Tag: Layer | SpinSafe

A Single Flaw Broke Every Layer of Security in MacOS

August 12, 2022/in Computer Security

Every time you shut down your Mac, a pop-up appears: “Are you sure you want to shut down your computer now?” Nestled under the prompt is another option most of us likely overlook: the choice to reopen the apps and windows you have open now when your machine is turned back on. Researchers have now found a way to exploit a vulnerability in this “saved state” feature—and it can be used to break the key layers of Apple’s security protections.

The vulnerability, which is susceptible to a process injection attack to break macOS security, could allow an attacker to read every file on a Mac or take control of the webcam, says Thijs Alkemade, a security researcher at Netherlands-based cybersecurity firm Computest who found the flaw. “It’s basically one vulnerability that could be applied to three different locations,” he says.

After deploying the initial attack against the saved state feature, Alkemade was able to move through other parts of the Apple ecosystem: first escaping the macOS sandbox, which is designed to limit successful hacks to one app, and then bypassing the System Integrity Protection (SIP), a key defense designed to stop authorized code from accessing sensitive files on a Mac.

Alkemade—who is presenting the work at the Black Hat conference in Las Vegas this week—first found the vulnerability in December 2020 and reported the issue to Apple through its bug bounty scheme. He was paid a “pretty nice” reward for the research, he says, although he refuses to detail how much. Since then Apple has issued two updates to fix the flaw, first in April 2021 and again in October 2021.

When asked about the flaw, Apple said it did not have any comment prior to Alkemade’s presentation. The company’s two public updates about the vulnerability are light on detail, but they say the issues could allow malicious apps to leak sensitive user information and escalate privileges for an attacker to move through a system.

Apple’s changes can also be seen in Xcode, the company’s development workspace for app creators, a blog post describing the attack from Alkemade says. The researcher says that while Apple fixed the issue for Macs running the Monterey operating system,…

Source…

Transport Layer Security (TLS): Issues & Protocol

July 28, 2022/in Mobile Security

Transport layer security (TLS) is the modern version of the now-deprecated secure socket layer (SSL) protocol. Due to multiple vulnerabilities within SSL, organizations require a more robust protocol to coincide with the increasing number of web-based technologies. For example, unlike SSL, TSL allows you to negotiate encryption on regular ports and protocols such as IMAP and POP. This enables secure communication over a wide range of ports and protocols.

This has led to TLS becoming the standard practice for transmitting data between web clients and servers. This cryptographic protocol secures your data with a layer of encryption as it is transmitted over the internet.

While TLS provides enhanced security in most situations, it still has its share of attacks by cybercriminals trying to gain access to an organization’s confidential data. It is important to learn how malicious actors use TLS to introduce malware, how these attacks infiltrate environments—with references to some well-known examples—and how Trend Micro Cloud One™ – Workload Security uses zero-config TLS inspection across data to protect your organization from malicious actors.

Various TLS Attack Methods

TLS is used to encrypt web and email communications, giving you an advantage over cybercriminals looking to access your data while in transmission. Since TLS is encrypted, there is a high chance that the information sent via the connection is not being inspected. This creates an attack vector for malware and can provide attackers access to your network without being blocked.

It is important to shine a light on the most notable TLS attacks and explore up-to-the-minute solutions.

Man-in-the-Middle (MITM) Attacks

This significant threat to organizations involves a malicious element “listening in” on communications between parties. These types of cyberattacks compromise data being sent and received, as interceptors don’t just have access to information but can also input their own data.

An example of a MITM attack is active eavesdropping. By taking advantage of a weakened network, often unsecured based on lack of a firewall or due to using a device outside of a professionally-managed environment,…

Source…

For SMBs, Microsoft offers a new layer of server protection

July 25, 2022/in Computer Security

Do you run a small business with on-premises servers?

Chances are, you rely on technology that includes servers, whether they’re Windows- or Linux-based. With that in mind, Microsoft recently announced it’s previewing “server protection for small business” — bundling the offering with Microsoft Defender for Business.

This is noteworthy because until now, most Endpoint Detection and Response (EDR) solutions have been expensive and typically only deployed by larger enterprises. (EDR is an integrated, layered approach to endpoint protection that combines real-time continuous monitoring and endpoint data analytics with rule-based automated response.)

As Microsoft notes in the blog post announcing the move:

“The Microsoft Defender for Business servers experience delivers the same level of protection for both clients and servers within a single admin experience inside of Defender for Business, helping you to protect all your endpoints in one location.”

Currently users can activate a trial for each server through the Microsoft 365 Defender security portal (which also recommends security settings to make your servers more secure). When Microsoft officially releases the product, it will cost $3 per server, per month. If you are a Microsoft 365 for Business customer, you can begin a trial and see what impact deploying it to your servers will have.

There are several ways to onboard servers; you can use local scripts, group policy, or Configuration manager. One of the easiest ways to try out the new offering is to use the script process. First, turn on preview offerings by going to https://security.microsoft.com, go to Settings > Endpoints > General > Advanced features > Preview features. (Here’s a more direct link.)

In the navigation pane, choose Settings > Endpoints, and then under Device management, choose Onboarding. Now select an operating system, such as Windows Server 1803, 2019, and 2022, and in the Deployment method section, choose Local script. Note: for these newer systems, you only need run this script; no other installation steps are required. Simply run the command line as an elevated command. (If you don’t provide the onboarding script…

Source…

Chrome Android Incognito Mode Adds Extra Layer of Security | PIN, Face Unlock, or Fingerprint Access

August 13, 2021/in Mobile Security

Urian B., Tech Times

13 August 2021, 03:08 am

(Photo : Image from Pexels) Chrome Android Incognito Mode Adds Extra Layer of Security | PIN, Face Unlock, or Fingerprint Access

Chrome Android incognito mode is adding an extra layer of security with PIN, face unlock, or even fingerprint access. The new feature highlights ways that can improve users’ security through their phone when accessing incognito mode.

Google Incognito Mode

According to the story by SlashGear, private browsing, otherwise known as incognito mode, is one of the very basic forms of privacy protection mechanisms existing in web browsers today. Although it can sometimes be mistaken for complete privacy protection, incognito mode actually only makes sure that the user won’t leave any traces of their activity on the browser itself.

The protection, however, can be considered quite pointless if there is already someone else that holds the users’ phone and the browser is left open. This is why Google has now been working on another re authentication mechanism for its incognito mode scheduled to come to Android pretty soon.

PIN or Biometric Authentication

Physical access to a particular device will almost always make security features quite moot. This is especially true when the users’ phone is already unlocked. Incognito mode can also be rendered useless when the tabs are already opened within the browsers’ background. Google allows complete search history deletion despite not even using incognito mode.

All that it would take is for an unauthorized user to simply switch everything back to it in order to see what the original user has been secretly browsing. Another lock for the incognito mode would add an extra layer of security. This is presumably if users already have enabled their PIN or biometric authentication on their device.

Chrome Android Canary Version

Chrome Story reports that a brand new flag in Chrome for Android’s very own development Canary version will add exactly that. Once the flag has reportedly been enabled and Chrome has finally been restarted, a brand…

Source…

Tag Archive for: Layer

Google Incognito Mode

PIN or Biometric Authentication

Chrome Android Canary Version