Cybersecurity - Tagged - Security Boulevard The Home of the Security Bloggers Network Mon, 02 Sep 2024 12:25:24 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.1 https://securityboulevard.com/wp-content/uploads/2021/10/android-chrome-256x256-1-32x32.png Cybersecurity - Tagged - Security Boulevard 32 32 133346385 Data Breaches for the Month August 2024 https://securityboulevard.com/2024/09/data-breaches-for-the-month-august-2024/ https://securityboulevard.com/2024/09/data-breaches-for-the-month-august-2024/#respond Mon, 02 Sep 2024 12:25:24 +0000 https://strobes.co/?p=5286 This month has been a challenging month for organizations worldwide as several high-profile data breaches occur and become headlines. These incidents have not only exposed sensitive information but also highlighted...

The post Data Breaches for the Month August 2024 appeared first on Strobes Security.

The post Data Breaches for the Month August 2024 appeared first on Security Boulevard.

]]>
https://securityboulevard.com/2024/09/data-breaches-for-the-month-august-2024/feed/ 0 2029452
How to Stay One Step Ahead of Data Breaches and Master Cloud Threat Detection https://securityboulevard.com/2024/09/how-to-stay-one-step-ahead-of-data-breaches-and-master-cloud-threat-detection/ Mon, 02 Sep 2024 05:45:08 +0000 https://securityboulevard.com/?p=2029428 cloud threat, detections, threats, CNAP, severless architecture, itte Broadcom report cloud security threat

Implementing a cloud threat detection system enhances your team's ability to maintain a strong security posture without significant overhead.

The post How to Stay One Step Ahead of Data Breaches and Master Cloud Threat Detection appeared first on Security Boulevard.

]]>
2029428
Telegram is NOT an Encrypted Messaging App, Must-See Documentaries https://securityboulevard.com/2024/09/telegram-is-not-an-encrypted-messaging-app-must-see-documentaries/ https://securityboulevard.com/2024/09/telegram-is-not-an-encrypted-messaging-app-must-see-documentaries/#respond Mon, 02 Sep 2024 04:00:06 +0000 https://sharedsecurity.net/?p=101906 In this episode, we explore the recent arrest of Telegram founder Pavel Durov in France and discuss the app’s encryption claims. Is Telegram truly an encrypted messaging app? Joining the conversation is co-host Kevin Johnson, bringing his trademark opinions. We also talk about some intriguing documentaries, including ‘LulaRich’ about the LuLaRoe leggings company and ‘Class […]

The post Telegram is NOT an Encrypted Messaging App, Must-See Documentaries appeared first on Shared Security Podcast.

The post Telegram is NOT an Encrypted Messaging App, Must-See Documentaries appeared first on Security Boulevard.

]]>
https://securityboulevard.com/2024/09/telegram-is-not-an-encrypted-messaging-app-must-see-documentaries/feed/ 0 2029432
Navigating Cloud Security: Q&A on the Importance of Collaboration and Innovation https://securityboulevard.com/2024/08/navigating-cloud-security-qa-on-the-importance-of-collaboration-and-innovation/ https://securityboulevard.com/2024/08/navigating-cloud-security-qa-on-the-importance-of-collaboration-and-innovation/#respond Thu, 29 Aug 2024 13:00:00 +0000 https://www.guidepointsecurity.com/?p=33652 In an increasingly complex landscape dominated by cloud technology, understanding the intricacies of cloud security is more vital than ever. […]

The post Navigating Cloud Security: Q&A on the Importance of Collaboration and Innovation appeared first on Security Boulevard.

]]>
https://securityboulevard.com/2024/08/navigating-cloud-security-qa-on-the-importance-of-collaboration-and-innovation/feed/ 0 2029320
Recent Critical Vulnerabilities: August 2024 CVE Roundup https://securityboulevard.com/2024/08/recent-critical-vulnerabilities-august-2024-cve-roundup/ https://securityboulevard.com/2024/08/recent-critical-vulnerabilities-august-2024-cve-roundup/#respond Wed, 28 Aug 2024 23:13:39 +0000 https://truefort.com/?p=4306 Protecting Organizations with Up-to-Date CVE Awareness  Reports from the National Institute of Standards and Technology (NIST) through its National Vulnerability Database (NVD) highlight critical cybersecurity vulnerabilities that demand immediate attention and underscore the persistent risks organizations face, including potential data breaches and system compromises if left unaddressed. Recent critical vulnerabilities emphasize the importance of timely...

The post Recent Critical Vulnerabilities: August 2024 CVE Roundup appeared first on TrueFort.

The post Recent Critical Vulnerabilities: August 2024 CVE Roundup appeared first on Security Boulevard.

]]>
https://securityboulevard.com/2024/08/recent-critical-vulnerabilities-august-2024-cve-roundup/feed/ 0 2029243
Badge Life: The CISO Team Takes on DEF CON https://securityboulevard.com/2024/08/badge-life-the-ciso-team-takes-on-def-con/ https://securityboulevard.com/2024/08/badge-life-the-ciso-team-takes-on-def-con/#respond Wed, 28 Aug 2024 16:30:00 +0000 https://www.ciso.inc/?p=18020 The CISO Global Pen Testing Team Earlier this month, a group of our intrepid pen testers from our Readiness & Resilience team at CISO Global ventured into the heart of the hacking world at DEFCON 32 in Las Vegas. This annual pilgrimage to the mecca of cybersecurity (and more importantly, hacking) is more than just […]

The post Badge Life: The CISO Team Takes on DEF CON appeared first on CISO Global.

The post Badge Life: The CISO Team Takes on DEF CON appeared first on Security Boulevard.

]]>
https://securityboulevard.com/2024/08/badge-life-the-ciso-team-takes-on-def-con/feed/ 0 2029167
Broadcom Extends VMware Cybersecurity Portfolio https://securityboulevard.com/2024/08/broadcom-extends-vmware-cybersecurity-portfolio/ Wed, 28 Aug 2024 08:42:07 +0000 https://securityboulevard.com/?p=2028975 broadcom, VMware, firewall, rule, Palo Alto Networks Know Your Firewall: Layer 3 vs. Layer 7

Broadcom today at the VMware Explore 2024 conference extended its VMware vDefend portfolio to include generative artificial intelligence (AI) capabilities in addition to extending its software-defined edge computing portfolio to provide deeper integrations with networking and security platforms that its VMware business unit provides.

The post Broadcom Extends VMware Cybersecurity Portfolio appeared first on Security Boulevard.

]]>
2028975
WebAssembly: The Fly on the Wall Delivering Malware Past Secure Web Gateways https://securityboulevard.com/2024/08/webassembly-the-fly-on-the-wall-delivering-malware-past-secure-web-gateways/ https://securityboulevard.com/2024/08/webassembly-the-fly-on-the-wall-delivering-malware-past-secure-web-gateways/#respond Wed, 28 Aug 2024 08:40:29 +0000 https://medium.com/p/f047d1da252a ‘Last Mile Reassembly Attacks’ evade every Secure Web Gateway in the market and deliver known malware to the endpoint

At DEF CON 32, SquareX presented groundbreaking research curating vulnerabilities in Secure Web Gateways (SWGs) that leave organizations vulnerable to threats that these tools fail to detect. These traditional defenses, once considered the gold standard for enterprise security, can now be easily bypassed through client-side web attacks that they simply cannot protect against. Collectively, these attacks are called ‘Last Mile Reassembly Attacks’.

WebAssembly, a boon and a bane

Among the most concerning of these threats is the use of WebAssembly (WASM), a powerful web technology that can deliver malware directly to a user’s browser, evading SWG detection entirely. This binary instruction format allows high-performance execution of code in web browsers, enabling complex applications to run with near-native speed. However, its power and flexibility also make it an attractive vector for cyberattacks, particularly in environments where Secure Web Gateways (SWGs) are the primary line of defense.

WebAssembly is designed to work alongside JavaScript, allowing developers to execute code with higher efficiency and performance. It’s widely adopted by organizations to enhance web applications. SWGs, which are traditionally focused on inspecting network traffic at the layer of HTML, CSS, and JavaScript, are often blind to the intricacies of WebAssembly modules.

The problem lies in the fact that SWGs, operating at the network layer, do not perform the necessary dynamic analysis on WebAssembly code. This lack of visibility means that malicious actors can embed malware within WASM modules, which can then be extracted directly on the browser, bypassing the SWG’s detection mechanisms entirely.

For instance, an attacker could conceal malicious payloads within a WebAssembly module and distribute it through a compromised or even a legitimate website. Since SWGs lack the capability to analyze WebAssembly files, the malicious content slips through the network defenses undetected. The malware is assembled on the client-side and downloaded to the victim’s endpoint.

This threat is exacerbated by the fact that there is currently a lack of industry-standard security frameworks specifically designed to analyze and protect against malicious WebAssembly code. As a result, many enterprises remain vulnerable to this method of attack, relying on outdated SWGs that were never designed to handle such complex threats.

The need for a browser-native security approach

The implications of this vulnerability are clear: enterprises can no longer depend solely on network-layer defenses like SWGs to protect against the full spectrum of modern web threats. A more effective approach involves adopting browser-native security solutions, which operate directly within the browser and can analyze WebAssembly modules in real-time. These solutions provide the necessary visibility and control to detect and neutralize threats before they can cause damage.

As WebAssembly continues to gain traction in the development of web applications, enterprises must recognize the limitations Secure Web Gateways and take proactive steps to protect their environments with solutions designed to handle the complexities of today’s web technologies.

Assess your Secure Web Gateway

Similar to smuggling malware through WebAssembly modules, there are more than 30 attacks that bypass all Secure Web Gateways. Check if your enterprise is vulnerable to them at https://browser.security/


WebAssembly: The Fly on the Wall Delivering Malware Past Secure Web Gateways was originally published in SquareX Labs on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post WebAssembly: The Fly on the Wall Delivering Malware Past Secure Web Gateways appeared first on Security Boulevard.

]]>
https://securityboulevard.com/2024/08/webassembly-the-fly-on-the-wall-delivering-malware-past-secure-web-gateways/feed/ 0 2029115
Scott Kannry on the What’s Up with Tech? Podcast https://securityboulevard.com/2024/08/scott-kannry-on-the-whats-up-with-tech-podcast/ https://securityboulevard.com/2024/08/scott-kannry-on-the-whats-up-with-tech-podcast/#respond Tue, 27 Aug 2024 23:51:22 +0000 https://axio.com/?p=29914 In a recent conversation with Evan Kirstel on the What’s Up with Tech? podcast, Axio CEO Scott Kannry discussed the intersection of cybersecurity and risk management, highlighting the unique approach

The post Scott Kannry on the What’s Up with Tech? Podcast appeared first on Axio.

The post Scott Kannry on the What’s Up with Tech? Podcast appeared first on Security Boulevard.

]]>
https://securityboulevard.com/2024/08/scott-kannry-on-the-whats-up-with-tech-podcast/feed/ 0 2029078
Facebook Whistleblower Fears Election Abuse https://securityboulevard.com/2024/08/facebook-whistleblower-fears-election-abuse/ Tue, 27 Aug 2024 22:23:54 +0000 https://securityboulevard.com/?p=2028890 Frances Haugen, who famously blew the whistle on Facebook and its susceptibility to manipulation, has renewed concerns over the social-networking company. This time, she’s laser-focused on misinformation during the 2024 presidential election. “We are in a new, very nebulous era where we need to think more holistically and creatively” in defending cyberdefenses, Haugen said in..

The post Facebook Whistleblower Fears Election Abuse appeared first on Security Boulevard.

]]>
2028890