1. High-Severity IDOR Vulnerabilities Found in CNCF Harbor Project by VMware
Cloud application security application provider Oxeye discovered Insecure Director Object Reference (IDOR) vulnerabilities in Harbor, the open source artifact registry by VMware. IDOR, the most serious web application security risk on the current OWASP Top 10, leads to access to webhook policies without authorization.
Vulnerabilities range from failing to validate that requested webhooks belong to specific projects or read Docker image layers without access credentials.
CVE numbers for these vulnerabilities include:
Action Items:
Oxeye security researchers suggest that you take these steps to protect your business:
- Set strict roles for API endpoints and simulate threat actors to test them.
- Avoid property duplication to maintain a single source of truth
- Visit the Oxeye security blog for additional information
2. Noberus Ransomware Actors Honing New Versions
Activity among Noberus (also known as BlackCat or ALPHV) ransomware actors suggests they’re working on ways to expand their reach. Some developments include using a new version of Exmatter data exfiltration and Eamfo malware that steals information in Veeam backup software.
Symantec reports that the FBI issued warnings in April 2022, warning that at least 60 organizations worldwide were victims of Noberus.
Action Items:
Kaspersky recommends these best practices to protect from ransomware:
- Never click on links from unknown senders, in spam messages, or on unknown websites.
- Avoid giving out personal information, which could be used against you in a phishing attack.
- Don’t open email attachments unless you can confirm they are from trustworthy sources.
- Never use USB sticks if you aren’t sure where they came from.
- Keep all applications and systems patched and updated.
- Use a VPN when connecting remotely to protect your business network.
- Deploy security solutions and create immutable, offsite backups.
3. The API Security Disconnect Revealed
Research from Noname Security reveals a rise in security incidents involving APIs. More than 76 percent of survey respondents had experienced an API security incident in the past year, mostly related to dormant or zombie APIs, authorization vulnerabilities, and web application firewalls.
The report also states that 74 percent of cybersecurity professionals don’t have a complete API inventory or know which APIs provide sensitive data.
Action Items:
Report findings suggest these next steps:
- More education on API security testing
- Update legacy systems, particularly in the energy and utility sectors
- Inventory APIs
- Perform security testing
Download The API Security Disconnect – API Security Trends in 2022 for more insights.
4. Protect Your Business from Insider Threats as well as External Threats
In honor of Insider Threat Awareness Month, Ponemon published its 2022 Cost of Insider Threat Global Report. One of the key findings is that the time to contain an insider threat has increased from 77 to 85 days over the past two years, which has led to an increase in threat containment costs.
The average cost has increased 65 percent from 2020, now totaling $4.6 million per incident. Furthermore, the longer it takes to identify and contain an incident, the more it costs. Those that took more than 90 days cost an average of $17.19 million annualized.
Action Items:
Ponemon research shows organizations are taking these steps to mitigate risks from insider threats:
- Using behavior-based tools to detect malicious behavior
- Automating prevention, investigation, containment, and remediation of incidents
- Using AI and machine learning to prevent, investigate, contain, and remediate
- Download the 2022 Ponemon Cost of Insider Threats Global Report
For more security updates and insights on how to protect your business, visit DevPro Journal’s Security resources page.
