Getting Your SOC SOARing Despite AI
It’s a fact: enterprise security operations centers (SOCs) that are most satisfied with their investments in Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) operate and maintain less than a dozen playbooks. This is something I’ve uncovered in recent years whilst building SIEM+SOAR and autonomous SOC solutions – and it perhaps runs counterintuitive to many security leaders’ visions for SOAR use and value. SOAR technology is one of those much-touted security silver bullets that have tarnished over time and been subsumed into broader categories of…
Potential Integrated Circuit Supply Chain Impacts from Hurricane Helene
The damage caused by Hurricane Helene in Spruce Pine will likely cause disruptions at the start of the microchip and integrated circuit (IC) supply chain by preventing the mining and distribution of high purity quartz until the mines and local transportation networks are fully repaired. BACKGROUND Hurricane Helene Impacts In late September 2024, Hurricane Helene impacted the Caribbean, Florida, Georgia, Tennessee, North Carolina and other southeastern states in the United States[1]. Its impacts varied widely depending on location and the associated exposure to the primary…
About to Post a Job Opening? Think Again – You May Reveal Sensitive Information Primed for Cybersecurity Attacks
People are always on the move, changing their homes and their workspaces. With increasing frequency, they move from their current jobs to new positions, seeking new challenges, new people and places, to higher salaries. Time and hard work bring experience and expertise, and these two qualities are what companies look for; they’re looking for skilled workers every single day, on multiple job search and recruiting platforms. However, these job postings might reveal sensitive information about the company that even the most seasoned Human Resources specialists don’t notice. Job posting websites…
Get Strategic About Cyber Risk Management
With global cybercrime damage costs exceeding $11 trillion last year and moving toward an estimated $20 trillion by 2026, robust cybersecurity risk management has never been more imperative. The interconnected nature of modern technology means that, by default, even small vulnerabilities can lead to catastrophic losses. And it’s not just about finances. Unmitigated risk raises the specter of eroded customer confidence and tainted brand reputation. In this comprehensive guide, we’ll give enterprise defenders a holistic, methodical, checklist-style approach to cybersecurity risk management. We’ll focus on…
IOActive Security Advisory | PLANET Networking – Vulnerabilities Identified
Affected Product IGS-4215-16T2S Firmware Version 1.305b210528 Background IOActive had the chance to access the IGS-4215-16T2S device. IOActive identified three vulnerabilities which need attention. Timeline 2022-09-29: IOActive discovers the vulnerabilities 2023-03-29: IOActive informs Planet Technology about the identified vulnerabilities 2023-12-13: Planet released a new firmware version (1.305b231218) informing IOActive that the vulnerabilities are fixed 2024-01-09: IOActive notifies the vulnerability to INCIBE, Spanish CERT 2024-02-16: IOActive confirm that the vulnerabilities were fixed after retesting them in the new firmware version 2024-03-21: INCIBE shared the CVEs assigned with IOActive…
IOActive Security Advisory | Fortinet FortiGate – Cross-site Scripting in SSL VPN
Affected Products VersionAffectedFortiOS 7.47.4.0 through 7.4.3FortiOS 7.27.2.0 through 7.2.7FortiOS 7.07.0.0 through 7.0.13FortiOS 6.46.4 all versionsFortiProxy 7.47.4.0 through 7.4.3FortiProxy 7.27.2.0 through 7.2.9FortiProxy 7.07.0.0 through 7.0.16 Background Fortinet, Inc. (Fortinet) is a global leader of cybersecurity solutions and services that provides protection against cyber threats. It is a company that develops and sells security products and solutions, such as firewalls, endpoint security, intrusion prevention systems, web filtering, antivirus, sandbox, and VPN. FortiGate is a network security device that provides protection against cyber threats. The device can perform various…
5G vs. Wi-Fi: A Comparative Analysis of Security and Throughput Performance
Introduction In this blog post we compare the security and throughput performance of 5G cellular to that of WiFi. This work is part of the research IOActive published in a recent whitepaper (https://bit.ly/ioa-report-wifi-5g), which was commissioned by Dell. We used a Dell Latitude 7340 laptop as an end-user wireless device, a Panda Wireless® PAU06 as a WiFi access point, and an Ettus Research™ Universal Software Radio Peripheral (USRP™) B210 as a 5G base station to simulate a typical standalone 5G configuration and three typical WiFi network…
WiFi and 5G: Security and Performance Characteristics Whitepaper
IOActive compared the security and performance of the WiFi and 5G wireless protocols by simulating several different network types and reproducing attacks from current academic research in a Dell-commissioned study. In total, 536 hours of testing was performed between January and February 2024 comparing each technologies’ susceptibility to five categories of attack: user tracking, sensitive data interception, user impersonation, network impersonation, and denial of service. IOActive concluded that a typical standalone 5G network is more resilient against the five categories of attack than a typical WiFi network….
IOActive Security Advisory | MásMóvil Comtrend Router – Multiple Vulnerabilities
Affected Products MásMóvil Comtrend Router – Version: ES_WLD71-T1_v2.0.201820HW Version: GRG-4280usFW Version: QR51S404 SW Version: MMV-C04_R10 Timeline 2023-08-24: IOActive discovers vulnerability 2023-09-12: IOActive begins vulnerability disclosure with affected parties 2024-06-10: The corresponding CNA released the CVEs to public domain. 2024-06-21: IOActive advisory published
Recent and Upcoming Security Trends in Cloud Low-Level Hardware Devices: A survey
The rapid evolution of cloud infrastructures has introduced complex security challenges, particularly concerning all of the processing devices and peripheral components that underpin modern data centers. Recognizing the critical need for robust and consistent cloud security standards, technology firms, developers, and cybersecurity experts established the Open Compute Project Security Appraisal Framework and Enablement (OCP S.A.F.E.) Program. At the 2024 OCP Regional Summit in Lisbon, I was joined by my colleague Alfredo Pironti, Director of Services at IOActive, to present a deep dive into the security of cloud infrastructures, the threats…