWS’s global threat intelligence to stay updated on the latest DDoS attack trends, patterns, and mitigation techniques.
TAWS Shield filters incoming traffic, blocking malicious requests and allowing legitimate traffic to reach your applications.
It uses advanced algorithms to detect anomalies in network traffic and application behavior, identifying potentially harmful requests.
ProsConsDDoS ProtectionLimited to AWS EnvironmentAutomatic ProtectionAdvanced DDoS AttacksScalable and ResilienLimited CustomizationIntegration with AWS ServicesScalable and Resilient
you can get a free and personalized demo from here..
AWS Shield – Trial / Demo
CloudWatch
This is an excellent AWS security tools that monitors everything.
It proves that it has visibility in everything, whatever going on in your ecosystem.
If you have worked with SIEM data, you would know this tool has can load the data and ensure critical access.
This service provides a ton of surrounding information that integrates with it, instead of doing security applications, this aggregates resource utilization performance and data.
This also gets used to doing auto-scaling so that it can automatically remove computer resources to ensure the organization gets the best value.
CloudWatch enables you to monitor various AWS resources and custom metrics in real-time.
It allows you to collect, store, and analyze logs generated by your applications and AWS services.
CloudWatch offers customizable dashboards that allow you to create visualizations and metrics widgets to monitor the health and performance of your resources.
It automatically collects and aggregates metrics from AWS services, including EC2 instances, RDS databases, S3 buckets, and more. You can also publish custom metrics.
you can get a free and personalized demo from here..
CloudWatch – Trial / Demo
AWS Inspector
To be protective is the best thing, and it gives an AWS security tool that searches for vulnerabilities and scans the AWS application.
The best thing in this service is the administrator, which gives consistent improvement and updates the AWS security team.
To build the security standard that can comply with the application deployment and give the organization a significant head so that everything can be secure.
The best thing about this tool is it is always relevant.
AWS Inspector performs automated security assessments on your EC2 instances, applications, and network configurations to identify vulnerabilities and security issues.
It scans your instances and applications to identify known vulnerabilities, including common software vulnerabilities and misconfigurations.
AWS Inspector automatically evaluates your resources against predefined security rules and best practices to identify security gaps and potential risks.
It performs compliance checks against industry standards and security benchmarks, such as CIS (Center for Internet Security) benchmarks, ensuring your resources meet regulatory requirements.
ProsConsAutomated Vulnerability AssessmentLimited to EC2 InstancesIntegration with AWS ServicesNetwork-Based AssessmentPredefined Security RulesConfiguration ComplexityCustom Security RulesLimited Reporting and Remediation Workflow
you can get a free and personalized demo from here..
AWS Inspector – Trial / Demo
Macie
Macie is one of the best machine-learning services where data gets access and detects unauthorized data access and data leaks.
This one of the AWS security tools works to protect the data.
It also sends the alerts to CloudWatch, where you will get automation and custom alerts.
It is a fully managed service where it becomes easy to be practical, and it also add extra visibility without doing anything.
Macia only supports S3 monitoring buckets, and it also allows the companies to know its data and whether it has been compromised.
Macie automatically scans your AWS environment to discover and identify sensitive data, such as personally identifiable information (PII), financial data, and intellectual property.
It applies machine learning algorithms and pre-configured data patterns to classify and label your sensitive data, providing visibility into data types and potential risks.
Macie helps you enforce data protection policies by monitoring data access and activity, detecting potential data leaks or unauthorized access, and providing alerts and notifications.
It identifies sensitive data within various types of files, including documents, images, and audiovisual files, helping you identify data at risk and take appropriate actions.
ProsConsData DiscoveryLimited to AWS EnvironmentContent ClassificationCostData Access MonitoringFalse PositivesSecurity and ComplianceLimited Data Types
you can get a free and personalized demo from here..
Macie– Trial/ Demo
Prowler
It is a third-party service that described AWS as the best way with the practice assessment.
It also does good in forensic readiness, audit tool, and defense.
It is also great compliance which configures the scanner.
This also develops the open-source community. Prowler boasts the spam configuration area like networking, configuration, identity management, etc.
It is related to GDPR and HIPAA.
Prowler performs automated security assessments on your AWS accounts, resources, and configurations to identify vulnerabilities, misconfigurations, and security risks.
It scans your AWS infrastructure configurations, including IAM roles, security groups, S3 buckets, EC2 instances, and more, to identify potential security gaps.
Prowler evaluates your AWS environment against industry best practices, security benchmarks, and AWS security recommendations to ensure adherence to security standards.
It performs compliance checks against various regulatory frameworks, such as CIS (Center for Internet Security) benchmarks, GDPR (General Data Protection Regulation), HIPAA (Health Insurance Portability and Accountability Act), and more.
ProsConsComprehensive Security AssessmentConfiguration and SetupCustomizable ChecksFalse PositivesAutomationLack of Real-Time MonitoringDetailed ReportingLimited Support
you can get a free and personalized demo from here..
Prowler – Trial / Demo
ScoutSuite
It is a great audit tool like Prowler. In this, there are two services like ScoutSuite and Microsoft Azure.
ScoutSuite is a multi-platform that supports Microsoft Azure.
Not only this but also supports AWS and Google Cloud Platform.
ScoutSuite performs a comprehensive analysis of various AWS services, including EC2, S3, IAM, RDS, VPC, and more, to identify security vulnerabilities and misconfigurations.
It assesses your AWS environment against security best practices, AWS security recommendations, and industry standards, providing insights into security weaknesses and areas for improvement.
ScoutSuite performs compliance checks against various security frameworks and regulations, such as CIS (Center for Internet Security) benchmarks, GDPR (General Data Protection Regulation), HIPAA (Health Insurance Portability and Accountability Act), and more.
It continuously monitors your AWS configurations and compares them against known security best practices, alerting you to any deviations or insecure configurations.
ProsConsComprehensive Security AssessmentConfiguration and SetupMulti-Cloud SupportFalse PositivesCustomizable ChecksLack of Real-Time MonitoringAutomationLimited Support
you can get a free and personalized demo from here..
ScoutSuite – Trial / Demo
AWS Secrets Manager
By the name itself, you will understand that it can manage the service where you can store and retrieve sensitive information.
This includes certificates, tokens, and database credentials.
It uses fine-grained permission to specify the exact actions to perform the secrets like updating, deleting, creating, etc.
The secret manager always supports automatic rotation for the Amazon Relational Database Service (RDS).
Through this lambda function, other service secrets automatically got rotated.
It is suggested that you should not store sensitive information in a control management system as a Git; you must always use Secrets Managers for it.
AWS Secrets Manager provides a secure and scalable storage solution for managing secrets, such as API keys, database credentials, and tokens.
Secrets Manager encrypts secrets at rest using AWS Key Management Service (KMS), ensuring the confidentiality of sensitive information.
You can manage access to secrets using AWS Identity and Access Management (IAM) policies, granting permissions to specific users, roles, or groups.
Secrets Manager enables the automatic rotation of secrets, such as database passwords, API keys, and certificates, helping you maintain a strong security posture.
ProsConsSecure StorageCostEncryptionLimited to AWS EnvironmentEasy IntegrationDependency on AWS ServicesRotations and VersioningLimited Secret Size
you can get a free and personalized demo from here..
AWS Secrets Manager – Trail / Demo
AWS Web Application Firewall
It protects the application and APIs built with CloudFront, AppSync, API Gateway, etc.
You need to block the access where the endpoint is based with the different criteria as IP address, which is the request’s origin country.
This application values the headers and bodies to enable the rate-limiting and allow a certain number of requests per IP.
This marketplace also includes managing rules where you need to associate with WAF and the third party manages rules that have to be from the leading security vendors.
AWS WAF provides protection against common web application attacks, including SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
You can create custom rules to define how AWS WAF handles incoming requests.
AWS WAF offers a set of pre-configured rule sets, known as managed rule sets, that help protect against common threats.
You can set rate limits on specific requests to protect against brute-force attacks or other types of excessive traffic.
Pros ConsWeb Application ProtectionComplexity for Complex ApplicationsManaged ServiceFalse PositivesIntegration with AWS ServicesFalse PositivesCustomizable Rules
you can get a free and personalized demo from here..
AWS Web Application Firewall – Trial / Demo
AWS Config
This configures the records, and it continuously evaluates that. This keeps all historical records safely and modified to your resource and which is very useful compliances for the legal requirements.
It exists the resource against the rule and validates the specific configuration. It configures everything based on region.
It also makes sure all resources are recorded, and you do need to expect to create any other resources.
AWS Config tracks the configuration details of your AWS resources, including compute instances, storage, networking, security groups, and more.
AWS Config takes periodic snapshots of your AWS resource configurations, providing a point-in-time view of your infrastructure.
AWS Config monitors your resources in near real-time and detects configuration changes as they occur.
AWS Config provides built-in rules and compliance packs based on industry best practices and regulatory standards such as HIPAA, PCI DSS, and CIS benchmarks.
ProsConsConfiguration VisibilityCostCompliance and GovernanceSetup and ManagementChange ManagementData Volume and StorageSecurity and Risk AssessmentLimited to AWS Resources
you can get a free and personalized demo from here..
AWS Config – Trial / Demo
AWS is a good security service, and you need to make this a challenge and pick the correct one.
You first need to understand your needs, then as per the requirement, you need to select one among these best AWS security tools.
Frequently Asked Questions – AWS Security Tools
Here are some of the key security services used in AWS:
IAM (Identity and Access Management)
VPC (Virtual Private Cloud)
AWS Firewall Manager
AWS Shield
AWS WAF (Web Application Firewall)
AWS KMS (Key Management Service)
Amazon GuardDuty
Amazon Macie
AWS Config
AWS CloudTrail
The “Shared Responsibility Model” is the name given to the AWS security model. This model explains the distribution of security duties between the user of AWS services and AWS as the cloud service provider.
Here are some of the AWS security compliance programs in short form:
SOC Reports (SOC 1, SOC 2, SOC 3)
ISO Certifications (ISO 27001, ISO 27017, ISO 27018)
PCI DSS (Payment Card Industry Data Security Standard)
HIPAA (Health Insurance Portability and Accountability Act)
GDPR (General Data Protection Regulation)
FedRAMP (Federal Risk and Authorization Management Program)
Also Read:
11 Best Cloud Security Tools – 2023
SOC1 vs SOC2 – What is the Difference – A CXO Guide
The post Top 10 AWS Security Tools – 2023 appeared first on Cyber Security News.
Cyber Security News
Researcher Exploits Browser Rendering Process to Alter PDF Invoice Pricing
A cybersecurity researcher, Zakhar Fedotkin, demonstrated how differences in PDF rendering across various browsers and operating systems can be exploited to manipulate the displayed pricing on PDF invoices.
This vulnerability could significantly impact businesses relying on digital invoices for transactions.
The researcher, inspired by Konstantin Weddige’s blog post “Kobold Letters,” created a proof of concept showing how a PDF invoice could display different prices depending on the viewer used.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
In the demonstration, a PDF invoice displayed a total price of £399 when viewed in Safari and MacOS Preview. However, the same file showed a total price of £999 when opened in Google Chrome or Google Drive on a Windows OS.
PDF rendering discrepancies arise because each major browser uses a different engine to render PDF files:
Google Chrome: Uses PDFium.
Safari: Employs its own PDF rendering engine.
Firefox: Utilizes PDF.js.
These engines handle interactive form fields and widget annotations differently, leading to inconsistencies in how the same PDF file is displayed across different platforms.
The researcher used the org.apache.pdfbox Java library to create a hybrid PDF that abuses widget annotations to create rendering discrepancies. The process involves:
Creating an Interactive Form: The form includes at least one input text field with a default value (e.g., £399).
Adding Widget Annotations: These annotations are used to render a different value (e.g., £999) in viewers that prioritize annotations over form fields.
Here is a simplified version of the code used:
PDDocument document = new PDDocument();
PDAcroForm acroForm = new PDAcroForm(document);
PDTextField field = new PDTextField(acroForm);
field.setValue(“£399”);
// Create and set custom appearance stream
PDFormXObject appearanceStream = new PDFormXObject(document);
PDPageContentStream appearanceContents = new PDPageContentStream(document, appearanceStream);
appearanceContents.beginText();
appearanceContents.showText(“£999”);
appearanceContents.endText();
appearanceContents.close();
PDAnnotationWidget widget = field.getWidgets().get(0);
widget.setAppearance(appearanceStream);
document.save(“Invoice.pdf”);
document.close();
This discrepancy can lead to severe financial discrepancies if not addressed. For instance, a CEO might approve an invoice based on the £399 displayed in Safari, only for the accounting department to process a payment of £999 after viewing the same invoice in Google Chrome.
The complexity and ambiguity of PDF rendering processes across different platforms require caution when handling digital invoices.
Businesses should ensure that all parties involved in the approval and payment processes use the same PDF viewer to avoid such discrepancies. Additionally, developers and cybersecurity professionals must be aware of these vulnerabilities to safeguard against potential exploitation.
Fickle PDFs examples can be found on the researcher’s GitHub repository for those interested in the technical details and code used in this research.
“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo
The post Researcher Exploits Browser Rendering Process to Alter PDF Invoice Pricing appeared first on Cyber Security News.
CISA & FBI Releases TTPs & IOCs Used by Phobos Ransomware Group
[[{“value”:”
The FBI, CISA, and MS-ISAC are urging critical infrastructure organizations to be vigilant against Phobos ransomware.
This advisory is part of the #StopRansomware initiative, providing defenders with details on Phobos ransomware, including its tactics, indicators of compromise, and mitigation strategies.
This ransomware-as-a-service (RaaS) has been observed targeting various sectors since May 2019, including:
Municipal and county governments
Emergency services
Education
Public healthcare
Recent Phobos attacks, reported as of February 2024, highlight the need for heightened awareness and strong security measures.
Phobos actors search for exposed RDP ports or send phishing emails with hidden malware.
They use brute-force tools to crack passwords or establish remote connections. Once inside, they research the victim to understand their network and steal data
Phobos attackers execute files like 1saas.exe or cmd.exe to install additional malware with administrator-level permissions.
This lets them perform various actions on Windows systems, giving them wide control over the infected machine.
Phobos uses a three-stage process to deploy additional malware through Smokeloader:
Injection: Smokeloader manipulates system functions to inject malicious code into running processes, bypassing security tools.
Obfuscation: It uses a “stealth process” to hide its communication with its control server by masking it as requests to legitimate websites.
Payload Delivery: Finally, it extracts a malicious payload from memory and prepares it for deployment.
This allows attackers to download additional malware onto the compromised system. Also, Phobos actors use commands to shut down the system’s firewall.
They employ tools like Universal Virus Sniffer, Process Hacker, and PowerTool to hide their activities from security software.
Phobos actors seek backups after exfiltration. They find and delete Windows volume shadow copies using vssadmin.exe and WMIC. After encryption, victims cannot restore files.
Phobos.exe may encrypt all target host logical disks. Phobos ransomware executables have unique build IDs, affiliate IDs, and embedded ransom notes. Phobos ransomware searches for and encrypts further files once the ransom letter appears.
Email is the primary method of extortion; however, some affiliate organizations phone victims. Phobos actors may name victims and host stolen data on Onion sites. Phobos actors interact using ICQ, Jabber, and QQ. Lists Phobos affiliates Devos, Eight, Elbie, Eking, and Faust’s email providers.
Secure remote access software.
Implement application controls.
Use intrusion detection systems.
Limit RDP usage and enforce best practices.
Review accounts and disable unnecessary permissions.
Implement backups and recovery plans.
Enforce strong password policies and multi-factor authentication.
Segment networks and monitor for abnormal activity.
Update antivirus software and disable unused ports and protocols.
Consider email security measures like banners and disabled hyperlinks.
Encrypt and protect backups.
Test security controls against the MITRE ATT&CK framework.
Regularly refine security programs based on the test results.
You cam check the complete IOC here.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post CISA & FBI Releases TTPs & IOCs Used by Phobos Ransomware Group appeared first on Cyber Security News.
“}]] Read More
Cyber Security News