Our lastest ShieldPRO 14.1 security plugin for WordPress brings a huge WordPress REST API integration along with some much-needed tweaks and enhancements.
Read on to discover everything we’ve included in your newest and favourite WordPress Securty Plugin.
Consider the work that’s involved with managing just 1 WordPress site and all its plugins, themes, updates, backups and, of course, security.
Now multiply that by the number of WordPress sites you run.
It’s a huge amount of work.
This is why we built iControlWP many years back and why we also integrated Shield Security into it to allow WordPress admins to manage their WordPress sites at scale, and also their WordPress security.
But not everyone wants to use iControlWP and that’s totally cool! But we still want to open up management of Shield to folk that need to scale their WordPress security.
This is where our new WordPress REST API integration comes in. It leverages the very thorough platform that the WordPress Core provides, letting us build a REST API that is powerful, secure and easy to maintain.
Many clients won’t have a need for our REST API directly, but you may use tools and services that could take advantage of if you asked them to.
This involved a major revamp of the UI and the tables that display the logs.
As you can imagine, these tables and data set can grow very large, particularly for busy websites.
Since we were loading a large dataset all at once, browsing these log tables became tedious and slow. For high traffic sites, it would unusable in some cases resulting in loading errors!
So we went back to our core implementation (again) and made the entire thing dynamic. Instead of loading all the records, we only load precisely what we need. This makes the initial loading near-instant.
The pagination will be a bit slower than what you’re used to – but this is because we’re loading just the log records you need, when you need them.
We’ve also adjusted the traffic log database table structure to help us speed all this along and provide more useful information right where you need it.
This is a major reworking and we hope you’ll love it!
#3 Run Shield As A “Must-Use” (MU) Plugin
If you’ve never heard of a must-use WordPress plugin, don’t worry, you’re not alone.
They’re installed in a different directory (/wp-content/mu-plugins/) instead of the default (/wp-content/plugins/).
So why would you want to switch Shield to be an MU plugin?
In much the same way as Shield offers the Security Admin module to protect against tampering, you could set Shield to be an MU plugin to prevent the plugin from being disabled accidentally, maliciously.
It’ll also ensure Shield executes before other plugins. While this won’t offer an advantage currently, we’ll soon adjust some Shield’s code to block malicious requests much earlier in the WordPress load.
What actually happens when you enable MU Mode?
The core of the Shield plugin will remain in the normal installation directory- /wp-content/plugins/.
Shield will then create a new file in the MU directory that loads the normal Shield plugin. When this happens you’ll see 2x Shield plugins installed on your site as shown below:
How can you disable Shield after enabling MU Mode?
Once MU mode is enabled, you can’t disable the normal Shield plugin from the WordPress dashboard. This is normal WordPress behviour.
However, you can simple revert the option within Shield’s settings to disable MU Mode, and then return the plugins screen and disable Shield like any other plugin.
The setting for MU Mode is found within the Security Admin module and doesn’t require a Security Admin PIN to be set.
Shield’s MU Mode plugin option
#4 Better Detection Of Incorrect Application Passwords
Until now Shield wasn’t correctly spotting when these application password login attempts were failing. We’ve added some new events and logging and we’ll even increase the offense counter for an IP address when the event is triggered.
We spotted these new events being triggered almost immediately after we put them live for testing.
#5 More Quick Access Data In Admin Bar
Some time ago we add a top menu to the WordPress admin bar to help indicate when Shield found some scan items that warrant further investigation.
The original WP Admin Bar addition by Shield Security
After prompting for some extra information by a client, we’ve made some new helpful additions to the menu (see image below).
Shield’s Additional WP Admin Bar Items
Each of these additions provide helpful links to the item in question, for example:
Recently Blocked IPs and Offenses link to the IP Analyse Tool for the specific IP in-question.
Recent Sessions links to the Shield Sessions table and the individual session item in the menu links to the profile of the given user.
On March 10, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “SiteGround Security”, a WordPress plugin that is installed on over 400,000 sites. This flaw makes it possible for attackers to gain administrative user access on vulnerable sites when two-factor authentication (2FA) is enabled but not yet configured for an administrator.
Wordfence Premium, Wordfence Care, and Wordfence Response received a set of firewall rules on March 10, 2022 to provide protection against any attackers trying to exploit this vulnerability. Wordfence Free users will receive this same protection 30 days later on April 9, 2022
After sending the full disclosure details to the SiteGround security team on March 10, 2022 a patch was released the next day on March 11, 2022. While the plugin was partially patched immediately, it wasn’t optimally patched until April 7, 2022.
Sites hosted on the SiteGround platform have automatically been updated to the patched version while those hosted elsewhere will require a manual update, if auto-updates are not enabled for the plugin. We strongly recommend ensuring that your site has been updated to the latest patched version of “SiteGround Security”, which is version 1.2.6 at the time of this publication.
SiteGround Security is a plugin designed to enhance the security of WordPress installations via several features like login security including 2FA, general WordPress hardening, activity monitoring, and more. It’s also worth noting that it comes pre-installed on all SiteGround hosted WordPress sites. Unfortunately, the 2FA functionality of the plugin was insecurely implemented making it possible for unauthenticated attackers to gain access to privileged accounts.
When two-factor authentication is enabled, it requires all administrative and editor users to set-up two factor authentication. This requirement is triggered when the site’s administrative and editor users log into the site for the first time after 2FA has been enabled at which time they are prompted to configure 2FA for their account. This means that there will be a period of time between 2FA being enabled on a site and each user configuring it for the account.
During this interim period, attackers could hijack the 2FA set-up process. The plugin had a flaw that made it so that attackers could completely bypass the first step of authentication, which requires a username and password, and access the 2FA set-up page for users that had not configured 2FA yet.
It was as simple as supplying the user ID they would like to compromise via the sg-user-id parameter, along with a few other parameters to indicate that they would like to trigger the initial 2FA configuration process.
The following validate_2fa_login() function shows the process by which a user-supplied ID is validated. If the results from the check_authentication_code() function and the sg_security_2fa_configured user meta retuned false, which indicated that 2FA hasn’t yet been configured for that user, then the plugin would load the 2fa-initial-setup-form.php template which displays the QR code and 2FA secret needed to configure the authenticator app for the user supplied ID.
</pre><pre>publicfunctionvalidate_2fa_login( $user) {// Bail if there is no valid user authentication.if( ! isset( $_POST['sg-user-id'] ) ) { // phpcs:ignorereturn;}$result= $this->check_authentication_code( wp_unslash( $_POST['sgc2facode'] ), wp_unslash( $_POST['sg-user-id'] ) ); // phpcs:ignore// Check the result of the authtication.if( false === $result) {if( 0 == get_user_meta( $_POST['sg-user-id'], 'sg_security_2fa_configured', true ) ) { // phpcs:ignore// Arguments for initial 2fa setup.$args= array('template'=> '2fa-initial-setup-form.php','qr'=> get_user_meta( $_POST['sg-user-id'], 'sg_security_2fa_qr', true ), // phpcs:ignore'secret'=> get_user_meta( $_POST['sg-user-id'], 'sg_security_2fa_secret', true ), // phpcs:ignore'error'=> esc_html__( 'Invalid verification code!', 'sg-security'),'action'=> esc_url( add_query_arg( 'action', 'sgs2fa', wp_login_url() ) ),);} else{// Arguments for 2fa login.$args= array('template'=> '2fa-login.php','error'=> esc_html__( 'Invalid verification code!', 'sg-security'),'action'=> esc_url( add_query_arg( 'action', 'sgs2fa', wp_login_url() ) ),);}$this->load_form( wp_unslash( $_POST['sg-user-id'] ), $args); // phpcs:ignore}// Set the auth cookie.wp_set_auth_cookie( wp_unslash( $_POST['sg-user-id'] ), intval( wp_unslash( $_POST['rememberme'] ) ) ); // phpcs:ignore</pre><pre>
The authentication QR code and secret key displayed that would be displayed to potentially unauthorized users.
The returned QR code and secret key are the only things needed to connect the user account with an authentication mechanism, such as Google Authenticator. Attackers were able to use this to connect their authentication app with the account and successfully use a code to pass the “second factor of authentication.” This function would then set the user authentication cookies via the wp_set_auth_cookie() function using the user supplied ID from the sg-user-id parameter which effectively logs the attacker in as that user. Due to the default configuration of the plugin, this account would most likely be a privileged user like an administrator or editor. It’s also worth noting that the function returns the back-up codes which could be used via the weakness outlined in the next section.
To sum it up, there was no validation on the validate_2fa_login() function that the identity a user was claiming was in fact legitimate. As such attackers could bypass the first authentication mechanism, a username/password pair, which is meant to prove identity and successfully log in, due to a weakness in the second authentication mechanism, the 2FA process. When successful, an attacker could completely infect a site by exploiting this vulnerability.
In addition to the above outlined vulnerability, the method in which 2FA back-up code authentication was handled made it possible for attackers to log in if they were able to brute force a back-up code for a user or compromise it via other means such as SQL Injection.
Diving deeper, the plugin registered the validate_2fabc_login() function which validated the supplied backup code through the validate_backup_login() function using the user supplied user ID from the sg-user-id parameter along with the back-up code supplied via the sgc2fabackupcode parameter. If the back-up code was found in the array of stored back-up codes for that user, then the function would use the wp_set_auth_cookie() function to set the authentication cookies for the supplied user ID. If that user ID belonged to an administrator, the attacker would effectively be logged in as an administrator.
</pre><pre>publicfunctionvalidate_2fabc_login() {$result= $this->validate_backup_login( wp_unslash( $_POST['sgc2fabackupcode'] ), wp_unslash( $_POST['sg-user-id'] ) ); // phpcs:ignore// Check the result of the authtication.if( false === $result) {$this->load_form(wp_unslash( $_POST['sg-user-id'] ), // phpcs:ignorearray('template'=> '2fa-login-backup-code.php','action'=> esc_url( add_query_arg( 'action', 'sgs2fabc', wp_login_url() ) ),'error'=> esc_html__( 'Invalid backup code!', 'sg-security'),));}// Set the auth cookie.wp_set_auth_cookie( wp_unslash( $_POST['sg-user-id'] ), intval( wp_unslash( $_POST['rememberme'] ) ) ); // phpcs:ignore
Similarly to the previous vulnerability, the issue here is that there was no true identity validation for the authentication, which indicates an authorization weakness. The function performed no checks to verify that a user had previously authenticated prior to entering the 2FA back-up code, and as such they did not need to legitimately log in prior to being logged in while using a back-up code. This meant that there were no checks to validate that a user was authorized to use a back-up code to perform the second factor of authentication that would log them in.
Though the risk in this case is lower, the backup codes were 8 digits long and entirely numeric, so an attacker could potentially brute force one of the 8 back-up codes and automatically be logged in without knowing a username and password combination for an administrative user.
While this might not be practical to attempt on most servers, a patient adversary attacking a well-provisioned server capable of processing a large number of requests at once would have a high chance of eventually gaining access unless the brute force attempts were stopped by another mechanism, such as the Wordfence plugin’s built-in brute force protection or rate limiting rules.
Further, this vulnerability could be used in conjunction with another vulnerability, such as SQL injection, where an attacker would be able to compromise the 2FA back-up codes that are stored in the database and then subsequently use them to log in without needing to crack the password of an administrative user which would likely be significantly stronger. In both cases, the impact would be significant as an attacker could gain administrative access to the compromised WordPress site which could be used for complete site infection.
An Important Security Reminder: Audit Your WordPress Site’s User Accounts
This vulnerability serves as an important reminder to audit your WordPress site’s user accounts. This means identifying any old and unused user accounts that have been inactive for an extended period of time and/or are likely to never be used again and removing them or completely stripping the user’s capabilities. This vulnerability could easily be exploited on sites where the site owner enabled 2FA, which is required for all administrative and editor users, and had old inactive administrative/editor user accounts on the site that an attacker could target. Considering accounts that are no longer active are unlikely to log in after the 2FA setting has been enabled, the 2FA for those accounts would not be configured leaving the site ripe for exploitation by any attackers exploiting the vulnerability.
A situation involving a similar security issue involving insecure 2FA was reported by the CISA in conjunction with the FBI a few weeks ago, around the same time we discovered this vulnerability. In the Cybersecurity Advisory (CSA) by the CISA, it was disclosed that a threat actor was able to successfully brute force a dormant user’s account credentials, and due to a default 2FA setting that would allow dormant users to re-enroll a new device for 2FA during the next active log in, the threat actor was able to connect the 2FA secret to their own account and retrieve the code needed to pass the second factor of authentication. Once the threat actor gained initial access to the system they were able to escalate their privileges by exploiting the “PrintNightmare” vulnerability, which you can read more about here, and steal sensitive information from across the organization’s network. This goes to show that attackers are definitely looking for flaws like the one disclosed today to exploit and any site can be a target. As such, it’s important to actively maintain and validate the security of your site through regularly performed professional or self-conducted security audits and penetration tests, which is a service Wordfence provides. Security is an active and continuous process.
Timeline
March 10, 2022 – Conclusion of the plugin analysis that led to the discovery of two Authentication Bypass Vulnerabilities in the “SiteGround Security” WordPress plugin. We deploy firewall rules to protect Wordfence Premium, Wordfence Care, and Wordfence Response users. We send the full disclosure details to SiteGround in accordance with their responsible disclosure policy. March 11, 2022 – The CTO of SiteGround responds indicating that a patch has been released. We review the patch and inform them that it is insufficient. They release an additional patch. March 11, 2022 – A patched version of the plugin is released as version 1.2.3. We suggest further security enhancements to the functionality. March 16, 2022 – An update is made that reduces the security of the 2FA functionality, we follow-up again to suggest better security enhancements to the functionality. The CTO assures us that they are working on it. April 6, 2022 – A fully and optimally patched version of the plugin is released as version 1.2.6. April 9, 2022 – Wordfence Free users receive the firewall rules.
Conclusion
In today’s post, we detailed a flaw in the “SiteGround Security” plugin that made it possible for unauthenticated attackers to gain access to administrative user accounts in instances where 2-Factor Authentication was enabled, though not yet fully set up, and in cases where an attacker could successfully brute force a back-up code. This could easily be used by an attacker to completely compromise a site. This flaw has been fully patched in version 1.2.6.
We strongly recommend ensuring that your site has been updated to the latest patched version of “SiteGround Security”, which is version 1.2.6 at the time of this publication.
Wordfence Premium, Wordfence Care, and Wordfence Response received a set of firewall rules on March 10, 2022 to provide protection against attempts by attackers to exploit this vulnerability. Wordfence Free users will receive this same protection 30 days later on April 9, 2022
If you believe your site has been compromised as a result of this vulnerability or any other vulnerability, we offer Incident Response services via Wordfence Care. If you need your site cleaned immediately, Wordfence Response offers the same service with 24/7/365 availability and a 1-hour response time. Both Wordfence Care and Wordfence Response include hands-on security support that provide you with ongoing assistance from our incident response team, should you need it.
Special thanks to the team at SiteGround, for responding swiftly and working quickly to get a patch out to protect their customers and working to further secure the 2FA component.
On April 18, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for an Object Injection vulnerability in the Booking Calendar plugin for WordPress, which has over 60,000 installations.
We received a response the same day and sent over our full disclosure early the next day, on April 19, 2022. A patched version of the plugin, 9.1.1, was released on April 21, 2022.
We released a firewall rule to protect Wordfence Premium, Wordfence Care, and Wordfence Response customers on April 18, 2022. Sites still running the free version of Wordfence will receive the same protection on May 18, 2022. We recommend that all Wordfence users update to the patched version, 9.1.1, as soon as possible as this will entirely eliminate the vulnerability.
The Booking Calendar plugin allows site owners to add a booking system to their site, which includes the ability to publish a flexible timeline showing existing bookings and openings using a shortcode, [bookingflextimeline].
The flexible timeline includes the ability to configure viewing preferences and options when viewing the published timeline. Some of these options were passed in PHP’s serialized data format, and unserialized by the define_request_view_params_from_params function in core/timeline/v2/wpbc-class-timeline_v2.php.
An attacker could control the serialized data via several methods:
If a timeline was published, an unauthenticated attacker could obtain the nonce required to send an AJAX request with the action set to WPBC_FLEXTIMELINE_NAV and a timeline_obj[options] parameter set to a serialized PHP object.
Any authenticated attacker could use the built-in parse-media-shortcode AJAX action to execute the [bookingflextimeline] shortcode, adding an options attribute in the shortcode set to a serialized PHP object. This would work even on sites without a published timeline.
An attacker with contributor-level privileges or above could also embed the [bookingflextimeline] shortcode containing a malicious options attribute into a post and execute it by previewing it, or obtain the WPBC_FLEXTIMELINE_NAV nonce by previewing the [bookingflextimeline] shortcode and then using method #1.
Any time an attacker can control data that is unserialized by PHP, they can inject a PHP object with properties of their choice. If a “POP Chain” is also present, it can allow an attacker to execute arbitrary code, delete files, or otherwise destroy or gain control of a vulnerable website. Fortunately, no POP chain was present in the Booking plugin, so an attacker would require some luck as well as additional research in order to exploit this vulnerability. Nonetheless, POP chains appear in a number of popular software libraries, so many sites could still be exploited if another plugin using one of these libraries is installed.
Despite the lack of a POP chain and the complexity involved in exploitation, the potential consequences of a successful attack are so severe that object injection vulnerabilities still warrant a “High” CVSS score. We’ve written about Object Injection vulnerabilities in the past if you’d like to find out more about how they work.
Timeline
April 18, 2022 – We release a firewall rule to protect Wordfence Premium, Care, and Response customers. We initiate the disclosure process. The plugin developer verifies the contact method. April 19, 2022 – We send the full disclosure to the plugin developer. April 21, 2022 – A patched version of the Booking Calendar plugin, 9.1.1, is released. May 18, 2022 – The firewall rule becomes available to free Wordfence users.
Conclusion
In today’s post, we covered an Object Injection vulnerability in the Booking Calendar plugin. Wordfence Premium, Wordfence Care, and Wordfence Response customers are fully protected from this vulnerability. Sites running the free version of Wordfence will receive the same protection on May 18, 2022, but have the option of updating the Booking calendar plugin to the patched version 9.1.1 to eliminate the risk immediately.
If you believe your site has been compromised as a result of this vulnerability or any other vulnerability, we offer Incident Response services via Wordfence Care. If you need your site cleaned immediately, Wordfence Response offers the same service with 24/7/365 availability and a 1-hour response time. Both these products include hands-on support in case you need further assistance.
Closing the cybersecurity skills gap has been a topic of interest for a number of years with many organizations reporting on its slow decline. According to (ISC)2’s 2021 Cyber Workforce Report, the global cybersecurity workforce needs to grow 65 percent to effectively defend organizations’ critical assets. While the number of professionals needed to fill the gap has decreased from 3.12 million down to 2.72 million in the past year, this is still a significant void that leaves organizations vulnerable.
Organizations are looking for individuals with certified skills
Organizations are looking for more diversity
Raising cybersecurity awareness remains a key challenge
The survey was conducted in January and February of 2022 and included more than 1200 IT and cybersecurity decision-makers from 29 different locations. There was an even split between the respondents in four regions: North America, EMEA, APAC and LATAM.
How Cybersecurity and the Skills Gap Affects Every Organization
A staggering 80% of organizations experienced at least one breach during the last 12 months that they could attribute to a lack of cybersecurity skills and/or awareness. Almost 20% suffered five or more breaches.Number of breaches in the last 12 months
If that weren’t enough, 64% of organizations experienced breaches that resulted in lost revenue and/or cost them fines. Of those, 38% reported breaches that cost them more than a million dollars (USD).
How is the Skills Gap Creating Cyber Risk?
According to the survey respondents, a key factor contributing to the breaches is that organizations struggle to find and retain certified cybersecurity people. 67% of global leader respondents indicate that the skills shortage creates additional cyber risks for their organization.
Recruitment and Retention Are Key Challenges Causing the Skills Gap
Organizations need qualified cybersecurity professionals now more than ever, which is why 76% of organizations indicate that their board of directors now recommend increases in IT and cybersecurity headcount.Board members who recommend increases in IT and cybersecurity headcount
Most would hope that increasing hiring could be an easy fix to this problem, however, 60% of organizations indicated that they struggle to recruit cybersecurity talent and 52% struggle to retain it.
Another key challenge for recruitment is the that organizations need to hire people for a broad range of security and IT network-related roles and specializations. Cloud security specialist and security operations (SOC) analysts remain among the most sought-after roles in cybersecurity, followed closely by security administrators and architects. But organizations aren’t just looking to ramp up hires arbitrarily. They’re deliberately trying to build teams of specialized talent who are equipped to handle an increasingly complex threat landscape.
Finding Qualified People is a Challenge for the Skills Gap
Globally, 50% of organizations seek cloud security specialists, a priority that’s likely informed by how rapidly companies moved their operations to the cloud during the pandemic.
The challenge is finding the right people.What roles are organizations looking for?
What Skills Are Needed to Work in Cybersecurity?
Central to the challenge of recruiting and retaining cybersecurity talent is the importance of certification. Certified professionals are universally sought after with 95% of decision-makers sharing that technology-focused certifications positively impact both their role and their team.
Organizations Are Looking for Certified Skills
As such, 81% of leaders prefer to hire people with certifications.
However, 78% indicate it’s hard to find certified people. This may contribute to the fact that globally 91% of organizations say they are willing to pay for an employee to achieve a cybersecurity certification.Organizations would pay for an employee to get a cybersecurity certification
The preference to hire certified people may be because organization leaders followed that same path themselves:
86% of decision-makers report having earned technology-focused certifications
88% report having other people with certificates on their team
Certification is an Opportunity Given the Skills Gap
It should also be noted from above that global leaders attributed the struggle to find and retain certified cybersecurity people as a key factor contributing to breaches. This also may influence an organization’s hiring strategy with a tendency to lean towards professionals with corresponding certifications to the positions they are attempting to fill.
Closing the Cybersecurity Skills Gap by Prioritizing Diversity
The challenge isn’t just hiring more people, but also building more capable and more diverse teams. While enterprises need qualified talent for a range of different roles, 89% of global companies also have explicit diversity goals as part of their hiring plan.
7 out of 10 leaders worldwide say hiring women and new graduates are among their top three challenges. 61% say hiring minorities is also a top three challenge.
Despite the challenges, or perhaps because of it, three out of four organizations implemented formal processes to hire more women, and nine out of 10 actively engaged women and new graduates during the last three years. 59% of companies have structures in place to hire minorities, and 51% for hiring more veterans.Hiring from these populations is a top three challenge for organizations
Raising Cybersecurity Awareness to Close the Skills Gap
Even though the recruitment, retention, and certification of a cybersecurity team is vital, companies cannot realistically protect themselves until they also raise the cyber awareness of all employees. That requires ensuring that all employees, at all levels and all roles within the organization, have the knowledge and awareness to protect themselves and their organization’s data. Until they do, breaches will always be likely.
87% of organizations implemented a training program to increase cyber awareness. However, 52% of leaders continue to believe their employees still lack the necessary knowledge. This raises the question of the effectiveness of the programs that organizations currently have in place. Employees lack knowledge when it comes to cybersecurity awareness
For those that don’t have a program in place, 66% report they are currently looking for a program that would suit their needs.
The Power of People Can Help Close the Skills Gap
Cybersecurity can sometimes feel like a purely technological domain. But when you look past the technology that organizations rely on, cybersecurity is all about how well your employees work together to protect the organization.
Fortunately, organizations are making deliberate efforts to improve on all these fronts. However, it is imperative to remember that the cyber battle isn’t won on any one front. Cybersecurity requires an entire system of people and technology working together to protect an organization.
That starts with people who are empowered, qualified, and certified to protect the organization.
The Fortinet Security Fabric is the industry’s first—and only—platform to converge essential networking and security functions and consolidate security point products into a unified platform. And now, Fortinet has announced the release of FortiOS 7.2, which widens that leadership position even further. With over 300 new features spanning the Fortinet portfolio—including new advanced AI-powered services that accelerate the detection and response to threats—FortiOS is better positioned than ever to secure the hybrid networks that organizations rely on to compete in today’s digital marketplace.
Today’s Network Is Different, Not Dead
Too many organizations hear that everything is moving to the cloud. And that as a result, the traditional network will soon be dead. But nothing could be further from the truth. And worse, buying into that myth is putting organizations at risk.
Of course, networks are vastly different from just a few years ago. Digital acceleration has enabled users and devices to access critical resources from any location, fundamentally changing how businesses operate. But this need for consistent user experience does not require them to abandon their networks. Instead, organizations worldwide and across all industries are building hybrid networks that interconnect traditional data centers and campuses with multi-cloud infrastructures, SaaS platforms, branch offices, home offices, and mobile users and devices.
Brandon Butler, a Senior Research Analyst at IDC, recently stated, “The network is foundational for enabling secure, scalable, and efficient use of cloud, edge, and IoT applications.” So, rather than dying, hybrid networks are the enablers of digital acceleration. They allow applications and workflows to move seamlessly from end to end and be accessed by any user or device from any location.
However, organizations need to stop thinking about networking and security as separate strategies to do this effectively. Instead, securing their digital acceleration efforts requires infrastructure and security teams to converge their visions. As applications continue their cloud journey and devices become increasingly visible to everyone, secure networks are vital to connecting these domains.
But to do this, enterprises, small businesses, and service providers alike need to replace isolated point devices that only address a portion of the network with solutions designed to operate as part of an integrated fabric that can see and adapt to the broader network. As network edges and dynamic infrastructures evolve, single-purpose and isolated security solutions only make it more difficult for organizations to deploy and maintain a cohesive and comprehensive security strategy. Instead, organizations must adopt a platform approach that converges operational efficiency and security automation with the underlying network.
The Only Platform Designed to Fully Protect Today’s Hybrid Networks
The Fortinet Security Fabric is the only platform designed to fully protect and dynamically adapt to today’s hybrid networks at any edge, and FortiOS 7.2 is the heart of that platform. FortiOS enables organizations to deploy the Fortinet Security Fabric to every edge, allowing security to dynamically scale and adapt as the network evolves. This expansive, integrated approach also enables the delivery of AI-powered automation that correlates intelligence from across the network and global threat feeds to rapidly detect even the most sophisticated threats and respond in real time.
FortiOS 7.2 enhances the Security Fabric’s award-winning functions and services by extending the definition of what’s possible in networking and security, thereby enabling customers and partners to safely and effectively compete in today’s digital marketplace. And for the foreseeable future, those businesses will rely on hybrid networks. But only by integrating security at the core of those networks will they be able to adapt at speed and scale to secure every edge. Over 20 years of prioritizing research and development have positioned Fortinet as the driving force behind cybersecurity innovation. With FortiOS 7.2, Fortinet is setting new industry standards for converged networking and security. Figure 1. Fortinet’s Security Fabric platform converges essential networking and security functions and consolidates security point products into a unified platform
High-performance AI-powered threat intelligence and services
New AI-powered FortiGuard Security Services enable organizations to automate their security systems to stay ahead of never-before-seen attacks, in real-time. And one of the most significant enhancements is the speed and accuracy with which FortiOS 7.2 can detect and prevent threats, in a coordinated way across an organization’s extended attack surface.
Traditionally, performance-intensive activities like sandboxing suspicious files for out-of-band inspection resulted in a delay in delivering content or having to hunt down malware inside the network when a file turns out to be infected. FortiOS 7.2’s new inline sandbox service resolves this by transforming a traditional detection sandbox capability into real-time in-network prevention to stop both known and unknown malware, with minimal impact on operations. New inline CASB, dedicated IPS, advanced device protection for OT and IoT systems, and additional enhancements to our SOC services portfolio deliver advanced security services to improve our customers’ security postures. Because they are consumed as a service across the Fortinet Security Fabric and ecosystem, this guarantees real-time proactive updates with minimal impact to operations and simplified scaling. Additionally, our new outbreak detection service provides a faster response to outbreak attacks, including immediate alerts and threat hunting scripts that automatically identify and respond to new threats. In addition, all FortiGuard services are powered by trusted machine learning and artificial intelligence. Its accuracy and fidelity are further enhanced through FortiGuard Labs’ analysis of over 100 billion global security events a day observed in live production environments worldwide.
The critical convergence of networking and security
One of the most essential functions of a modern security solution is its ability to scale, span, and adapt to a continuously evolving hybrid network. Achieving this requires converging security with the network. Such convergence allows security systems to seamlessly adapt to network changes as it addresses continually evolving requirements. However, the challenge most organizations face is that few security solutions are genuinely able to provide this essential function.
Fortinet’s security-driven network approach was the first platform-based strategy to encompass the entire network development and deployment life cycle. Converging essential network and security functions ensures that security is the central consideration for all business-driven infrastructure decisions. As a result, new edges, applications, and services that expand your attack surface are automatically protected.
FortiOS 7.2 extends Fortinet’s innovation advantage even further by delivering new ways to converge networking and security across critical functions. New ZTNA enhancements make WFA deployments easier to deploy. Improvements to the industry’s most comprehensive portfolio of secure WAN edge solutions—SD-WAN, SD-Branch, 5G, and ZTNA—help teams achieve even better ROI. Advances in automation using new auto-deployment and zero-touch provisioning features increase uptime for the WAN and LAN Edge. And additional upgrades spread across NGFW, identity, micro-segmentation, SASE, AIOps and digital experience monitoring deliver powerful innovation for further networking and security convergence.
Consolidating security increases efficiency, visibility, and control
Organizations that have taken a best-of-breed approach to security now face the challenge of vendor and solution sprawl. So, in addition to converging network and security, organizations must also begin consolidating the security products deployed across their ever-expanding attack surface to improve visibility, centralize management, orchestrate policy, and automate rapid threat detection and real-time response.
FortiOS 7.2 provides enhancements across Fortinet’s entire portfolio of network, endpoint, and cloud solutions that further consolidate security point products into a single broad, integrated, and automated platform. This deeper integration enables advanced vulnerability correlation and virtual patching to provide more comprehensive protection, including better security for IoT devices and advanced process automation so NOC and SOC teams can further simplify and automate their workflows.
In addition to FortiOS, the Fortinet Security Fabric platform is also built around common standards and open APIs that enable organizations to build a robust cybersecurity mesh architecture that includes investments in other security technologies. The Fortinet Fabric-Ready Technology Alliance Partner Program, one of the largest technology alliance ecosystems in the industry, brings together a community of global technology partners with specialized expertise. As a result of more than 400 integrations, customers can now more easily build a hybrid platform of integrated solutions to improve security effectiveness, reduce complexity, and simplify operations.
Fortinet’s Industry Leadership Enables Advanced Security Strategies
Fortinet’s commitment to innovation has led to the world’s most extensive and deeply integrated security and networking solutions portfolio. Our 1,255 patents are nearly three times that of comparable cybersecurity companies. We also regularly submit our products for impartial testing with the most prominent organizations in the industry. Those consistently top-tier results, combined with annual accolades and awards from leading analysts and industry organizations, and a strong commitment to R&D based in the United States and Canada, assure customers they can take a consolidated approach to security without ever sacrificing performance or protection. https://www.youtube.com/embed/LN2glwJ6vyA?autoplay=0&rel=0&controls=0&showinfo=0
Find out how Fortinet remains a global leader in broad, integrated and automated cybersecurity solutions: Fortinet Innovation series.
Coca-Cola, the world’s largest soft drinks maker, has confirmed in a statement to BleepingComputer that it is aware of the reports about a cyberattack on its network and is currently investigating the claims.
The American beverage giant has started to investigate after the Stormous gang said that it successfully breached some of the company’s servers and stole 161GB of data.
Stormous announcing the victimization of Coca Cola
The threat actors listed a cache of the data for sale on their leak site, asking 1.65 Bitcoin, currently converted to around $64,000.
Coca-Cola listing on Stormous leak site
Among the files listed, there are compressed documents, text files with admin, emails, and passwords, account and payment ZIP archives, and other type of sensitive information.
Who is Stormous
Although they claim to be a ransomware group, there is no indication at this time that they are deploying file-encrypting malware on their victim networks.
Closer to a data extortion group, Stormous has stated that they would take action against hacker attacks against Russia in the wake of the invasion into Ukraine.
Stormous message
This is the first time Stormous has posted a stolen data set. Last week, the gang asked their followers to vote on who should be their next victim.
The attack promised denial-of-service, hacking, leaking of software source code and client data. Coca-Cola won the poll with 72% of the votes. The gang said that it took them only a few days to breach the company.
Poll held on the Stormous Telegram
Coca-Cola and the other victim choices in Stormous’ poll show anti-Western stance. Previously, the group claimed Epic Games as their victim.
They announced that they stole 200 gigabytes of data and details of 33 million users of Epic store and games. However, there has been no confirmation about the legitimacy of the data, so Stormous’ reputation about these claims has yet to be established.
Coca-Cola has not confirmed that their data was stolen. The company told BleepingComputer that it is currently collaborating with law enforcement and that the investigation into the alleged Stormous attack has not revealed a negative impact yet.
The threat actor behind the prolific Emotet botnet is testing new attack methods on a small scale before co-opting them into their larger volume malspam campaigns, potentially in response to Microsoft’s move to disable Visual Basic for Applications (VBA) macros by default across its products.
Calling the new activity a “departure” from the group’s typical behavior, Proofpoint alternatively raised the possibility that the latest set of phishing emails distributing the malware show that the operators are now “engaged in more selective and limited attacks in parallel to the typical massive scale email campaigns.”
Emotet, the handiwork of a cybercrime group tracked as TA542 (aka Mummy Spider or Gold Crestwood), staged a revival of sorts late last year after a 10-month-long hiatus following a coordinated law enforcement operation to take down its attack infrastructure.
Since then, Emotet campaigns have targeted thousands of customers with tens of thousands of messages in several geographic regions, with the message volume surpassing over one million per campaign in select cases.
The new “low volume” email campaign analyzed by the enterprise security firm involved the use of salary-themed lures and OneDrive URLs hosting ZIP archives that contain Microsoft Excel Add-in (XLL) files, which, when executed, drop and run the Emotet payload.
The new set of social engineering attacks is said to have taken place between April 4, 2022, and April 19, 2022, when other widespread Emotet campaigns were put on hold.
The absence of macro-enabled Microsoft Excel or Word document attachments is a significant shift from previously observed Emotet attacks, suggesting that the threat actor is pivoting away from the technique as a way to get around Microsoft’s plans to block VBA macros by default starting April 2022.
The development also comes as the malware authors last week fixed an issue that prevented potential victims from getting compromised upon opening the weaponized email attachments.
“After months of consistent activity, Emotet is switching things up,” Sherrod DeGrippo, vice president of threat research and detection at Proofpoint, said.
“It is likely the threat actor is testing new behaviors on a small scale before delivering them to victims more broadly, or to distribute via new TTPs alongside its existing high-volume campaigns. Organizations should be aware of the new techniques and ensure they are implementing defenses accordingly.”
Google on Tuesday officially began rolling out a new “Data safety” section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties.
“Users want to know for what purpose their data is being collected and whether the developer is sharing user data with third parties,” Suzanne Frey, Vice President of product for Android security and privacy, said. “In addition, users want to understand how app developers are securing user data after an app is downloaded.”
The transparency measure, which is built along the lines of Apple’s “Privacy Nutrition Labels,” was first announced by Google nearly a year ago, in May 2021.
The Data safety section, which will show up against every app listing on the digital storefront, presents a unified view of what data is being collected, for what purpose it’s being used, and how it’s handled, while also highlighting what data is being shared with third-parties.
On top of that, the labels can also show an “app’s security practices, like encryption of data in transit and whether users can ask for data to be deleted,” Frey noted, in addition to validating those practices against security standards such as the Mobile Application Security Verification Standard (MASVS).
The feature is expected to be gradually made available to all users, while giving app developers a deadline of July 20, 2022 to complete the section and keep them updated should they change the apps’ functionality or data handling methods.
That said, Data safety is expected to face similar concerns to that of Apple’s in that the system is built entirely on an honor system, which requires app developers to be truthful and clear-cut about what they do with the data, and not list inaccurate labels.
Apple has since said that it would routinely audit labels for accuracy, thereby ensuring that the labels are reliable and don’t give users a false sense of security about the data being collected and shared.
Google, last year, had said that it intends to institute a mechanism in place that requires developers to furnish accurate information, and that it will mandate them to fix misrepresentations should it identify instances of policy violations.
While the search giant has explicitly stated that its app review process is not designed to certify the accuracy and completeness of the data safety declarations provided by third-party app developers, it’s outlining strong measures to handle such transgressions.
The company is warning that it will be taking suitable enforcement measures when it identifies a deviation from the information provided in the section. Failing to ensure compliance can result in blocked updates or removal from Google Play.
“When Google becomes aware of a discrepancy between your app behavior and your declaration, we may take appropriate action, including enforcement action,” the company said in an updated support article.
Managing lots of files at once can be difficult, especially when dealing with large ones. When struggling with the problem of moving lots of documents and files, an excellent solution is to create a zip file that compresses the files down to a more manageable size.
The good news is that macOS has a built-in tool for creating and unzipping zip files called Archive Utility. The bad news, however, is that it often receives quite a few complaints about things such as its disappointing compression ratio and limited feature set.
In this article, we’re going to tell you about one of the best archive utilities Mac users can use to get the very best results. Keep on reading to learn more!
Mac’s Built-in Archiver Utility
Archive Utility, the built-in archiver utility that comes pre-installed on macOS, can handle zip files, but when it comes to files in other formats or particularly big files, it may not be the best choice. Below are some of its drawbacks.
1. Only one supported format
There are some very common archive formats that Archive Utility simply can’t handle, including the very popular rar format.
2. Disappointing compression ratio
While it does reduce file size, Archive Utility doesn’t have as great of a space-saving impact on disk space as other archiving apps.
3. Limited key features
Archive Utility is missing key features such as archiving, encryption, and volume compression. This is because Apple has not significantly updated Archive Utility in the time since these types of features have become standard.
Unarchiver One Mac is the best free archiving tool for Mac. In seconds, it can archive and unarchive tons of file formats including RAR, Zip, 7z, gzip, bzip2, and lots more.
Unarchiver One can save you huge amounts of disk space by compressing large files into much smaller sizes. And unlike Archive Utility, it also supports encryption and volume compression.
1. How to set up Unarchiver One as the default unarchiving tool
Setting up Unarchiver One as your default unarchiving tool couldn’t be easier. To do so, follow the simple steps below.
(1) Right-click on any compressed file and select ‘Get Info’.
(2) Choose Unarchiver One as your default unarchiving tool.
(3) Click ‘Change All’.
2. How to unzip files on Mac
After setting Unarchiver One as your default unarchiving tool, you can open compressed files by simply double-clicking on them. However, there are also other ways to unzip files with Unarchiver One easily:
(1) Right-click on the compressed file. Unarchiver One will quickly extract files to the current folder by just right-clicking on the compressed file and choosing ‘Open With > Unarchiver One’.
(2) Drag and drop archive files to Unarchiver One’s console. Effortlessly drag and drop archive files to Unarchiver One’s console to easily browse and securely extract their contents with just one click.
3. How to make a zip file on Mac
There are two main ways to make a zip file with Unarchiver One.
(1) Right-click on the files you want to compress.
First, follow the steps above and set up Unarchiver One as your default unarchiving tool.
Then choose all the files you want to compress and right-click on them.
After clicking on ‘Compress’ you’ll find that the archive file is instantly stored in the current folder!
(2) Drag and drop all the files to Unarchiver One’s console.
Choose all the files you want to compress and drag and drop them into Unarchiver One’s console. Click on ‘Compress’.
Choose where you want to save the compressed file and the specific archive format. In this step, you can also encrypt the file if required.
Even though streaming video on demand has been around since well before the pandemic, it sure did skyrocket in use worldwide when the majority of people were stuck at home self-isolating. Streaming apps helped us survive being isolated from the outside world and restricted from doing the normal stuff that we do day-to-day.
There are lots of streaming apps out there, but during our ranking of the top ten apps, here’s what we were looking for most:
Price — How much you’ll need to shell out to watch.
Amount of content — Is there tons of selection and variety of content to binge-watch?
Content quality — Are you going to get the best movies and TV shows or are you going to suffer from boredom?
Unique content — Can you watch originals and one-of-a-kind show that others can’t provide?
Content update frequency — After being a couch potato for a month, do you get any new content, or have they already shown everything they’ve got?
With that being said, let’s proceed with our list of top streaming apps!
Netflix
More than 200 million subscribers.
Worldwide service.
Has a wide range of content.
Best original content.
Between $9.99 and $19.99 for a monthly subscription.
Up to 4 simultaneous streams.
Disney+
130 million subscribers.
Available in North and South America, North and Western Europe, and Asia-Pacific.
Full of shows that are safe for kids, heart-warming and nostalgic content.
Has great original content from Marvel.
$7.99 for a monthly subscription (an additional fee for movie content is required).
Up to 4 simultaneous streams.
Hulu & Hulu+ Live TV
Around 45 million subscribers.
Available in the United States.
Provides shows that have been previously aired.
Access to different live channels (Hulu+ Live TV).
Has original content.
Either $6.99 or $12.99 for a monthly subscription (Hulu).
Either $66.99 or 75.99 for a monthly subscription (Hulu + Live TV).
Up to 2 simultaneous streams.
HBO Max
More than 70 million subscribers.
Available in the US, Latin America, and Central and Eastern Europe.
Over 2,000 titles to choose from.
Has some very popular originals.
Either $9.99 or $14.99 for a monthly subscription.
Up to 3 simultaneous streams.
Peacock
24 million subscribers.
Available in Austria, Germany, Ireland, Italy, the UK, and the US.
Provides classic TV shows and movies.
Available for free or premium ($4.99 for a monthly subscription).
Up to 3 simultaneous streams.
Paramount+
32 million subscribers.
Available in Australia, Canada, Central America, South America, Northern Europe, and the Middle East.
Content from MTV, Comedy Central, Paramount, and CBS.
Either $4.99 or $9.99 for a monthly subscription (with or without commercial plans).
Up to 3 simultaneous streams.
Amazon Prime Video
175 million subscribers.
Available worldwide.
Around 12,000 titles to choose from.
Either $8.99 or $14.99 for a monthly subscription.
Up to 3 simultaneous streams.
Discovery+
22 million subscribers.
Available in the US, Brazil, Canada, Japan, the UK, Spain, the Philippines, and more.
Content from different TV channels.
Around 1,500 different titles.
Either $4.99 or $6.99 for a monthly subscription (ad-free for the higher price).
Up to 4 simultaneous streams.
Apple TV+
20 million subscribers.
Available worldwide.
Only shows original content.
$4.99 for a monthly subscription.
Up to 6 simultaneous streams.
iQIYI
103 million subscribers.
Available worldwide.
iQIYI originals and other licensed content from vendors.
Either $0.99 or $6.99 for a monthly subscription (upgrade to VIP for more content).
Up to 2 or 4 simultaneous streams (depending on the plan).
Aside from the ones listed above, here are some other available streaming apps.
iFlix
25 million subscribers.
Available in Asia.
YouTube Premium
50 million subscribers.
Available in 101 countries.
ESPN+
21 million subscribers.
Available in the United States.
Rakuten TV
Viki
Crunchyroll
WeTV
There are lots of new and emerging apps out there, but we need to be wary about the apps we install on our devices, specifically on our mobile phones (especially Android devices). If you accidentally download a malicious app, it could steal your private information or even hijack your phone. Read more about this potential danger here.
With that being said, it’s a great idea to download Trend Micro Mobile Security so that you can verify that the apps you use are 100% safe. Trend Micro Mobile Security also safeguards against fraudulent sites, identity theft, and features performance-boosting tools.
Once your device is protected, you can easily find a comfortable area to relax in and start binge-watching your favorite shows and movies using your chosen streaming service!
Number of breaches in the last 12 months
Board members who recommend increases in IT and cybersecurity headcount
What roles are organizations looking for?
Organizations would pay for an employee to get a cybersecurity certification
Hiring from these populations is a top three challenge for organizations
Employees lack knowledge when it comes to cybersecurity awareness
Figure 1. Fortinet’s Security Fabric platform converges essential networking and security functions and consolidates security point products into a unified platform
