Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the previous post (Part 1), we covered several rootkit technique implementations. Now we will focus on kernel rootkit analysis, looking at two case studies of rootkits found in the wild: Husky Rootkit and Mingloa/CopperStealer Rootkit.Through these case studies, we’ll share our insights about rootkit analysis techniques and methodology.

Industrial control systems (ICS) have historically been isolated and less interconnected. Isolation was one of the things that kept these systems more secure behind air gaps, at the cost of lost coordination and collaboration. This is rapidly changing with the rise of Industry 4.0 with increased interconnectivity and integration of smart technologies like Industrial IoT (IIoT) and cloud computing in modern industrial processes.

Businesses should patch their TP-Link routers as soon as possible, after the revelation that a legendary IoT botnet is targeting them for recruitment. The notorious Mirai botnet, which hijacks control of vulnerable IoT devices, is now exploiting TP-Link Archer AX21 routers to launch distributed denial-of-service (DDoS) attacks.

The software bill of materials (SBOM) has become an increasingly important tool for providing much-needed clarity about the components that make up software — both for application security purposes and governmental compliance. Unlike manual spreadsheets, SBOMs standardize everything into a particular format to minimize inconsistencies. There are three primary SBOM formats currently available, which allow companies to easily generate, share, and consume SBOM data.

You can’t predict the future, but you can prepare for it. When it comes to IT (and OT), security validation is the closest to predicting the future as you can get. This is the second post in our series “Demystifying Security Validation Technologies: What You Need to Know,” in which we break down a number of security validation methods available today, provide the strengths and weaknesses of each, and explain how each functions in different IT environments.

Password security, though sometimes underrated, is crucial for an organization to remain viable in the vast digital landscape. A popular quote on the internet says, “A good neighbor is someone who does not put a password on their Wi-Fi.” However, for a good company, the opposite holds true, as they must thoroughly secure all their resources.

One important way of securing your organization against attacks and other cyber threats is to implement a Zero Trust security model for groups (distribution lists, security groups, Microsoft 365 groups) in on-premises Active Directory and Azure AD. After all, these groups control access to your IT assets, from sensitive data to vital communications channels and tools like Microsoft Teams and SharePoint.

WAF ( Web Application Firewall) is the first line of defense between the app and the internet traffic. It monitors and filters internet traffic to stop bad traffic and malicious requests. The WAF is a crucial security solution that ensures the availability and integrity of web services. It functions as a reverse proxy by serving as an intermediary that safeguards the web app server against malicious clients.

Businesses increasingly run on software, which, unbeknownst to its developers, can contain vulnerabilities that attackers often discover and exploit before a patch is available. This makes zero day attacks inevitable, but you can reduce their impact in your network and across your supply chain if you’re prepared to act fast.