Isolating network access to your AWS Cloud9 environments

In this post, I show you how to create isolated AWS Cloud9 environments for your developers without requiring ingress (inbound) access from the internet. I also walk you through optional steps to further isolate your AWS Cloud9 environment by removing egress (outbound) access. Until recently, AWS Cloud9 required you to allow ingress Secure Shell (SSH) access from authorized AWS Cloud9 IP addresses. Now AWS Cloud 9 allows you to create and run your development environments within your isolated Amazon Virtual Private Cloud (Amazon VPC), without direct connectivity from the internet, adding an additional layer of security.

Video: Android Hacking Proving Ground

The free content you are trying to access is for Members Only. If you’re already a member, simply login. Otherwise, please register to become a member of The Ethical Hacker Network and join the ranks of those we affectionately call EH-Netters. Soon you’ll be creating your own personal ethical hacker network.

Advanced Active Directory attacks: Simulating domain controller behavior

There was a time when cyberattacks on identity and authentication infrastructures [like Active Directory (AD)] were immensely challenging to perform. A lot of forethought had to be put into devising a plan for the careful execution of attacks, and advanced technical knowledge of domains and networks was a requisite. Over time, with the advent of open-source pen testing tools, the knowledge gap and the complexities involved to carry out a full-scale cyberattack have narrowed drastically.

Microsoft: Some Ransomware Attacks Take Less Than 45 Minutes

Catalin Cimpanu, writing for ZDNet: For many years, the Microsoft Security Intelligence Report has been the gold standard in terms of providing a yearly overview of all the major events and trends in the cyber-security and threat intelligence landscape. While Microsoft unceremoniously retired the old SIR reports back in 2018, the OS maker appears to have realized its mistake, and has brought it back today, rebranded as the new Microsoft Digital Defense Report. Just like the previous SIR reports, Microsoft has yet again delivered. Taking advantage of its vantage points over vast swaths of the desktop, server, enterprise, and cloud ecosystems, Microsoft has summarized the biggest threats companies deal with today in the face of cybercrime and nation-state attackers. The report is 88 pages long, includes data from July 2019 and June 2020, and some users might not have the time to go through it in its entirety. Below is a summary of the main talking points, Microsoft’s main findings, and general threat landscape trends.

Trusted industrial data is the future of industry

For a change, we’re not going to talk about information security today. Instead, this is about industrial data analysis at the Chelyabinsk Pipe Rolling Plant (ChelPipe). Out of the blue? Not really. It’s actually another area of application for our innovations, and it goes by the name “trusted industrial data.”

Caught in the payment fraud net: when, not if?

Sometimes, I think there are three certainties in life: death, taxes, and some form of payment fraud. Security reporter Danny Palmer experienced this a little while ago, and has spent a significant amount of time tracking the journey of his card details from the UK to Suriname. His deep-dive confirmed that it is easy to become tangled up in fraud, even if you’re very careful. I myself have experienced one of the more peculiar forms of credit card theft, detailed below.

Microsoft Digital Defense Report 2020: Cyber Threat Sophistication on the Rise

Today, Microsoft is releasing a new annual report, called the Digital Defense Report, covering cybersecurity trends from the past year. This report makes it clear that threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to spot and that threaten even the savviest targets. For example, nation-state actors are engaging in new reconnaissance techniques that increase their chances of compromising high-value targets, criminal groups targeting businesses have moved their infrastructure to the cloud to hide among legitimate services, and attackers have developed new ways to scour the internet for systems vulnerable to ransomware.

Cube Dev raises $6.2M for its open-source data platform

Cube Dev, the open-source company behind Cube.js that is building a data platform to help developers by analytical application for both internal and external users, today announced that it has raised a $6.2 million seed round led by Bain Capital Ventures. Previous investors Eniac Ventures, Betaworks, Innovation Endeavors and Slack Fund also participated, in addition to new investors Uncorrelated Ventures and Overtime.vc.