Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Twitter Hack: The Spotlight that Insider Threats Need
Newest First  |  Oldest First  |  Threaded View
shareth27
50%
50%
shareth27,
User Rank: Author
8/25/2020 | 10:54:14 PM
Re: UBEA?
Hello mosesbotbol,

Thanks for your comment. I am glad you thought about UEBA in this scenario as an essential tool. A few years back UEBA was considered to be optional however it is becoming more of a necessity to detect nefarious behaviors today. 

 

 

Exfiltration of data or change in user, account, endpoint or network behavior 

- all of the above needs to be viewed through the same lens regardless of insider or caused by external adversaries. Typically an outside attacker will manifest themselves through internal account and system compromise hence change in behaviors such as looking for a rare occurrence, or change in activity compared to past or anomalies compared to a peer, require further investigation. The challenge, however, is limited resources and time on the hands of cybersecurity professionals to deal with this issue at scale. This is where prioritization on what to protect and having the right tools including blocking controls help. There's a lot to discuss on this topic. 
mosesbotbol
50%
50%
mosesbotbol,
User Rank: Apprentice
8/24/2020 | 2:01:00 PM
UBEA?
Not much mention of UEBA in the article only indirect.  Treat all sensitive data exfiltration; be it insider or out the same.  Very strict protocols on how sensitive data is used and stored, and where it can go.  Monitor everything and prompt or block as needed.


Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26250
PUBLISHED: 2020-12-01
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning, is instead ignored by ...
CVE-2020-28576
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
CVE-2020-28577
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
CVE-2020-28582
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
CVE-2020-28583
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.