Nov 08, 2023The Hacker NewsWebinar / SaaS Security

SaaS applications make up 70% of total company software usage, and as businesses increase their reliance on SaaS apps, they also increase their reliance on those applications being secure. These SaaS apps store an incredibly large volume of data so safeguarding the organization’s SaaS app stack and data within is paramount. Yet, the path to implementing an effective SaaS security program is not straightforward.

There are numerous potential attack vectors. Security teams need to handle the challenge of gaining control over a diverse range of applications, each having its own unique characteristics. Additionally, the SaaS app environments are dynamic and the proactive configurations needing adjustments from updates, onboarding, deprovisioning, changing roles and permissions and much more, is endless.

If that’s not enough complexity, these applications are managed by various business departments, making it impractical for the security team to exercise complete control.

Join us for an informative webinar with Adaptive Shield’s Award-Winning, Senior Director of Customer Success, Effie Mansdorf, where you will learn the essential steps to successfully implement a robust SaaS security program.

Nov 08, 2023The Hacker NewsArtificial Intelligence / Cybersecurity

Download the free guide, “It’s a Generative AI World: How vCISOs, MSPs and MSSPs Can Keep their Customers Safe from Gen AI Risks.”

ChatGPT now boasts anywhere from 1.5 to 2 billion visits per month. Countless sales, marketing, HR, IT executive, technical support, operations, finance and other functions are feeding data prompts and queries into generative AI engines. They use these tools to write articles, create content, compose emails, answer customer questions and generate plans and strategies.

However, gen AI usage is happening far in advance of efforts to implement safeguards and cybersecurity constraints. Three primary areas of security concern associated with generative AI are: sensitive data included in gen AI scripts, outcomes produced by these tools that may put an organization at risk, and potential hazards related to utilizing third-party generative AI tools.

Unchecked AI usage in organizations can lead to:

• Major data breaches.
• Compromised identities.
• Loss of intellectual property.
• Lawsuits for plagiarism.
• Data privacy violations.

The solution, though, is not to stop the use of generative AI. Some may try that approach, but it is destined to fail. MSPs, MSSP and vCISOs should be proactive in bringing these security concerns to the attention of their clients. That’s what they expect from a true partner.

Staying ahead of emerging threats, vCISO platform provider Cynomi now offers a free guide providing instructions and tips on the immediate actions MSPs, MSSPs and virtual CISOs should take to protect their customers from gen AI associated risks. The guide helps security service providers in the task of raising awareness of the dangers posed by generative AI and an easy way to instruct customers on the processes and tools they should implement to safely use gen AI.

This guide offers vCISOs, MSPs and MSSPs a way to:

• Help their customers achieve an understanding of the risks posed by gen AI.
• Rapidly assess the cybersecurity and privacy challenges generative AI poses in customer environments.
• Quickly set tailored policies and best practices to achieve safe use of gen AI in organizations.
• Advise existing customers on further security and privacy tools that will help them close the door on areas of potential gen AI-based threats.

The guide, “It’s a Generative AI World: How vCISOs, MSPs and MSSPs Can Keep Their Customers Safe from Gen AI Risks,” offers service providers something they can immediately put to use to raise awareness to gen-AI related threats among their customers and shield them from the negative consequences of gen AI implementations.

Download the free guide.

Nov 08, 2023NewsroomPrivacy / Data Security

Meta-owned WhatsApp is officially rolling out a new privacy feature in its messaging service called “Protect IP Address in Calls” that masks users’ IP addresses to other parties by relaying the calls through its servers.

“Calls are end-to-end encrypted, so even if a call is relayed through WhatsApp servers, WhatsApp cannot listen to your calls,” the company said in a statement shared with The Hacker News.

The core idea is to make it harder for bad actors in the call to infer a user’s location by securely relaying the connection through WhatsApp servers. However, a tradeoff to enabling the privacy option is a slight dip in call quality.

Viewed in that light, it’s akin to Apple’s iCloud Private Relay, which adds an anonymity layer by routing users’ Safari browsing sessions through two secure internet relays.

It’s worth noting that the “Protect IP Address in Calls” feature has been under development since at least late August 2023, as reported earlier by WABetaInfo.

“With this feature enabled, all your calls will be relayed through WhatsApp’s servers, ensuring that other parties in the call cannot see your IP address and subsequently deduce your general geographical location,” WhatsApp said.

“This new feature provides an additional layer of privacy and security particularly geared towards our most privacy-conscious users.”

The feature builds upon a previously announced privacy feature referred to as “Silence Unknown Callers,” which aims to not only protect users from unwanted contact but also minimize the risk of zero-click attacks and spyware.

WhatsApp’s implementation of silenced calls involves the use of a custom protocol that’s designed to reduce the processing of attacker-controlled data by incorporating what’s called a privacy token.

“When a call is placed, the caller includes the privacy token of the recipient in the protocol message,” the company explained. “Next, the server checks the token’s validity along with a few other factors to determine if the intended recipient allows this sender to ring them.

“Crucially, for our user’s privacy, the server does not learn anything about the exact relationship between the caller and the recipient from the token. With our design of this feature, calling becomes a much less attractive vector for attackers.”

Nov 09, 2023NewsroomCyber Attack / Malware

Iranian nation-state actors have been observed using a previously undocumented command-and-control (C2) framework called MuddyC2Go as part of attacks targeting Israel.

“The framework’s web component is written in the Go programming language,” Deep Instinct security researcher Simon Kenin said in a technical report published Wednesday.

The tool has been attributed to MuddyWater, an Iranian state-sponsored hacking crew that’s affiliated to the country’s Ministry of Intelligence and Security (MOIS).

The cybersecurity firm said the C2 framework may have been put to use by the threat actor since early 2020, with recent attacks leveraging it in place of PhonyC2, another custom C2 platform from MuddyWater that came to light in June 2023 and has had its source code leaked.

Typical attack sequences observed over the years have involved sending spear-phishing emails bearing malware-laced archives or bogus links that lead to the deployment of legitimate remote administration tools.

The installation of the remote administration software paves the way for the delivery of additional payloads, including PhonyC2.

MuddyWater’s modus operandi has since received a facelift, using password-protected archives to evade email security solutions and distributing an executable instead of a remote administration tool.

“This executable contains an embedded PowerShell script that automatically connects to MuddyWater’s C2, eliminating the need for manual execution by the operator,” Kenin explained.

The MuddyC2Go server, in return, sends a PowerShell script, which runs every 10 seconds and waits for further commands from the operator.

While the full extent of MuddyC2Go’s features are unknown, it’s suspected to be a framework that’s responsible for generating PowerShell payloads in order to conduct post-exploitation activities.

“We recommend disabling PowerShell if it is not needed,” Kenin said. “If it is enabled, we recommend close monitoring of PowerShell activity.”

Nov 09, 2023The Hacker NewsEmail Security / SaaS Security

While intended for convenience and efficient communication, email auto-forwarding rules can inadvertently lead to the unauthorized dissemination of sensitive information to external entities, putting confidential data at risk of exposure to unauthorized parties. Wing Security (Wing), a SaaS security company, announced yesterday that their SaaS shadow IT discovery methods now include a solution that solves for auto-email forwarding as well. While Wing’s shadow IT solution is offered as a free tool that can be onboarded and used as a self-service, users willing to upgrade will be able to enjoy the company’s new Gmail and Outlook integrations, which broaden the company’s discovery capabilities and extend their data security features.

The risks of email auto-forwarding rules

Auto-forwarding emails is a great way to save time on repetitive tasks and are therefore very popular among employees who regularly collaborate and share information with external business partners. Risk examples include:

• Automation means no one is checking for sensitive or private information. Emails with a certain word combination in the title, or a specific sender, will automatically be forwarded to an external entity without any oversight. This can lead to PII data leakage, sensitive data leakage and regulatory violations that can compromise an organization’s compliance.
• Auto-forwarding can also indicate a potential insider risk. A disgruntled employee may auto-forward certain emails to competitors. It can also be as common as an employee who plans to leave the company and wants to maintain access to their work after they leave – auto-forwarding emails to their private email account.
• Malicious actors might use this as an entry point. Bad actors can use these email forwarding rules to exfiltrate data after a successful attack, or as a means to spread phishing campaigns within organizations.

Screenshot from Wing’s platform, auto-forwarding issues found in gmail and Outlook

What is the connection between SaaS Security and email Security?

For several reasons, it is essential for organizations to uncover SaaS Shadow IT applications. Shadow IT refers to the unauthorized use of IT systems within an organization, often for the sake of convenience or efficiency, without the explicit approval of the IT department. There are some SaaS applications that may pose significant risks to the organization’s security, compliance, and overall efficiency:

• Security Risks: SaaS applications are part of the modern supply chain, and as such they should undergo proper vendor risk assessments and user access reviews prior to connecting them to company data. With Shadow IT, breached applications, non-compliant applications or malicious applications go unnoticed.
• Compliance Concerns: Many industries have strict regulatory requirements that must be adhered to, particularly concerning data privacy and protection. Using unauthorized applications can result in non-compliance, leading to legal consequences, fines, and damage to the organization’s reputation.
• Financial Implications: Uncontrolled proliferation of Shadow IT applications can lead to unnecessary expenditure. Organizations might end up paying for redundant services or duplicate accounts, leading to negligent spending and financial waste.

Wing’s product illustration – risky email forwarding rules

Wing’s SaaS discovery entails the systematic identification, categorization, and analysis of an organization’s SaaS usage to mitigate shadow IT risks. The company offers three distinct and non-intrusive discovery methods: Connecting to organizations’ major SaaS applications (e.g., Google Drive, Salesforce, Slack, and others) to identify connected applications, scanning endpoints for SaaS signature hits and cross-checking them with Wing’s extensive SaaS database of over 280,000 SaaS records. Their third and newly introduced capability involves connecting to business emails and conducting scans to detect clear indications of SaaS usage. Wing emphasizes that knowing is just the first step in solving and therefore offers customers the means to remediate and eliminate risky shares directly within their platform.