• AI-charged cybersecurity and cyberthreats: Artificial intelligence (AI) will boost both attackers and defenders while causing governance issues and learning pains. Read more.
• Next-level cybercrime: Cyberattackers will implement improved skills, “shift left” attacks, and shifting strategies to adjust to evolving cyberdefense. Read more.
• Exploding attack surfaces: Cyberdefense complexity will compound as API, cloud, edge, and OT resources add to the list of assets to defend. Read more.
• Increased action from governments: Expect more government regulations, state-sponsored cyberattacks, and increased documentation required to protect CISOs. Read more.
• Last year’s security issues continue: Weak IT fundamentals, poor cybersecurity awareness, and ransomware will still cause problems and make headlines. Read more.
• Bottom line: Prepare now so you’re ready to manage your team’s risk. Read more.

AI-Charged Cybersecurity & Cyberthreats

For better or worse, the development of artificial intelligence (AI) has continued to accelerate. Various forms of AI, such as machine learning (ML) and large language models (LLM), already dominated headlines throughout 2023 and continue to present both overhyped possibilities and realized potential in 2024. Industry experts recognize that AI will require governance action, cause learning pains, and will be used to both improve and weaken cybersecurity.

AI Governance

Regardless of any positive, negative, or neutral attitudes towards AI, all organizations will need to develop an official stance, develop policies, and apply those policies consistently. Without guidelines, organizations risk unfettered use of AI, risks of data leaks, and no recourse for unethical AI use within the organization.

Sharad Varshney, CEO of OvalEdge, put AI use in a familiar framework. ”The same issue that faces generative AI-based innovations is the same for everything else: all roads in anything IT-related start and end with data — the most critical component of every system,” he said.

“Organizations faced similar security visibility and control challenges with SaaS apps like Box or Dropbox,” added Kunal Agarwal, founder and CEO of dope.security. “Organizations will look to understand what apps employees are using, evaluate whether they should be paid for by the company (to control), accept the risk, or block the app… the company can choose to educate (through a warning page) or block the app entirely.”

“AI-related innovations will create new possibilities we’re not even considering at the moment,” cautioned Manny Rivelo, CEO of Forcepoint. “Moving forward, organizations of all sizes will need to create and expand corporate AI policies that govern how employees can interact safely with AI. And AI security policies will need to extend beyond commercial AI tools to also cover internally-developed GPTs and LLMs.”

For more on governance and policies, check out our article on IT security policies, including their importance and benefits, plus tips to create or improve your own policy. Also consider learning about the top governance, risk, and compliance tools to identify the best one for you.

Dangers of Using AI

As with any emerging technology, many organizations should expect errors and growing pains as teams learn the nuances of applying the technology. Yet these dangers can be offset through training to minimize issues.

Phil Nash, developer advocate at Sonar, cautioned that “successes from using AI tools to write code will lead to overconfidence in the results, and ultimately a breach will be blamed on the AI itself.”

“Before companies can effectively and safely use generative AI tools, employees must be educated on utilizing best practices: writing prompts that achieve desired outcomes, keeping data security and privacy in mind when inputting data, identifying the quality and security of AI, verifying AI output, and more,” said Arti Raman, CEO of Portal26.

AI-Improved Security

Many vendors began marketing AI-enhanced products years ago, and experts see continuing development of AI as an advantage for improved cybersecurity.

Aiden Technologies CEO Josh Aaron predicted that AI will “enhance the effectiveness of software patch management among security professionals [by] leveraging AI for risk assessment and prioritization in patch management [and] a move towards systems that not only detect vulnerabilities but also autonomously determine the best ways to remediate them [by] employing machine learning algorithms.”

Similarly, Mike Anderson, CIO and CDO of Netskope, saw more general benefits. “In the coming year, I think we will see generative AI be used to analyze a company’s existing policies, regulatory requirements, and threat landscape to generate tailored security policies. I also think we will also see generative AI used to continuously monitor a company’s network and systems for policy violations and automatically respond to issues.”

AI-Powered Cybercrime

Despite the advancements in using AI to improve security, cybercriminals also have access to AI and language learning models. Expect cybercriminals to embrace the power of AI to enhance their threat capabilities.

Melissa Bishoping, director and endpoint security research specialist at Tanium, emphasized the importance of personal contact to avoid falling for deepfake scams. “If someone contacts you to perform a personal or professional transaction, it is always better to seek additional verification when you are unable to physically verify the individual over the phone,” she said.

“Often, just hanging up and calling a known, trusted contact number for the ‘caller’ who reached out to you can expose the scam. In business, establishing workflows that rely on more robust forms of authentication that cannot be spoofed by an AI – FIDO2 security tokens, multiple-person approvals and verifications are a good place to start.”

In addition to enabling cyberattacks, AI will also be used to create more believable disinformation to attack both governments and businesses. Andy Patel, researcher at WithSecure, said that “AI will be used to create disinformation and influence operations in the runup to the high-profile elections of 2024. This will include synthetic written, spoken, and potentially even image or video content.

“Disinformation is going to be incredibly effective now that social networks have scaled back or completely removed their moderation and verification efforts,” he added. “Social media will become even more of a cesspool of AI and human-created garbage.”

Next-Level Cybercrime

While cybercriminals have always shown strong adaptability and opportunism, experts expect attackers to further develop their capabilities and strategies throughout 2024. Some attacks will be aided by technology, while others will be more strategic in nature as companies strengthen cyberdefense against older attacks. Threat actor strategies include using the dark web, exploiting development environments, and capitalizing on both old and new vulnerabilities.

Improved Attacker Skills

In addition to the use of AI, we should expect cybercriminals to incorporate their access to dark web information to make attacks much more believable and widespread.

“While AI is still in the early stages of precisely answering questions, it has reached a sophisticated level in generating text in multiple languages, surpassing the well-known limitations of existing translators,” explained Alessandro Di Pinto, Director of Security Research, for Nozomi Networks. “The emergence of AI as a tool for crafting convincing text circumvents [grammar errors], significantly enhancing the likelihood of success in such attacks.”

Deepfakes will likely play a part in this AI-assisted approach to scams, too. “The use of deepfake techniques in fraudulent activities… will elevate the sophistication of phishing fraud, making it increasingly challenging for users to distinguish between legitimate services and scams,” said Ricardo Villadiego, founder and CEO of Lumu.

If AI models have access to dark web data, they’re much more prepared to be convincing. “By training such models with PII data that is readily available on dark web marketplaces, attack lures that are much more personal and enterprise specific can be created at scale,” concluded Eric George, the director of solution engineering for digital risk and email protection at Fortra.

“In addition to being more believable, detection evasion tactics ensure that the attacks only present themselves to the intended target and otherwise “play dead” for detection processes. This combined increase in plausibility and deliverability increases the attacker ROI as well as the damages incurred.”

The ability to detect AI-based attacks, particularly ones that use evasion tactics, will become a critical requirement for security services like EDR.

Cybercrime Shifts Left

As development and operations (DevOps) uses automation to transition to development, security and operations (DevSecOps) attackers find themselves with less human error to exploit. Recent successes with poisoned open-source libraries and other development channels to deliver malware will continue to influence attacks deeper into the development supply chain for both traditional and new technologies.

Mario Duarte, VP of Security at Snowflake, saw that “attackers are now looking for ways in through developer environments, because that’s where human mistakes can still be discovered and exploited, and we’ll unfortunately see this escalate as suspicious actors become increasingly mature in the coming year.

“Because the threats originate in the code, they’re that much more challenging to uproot. “It’s harder for security teams to defend against such attacks, and it’s even more challenging to create baselines for acceptable development activity than for an automated, well-managed production environment,” Duarte said.

Javed Hasan, CEO and co-founder of Lineaje, offered a blunt warning: “The best time to compromise AI is when it is being built.” He claimed it’s most vulnerable during the development phase.

“Like today’s software, AI is largely built using open-source components,” Hasan said. “Identifying who created the initial AI models, what biases are embedded, and which developers were involved with what intentions are crucial for closing gaps in an organization’s security posture.” Least privilege access is critical here — only a few people should be in charge of model development, and they should carefully document their work and be closely supervised.

Dmitry Sotnikov, CPO at Cayosoft, emphasized the effect of attacks on the software supply chain. “In the first half of 2024, we’ve witnessed how consequential software and service supplier downtime can be to businesses and lives dependent on their uptime,” he said.

“The most glaring example is Synnovis, a pathology service whose downtime in June has exposed 400GB of patient information and postponed thousands of London-based outpatient appointments and cancer treatments. The compromise of dealership management system provider CDK effectively crippled 15,000 car dealership operations across the US.”

Sotnikov also addressed the importance of secure identity systems in protecting supply chains. Identity systems are one of the biggest targets for attackers because they provide so much useful data to navigate and access company resources.

“If you are forced to do one thing to improve your resiliency here, the most impactful would be implementing a modern recovery system with a daily tested process to create and test a safe isolated standby replica of your Active Directory,” Sotnikov said about protecting identity systems from attacks. “This would allow you to instantly switch back to the standby, unaffected version of your Active Directory in the event of a successful attack.”

Shifting Strategies in Response to Shifting Security

As cybersecurity teams eliminate vulnerabilities and add security to block current attacks, cybercriminals will adjust to attack easier targets or change tactics. This includes exploiting older vulnerabilities as well as capitalizing on newer strategies. Recently, security researchers have found flaws almost two decades old that threat actors could still exploit if they chose to; they may aim for this low-hanging fruit as well as attacking newer systems.

Ricardo Villadiego, founder and CEO of Lumu, expects passwordless architecture adoption to increase as organizations work to fight phishing campaigns. “However, this disruptive change from traditional models will prompt a change in the focus of phishing campaigns to bypass these new architectures,” Villadiego said.

“In response, adversaries will increasingly target obtaining complex variables from the device’s environment, which they will use to bypass new authentication methods.”

Joe Payne, president and CEO at Code42, believes biometrics will trigger a shift to insider threats. “As organizations quickly adopt technologies like Okta Fastpass, which uses biometrics for authentication instead of passwords… we expect an increase in two areas: breaches caused by social engineering (already on the rise), and breaches caused by Insiders (already over 40% of all breaches).

“Insiders who have legitimate access to source code, sales forecasts and contacts, and HR data continue to take data from organizations when they depart for competitors or start their own companies,” Payne said. “As we reduce the ability of hackers to access our data using weak passwords, the focus on solving the insider problem will become more pronounced.”

Authentication continues to gain importance and technology continues to develop new MFA options and passwordless-options such as passkeys.

Exploding Attack Surfaces

Even as AI turbocharges attack and defense and cybercriminals expand their capabilities, the attack surfaces that security teams need to defend will grow at a rapid pace – well beyond standard network security. New and formerly overlooked technologies and connections will become targeted by specialized cybercriminals seeking poorly defended API, cloud, edge, and OT resources.

API Attacks

Application programming interfaces (APIs) provide automated and regularly trusted connections between applications and resources. Andy Grolnick, CEO of Graylog, cautioned teams about increasing attacks against them.

“In 2023, ransomware is still the dominant threat in the minds of security teams,” he said. “However, 2024 will be the year that API security preparedness and threats gain momentum. Security APIs are a challenge because they are:

• Simple to navigate and an easy attack
• Dark, hidden and hard to track unlike movements on the Web
• Internal responsibility is not always clear and CISOs haven’t largely set strategies and ownership.”

Cloud Risks

The continuing rise in cloud adoption will also expand the attack surface and increase interest for cybercriminals to attack cloud resources. Organizations will need to consider specialized cloud security tools and implement cloud security best practices.

Neeraj Singh, senior security researcher at WithSecure, saw “an increase in activities that introduce new technologies and processes that haven’t been thoroughly secured. Cloud services, with their new interfaces, APIs, and communication channels, offer additional targets for attackers, thereby expanding the potential attack surface.”

“Third-party risk will evolve as a big data-security-related challenge in the coming year as organizations of all sizes continue their transition to the cloud,” said Mike Scott, CISO at Immuta.

“It’s clear teams can’t accomplish the same amount of work at scale with on-prem solutions as they can in the cloud, but with this transition comes a pressing need to understand the risks of integrating with a third party [cloud provider] and [to] monitor that third party on an ongoing basis.

Cloud security has been a hot topic for years, but as more workloads shift to the cloud, the opportunities for threat actors increase. Before migrating data and applications to a third-party provider, teams will need to make sure their business is taking any necessary protective measures before moving the data. This includes asking probing questions about the cloud provider’s security processes.

Chen Burshan, CEO of Skyhawk Security, envisioned a “rise in cloud-native security incidents that have no perimeter and multiple attack vectors. This is going to shift the market perception because enterprises will realize that no matter how thoroughly they secure the perimeter, threat actors will get in,” Burshan said.

“Cloud security posture management and cloud native application protection will not prevent a breach, and it will not detect a threat in real time. This will increase the maturity of current security practices and accelerate the adoption of solutions like cloud investigation and response automation and cloud-native threat detection and response.”

Edge Exposure

Even as attackers pursue API and cloud attacks, more organizations push out computing to edge resources beyond any network controls. While many envision attacks on smart cars and surveillance cameras, servers exposed to the demilitarized zone (DMZ), such as MoveIT servers, also provide tantalizing edge targets.

Stephen Robinson, senior threat intelligence analyst at WithSecure, noted “the recent MoveIT compromise by the ransomware group Cl0p will begin to inspire more mass exploitation campaigns targeting edge data transfer servers in a similar vein. MoveIT was typically used for reliable transfer of large volumes of important files between organizations.

“Cl0p exploited MoveIT servers to gain access to and exfiltrate these important, valuable files,” Robinson said. “For a ransomware group, access to large volumes of valuable data is the end goal; they had no need to go further into the network than the exposed, vulnerable MoveIT servers. I expect to see more copycat attacks where the value is the exploited server itself, not the access it provides to the rest of the network.”

OT Exposure

Operational technology (OT) used to be unconnected and safely ignored by cybersecurity teams. However, the rise of connected industrial motors, sensors, and industrial control systems (ICS) now provides a tempting target with less mature security.

Edgard Capdevielle, CEO of Nozomi Networks, declared, “We’re at risk of the next Colonial Pipeline. Cyber attacks against critical infrastructure are too easy – we’re still vulnerable and unprotected. If this isn’t more widely spoken about or prioritized, there will be another attack on critical operational technology systems within the country, targeting an industry such as oil, energy, hospitals, or airports.”

The ransomware attack on Colonial Pipeline exposed overlooked OT security and the potential disruption to US infrastructure from a single failure. This event subsequently led to an executive order and guidance on ransomware in 2021.

Increased Action From Governments

As technology progresses at a rapid pace and cybercrime strikes out at an ever-expanding landscape of opportunities, governments will attempt to regulate, influence, and exert control over the cyber sphere.

Increasing Regulation

Decades of use and abuse of computer systems led to early regulation, such as Europe’s General Data Protection Regulation (GDPR) adopted in 2016 and California’s Consumer Privacy Act (CCPA) passed in 2018. This year sees the first enforcement of two new laws in the European Union: the Cyber Resilience Act (CRA) and The Network and Information Systems Directive (NIS2).

While the EU leads in regulation, the US will also exert regulatory influence. “In the next year, we expect a regulatory surge that CISOs must prepare for – which could include continued AI regulation, new post-quantum guidance, and, in late 2024, new legislation is expected around Know Your Customer (KYC) guidelines,” cautioned Jordan Avnaim, CISO at Entrust.

“Businesses should consider each of these a call to action to improve not only their own cybersecurity strategies, but also to consider the impact of new technologies, like AI, on their organization and their customers… CISOs and leaders will need trusted advisors, sound support, and secure solutions to successfully and safely forge ahead.”

Matthew Corwin, Managing Director of Guidepost Solutions, added that “security teams must navigate new breach reporting landscapes shaped by the SEC’s four business day rule for material cybersecurity incidents, state PII breach notification laws, and other regulatory requirements.

“These regulations underscore a shift towards rapid, transparent incident disclosure, emphasizing the need for advanced detection, streamlined reporting processes, and comprehensive incident response strategies.”

Incoming regulations have yet to be tested and well understood, but the well-established GDPR and similar regulations can provide a basic understanding of the methods needed for basic compliance requirements.

State-Sponsored Cyber Attacks

Even as administrations launch regulations designed to influence corporate behavior, other governments will sponsor cyberattacks to push their influence. Stephen Helm, product marketing director at Nisos, warned teams about what state-sponsored attacks will look like.

“As geopolitical waters become more turbulent, and with the US election season fast approaching, China, Russia, and Iran promise to redouble their efforts to sow confusion and discord across the globe as they further their own goals of expanded influence,” he said. “The use of sockpuppets, comment spamming, and bots to amplify narratives will continue to evolve to be more difficult to detect, thanks to AI and other tools.”

“Influence operations in Latin America in 2022-2023 demonstrate this evolution. The China News Service used to hijack permissions to invasively access and potentially take over subscribers’ Twitter, Sina Weibo, and Weixin accounts to push pro-Beijing content… Companies offering election manipulation services that leverage fake social media accounts, AI, and other digital assets now operate as legitimate businesses in some parts of the world.”

Over the past two years, attacks by Russia, China, Iran, and North Korea exploited vulnerabilities and created enormous challenges for public and private organizations of all sizes. Reading up on past attacks can provide hints for tactics and the speed at which nation-sponsored attacks can occur.

Increased Need for Regulatory Documentation

In addition to regulations and direct government actions, experts expect more enforcement from the US Security and Exchange Commission (SEC) and other agencies on recently passed legislation or rules. Cybersecurity teams need to improve documentation to defend themselves and their teams.

Nicole Sundin, CPO of Axio, predicted that “CISOs will need a system of record to protect themselves from the fallout of breaches. It’s no secret that the SEC now holds CISOs accountable for the risks organizations take. Currently, CISOs … make difficult choices, and act as they see necessary—but these may or may not be documented.”

Matt Wiseman, Senior Product Manager of Opswat, extended the warning to documenting third parties and the software bill of materials (SBOM). “Greater requests for SBOMs and more demand to understand tools at a deeper level will lead to increased requirements from regulatory organizations or government agencies,” Wiseman said.

“Given the growing concern for threats from vendors, third-parties, or nation-states, all software will be more thoroughly vetted before being deployed in critical areas.”

Last Year’s Cybersecurity Issues Continue

Some 2024 predictions simply acknowledge the continuing trends that started well before this year. The trends of weak security foundations, poor cybersecurity awareness, and ongoing ransomware attacks remain a major focus until these trends can be mitigated.

Weak Security Foundations

Even as vendors and technologies race ahead to tackle next year’s threats, many organizations lag in basic cybersecurity fundamentals such as asset management, identity, access management, defense in depth, and cybersecurity awareness and training.

“Some of the foundational requirements for securing an organization will continue to challenge InfoSec leaders – primarily, establishing comprehensive visibility into all assets and tight control over who can access them and with what level of privileges,” said Vinay Anand, Chief Product Officer of NetSPI.

Yaron Kassner, co-founder and CTO of Silverfort, added that “compromised identities will remain a favored weapon for cybercriminals. Countless organizations struggle to modernize their access systems amidst legacy constraints and a tangled web of identity providers.” It’s challenging to streamline access security when different teams have been using different strategies over decades. 

“We are beginning to see a shift in cybersecurity investment strategies that better reflect the current threat landscape,” said Roman Arutyunov, co-Founder and SVP of products at Xage Security. 

“Companies are recognizing that threat hunting and responding to endless detections and false positives uses too much of their precious security resources and they’re growing tired of chasing needles in a haystack. They are now turning their attention to reducing the attack surface by proactively protecting their assets.”

Poor Cybersecurity Awareness

Just as sexual harassment and anti-bias training continue to be a human resources priority, basic cybersecurity training must also become a regular fixture in the professional landscape.

Frank Gartland, chief product and technology officer from Skillable, reminded security teams that “eight-in-ten cyber-attacks occur due to human error, so providing people with regular cybersecurity training can make a significant difference to your cyber resilience.”

Nick Carroll, cyber incident response manager at Raytheon, noted an even broader need for a security culture. “Without a solid security culture at the foundation, security tools, such as expensive firewalls or endpoint detection and response (EDR), will ultimately become ineffective down the line,” he explained.

“If organizations haven’t already, they must begin to build cybersecurity awareness among employees and third-party partners, while also determining the best path for how to integrate security into the organization’s culture and operations.”

Continued Ransomware Attacks

Ransomware began dominating headlines during the pandemic and has only continued to be a problem. Desperate organizations, against the advice of law enforcement, continue to pay ransoms and fuel interest for cybercriminals.

Raffaele Mautone, CEO and founder of Judy Security, anticipated trouble for even small and medium-sized businesses. “Ransomware attacks will continue to diversify their targets, expanding beyond large enterprises to encompass small and medium-sized businesses, municipalities, and healthcare institutions. This trend will lead to a surge in attacks on SMBs, who may be more vulnerable due to limited cybersecurity resources.”

Kev Breen, director of cyber threat research at Immersive Labs, recommends preparing for the worst. “We should expect to see ransomware groups leveraging new techniques in endpoint detection and response (EDR) evasion, quickly weaponizing zero days and as well as new patched vulnerabilities, making it easy for them to bypass common defense strategies.

“As a result, security teams can’t rely on an old security playbook. Companies should not worry about how they can detect everything, and instead just assume at some point it will go badly [and] have plans in place to best respond.”

Ransomware requires access to endpoints to strike. While advanced attackers will seek novel evasion tactics, we can’t make their job easy by deploying sloppy cyberdefense. Consider implementing strong endpoint protection (antivirus, EDR, or XDR) as one of many layers of defense against ransomware and other attacks.

Ransomware has become a popular topic for media and podcasts. If you’re interested in hearing more about major security trends, check out our guide to the best cybersecurity podcasts for both amateurs and experts.

Bottom Line: Prepare Now Based on Risk

Predictions by experts deliver value only if acted upon. While none of these major trends for 2024 can be guaranteed, all of them are possible, and the continuing headaches already plague many organizations today.

Each organization must analyze each trend’s specific risk to the organization and its most valuable assets. The completed analysis will naturally define the trends most likely to cause issues and the ones most urgent to address.

For resources to help manage the risks your organization has identified, read our article on the best tools for risk management.

The post 5 Key Cybersecurity Trends to Know in 2024 appeared first on eSecurity Planet.

This blog provides a quick and easy guide on how to use Bitdefender VPN on any device you may have to ensure security and protection.

Features of Bitdefender VPN

Secure web browsing on public Wi-Fi, unfettered access to material across locations, and security against data theft are just a few of the important features of Bitdefender VPN. Thanks to its extensive network of servers in different countries, users may easily circumvent geo-restrictions and access material regardless of location.

Learn about some of the most common types of network security protections, how they work, and the top products and services to consider in each category.

Using BitDefender on Windows

Improving online privacy and security is as easy as installing Bitdefender VPN on Windows. Click on the product page, go to Bitdefender Central, or use your Bitdefender security solution to acquire the Bitdefender VPN app. A version of Windows that is more recent than Windows 7 with Service Pack 1 is necessary.

Installing from the Product Page

1. Open the installer page on the computer where you want to install Bitdefender VPN.
2. When asked, save the Bitdefender installation to your computer.
3. Launch the installation by double-clicking the bitdefender_vpn file you saved.
4. Once the User Account Control dialog box appears, choose Yes.

5. Wait for Bitdefender VPN to download all the necessary files.
6. Once the download is complete, pick your desired language from the installer’s drop-down box.

7. After reading and agreeing to the Subscription Agreement, tick the applicable box and click START INSTALLATION.

8. Wait until the VPN has finished installing on the hard disk.

9. After the installation, SIGN IN to your Bitdefender Central account using your username and password.
   
   Note: If you do not already have an account, please create one.

10. If you do not have an active Bitdefender Premium VPN subscription in your Bitdefender account, you have three options:
    1. Click on Start now to begin a 7-day trial of Bitdefender VPN, which includes access to all premium features.
    2. Select Upgrade now to get Bitdefender Premium VPN. 
    3. To begin using your Bitdefender Premium VPN membership, click Use it here, input the code from your purchase email, and click Activate code.

Bitdefender VPN is installed and ready to use.

Installing via Bitdefender Central

Bitdefender Central also lets you install the Bitdefender VPN software.

1. Log in to your Bitdefender Central account on the computer you wish to install the VPN on.
   
   Note: Please create an account if you do not already have one.

2. Select Install Bitdefender Products from the Bitdefender Central homepage.

3. You will see all of the Bitdefender subscription items in a new window that opens. Click the Install button on the VPN panel within this window.

4. Choose Download to save the Bitdefender installer.

5. Once the download is done, open the file named bitdefender_windows_[…] to start the installation.

6. From the User Account Control dialog box, select Yes.

7. Wait until all the necessary files are downloaded.
8. Once complete, choose the language from the drop-down menu on the installer.

9. Read and agree to the subscription agreement, check the corresponding box, and click START INSTALLATION.

10. Let the VPN finish installing, then SIGN IN to your Bitdefender Central account with your username and password.

11. If you do not have an active Bitdefender Premium VPN subscription in your Bitdefender account, you have three options:
    1. Click on Start now to begin a 7-day trial of Bitdefender VPN, which includes access to all premium features.
    2. Select Upgrade now to get Bitdefender Premium VPN. 
    3. To begin using your Bitdefender Premium VPN membership, click Use it here, input the code from your purchase email, and click Activate code.

Bitdefender VPN is installed and ready to use.

Installing via Bitdefender Security Solution

You may install Bitdefender VPN with the security solution if you already have Bitdefender Total Security, Bitdefender Internet Security, or Bitdefender Antivirus Plus installed on your Windows PC.

1. Select Privacy from the Bitdefender interface’s left sidebar.
2. Select Install VPN from the VPN toolbar.
3. After you’ve read the subscription agreement in the popup that describes the VPN program, click Install Bitdefender VPN.
4. After completing the steps in this guide, Bitdefender VPN will be installed on your Windows PC.

Using BitDefender on MacOS

When installing Bitdefender Antivirus for Mac, it is necessary to have an updated version of MacOS Sierra (10.12). This helps ensure more robust network security for your Mac.

Installing from the Product Page

1. Open the installer page on the Mac where you want to install Bitdefender VPN.
2. Save the bitdefender_vpn file on your Mac when prompted.

3. When the download is ready, double-click the bitdefender_vpn to begin the installation.

4. Follow the on-screen instructions, then click the Continue button.

5. Click Agree after you have read and agreed to the software license agreement terms.

6. Click Install.

7. Enter an administrator username and password, click Install Software, and wait until the installation completes.

8. Wait until you receive a pop-up indicating a blocked system extension. Click Open System Settings (or Open Security Preferences on earlier macOS versions).

9. Click Allow, then input an administrator name and password to unlock settings.

Note: On earlier macOS versions (High Sierra 10.13 to Monterey 12), first click the padlock in the bottom left corner of the Security & Privacy window, enter an administrator name and password, and then click the Allow button.

10. Launch Bitdefender VPN using the small shield-shaped icon in the upper-right corner of your Mac’s screen.
    
    Upon launching the application for the first time, you’ll be prompted to either sign in or create a Bitdefender account if you don’t have one.

11. If you do not have an active Bitdefender Premium VPN subscription in your Bitdefender account, you have three options:
    1. Click on Start now to begin a 7-day trial of Bitdefender VPN, which includes access to all premium features.
    2. Select Upgrade now to get Bitdefender Premium VPN.
    3. To begin using your Bitdefender Premium VPN membership, click Use it here, input the code from your purchase email, and click Activate code.

You’re done! Bitdefender VPN is installed and ready to be used.

Installing via Bitdefender Central

1. Log in to your Bitdefender Central account on the Mac you wish to install the VPN.
   
   Note: Please create an account if you do not have one.

2. On the Bitdefender Central homepage, click Install Bitdefender Products.

3. From the window displaying the Bitdefender subscription products, press Install, which is located in the VPN panel.

4. Choose Download to save the installer to your Mac.

5. Once the download is done, double-click the bitdefender_[…] file to start the installation.

6. Follow the on-screen instructions, then click Continue.

7. Read and agree to the subscription agreement, and click Agree.

8. Click Install.

9. Enter an administrator username and password, click Install Software, and wait until the installation completes.

10. Wait until you receive a pop-up indicating a blocked system extension. Click Open System Settings (or Open Security Preferences on earlier macOS versions).

11. Click Allow, then input an administrator name and password to unlock settings.

Note: On earlier macOS versions (High Sierra 10.13 to Monterey 12), first click the padlock in the bottom left corner of the Security & Privacy window, enter an administrator name and password, and then click the Allow button.

12. Launch Bitdefender VPN using the small shield-shaped icon in the upper-right corner of your Mac’s screen.
    
    Upon launching the application for the first time, you’ll be prompted to either sign in or create a Bitdefender account if you don’t have one.

13. If you do not have an active Bitdefender Premium VPN subscription in your Bitdefender account, you have three options:
    1. Click on Start now to begin a 7-day trial of Bitdefender VPN, which includes access to all premium features.
    2. Select Upgrade now to get Bitdefender Premium VPN.
    3. To begin using your Bitdefender Premium VPN membership, click Use it here, input the code from your purchase email, and click Activate code.

You’re done! Bitdefender VPN is installed and ready to be used on your Mac.

Installing via Bitdefender Antivirus for Mac

If Bitdefender Antivirus for Mac currently protects your Mac, you may install Bitdefender VPN using the security solution.

1. On the left sidebar of the Bitdefender interface, click the Privacy icon.
2. In the VPN tab, click Install.

You’re done! Bitdefender VPN is installed and ready to be used on your Mac.

Using BitDefender on Android

1. Open the Google Play Store on your Android smartphone or tablet.
2. In the search bar at the top, type bitdefender vpn, then tap Enter or the search icon.

3. In the search results, tap on the Bitdefender VPN app. It should be published by “Bitdefender.”

4. On the app’s details page, tap Install. It will start downloading and installing.

5. Once the installation is complete, tap Open to launch the Bitdefender VPN app.

6. When you open the app for the first time, you’ll need to sign in or create a Bitdefender account if you don’t have one.

7. Check the small box and tap Continue after you read and agree with the subscription agreement & privacy policy.

8. If you do not have an active Bitdefender Premium VPN subscription in your Bitdefender account, you have three options:
   1. Click on Start now to begin a 7-day trial of Bitdefender VPN, which includes access to all premium features.
   2. Select Upgrade now to get Bitdefender Premium VPN. 
   3. To begin using your Bitdefender Premium VPN membership, click Use it here, input the code from your purchase email, and click Activate code.

Activation

To activate the subscription, go to the email you received after buying Bitdefender Premium VPN and click ACTIVATE SUBSCRIPTION.

Alternatively, you can activate the subscription directly from the VPN interface:

1. Input your username in the top right corner of the Bitdefender VPN app.
2. Tap your email and then tap Have an activation code?
3. Enter the activation code from the purchase email and click Activate code.

You’re done! Bitdefender VPN is now successfully installed and activated on your Android device.

Using BitDefender on iOS

1. On your iPhone or iPad, open the App Store app.
2. In the search bar at the top, type bitdefender vpn and then tap the search key.

3. In the search results, tap the Bitdefender VPN app. It should be published by “Bitdefender SRL.”

4. On the app’s details page, tap the cloud icon with an arrow pointing down. The app will start downloading and installing.

5. Once the installation is complete, tap Open to launch the Bitdefender VPN app.

6. When you open the app for the first time, you’ll need to sign in or create a Bitdefender account if you don’t have one.

7. Check the small box and tap Continue after you read and agree with the subscription agreement & privacy policy.

8. At this point, if the Bitdefender Premium VPN subscription isn’t already active in your Bitdefender account, tap on ‘x’ in the top left corner.

9. Tap Continue, then choose whether or not you want to receive Bitdefender VPN notifications.

Activation

To activate the subscription, go to the email you received after buying Bitdefender Premium VPN and click ACTIVATE SUBSCRIPTION.

You’re done! Bitdefender VPN is now successfully installed and activated on your iOS device.

Bottom Line: Bitdefender Provides Added Protection and Security

The need to safeguard personal information and preserve privacy is growing in light of the ever-changing nature of cyberthreats. Whether at home, on public Wi-Fi, or overseas, Bitdefender VPN encrypts your internet connection and keeps your online activities private and safe. It’s a dependable and easy-to-use solution.

The post How to Use BitDefender VPN on Any Device: 2024 Tutorial appeared first on eSecurity Planet.

This unprecedented scale of data exposure highlights the vulnerabilities inherent in our interconnected world and the immense value placed on personal information by cybercriminals. The fallout from this breach has the potential to ripple through societies globally, with far-reaching consequences for individuals, businesses, and governments alike.

What We Know of the NPD Breach

NPD is an online background check and fraud prevention service that gathers information from various sources, including public record databases, court records, and state and national repositories.

A complaint filed in the U.S. District Court claims that NPD experienced a data breach around April 2024, alleging the following:

• Sensitive data, such as full names, current and previous addresses (going back at least 30 years), Social Security numbers, and details about family members, including some who have been deceased for nearly two decades, were compromised.
• The company allegedly obtained this information from non-public sources without the consent of the person filing the complaint or the potentially billions of others affected by the data collection. 

NPD reportedly had a legal and ethical responsibility to protect and secure this information from unauthorized access and breaches, a duty it allegedly failed to uphold.

The Scale of the Breach

The sheer magnitude of this data breach is almost incomprehensible. With an estimated 2.9 billion records compromised, it dwarfs previous data breaches in scale and scope. For perspective, the global population is 8.2 billion, meaning this breach potentially affects nearly half of the world’s population. The implications of such massive data exposure are far-reaching, potentially impacting individuals, businesses, and governments globally.

The industries and sectors affected by this breach are equally vast. Given the nature of the stolen data, the financial sector will likely be a prime target for cybercriminals. However, the repercussions extend beyond finance, as this data can be used for various fraudulent activities, from identity theft to medical fraud.

Who Is Behind the NPD Breach?

Typically, regulations require companies to promptly report data breaches, informing customers through emails, news reports, and sometimes notifications to state attorneys general. However, in this instance, no such notifications were sent to potential victims, and no records of filings with state attorneys general were found.

The primary plaintiff uncovered the breach after receiving an alert from their identity theft protection service, which indicated that their personal information had been compromised in the “nationalpublicdata.com” breach. This highlights another way people might learn about a data breach before the company involved discloses it — through identity theft protection services.

Moreover, in June, The Register reported that a hacker group called USDoD claimed responsibility for hacking the records of nearly 3 billion individuals, putting them up for sale on the dark web for $3.5 million. The group asserted that these records included personal data from U.S., Canadian, and British citizens.

How to Protect Yourself From Data Breaches?

There are many ways to prevent data breaches and stay safe from them. Here are a few things that you can do to ensure your safety:

1. Use Strong, Unique Passwords

Weak passwords are easy for hackers to guess or crack, especially if they’re common or reused across multiple sites.

When creating passwords, use at least 12 characters, combining uppercase and lowercase letters, numbers, and special symbols. Steer clear of using easily guessed details like your name or birthdate. Using a password manager can help you generate and store complex passwords without remembering each one.

2. Enable Multi-Factor Authentication (MFA)

Even if your password is compromised, MFA adds an extra layer of security by requiring a second verification form, such as a code sent to your phone or generated by an authentication app.

Activate multi-factor authentication on all accounts where it’s available, especially on email, banking, and social media platforms. This can typically be done in the account settings under the security section. Choose a convenient but secure method, like an app-based authenticator rather than SMS, which can be vulnerable to SIM-swapping attacks.

3. Sign Up for Identity Theft Protection

Identity theft protection services monitor your personal information across the web, including the dark web, and alert you to any signs of misuse. They often include insurance and recovery assistance if your identity is compromised.

Research and choose a reputable identity theft protection service that fits your needs. These services typically offer continuous monitoring, alerts for suspicious activity, and support for recovering from identity theft. Some even monitor your Social Security number, email addresses, and more.

4. Use Encryption

Encryption ensures that your data is unreadable to anyone who doesn’t have the decryption key. This is crucial for protecting sensitive information from being intercepted or accessed by unauthorized parties.

Use encrypted messaging apps like Signal or WhatsApp for private communications. Enable full-disk encryption for files stored on your devices, often built into modern operating systems (e.g., BitLocker for Windows and FileVault for Mac). Additionally, consider using encrypted cloud storage services to store sensitive documents.

5. Keep Your Software Updated

Software updates often come with bug fixes for security vulnerabilities that attacks might exploit. Running outdated software increases the risk of being targeted by malware or other attacks.

Enable automatic updates on your operating system, web browser, and apps whenever possible. Regularly check for updates to any software that doesn’t automatically update, including antivirus programs, firewalls, and other security tools. Updating firmware on devices like routers and smart home gadgets is also important.

6. Be Wary of Phishing Scams

Phishing attacks trick you into giving away personal information or installing malware by posing as legitimate contacts or companies. These scams can be highly convincing and are a common way for hackers to access your accounts.

Always double-check the sender’s email address, especially if you receive an unexpected message asking for personal information. Also, don’t click on links or download attachments from suspicious sources.

7. Freeze Your Credit

Freezing your credit prevents new accounts from being opened in your name, which can help stop identity thieves from using your personal information to take out loans or open credit cards.

Contact each of the major credit bureaus (Equifax, Experian, and TransUnion) to place a freeze on your credit. This is usually free and can be done online or over the phone. If you need to apply for new credit, you can temporarily lift the freeze and reapply it afterward.

Also, stay informed about the current data breaches and cybersecurity news to take immediate action and protect your information if necessary. Subscribe to cybersecurity news sources or set up Google Alerts for terms like “data breach” or “identity theft.” When you hear about a breach involving a service you use, consider changing your passwords immediately — and monitor your accounts closely.

Learn how to use password managers to further strengthen your cybersecurity posture and stay safe from data breaches.

The post 2.9 Billion Records Exposed in NPD Breach: How to Stay Safe appeared first on eSecurity Planet.

In March 2024, Microsoft reported the discovery to OpenVPN through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR). Now, Microsoft researchers have uncovered multiple vulnerabilities within OpenVPN that could potentially be exploited to gain unauthorized access to systems. These vulnerabilities severely threaten the security of millions of users worldwide who rely on OpenVPN for their online privacy and data protection.

The Discovered Vulnerabilities

Microsoft’s research uncovered a series of critical vulnerabilities within OpenVPN. When exploited in combination, these flaws could grant attackers unfettered access to target systems.

• Remote Code Execution (RCE): One of the most severe vulnerabilities discovered allows malicious actors to execute arbitrary code on a compromised system. This could enable them to install malware, steal data, or take complete control of the affected device.
• Local Privilege Escalation (LPE): Another critical issue identified was a local privilege escalation vulnerability. While requiring initial access to a system, this flaw could be leveraged to elevate an attacker’s privileges, granting them extensive control over the machine.

Here are the four discovered vulnerabilities:

1. CVE-2024-1305

Microsoft discovered a vulnerability in the “tap-windows6” project, which involves the development of the Terminal Access Point (TAP) adapter used by OpenVPN. The device.c file in the project’s src directory contains the code for the TAP device object and its initialization.

In the device.c file, the CreateTapDevice method initializes a dispatch table object with callbacks for methods that manage various Input/Output Controls (IOCTLs) for the device. One of these methods is TapDeviceWrite, which handles the write IOCTL.

The TapDeviceWrite method performs several operations before ultimately calling TapSharedSendPacket. This method, in turn, invokes NdisAllocateNetBufferAndNetBufferLists twice. In one case, it calls this function with the fullLength parameter.

2. CVE-2024-27459

The second vulnerability Microsoft discovered is in the communication mechanism between the openvpn.exe process and the openvpnserv.exe service — these components communicate through a named pipe.

The openvpnserv.exe service continuously reads the message size from the openvpn.exe process in an infinite loop and processes the received message by calling the HandleMessage method. The HandleMessage method retrieves the size from the infinite loop and then casts the read bytes to the appropriate type based on this size.

This communication mechanism is flawed because reading a user-specified number of bytes into an n-byte structure on the stack can result in a stack overflow vulnerability.

3. CVE-2024-24974

The third vulnerability involves unauthorized access to an operating system resource. The openvpnserv.exe service creates a new openvpn.exe process in response to user requests it receives via the \\openvpn\\service named pipe. This vulnerability allows remote access to the named service pipe, allowing an attacker to interact with and execute operations on the service remotely.

4. CVE-2024-27903

Finally, Microsoft discovered a vulnerability in OpenVPN’s plugin mechanism that allows plugins to be loaded from various paths on an endpoint device. Attackers can exploit this behavior to load malicious plugins from these different locations.

How Attackers Can Exploit These Vulnerabilities

Microsoft stated that attackers could exploit at least three of the four discovered vulnerabilities to achieve RCE and LPE. These vulnerabilities can be combined to create a potent attack chain.

However, several adjustments are necessary to exploit the full attack chain. Specifically, the malicious payloads designed to crash openvpnserv.exe and those that simulate openvpnserv.exe behavior after the crash must be loaded using the malicious plugin.

Once LPE is achieved, attackers might use techniques such as Bring Your Own Vulnerable Driver (BYOVD) or exploit other known vulnerabilities to gain more control over the endpoint. This could involve disabling Protect Process Light (PPL) for critical processes like Microsoft Defender or bypassing and interfering with other essential system processes. Such actions enable attackers to evade security measures, manipulate core system functions, and solidify their control while remaining undetected.

Potential Impact

Successful exploitation of these vulnerabilities could lead to catastrophic data breaches. Sensitive personal information, financial data, and corporate secrets could fall into the wrong hands, resulting in identity theft, financial fraud, and reputational damage.

Also, the aftermath of a data breach can be financially devastating. Organizations may face hefty costs associated with incident response, legal fees, and remediation efforts. Individuals might face costs for identity theft recovery and credit monitoring.

Beyond data loss, attackers can gain complete control over compromised systems, allowing them to install ransomware, disrupt operations, or use the system as a launching pad for further attacks.

The Patch

In response to the critical vulnerabilities discovered, OpenVPN swiftly released a patch to address these security flaws. OpenVPN versions earlier than 2.5.10 and 2.6.10 are susceptible to known vulnerabilities. Check if you’re running an affected version, and if so, promptly apply the necessary patch available for OpenVPN 2.6.10.

To further minimize the risk of exploitation, consider these additional steps:

• Ensure that all devices in your network are updated with the latest patches from the OpenVPN website.
• Disconnect OpenVPN clients from the internet and keep them on a separate network segment.
• Restrict access to OpenVPN clients to authorized users only.

You can further reduce risks by enforcing proper network segmentation, requiring strong usernames and passwords, and limiting the number of users with write access.

Importance of Endpoint Security in Private & Enterprise Sectors

Given OpenVPN’s widespread use across different vendors, industries, and sectors, the vulnerabilities identified can affect various devices and environments, making vulnerability management hard. Exploiting these vulnerabilities demands user authentication, a thorough understanding of OpenVPN’s internal mechanisms, and intermediate OS knowledge. However, successful exploitation could have severe consequences for both private and enterprise endpoints.

An attacker could use a vulnerable version of OpenVPN to execute a multi-stage attack on a device, potentially gaining complete control over it. This level of control could lead to the theft of sensitive data, data tampering, or even the destruction of critical information, posing significant risks to both personal and business environments.

Discovering these vulnerabilities highlights the crucial need for responsible disclosure and the importance of securing enterprise and endpoint systems. It also underscores the collective efforts required from the security community to safeguard devices across diverse platforms and enhance protections for everyone.

Learn how you can integrate your endpoint security with network security solutions to improve protection and provide unified administration for full coverage against multiple threats.

The post Microsoft Discovers Critical OpenVPN Vulnerabilities appeared first on eSecurity Planet.

A class-action lawsuit has been filed against CrowdStrike, alleging that the company misled investors about the robustness of its software testing procedures. The plaintiffs contend that the outage directly resulted from inadequate testing, leading to a precipitous drop in CrowdStrike’s stock price and wiping out billions of dollars in market value. As the legal battle unfolds, the implications for CrowdStrike’s reputation as a cybersecurity leader and its financial stability hang in the balance.

The Outage & Its Impact

The CrowdStrike software update in July triggered a global IT cataclysm of unprecedented proportions. Millions of computers across diverse sectors, from finance and healthcare to aviation and retail, were rendered inoperable. The ripple effects were immediate and devastating. Airlines grounded flights, banks halted transactions, and hospitals faced critical delays in patient care. The digital backbone of modern society was abruptly severed.

The financial toll of the outage is staggering. Businesses of all sizes suffered significant revenue losses due to downtime. Industries reliant on real-time operations, such as trading and e-commerce, bore the brunt of the impact. Beyond the immediate financial losses, the reputational damage to businesses forced to suspend services is incalculable. CrowdStrike itself, ironically one of the leading cybersecurity firms, faced a crisis of confidence as its core product caused widespread disruption.

The Lawsuit: A Test of Cybersecurity Confidence

The fallout from the July outage has extended far beyond operational disruptions. A class-action lawsuit, filed on behalf of aggrieved shareholders, has cast a long shadow over CrowdStrike. At the heart of the legal battle are allegations of misleading investors about the rigor of the company’s software testing processes. According to the plaintiffs, insufficient quality control led to the catastrophic outage — a claim that could reshape the cybersecurity landscape.

The lawsuit underscores a growing concern about the reliability of critical infrastructure software. As organizations increasingly rely on complex digital systems, the potential consequences of failures are magnified. The CrowdStrike incident emphasizes the risks inherent in rapid software development cycles and the importance of robust testing protocols.

The Counterpunch

Faced with a barrage of criticism and legal action, CrowdStrike has mounted a vigorous defense. The company has steadfastly denied the allegations of negligence and has asserted that the outage was an isolated incident resulting from an unforeseen technical issue. CrowdStrike has emphasized its commitment to product quality and has outlined the steps it has taken to prevent a recurrence.

While acknowledging the disruption caused by the outage, the company has also pointed to the complexity of modern IT environments and the potential for unforeseen vulnerabilities and challenges. CrowdStrike has sought to shift some of the blame to affected organizations, suggesting that their response to the incident could have mitigated its impact.

How to Prevent & Mitigate Large-Scale Outages

The CrowdStrike incident is a stark reminder of the potential consequences of inadequate system resilience. Organizations must prioritize a robust and proactive approach to risk management to prevent and mitigate such catastrophic outages.

Robust Testing Procedures

Rigorous testing is the cornerstone of preventing system failures. Comprehensive testing regimes, including stress tests, penetration testing, and vulnerability assessments, can identify and address potential weaknesses before they escalate into major incidents. Proactive identification and remediation of vulnerabilities are crucial to enhancing system resilience.

Incident Response Plans

A well-defined incident response plan is essential for effective crisis management. Such plans should outline clear communication protocols, escalation procedures, and recovery strategies. Regular training and drills can ensure that staff is prepared to respond swiftly and efficiently during an outage.

Redundancy & Failover Systems

Implementing redundant systems and failover mechanisms is a critical step in mitigating the impact of system failures. Organizations can minimize downtime and ensure business continuity by having backup systems in place. Redundancy should extend to critical components to provide multiple layers of protection.

Continuous Monitoring & Alerting

Real-time monitoring of system performance is essential for early detection of anomalies. Advanced analytics can be employed to identify potential issues before they escalate into major incidents. By proactively addressing emerging problems, organizations can prevent outages from occurring.

Employee Training

From clicking on malicious links to inadvertently sharing sensitive information, employees can unknowingly introduce vulnerabilities into an organization’s systems. 

A well-trained workforce is a valuable asset in preventing and mitigating outages. Comprehensive incident response, troubleshooting, and system recovery training can equip employees with the skills needed to handle cybersecurity crises effectively. Fostering a culture of preparedness and continuous learning is essential for maintaining a high level of system resilience.

By investing in these areas, organizations can significantly reduce the risk of experiencing catastrophic outages and build a more resilient IT infrastructure.

CrowdStrike Outage: A Watershed Moment for Cybersecurity?

The CrowdStrike outage and subsequent legal battle mark a watershed moment for the cybersecurity industry. The incident has exposed vulnerabilities in the software development lifecycle and highlighted the critical need for robust testing and risk management. As organizations become increasingly reliant on complex digital systems, the stakes of failure continue to rise.

The outcome of the lawsuit will have far-reaching implications for the cybersecurity industry. If shareholders prevail, it could lead to increased regulatory scrutiny and a shift in the balance of power between software vendors and their customers. Regardless of the legal outcome, the incident is a serious reminder of the importance of building resilient and trustworthy cybersecurity solutions.

The road to recovery for CrowdStrike will be long and arduous. Regaining the trust of customers and investors will require transparency, accountability, and a demonstrated commitment to preventing future incidents. The broader cybersecurity industry must also learn from this experience and implement best practices to mitigate the risk of similar catastrophes.

Learn how you can create a vulnerability management policy, including policy best practices, required sections for a policy, and a free policy template, to fortify your cybersecurity defenses.

The post CrowdStrike Class Action Lawsuit for Massive Software Outage appeared first on eSecurity Planet.

Career Paths in Cybersecurity

The security industry has a number of career paths, with slightly different focuses and levels of leadership. A few highlights include analysts, engineering roles in networking, IT system administration, pentesting, and leadership roles.

Information Security Analyst

Analysts play a largely strategic role. While they might find themselves in the trenches, hunting and eradicating threats, their main responsibility is monitoring information systems, researching threats, and developing cohesive strategies to eradicate those threats. This includes:

• Watching event logs: Security analysts examine event logs for normal trends that indicate a stable environment and anomalies that could indicate a threat or vulnerability.
• Monitoring alerts: Analysts might be responsible for checking security alerts, along with other members of a department, to identify which are truly an issue.
• Examining reports: An analyst needs to be comfortable looking at reports and dashboards, drawing conclusions from those reports, noticing overall trends, and suggesting valid prevention methods.

An information security analyst could expect to earn between $90,000 and $240,000, considering prior work experience and the location of the role. Eventually, analysts may be expected to carry a lot of strategic weight within a security team or IT department.

Network Engineer

Network engineers and software engineers focused mainly on networking are responsible for the operations of a business network, as well as securing them. This role includes:

• Setting firewall rules: Network engineers, usually administrative ones, configure rules for accepting and rejecting traffic on the network to protect its resources.
• Helping to configure ports and routers: This network hardware needs to be properly set up to transmit data packets between the network.
• Testing networks and connected systems: Engineers should test the security of their networks, including completing regular audits.

Senior network engineers will have similar tasks, but with more responsibilities and potential leadership opportunities.

Salaries for network engineer roles range from around $87,000 to $183,000 annually, depending on the employee and the company location. Senior network engineers can expect to make more than entry network engineer roles for a particular location, potentially between $120,000 and $245,000 per year.

System Administrator

System administrator roles often appear in IT departments, but often system admins play a major part in a business’s cybersecurity strategy, particularly if the business doesn’t have a dedicated security team. Sysadmin roles can involve:

• Setting up networks and IT systems: These leaders manage setup processes for hardware, software, network connections, and user permissions.
• Managing team members: System admins are often responsible for leading IT and security teams.
• Overseeing security controls: System administrators typically set security rules or delegate those jobs to their direct reports.

System admins can expect to make between $69,000 and $177,000 annually, depending on location, company, and experience in the field.

Penetration Tester

Penetration testers and other types of ethical hackers improve organizations’ security infrastructures by acting like threat actors to attack systems, move laterally, and access data. Pen testers give their clients actionable information about their networks and IT systems so those users can further secure their systems.

Penetration testers and ethical hackers’ tasks can include:

• Finding testing assignments: Pentesters, either internal or external, are given a specific network, system, or entire infrastructure to hack and may have a specific area to target.
• Identifying weaknesses: These professionals are responsible for finding vulnerabilities and exploiting them as much as possible.
• Making mitigation recommendations: Some pentesters may also provide a list of suggestions for clients to patch and mitigate the vulnerabilities they found in their work.

Penetration testers can expect to make between $90,000 and $190,000, depending on experience and role location. Some freelance or contract pentesters might make closer to $50,000-$60,000 when starting their career, but a couple years of experience will give them more financial opportunities.

Security Director

A director of cybersecurity, or potentially a director of IT who oversees security, manages all security initiatives within their organization. These initiatives are often strategic but can include basic tasks like setting firewall restrictions.

A cybersecurity director’s job includes:

• Managing team members: Directors delegate tasks and the overall security posture of the team. Depending on the size of the company and team, a director’s direct reports may also have direct reports.
• Handling budgets: A director is responsible overall for managing the financial expenses of a security team and coordinating that with the business’s overall budget.
• Spearheading compliance efforts: A cybersecurity director leads regulatory compliance within the organization, ensuring that data processing and storage meet global, regional, and industry expectations.

The range of a security director’s salary is significant, starting around $59,000 annually and increasing up to $430,000. As always, location and experience affect these ranges. Job titles to look for include cybersecurity director and information security director.

To see what experts in the industry work on and live with day-to-day, look at our suggestions for the best cybersecurity Twitter accounts to follow.

6 Tips to Get Started in Cybersecurity

If you’re considering a career in security, I recommend earning certifications, taking available community courses, and using vendor resources. Additionally, look at opportunities within your own organization and consider the skills you already have that lend themselves to security.

Earn an Online Security Certification

The internet makes it easy to kickstart your learning without traveling to a physical classroom. However, the vast amount of content online also opens the door to training programs that potential employers may not view as legitimate. Steer clear of that unwanted outcome by researching courses from companies and organizations with well-known name value. Examples of legitimate and respected courses include:

• IBM Cybersecurity Analyst Professional Certificate: This is an entry-level option for people without previous experience in the industry, offered through the online learning platform Coursera.
• SANS Undergraduate Certificate in Applied Cybersecurity: This program, which offers a fully online option, is for undergrads or any student who already has at least two years of college credits.
• CompTIA Security+ Certificate: Earned through a course and exam process, this famous certification tests people on the foundational skills needed to begin their cybersecurity careers.
• Certified Information Systems Security Professional (CISSP) course: This free CISSP course from freecodecamp.org can help you prepare for a certification exam without having to pay for the preparatory work.

Also check out courses that teach skills to improve cybersecurity at enterprises. FutureLearn is geared toward people without experience or those looking for a refresher course.

Learn more about the best cybersecurity certifications for potential security employees.

Enroll in Community College Classes

A growing number of community colleges are offering cybersecurity classes to address the severe shortage of skills in the industry. Some community college programs even have accompanying apprenticeship and internship programs.

• Washington, DC: The George Washington University’s Cybersecurity Boot Camp is a 24-week program for learning security online that gives students networking opportunities and has a partnership with CompTIA.
• Arizona: Mesa Community College offers multiple certificates, including cloud and network administration, that students can earn aside from associate degrees.
• Virginia: The Virginia Community College System offers students short-term training that can lead to third-party industry credentials or up to two years to earn an associate’s degree.
• Colorado: Years ago, the Community College of Denver received a $250,000 federal grant and used it to create 1,600 IT and cybersecurity apprenticeships from March 2020 through March 2024.

These are just a few examples, so look for similar opportunities in your own area and see what’s available. Although it’s sometimes possible to get real-world experience outside of a community college, finding prospects independently is harder. Community college coordinators and other education professionals can use their existing networks to help you.

Programs like this have helped existing security professionals get their start, including Lynn Dohm, executive director of non-profit organization Women in Cybersecurity (WiCyS). “My journey into cybersecurity began with an NSF-funded grant at Moraine Valley Community College,” she said. “Look for programs, internships, or entry-level positions that provide a solid foundation and introduce you to various aspects of cybersecurity.”

The more you can learn about different facets of the industry, the more you’ll understand about security, and the more options you’ll have when deciding the best roles for you.

If you want to immerse yourself in the security world to see if you really want to work in the industry, check out our list of the top cybersecurity podcasts. These range from serious to lighthearted and will give you a real-world idea of what happens in security.

Check Out Vendor-Provided Content

Well-known vendors in the cybersecurity space often provide free training to people without previous experience. Keep in mind that learning company-specific content could cause a steeper learning curve if you end up working for an employer that uses a different brand. In many cases, companies base the material around the products they sell.

That said, vendor-provided courses can be an excellent way to get a foothold in the industry:

• Cisco Networking Academy: This program provides complimentary, mobile-first content on numerous tech topics, and the cybersecurity pathway prepares learners for jobs through vendor-agnostic material.
• Varonis beginner security courses: These give students CPE credit and include PowerShell and Active Directory essentials and incident response.
• Palo Alto Networks courses: PA provides courses like Fundamentals in Cloud Security and Fundamentals of Security Operations Centers.

A number of tech giants have pledged money and support for cybersecurity training as part of a Biden Administration push after the Colonial Pipeline ransomware attack in 2021. It’s possible the number of free or affordable courses will continue to increase in the next five years.

Pay Close Attention to Unique Practical Opportunities

Certifications and college courses are great, but they’re not the only way to gain experience in cybersecurity. If you’re looking for strategies to learn more, consider getting more hands-on and practice useful practical skills.

This is what Ilan Mindel, chief product and technology officer at ThriveDX, recommended for potential job hunters. “Engaging in activities such as setting up and managing a home lab environment, participating in capture-the-flag (CTF) competitions, and contributing to open-source security projects can provide invaluable experience,” he said.

Mindel also mentioned the importance of getting involved in security communities to learn more from professionals around you. “Networking with industry professionals and joining cybersecurity communities, both online and offline, can open doors to mentorship opportunities and job prospects,” he said.

“Attending conferences, webinars, and local meetups can help you stay informed about the latest trends and technologies while building a robust professional network.”

You might be surprised at the opportunities that arise if you connect with others, ask to attend meetings, and speak in-person with those who are already in the industry. They’ll have valuable insights to provide.

Consider Moving Laterally Within Your Current Workplace

Perhaps you already have a tech-based role at your current employer and have previously shown interest in cybersecurity. In such cases, it’s worth checking to see if you could move to a different role or department in your current company. If you already have a somewhat technical background, your employer may even pay for a continuing education opportunity, such as a cybersecurity boot camp program that gives fast-paced coverage of the foundational skills.

If your company has an existing cybersecurity department or team you want to join, consider asking your supervisor for cross-training or mentorship programs. For example, Women in Cybersecurity has a mentorship program for people at all levels of their careers. It’s a 12-month commitment, with mentors and mentees meeting in a virtual setting at least once a month.

Chris Campbell, chief information officer at DeVry University, highlights upskilling as a way to differentiate yourself from other potential candidates. “Companies are upskilling existing employees with core skill sets because cybersecurity, in general, is quickly becoming everyone’s responsibility,” Campbell said. “The weakest link in most cybersecurity situations is people. Therefore, everyone must be upskilled in understanding cybersecurity at some level.

“Not everyone needs to know how to be a cybersecurity engineer or a forensic analyst, but everybody can leverage a stronger understanding of cybersecurity, common attacks, and things they can do to protect themselves, their company, family, and friends.”

Employers often like it when workforce members look for existing gaps and put themselves forward to fill them, including problem-solving current security issues within the company. Maybe you have an upcoming supervisor check-in meeting and want to talk about your career goals. If so, it could be the perfect time to bring up your cybersecurity interest and explore ways to start your career in the field.

To familiarize yourself with current patterns in the industry, read our guide to the top cybersecurity trends, including growth in AI and advanced cybercrime.

Maximize Your Existing Skills

It’s important to understand basic security concepts and how IT environments work, but don’t overlook the other abilities that could make you a standout candidate or a promising security professional. Individuals with other abilities can succeed in security too, according to Campbell.

“Many of the core skills required are things like logical thinking, learning agility and pattern recognition,” Campbell said. “For instance, years ago people talked about how trained musicians would make pretty good cybersecurity analysts due mainly to pattern recognition.”

You have to be able to first recognize those abilities in yourself and utilize them well. But Cambell holds that security pros are open to individuals from other fields, as long as they can bring new and creative insights to the position.

“Cybersecurity is a technical field, and it can seem a little complicated for some people. But the reality is, we all have everyday skills, things we do in our job, that translate well to cybersecurity,” Campbell insisted. “Businesses and organizations are not just looking for computer science majors. We are having to think about other ways to fill these types of roles and think outside the box.”

Tools & Resources for Beginning Your Career

If you’re considering launching a career in security, first evaluate all the resources you currently have. These include free courses, potential certifications, and connections with professionals within the industry. The following list is a set of resources, some mentioned above, that you can consider when starting or changing your career:

• Free EC-Council courses for beginners
• Courses and certificates gathered by edX 
• Compiled courses from Udemy 
• IBM Cybersecurity Analyst Professional Certificate
• CompTIA Security+ Certificate
• ISC2 Certified Cloud Security Professional certificate

If you’re considering using multiple resources, choose the ones that will best support your career goals. For example, if you’re interested in cloud security, check out ISC2’s cloud security professional certification. It’s also valuable to take courses on a couple different security topics so your knowledge is more well-rounded.

Frequently Asked Questions (FAQs)

What Are Some Reasons to Start a Cybersecurity Career?

The security industry is an incredibly important one because of the role it plays in defending IT environments. A security job requires quick thinking, analytical and predictive skills, and the desire to protect critical data and systems. A huge part of overall global operations, from corporations to individual homes, depends on safe networking, endpoint connections, and telecommunications. The entire industry is in high demand, and so are skilled employees.

Aside from high demand and a potentially lucrative career, security is an easy world to become passionate about because it involves protecting important assets. Sometimes that just means IT systems; but in certain cases, it can extend much further, like working in the healthcare field and protecting patient data and medical devices. If you’re looking for a meaningful career path, this is a great place to start.

Where Should Beginners Start in Cybersecurity?

If you’re a complete beginner with no technical experience, I recommend doing some reading and watching demos to make sure you understand the basic reasons security is so important. Gain a general understanding of attackers’ methods and preventative tactics. Understand the differences between network, endpoint, and application security, as well as the ways they connect to each other.

Reading will only take you so far, however. If you can apprentice with an IT or security expert or find an internship with a vendor, you’ll get more practical experience. Then you’ll better be able to visualize preventative and detective processes.

Is It Hard to Enter the Cybersecurity Industry?

It doesn’t have to be difficult to learn about security technologies, especially if you already have a somewhat technical background. But getting the role you want, especially a high-paying or management role, could be more challenging. This also depends on your skill sets, the companies you’re looking at, what they’re looking for in employees, and the area you live in.

In general, gaining experience, interning with experts, and learning technologies and tricks can be a matter of reaching out to people and taking advantage of free opportunities.

Bottom Line: Starting a Cybersecurity Career Requires Identifying Your Strengths

To begin a career in a new field, you must understand the basics of the industry and why it’s so important, but you also need to identify how your own abilities can best help the industry. Then you market yourself to companies based on those strengths. In cybersecurity, finances, data, and occasionally people’s health are affected by how successful cyberattacks and protective measures are. If you’re passionate about protecting those, you can succeed in the industry.

Next, read about protecting business networks and what that task involves, including network security controls and different network layers.

The post How to Get Started in Cybersecurity: Steps, Skills & Resources appeared first on eSecurity Planet.

Airlines grounded flights as crucial check-in and flight management software malfunctioned, stranding passengers and throwing travel plans into disarray. Banks faced a similar predicament, unable to process transactions or access vital data, leaving customers frustrated and businesses in limbo. Communication channels — the lifeblood of modern collaboration — went silent as platforms like Teams and Outlook became inaccessible.

This tech meltdown served as a stark reminder of our dependence on technology and the potential consequences of system failures.

Timeline of Events: What, When & How?

The tech turmoil began on Friday with a trickle of reports on social media. Users worldwide started experiencing issues accessing Microsoft services like Teams, Outlook, and OneDrive. Exasperation mounted as reports snowballed, indicating a widespread outage.

“Users may be unable to access OneDrive for Business content. We’re rerouting affected traffic out of the impacted infrastructure while we continue to investigate the cause of the issue,” stated Microsoft, acknowledging the problem at first instance.

Microsoft was quick to address the problem, tracing the culprit to a faulty update from CrowdStrike, a popular cybersecurity platform integrated with Windows. This update triggered the dreaded Blue Screen of Death (BSOD) error, causing computers to abruptly restart and rendering them unusable. The impact was immediate and severe, with businesses and organizations facing disruptions to critical operations.

Widespread Disruptions: Who (& What) Was Affected?

The outage transcended geographical boundaries, affecting users and businesses across the globe. India’s Computer Emergency Response Team (CERT-In) classified the outage as critical, highlighting its widespread impact.

The ripples of the Microsoft outage spread far and wide, impacting various sectors that rely heavily on digital infrastructure. Here’s a closer look at the domino effect:

• Business standstill: Businesses of all sizes were thrown into disarray. Communication channels like Teams and Outlook went silent, hindering collaboration and internal communication. File sharing and access through OneDrive became unavailable, stalling workflows and productivity. Financial institutions faced disruptions, with banks struggling to process transactions and access data. Stock exchanges also experienced delays as trading activities were hampered.
• Travel turmoil: The aviation industry wasn’t spared. Airlines, such as United, Delta, and American Airlines, faced significant disruptions as check-in systems and flight management software malfunctioned. This resulted in flight delays and cancellations, leaving passengers stranded and travel plans in disarray. Some airlines handed hand-written boarding passes to passengers. 

The outage wasn’t just an inconvenience; it caused significant financial losses for businesses and hampered productivity. Missed meetings, delayed deliveries, and frustrated customers were just some of the consequences.

Root Cause & Resolution

As mentioned, it was CrowdStrike’s update, intended to enhance network security, that backfired. Microsoft, understandably facing a global crisis, scrambled to contain the situation. Its initial response focused on acknowledging the issue, isolating the cause, and rolling back the patch error. 

Technicians worked diligently to restore services and ensure system stability. CrowdStrike, on the other hand, issued a public apology for the inconvenience caused by their malfunctioning software update. It assured users that they were collaborating with Microsoft to prevent similar incidents in the future.

“I want to sincerely apologize directly to all of you for today’s outage. All of CrowdStrike understands the gravity and impact of the situation. We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority,” said George Kurtz, CrowdStrike Founder and CEO.

Thankfully, the story doesn’t end on a disruptive note. By Friday evening, most Microsoft services were back online, with functionality restored for business and individual users across the globe. Communication channels reopened, access to files and applications resumed, and businesses could gradually return to normalcy.

Potential Long-Term Effects

The Microsoft outage, while seemingly resolved, is a wake-up call for businesses and individuals alike. The immediate impact of the outage, such as lost productivity and travel disruptions, is undeniable. However, the long-term effects may be more nuanced.

One potential concern is data loss. While major cloud service providers like Microsoft have robust disaster recovery plans, the outage raises questions about potential data vulnerabilities during system failures. Businesses may need to re-evaluate their data backup strategies and ensure redundancy to minimize the risk of data loss in future outages.

Another long-term effect could be a heightened awareness of cybersecurity risks. The outage originated from a faulty security update, highlighting the delicate balance between robust security and system stability. Businesses may need to invest in more rigorous testing procedures for security updates before deploying them widely.

Finally, the outage underscores the critical role of cloud service reliability. Businesses heavily reliant on cloud-based applications may want to reconsider their service providers and prioritize uptime guarantees.

Lessons Learned: Preventing Future Outages

The Microsoft outage serves as a valuable learning experience for businesses, individuals, and tech giants. Here are some key takeaways to prevent similar disruptions in the future:

1. Robust testing procedures: The faulty CrowdStrike update highlights the importance of rigorous testing procedures before deploying software updates on a large scale. Businesses and tech companies should invest in thorough testing methodologies to identify and address potential bugs before they impact users.
2. Data backup strategies: The outage raises questions about data security during system failures. Businesses need comprehensive data backup strategies to ensure redundancy and minimize the risk of data loss. Regularly backing up critical data to secure cloud storage can provide a safety net in case of future outages.
3. Diversification of services: Businesses that heavily rely on a single cloud service provider should consider diversification. Utilizing services from multiple vendors can offer a degree of redundancy and mitigate the impact of outages from any single provider.

During outages, clear and timely communication is crucial. Microsoft’s prompt acknowledgment of the issue and ongoing updates helped manage user frustration. Businesses should establish clear communication protocols to keep users informed during disruptions.

Learn how to manage cloud security effectively to strengthen your online security and further improve your cloud security management strategies.

The post CrowdStrike’s Faulty Update Triggers Global Microsoft Outage appeared first on eSecurity Planet.

The rise of cyberthreats has emerged as a major concern for NATO and its member states. Malicious actors in cyberspace can wreak havoc on critical infrastructure, steal sensitive data, and disrupt essential services.

Recognizing the growing urgency of this challenge, NATO took a bold step forward during its July 2024 summit by announcing the establishment of a groundbreaking new institution: the NATO Integrated Cyber Defence Centre (NICC). This state-of-the-art center signifies a critical shift in NATO’s approach to defense, placing cyberspace at the forefront of its collective security efforts.

The Rising Threat of Cyberattacks

Cyberattacks are becoming more prevalent and complex, with hackers constantly finding new ways to exploit vulnerabilities in your computer systems. These attacks are not just increasing in frequency but also in sophistication, making them harder to detect and defend against.

Recent incidents like the Colonial Pipeline attack, which disrupted fuel supplies across the Eastern United States, highlight the potential damage cyberattacks can cause to critical infrastructure. Similarly, the SolarWinds supply chain attack compromised numerous organizations through a seemingly trusted software update, demonstrating the expanding reach of cyberthreats.

Cyberattacks can be used for various malicious purposes. They can be tools for espionage, allowing attackers to steal sensitive information. They can be used for disruption, causing chaos and economic damage by shutting down critical services. In extreme cases, cyberattacks can even be used as a form of warfare, crippling a nation’s infrastructure and security systems.

Our growing reliance on technology makes us increasingly vulnerable to these attacks. As cyberthreats evolve, robust defenses and international cooperation are crucial to protecting ourselves in the digital age — NATO just realized that.

NATO’s Response: The NATO Integrated Cyber Defence Centre (NICC)

The NATO Integrated Cyber Defence Centre represents a significant step forward in bolstering the collective cyberdefense capabilities of the alliance. It will be physically located at NATO’s strategic military headquarters at SHAPE in Mons, Belgium, ensuring close collaboration with NATO’s military leadership and facilitating a swift response to cyberthreats.

The NICC will be a collaborative effort, bringing together a diverse team of experts. Civilian and military personnel from across NATO member states will form the core, leveraging their unique expertise in cyberdefense strategies and tactics. Additionally, the NICC will incorporate industry specialists, drawing upon the knowledge and experience of the private sector in cutting-edge cybersecurity technologies and threat analysis.

The NICC’s functionalities are multifaceted. First and foremost, it will play a critical role in enhancing situational awareness in cyberspace. By gathering and analyzing intelligence from various sources, the NICC will provide NATO with a comprehensive picture of the evolving cyberthreat landscape, enabling proactive measures to be taken against potential attacks.

Secondly, the NICC will work towards improving collective resilience and defense against cyberattacks. It will involve developing standardized defense protocols, sharing best practices among member states, and facilitating joint cyberdefense exercises. By working together, NATO countries can create a more robust and coordinated front against cyberthreats.

Finally, the NICC aims to promote a secure and stable cyberspace based on international norms. It includes advocating for responsible behavior in the information superhighway and working with global partners to establish clear rules of engagement.

While the specific details of the NICC’s structure and operations are still being finalized, it is expected to be fully operational by or before 2028.

The Significance of the NICC

The establishment of the NICC signifies NATO’s commitment to adapting to the evolving security landscape and safeguarding its member states. Here’s how the NICC will play a significant role:

• Strengthening NATO’s collective defense: By enhancing situational awareness and facilitating coordinated responses, the NICC can significantly bolster NATO’s ability to defend against cyberattacks targeting critical infrastructure or military systems. It strengthens collective defense and deters potential adversaries.
• Fostering international cooperation on cyberdefense: The NICC’s collaborative nature, with experts from member states and industry, fosters global cooperation. Sharing best practices, threat intelligence, and coordinated defense strategies will create a more unified front against global cyberthreats.
• Setting standards for a more secure cyberspace: The NICC’s focus on promoting responsible behavior and international standards in the digital frontier can lead to a more stable digital environment. By advocating for clear rules of engagement, the NICC can contribute to establishing a safer online sphere for all nations, not just NATO members.

However, the NICC is not without potential challenges. Information sharing between member states with varying security protocols and national interests might be an obstacle. Additionally, coordinating effectively across different military and civilian agencies within NATO will be crucial for the NICC’s success. Overcoming these challenges will determine how effectively the NICC can achieve its goals.

The Future of Cyberdefense

By fostering collaboration, enhancing situational awareness, and promoting international norms, the NICC positions NATO to effectively counter the evolving cyberthreat landscape.

The fight against cyberthreats extends beyond military alliances. Global cooperation on cyber norms, spearheaded by organizations like the United Nations, is crucial for establishing a global framework for responsible behavior in cyberspace. Additionally, public-private partnerships are essential to securing critical infrastructure. Collaboration between governments and the private sector allows for the sharing of expertise and resources to strengthen defenses across all sectors.

The cyberthreat landscape is constantly evolving. New vulnerabilities are discovered, and attackers develop ever-more sophisticated tactics. The NICC, along with ongoing international initiatives, represents a critical step in the right direction. However, cybersecurity is an ongoing battle, not a one-time victory. Continued vigilance, adaptation, and collaboration are essential to staying ahead of cyberthreats and ensuring a secure digital future.

Learn about the best vulnerability management software to ensure that you’re well-equipped to deal with new and unknown vulnerabilities.

The post NATO Announces New Integrated Cyber Defence Centre appeared first on eSecurity Planet.

While the news of the leak sparked worry among users, Shopify has denied experiencing a security breach within its own systems. It claims the data loss originated from a third-party app integrated with the platform, but details surrounding the specific app remain unclear. This lack of transparency adds another layer of concern to the situation.

Details of the Data Leak: Emergence, Type & Culprit

The data leak first came to light in early July 2024 when a user known as “888” posted information on a hacking forum. This information supposedly originated from Shopify and included details on a significant number of customers. While the exact date of the breach remains undisclosed, the emergence of the data on the forum raised alarms and prompted investigations.

The leaked data reportedly contained a range of sensitive user information, including basic details like names, email addresses, and phone numbers. More concerning is the potential exposure of purchase history data.

Information like order count, total spent, and potentially even subscription details could be included. Such type of data can be incredibly valuable for online businesses, allowing for targeted marketing campaigns and personalized sales strategies. In the wrong hands, it could be used for fraudulent purchases or earmarked phishing scams aimed at exploiting user trust.

According to Shopify, the blame for the data leak falls on a third-party app integrated with its platform. Third-party apps offer a wide range of functionalities and features to Shopify stores, but they also require access to user data to function. While Shopify hasn’t revealed the specific app responsible for the leak, this raises concerns about the vetting process for such apps and the security measures they have in place to protect user data.

Impact of the Leak on Users

The potential consequences of this data leak for affected Shopify users can be significant. 

Exposed personal information like names, emails, and phone numbers can be used for identity theft. Criminals could use this data to open new accounts in the victim’s name, take out loans, or make fraudulent purchases.

Also, phishing emails and messages often rely on a sense of familiarity to trick users into clicking malicious links or revealing personal information. With access to real names and email addresses, attackers can craft highly targeted phishing attempts that appear legitimate, increasing the risk for unsuspecting users.

Beyond individual users, the leak can also impact businesses that rely on Shopify. Leaked customer data can disrupt marketing strategies and damage customer trust. Businesses may also face regulatory fines depending on the nature of the data exposed. Moreover, the lack of clarity regarding the specific app involved can be a major source of anxiety for Shopify users, making it difficult to assess the full scope of the situation and take appropriate precautions.

Shopify’s Response & User Concerns

Shopify’s statement in response to the data leak that the incident resulted from a vulnerability within a third-party app integrated with its platform has raised several concerns among users.

The lack of transparency makes it difficult for users to determine if their data was exposed and hinders their ability to take necessary security measures. Placing the blame solely on a third-party app can be seen as an attempt to deflect responsibility. Users may question the security protocols in place for vetting and monitoring third-party apps on the Shopify platform.

Also, the lack of information and the potential security lapse have understandably caused frustration and a sense of distrust among Shopify users. Many users are likely left wondering what steps Shopify is taking to address the situation and ensure the security of their data in the future.

Third-Party Apps & Security Risks

The reliance on third-party apps within e-commerce platforms like Shopify presents a growing concern when it comes to user data security. These apps offer a wide range of functionalities, from marketing automation tools to payment gateways. However, their functionality often hinges on access to user data, creating a potential security vulnerability.

Every third-party app integrated with a platform expands the potential attack surface for malicious actors. If a vulnerability exists within a third-party app, hackers can exploit it to gain access to user data stored on the platform.

When you install a third-party app, you grant it access to specific data points. You must understand what data is being accessed and for what purpose. Additionally, the onus falls on app developers to implement robust security measures to protect this entrusted data.

The responsibility doesn’t solely lie with app developers. E-commerce platforms like Shopify also have a role to play. Stringent vetting procedures should be in place to evaluate the security practices of third-party apps before allowing them access to user data. Additionally, ongoing monitoring of these apps can help identify and address potential vulnerabilities.

Recommendations for Users & Businesses

If you’re an individual user, change your password on Shopify immediately and consider using a strong, unique password for all your online accounts. Password managers can be helpful for creating and managing complex passwords. Also, keep an eye on your bank statements and credit reports for any unauthorized activity. Early detection can minimize potential financial losses.

If you’re running a business, review the third-party apps integrated with your Shopify store. If the specific app responsible for the leak is identified, remove it immediately. Consider the security practices of all your remaining apps and prioritize those with a strong reputation for data security.

Open and honest communication with customers is vital during a data leak. If needed, businesses should inform customers about the incident, the potential impact, and the steps they’re taking to address the situation. Data security should be a top priority for any e-commerce business — robust security practices within the store and additional measures like data encryption can further protect customer information.

Learn how you can use enterprise password managers to fortify your cyber defenses against any such incidents — and which ones are the best.

The post Shopify Blames a Compromised Third-Party App for Data Leak appeared first on eSecurity Planet.

Website security is paramount in today’s digital age. That little lock icon in your browser address bar signifies a secure connection, protected by an SSL/TLS certificate. These certificates act as digital passports, verifying a website’s identity and encrypting communication between your browser and the site.

Google Chrome, with its dominant market share in web browsing, plays a crucial role in maintaining online security standards. The recent announcement regarding Entrust certificates raises concerns about the safety of millions of websites and the user experience.

Why the Distrust? A Look at Entrust’s Certificate Issues

Google’s decision to distrust Entrust certificates isn’t a sudden move. According to the Google Security Blog, the Chrome team has observed “a pattern of compliance failures” by Entrust over the past few years, including delayed revocations, unmet improvement commitments, and lack of transparency.

When a security issue is discovered with a specific certificate, it needs to be revoked promptly to prevent misuse. Entrust has been criticized for delays in revoking compromised certificates. Also, Entrust reportedly made promises to address security concerns but failed to deliver on those commitments. At last, transparency is crucial in the world of CAs. Audits revealed a lack of confidence in Entrust’s certificate issuance practices, raising red flags for Google.

These ongoing issues led Google to conclude that Entrust certificates no longer meet the security standards required for Chrome’s trusted root store. Chrome won’t be blocking any website, though. 

Impact on Users and Website Owners: Warnings, Not Blockades

While the headlines might scream “millions affected,” it’s not quite that dramatic.

Starting November 1, 2024, Chrome will display security warnings when users visit websites with Entrust certificates issued after October 31, 2024. Such warnings can be confusing and deter users from accessing trusted websites.

Website owners can easily check if their website is affected by using the Chrome Certificate Viewer. Here’s how:

1. Open Chrome and navigate to your website.
2. Click the tune icon in the address bar.
3. Select “Connection is secure” and then “Certificate is valid.”
4. The Chrome Certificate Viewer will display details about the website’s certificate, including the issuing CA.
5. If the “Issued by” field mentions “Entrust” or “Affirm Trust” and the certificate expires after October 31, 2024, your website will be impacted by Chrome’s distrust.

Malicious actors could exploit this situation by creating fake websites with valid certificates (issued before November) to trick users into thinking they’re secure.

What Can Website Owners Do?

The security warnings from Chrome will typically appear as a red exclamation mark next to the lock icon in the address bar, accompanied by a message like “The connection is not secure.” Chrome will offer options to proceed despite the warning (not recommended unless absolutely necessary) or to exit the website.

Don’t panic upon encountering a security warning, but exercise caution. Double-check the website address for typos and ensure it matches what you intended to visit. Bookmark frequently visited sites.

If your website uses an Entrust certificate set to expire after October 31st, you need to act before November 1st. The process involves obtaining a new certificate from a different trusted CA. Many reputable CAs exist, so explore your options and choose one that aligns with your needs.

The Importance of Trusted CAs & Choosing a New One

Imagine a world where anyone could create a fake ID and impersonate a trusted institution. That’s essentially what could happen in the wild west of the internet without trusted certificate authorities. CAs act as gatekeepers, verifying a website’s identity and issuing SSL/TLS certificates that vouch for its legitimacy.

Such certificates are crucial for establishing secure connections and building user trust. Google’s decision to distrust Entrust certificates highlights the importance of choosing reputable CAs with robust security practices.

Trusted CAs undergo thorough audits to confirm their compliance with stringent industry standards. These standards are often outlined in programs like the Chrome Root Program Policy. This policy, established by Google, defines the requirements CAs must meet to be included in Chrome’s trusted root store. The program policy emphasizes secure certificate issuance procedures, vulnerability management, and timely revocation of compromised certificates.

The good news is there are plenty of reputable CAs available. While making a choice, look for a CA with a proven track record of security and reliability. Consider factors like validation levels (domain validation, organization validation, extended validation) and customer support options when making your choice. Also, pricing models and offered features can vary. Choose a plan that meets your budget and website needs.

Seek help from web hosting providers or IT professionals if needed. Resources like the Google Security Blog post announcing the change and online guides comparing different Certificate Authorities can help you navigate this transition. Don’t wait until the last minute to ensure a smooth transition for your website visitors.

The Road Ahead

Google’s decision to distrust Entrust certificates sets a precedent for stricter enforcement of the Chrome Root Program Policy. This could potentially impact other CAs in the future if they fail to meet evolving security standards. It also rekindles the debate about centralized control of trust by large corporations. Google’s actions prioritize user security, but fostering competition and a healthy balance within the CA ecosystem remains crucial.

This decision is a significant development in the ongoing battle for online security. While the immediate impact might be warnings on websites, it underscores the importance of robust security practices within the CA ecosystem.

For users, a healthy dose of caution when encountering unexpected security warnings is key. Website owners, on the other hand, should view this as an opportunity to reassess their security posture and choose a trusted CA that prioritizes user safety. Ultimately, this move by Google has the potential to strengthen online security for everyone involved.

Learn more about the different types of cloud security management in our detailed guide to get a better idea of how you can strengthen your online security.

The post Chrome to Block Entrust Certificates in November 2024 appeared first on eSecurity Planet.