Hi there,
Know anyone who sidesteps password protection?
We naturally tend to keep things simple, and reusing “yourpet’sname123” as a password is pretty universal.
Passwords exist because they were easy to implement 30 years ago when many users accessed one system or computer. Now, passwords make less sense while many users access many systems, including computers, websites, and apps, from many places.
We’ve complicated logging in even further with authenticator apps that many people can’t seem to get behind.
Dive into an exploration of the holy grail that is the passwordless world with our VP of Tech, Darien Kindlund, and Co-founder and CEO at Rocketansky, Dan Frye.
More You Should Know
We’re all about innovative ideas and building products that expedite getting the job done.
Our friend and advisor, Rich Mason, shared the Cyber Defense Matrix crafted by our friend, Sounil Yu, which measures how much ransomware a security vendor solves.
The y-axis features 5 things you should care about (devices, apps, networks, data, and users), and the x-axis features the 5 functions of the NIST Cybersecurity Framework (identify, protect, detect, respond, and recover).
This graph compares vendors and highlights gaps in security tools and practice.
Right away you see gaps when it comes to detect, response, and recovery solutions. Yu forecasts a resilient future that focuses on recovery using tools that have 3 core design principles in common (named the DIE triad);
- Highly distributed solutions, so you no longer have to worry about the availability of a single system
- Immutable services that omit your need to help maintain system integrity
- Ephemeral - you don’t have to worry about service availability or confidentiality
Yu predicts that with these principles in place, we can eliminate the need for security altogether. It’s a promising philosophy that requires profound cultural and technical changes.
Emerging Threats
With the development of blockchain technology, there is a potential to end cybersecurity issues altogether. Until we get there, we need quick and easy ways that help us understand where we stand when a new attack occurs. Here are a couple of the latest threats reported in the news:
| APT actors exploit flaw in ManageEngine single sign-on solution |
Secrets from Public Repositories Were Exposed Due to Travis CI Flaw |
|
Cyberspies are exploiting a critical vulnerability patched recently in ManageEngine ADSelfService Plus, a self-service password management and single sign-on tool for Active Directory Environments. The vulnerability: CVE-2021-40539. Attackers can use it to sidestep authentication requirements and access functions to enable remote code execution. The exploitation of ManageEngine ADSelfService Plus poses a serious risk to critical infrastructure companies, US-cleared defense contractors, schools, and all entities that use that software. Users are urged by the FBI, CIA, and United States Coast Guard Cyber Command to deploy the available patch ASAP and check their systems to ensure they weren’t compromised. |
Berlin-based continuous integration provider Travis CI patched a critical issue that exposed signing keys, API keys, and access credentials, possibly putting thousands of companies at risk. The vulnerability: CVE-2021-41077. The firm disclosed that anyone could exfiltrate these secrets and gain lateral movement into thousands of organizations. Travis CL has fixed the flaw, and companies are encouraged to update their secrets as soon as possible. The company is currently under scrutiny because allegedly, after three days of multiple projects, Travis CI silently patched the issue on the 10th without providing an analysis, security report, post-mortem, or warning to any users that their credentials may have been seized. |
Fletch Updates/Announcements
Need help quickly identifying top cyber threats reported in the news and evaluating them to see if you are vulnerable or compromised?
Our Emerging Threats Analysis solution is built to quickly evaluate top trending threats and correlate them with the alerts and indicators generated by your vulnerability scanner and endpoint detector to give you the full context you need to:
✅ Know where you stand
✅ Answer key stakeholders' questions
✅ Save time and better prioritize your resources
If you enjoy our content, invite a friend to subscribe by sending them this link or post about your subscription on Twitter.
