Multiple vulnerabilities found in ICONICS industrial SCADA software

~ Reporter ~ Leave a comment

A popular set of SCADA software systems used in critical infrastructure around the world suffered from at least five known vulnerabilities that could have allowed for privilege escalation, DLL hijacking and the ability to modify critical files.

The vulnerabilities were found within a suite of software made by ICONICS, which claims on its website that its SCADA software is embedded in “hundreds of thousands of installations running in over 100 countries worldwide and running in over 70 percent of Global 500 companies.”

The flaws, which are known to affect versions 10.97.2 and 10.97.3 and possibly earlier versions, were discovered by Palo Alto Networks last year and have since been patched. However, public internet scans have identified “several dozen” vulnerable ICONICS servers that remain publicly connected to the internet.

“On unpatched ICONICS installations without any workarounds or remediations, these vulnerabilities could lead to escalation of privileges, [denial of service] and in specific circumstances, even full system compromise,” wrote researchers Asher Davila and Malav Vyas.

All five of the vulnerabilities rate between a 7 and 7.8 on the CVSS severity scale, and include flaws for DLL hijacking, file tampering, denial of service and dead code vulnerabilities.

According to Palo Alto Networks, ICONICS Suite servers are primarily used in the government, military, manufacturing, water and wastewater and energy sectors, and are used for automation, data analysis and industrial Internet of Things cloud integration. On the “success stories” section of its website, the company lists as clients dozens of power and wind generation facilities, airports, natural gas plants and localities around the world.

According to data from business intelligence vendor Enlyft, ICONICS software is used by large businesses like Amazon, IBM, Hewlett-Packard, and the vast majority of its clients are industrial businesses that are based in the United States.

ICONICS did not respond to CyberScoop’s request for comment on remediation,  investigation details, and the vulnerabilities’ impact on earlier software versions. 

 A CVE list of five vulnerabilities affecting ICONICS software discovered by Palo Alto Networks over the past year. (Source: Palo Alto Networks) 

Some of the weaknesses appear to relate to how ICONICS relies on older, less secure versions of other tools and components to make its software interoperable with industrial control systems.

One vulnerability (CVE-2024-7587) exploits default settings in how ICONICS software communicates with operational technology. This is done through use of a tool, called GenBroker, that works with legacy implementations of Open Platform Communications servers and other OT device communication protocols like Modbus and BACnet. But older 32-bit versions of GenBroker are vulnerable to privilege escalation attacks. ICONICS recommends using the older, insecure version on its configuration page, even when a more secure, 64-bit version is already installed on the device. 

Another vulnerability (CVE-2024-1182) used an outdated version of a software development kit for SMS messaging known as Derdack’s Message Master that has “been deprecated for approximately 15 years with no ongoing support.”

“While no longer maintained, the Message Master SMS SDK is still integrated into the ICONICS Suite AlarmWorX MMX module,” researchers wrote. “This module is responsible for facilitating SMS and pager alerts. When those applications use Message Master SMS SDK, they are exposed to the underlying vulnerabilities present” in the software.

Newer versions of these tools were not immune to exploitation. The other three vulnerabilities described by Palo Alto Networks all exist within the latest versions of Genesis64 and GenBroker64, allowing for phantom DLL hijacking, lateral movement, abuse of trusted relationships and bypassing endpoint detection and response protections.

The post Multiple vulnerabilities found in ICONICS industrial SCADA software appeared first on CyberScoop.

from CyberScoop https://ift.tt/PRsSayZ
via IFTTT

DeepSeek-R1 now available as a fully managed serverless model in Amazon Bedrock

~ Reporter ~ Leave a comment

As of January 30, DeepSeek-R1 models became available in Amazon Bedrock through the Amazon Bedrock Marketplace and Amazon Bedrock Custom Model Import. Since then, thousands of customers have deployed these models in Amazon Bedrock. Customers value the robust guardrails and comprehensive tooling for safe AI deployment. Today, we’re making it even easier to use DeepSeek in Amazon Bedrock through an expanded range of options, including a new serverless solution.

The fully managed DeepSeek-R1 model is now generally available in Amazon Bedrock. Amazon Web Services (AWS) is the first cloud service provider (CSP) to deliver DeepSeek-R1 as a fully managed, generally available model. You can accelerate innovation and deliver tangible business value with DeepSeek on AWS without having to manage infrastructure complexities. You can power your generative AI applications with DeepSeek-R1’s capabilities using a single API in the Amazon Bedrock’s fully managed service and get the benefit of its extensive features and tooling.

According to DeepSeek, their model is publicly available under MIT license and offers strong capabilities in reasoning, coding, and natural language understanding. These capabilities power intelligent decision support, software development, mathematical problem-solving, scientific analysis, data insights, and comprehensive knowledge management systems.

As is the case for all AI solutions, give careful consideration to data privacy requirements when implementing in your production environments, check for bias in output, and monitor your results. When implementing publicly available models like DeepSeek-R1, consider the following:

  • Data security – You can access the enterprise-grade security, monitoring, and cost control features of Amazon Bedrock that are essential for deploying AI responsibly at scale, all while retaining complete control over your data. Users’ inputs and model outputs aren’t shared with any model providers. You can use these key security features by default, including data encryption at rest and in transit, fine-grained access controls, secure connectivity options, and download various compliance certifications while communicating with the DeepSeek-R1 model in Amazon Bedrock.
  • Responsible AI – You can implement safeguards customized to your application requirements and responsible AI policies with Amazon Bedrock Guardrails. This includes key features of content filtering, sensitive information filtering, and customizable security controls to prevent hallucinations using contextual grounding and Automated Reasoning checks. This means you can control the interaction between users and the DeepSeek-R1 model in Bedrock with your defined set of policies by filtering undesirable and harmful content in your generative AI applications.
  • Model evaluation – You can evaluate and compare models to identify the optimal model for your use case, including DeepSeek-R1, in a few steps through either automatic or human evaluations by using Amazon Bedrock model evaluation tools. You can choose automatic evaluation with predefined metrics such as accuracy, robustness, and toxicity. Alternatively, you can choose human evaluation workflows for subjective or custom metrics such as relevance, style, and alignment to brand voice. Model evaluation provides built-in curated datasets, or you can bring in your own datasets.

We strongly recommend integrating Amazon Bedrock Guardrails and using Amazon Bedrock model evaluation features with your DeepSeek-R1 model to add robust protection for your generative AI applications. To learn more, visit Protect your DeepSeek model deployments with Amazon Bedrock Guardrails and Evaluate the performance of Amazon Bedrock resources.

Get started with the DeepSeek-R1 model in Amazon Bedrock
If you’re new to using DeepSeek-R1 models, go to the Amazon Bedrock console, choose Model access under Bedrock configurations in the left navigation pane. To access the fully managed DeepSeek-R1 model, request access for DeepSeek-R1 in DeepSeek. You’ll then be granted access to the model in Amazon Bedrock.

Next, to test the DeepSeek-R1 model in Amazon Bedrock, choose Chat/Text under Playgrounds in the left menu pane. Then choose Select model in the upper left, and select DeepSeek as the category and DeepSeek-R1 as the model. Then choose Apply.

2. Select DeepSeek-R1 Model

Using the selected DeepSeek-R1 model, I run the following prompt example:

A family has $5,000 to save for their vacation next year. They can place the money in a savings account earning 2% interest annually or in a certificate of deposit earning 4% interest annually but with no access to the funds until the vacation. If they need $1,000 for emergency expenses during the year, how should they divide their money between the two options to maximize their vacation fund?

This prompt requires a complex chain of thought and produces very precise reasoning results.

To learn more about usage recommendations for prompts, refer to the README of the DeepSeek-R1 model in its GitHub repository.

By choosing View API request, you can also access the model using code examples in the AWS Command Line Interface (AWS CLI) and AWS SDK. You can use deepseek.r1-v1:0 as the model ID.

Here is a sample of the AWS CLI command:

aws bedrock-runtime invoke-model \
     --model-id deepseek-r1-v1:0 \
     --body "{\"messages\":[{\"role\":\"user\",\"content\":[{\"type\":\"text\",\"text\":\"[n\"}]}],max_tokens\":2000,\"temperature\":0.6,\"top_k\":250,\"top_p\":0.9,\"stop_sequences\":[\"\\n\\nHuman:\"]}" \
     --cli-binary-format raw-in-base64-out \
     --region us-west-2 \
     invoke-model-output.txt

The model supports both the InvokeModel and Converse API. The following Python code examples show how to send a text message to the DeepSeek-R1 model using the Amazon Bedrock Converse API for text generation.

import boto3
from botocore.exceptions import ClientError

# Create a Bedrock Runtime client in the AWS Region you want to use.
client = boto3.client("bedrock-runtime", region_name="us-west-2")

# Set the model ID, e.g., Llama 3 8b Instruct.
model_id = "deepseek.r1-v1:0"

# Start a conversation with the user message.
user_message = "Describe the purpose of a 'hello world' program in one line."
conversation = [
    {
        "role": "user",
        "content": [{"text": user_message}],
    }
]

try:
    # Send the message to the model, using a basic inference configuration.
    response = client.converse(
        modelId=model_id,
        messages=conversation,
        inferenceConfig={"maxTokens": 2000, "temperature": 0.6, "topP": 0.9},
    )

    # Extract and print the response text.
    response_text = response["output"]["message"]["content"][0]["text"]
    print(response_text)

except (ClientError, Exception) as e:
    print(f"ERROR: Can't invoke '{model_id}'. Reason: {e}")
    exit(1)

To enable Amazon Bedrock Guardrails on the DeepSeek-R1 model, select Guardrails under Safeguards in the left navigation pane, and create a guardrail by configuring as many filters as you need. For example, if you filter for “politics” word, your guardrails will recognize this word in the prompt and show you the blocked message.

4. Apply the Bedrock Guardrails to the DeepSeek-R1 model

You can test the guardrail with different inputs to assess the guardrail’s performance. You can refine the guardrail by setting denied topics, word filters, sensitive information filters, and blocked messaging until it matches your needs.

To learn more about Amazon Bedrock Guardrails, visit Stop harmful content in models using Amazon Bedrock Guardrails in the AWS documentation or other deep dive blog posts about Amazon Bedrock Guardrails on the AWS Machine Learning Blog channel.

Here’s a demo walkthrough highlighting how you can take advantage of the fully managed DeepSeek-R1 model in Amazon Bedrock:

Now available
DeepSeek-R1 is now available fully managed in Amazon Bedrock in the US East (N. Virginia), US East (Ohio), and US West (Oregon) AWS Regions through cross-Region inference. Check the full Region list for future updates. To learn more, check out the DeepSeek in Amazon Bedrock product page and the Amazon Bedrock pricing page.

Give the DeepSeek-R1 model a try in the Amazon Bedrock console today and send feedback to AWS re:Post for Amazon Bedrock or through your usual AWS Support contacts.

Channy

from AWS News Blog https://ift.tt/zHNpaAw
via IFTTT

AWS Weekly Roundup: Amazon Q CLI agent, AWS Step Functions, AWS Lambda, and more (March 10, 2025)

~ Reporter ~ Leave a comment

As the weather improves in the Northern hemisphere, there are more opportunities to learn and connect. This week, I’ll be in San Francisco, and we can meet at the Nova Networking Night at the AWS GenAI Loft where we’ll dive into the world of Amazon Nova foundation models (FMs) with live demos and real-world implementations.

AWS Pi Day is now a yearly tradition. It started in 2021 as a celebration of the 15th anniversary of Amazon S3. This year, there will be in-depth discussions with AWS product teams on how to build a data foundation for a unified seamless experience, managing and using data for analytics and AI workloads. Join us online to learn about the latest innovations through hands-on demos, and ask questions during our interactive livestream.

Last week’s launches
Another busy week, here are the launches that got my attention.

Amazon Q Developer – You can now use an enhanced agent within the Amazon Q command line interface (CLI) to give you more dynamic conversations, help you read and write files locally, query AWS resources, or create code. This enhanced CLI agent is powered by Anthropic’s most intelligent model to date, Claude 3.7 Sonnet. Read more about this agenic coding experience and how to try it out. Here’s a visual demo of the new capabilities of Amazon Q CLI, by Nathan Peck.

Amazon Q Business – Now supports the ingestion of audio and video data. This capability streamlines information retrieval, enhances knowledge sharing, and improves decision-making processes, by making multimedia content as searchable and accessible as text-based documents.

Amazon BedrockBedrock Data Automation is now generally available, so you can automate the generation of valuable insights from unstructured multimodal content such as documents, images, video, and audio files. Learn more and see code examples in my blog post. Amazon Bedrock Knowledge Bases support for GraphRAG is now also generally available. GraphRAG is a capability that enhances Retrieval-Augmented Generation (RAG) by incorporating graph data and delivers more comprehensive, relevant, and explainable responses by leveraging relationships within your data, improving how Generative AI applications retrieve and synthesize information.

Amazon Nova – The Amazon Nova Pro foundation model now supports latency-optimized inference in preview on Amazon Bedrock, enabling faster response times and improved responsiveness for generative AI applications.

AWS Step Functions – Workflow Studio for VS Code is now available, a visual builder you can use to compose workflows on a canvas. You can generate workflow definitions in the background to create workflows in your local development environment. Read more about this enhanced local IDE experience.

AWS Lambda – Now supports Amazon CloudWatch Logs Live Tail in VS Code. We previously introduced support for Live Tail in the Lambda console to simplify how you can view and analyze Lambda logs in real time. Now, you can also monitor Lambda function logs in real time while staying within the VS Code development environment.

AWS Amplify – Now supports HttpOnly cookies for server-rendered Next.js applications when using Amazon Cognito’s managed login. Because cookies with the HttpOnly attribute can’t be accessed by JavaScript, your applications can gain an additional layer of protection against cross-site scripting (XSS) attacks.

Amazon CognitoYou can now customize access tokens for machine-to-machine (M2M) flows, enabling you to implement fine-grained authorization in your applications, APIs, and workloads. M2M authorization is commonly used for automated processes such as scheduled data synchronization tasks, event-driven workflows, microservices communication, or real-time data streaming between systems.

AWS CodeBuild – Now supports builds on Linux x86, Arm, and Windows on-demand fleets directly on the host operating system without containerization. In this way, you can now execute build commands that require direct access to the host system resources or have specific requirements that make containerization challenging. For example, this is useful when building device drivers, running system-level tests, or working with tools that require host machine access. CodeBuild has also added support for Node 22, Python 3.13, and Go 1.23 in Linux x86, Arm, Windows, and macOS platforms.

Bottlerocket – The open source Linux-based operating system purpose-built for containers now supports NVIDIA’s Multi-Instance GPU (MIG) to help partition NVIDIA GPUs into multiple GPU instances on Kubernetes nodes and maximize GPU resource utilization. Bottlerocket now also supports AWS Neuron accelerated instance types and provides a default bootstrap container image that simplifies system setup tasks.

Amazon GameLift – Introducing Amazon GameLift Streams, a new managed capability that developers can use to stream games at up to 1080p resolution and 60 frames per second to any device with a WebRTC-enabled browser. To learn more, explore Donnie’s blog post.

Amazon FSx for NetApp ONTAP – Starting March 5, 2025, the SnapLock licensing fees for data stored in SnapLock volumes has been eliminated, making it more cost-effective.

Other AWS news
Here are some additional projects, blog posts, and news items that you might find interesting:

Accelerate AWS Well-Architected reviews with Generative AI – In this post, we explore a generative AI solution to streamline the Well-Architected Framework Reviews (WAFRs) process. We demonstrate how to build an intelligent, scalable system that analyzes architecture documents and generates insightful recommendations based on best practices.

Architectural diagram

Build a Multi-Agent System with LangGraph and Mistral on AWS – The Multi-Agent City Information System demonstrated in this post exemplifies the potential of agent-based architectures to create sophisticated, adaptable, and highly capable AI applications.

Reference architecture

Evaluate RAG responses with Amazon Bedrock, LlamaIndex and RAGAS – How to enhance your Retrieval Augmented Generation (RAG) implementations with practical techniques to evaluate and optimize your AI systems and enable more accurate, context-aware responses that align with your specific needs.

Architectural diagram

From community.aws
Here are some of my favorite posts from community.aws. Create your AWS Builder ID to start sharing your tips and connect with fellow builders. Your Builder ID is a universal login credential that gives you access, beyond the AWS Management Console, to AWS tools and resources, including over 600 free training courses, community features, and developer tools such as Amazon Q Developer.

Optimize AWS Lambda Costs with Automated Compute Optimizer Insights (Zechariah Kasina) – An automated and scalable method for optimizing AWS Lambda memory configurations to enhance cost efficiency and performance.

Optimize AWS Costs: Auto-Shutdown for EC2 Instances (Adeleke Adebowale Julius) – Using Amazon CloudWatch alarms to dynamically shut down instances based on inactivity.

The Evolution of the Developer Role in an AI-Assisted Future (Aaron Sempf) – While AI is transforming software development, the need for developing talent remains crucial.

Amazon Q Developer CLI – More coffee, less remembering commands (Cobus Bernard) – Now that you can use Amazon Q Developer directly from your terminal to interact with your files, so let’s add some convenience automations.

Upcoming AWS events
Check your calendars and sign up for these upcoming AWS events:

AWS Community Days – Join community-led conferences that feature technical discussions, workshops, and hands-on labs led by expert AWS users and industry leaders from around the world: Milan, Italy (April 2), Bay Area – Security Edition (April 4), Timișoara, Romania (April 10), and Prague, Czech Republic (April 29).

AWS Innovate: Generative AI + Data – Join a free online conference focusing on generative AI and data innovations. Available in multiple geographic regions: North America (March 13), Greater China Region (March 14), and Latin America (April 8).

AWS Summits – The AWS Summit season is coming along! Join free online and in-person events that bring the cloud computing community together to connect, collaborate, and learn about AWS. Register in your nearest city: Paris (April 9), Amsterdam (April 16), London (April 30), and Poland (May 5).

AWS re:Inforce (June 16–18) – Our annual learning event devoted to all things AWS Cloud security. This year is in Philadelphia, PA. Registration opens in March, so be ready to join more than 5,000 security builders and leaders.

AWS DevDays are free, technical events where developers can learn about some of the hottest topics in cloud computing. DevDays offer hands-on workshops, technical sessions, live demos, and networking with AWS technical experts and your peers. Register to access AWS DevDays sessions on demand.

That’s all for this week. Check back next Monday for another Weekly Roundup!

Danilo

This post is part of our Weekly Roundup series. Check back each week for a quick roundup of interesting news and announcements from AWS!

How is the News Blog doing? Take this 1 minute survey!

(This survey is hosted by an external company. AWS handles your information as described in the AWS Privacy Notice. AWS will own the data gathered via this survey and will not share the information collected with survey respondents.)

from AWS News Blog https://ift.tt/P8YJZoT
via IFTTT

⚡ THN Weekly Recap: New Attacks, Old Tricks, Bigger Impact

~ Reporter ~ Leave a comment

Cyber threats today don’t just evolve—they mutate rapidly, testing the resilience of everything from global financial systems to critical infrastructure. As cybersecurity confronts new battlegrounds—ranging from nation-state espionage and ransomware to manipulated AI chatbots—the landscape becomes increasingly complex, prompting vital questions: How secure are our cloud environments? Can our

from The Hacker News https://ift.tt/PEm8yM5
via IFTTT

Securing the Cloud Frontier: How Organizations Can Prepare for 2025 Threats

~ Reporter ~ Leave a comment

As organizations accelerate their cloud adoption for cost-efficiency, scalability, and faster service delivery, cybercriminals are taking notice. Cloud technology has become a cornerstone of modern business operations, offering unparalleled flexibility and innovation. However, with great promise of cloud technology can also bring great risk. In 2025, threat actors are anticipated to increasingly target cloud technologies, exploiting their rising complexity and potential vulnerabilities. The rapid expansion of cloud services, combined with the shift toward hybrid and multi-cloud environments, has created an intricate web of interconnected systems that presents a lucrative target for cybercriminals.

With critical functions like identity and authentication now consolidated in the cloud, businesses face a growing risk: a single point of compromise could grant attackers access to an organization’s most valuable assets. Organizations must recognize that their cloud environments are not isolated; they are part of a vast digital ecosystem that requires constant vigilance, strategic planning, and proactive defense measures. 

The Growing Cloud Attack Surface

As businesses increasingly migrate workloads to the cloud, they expand their attack surface, introducing new security challenges. Cloud-based identity and authentication services, while enhancing security and user experience, have become attractive targets for attackers. A compromised cloud access point can serve as a gateway to an organization’s most sensitive assets, resulting in significant financial and reputational damage.

The shared responsibility model — where cloud providers manage infrastructure security while customers handle data and application security — can create gaps if organizations fail to implement proper security measures. Misconfigurations, lack of visibility, and inconsistent security policies across cloud environments are common pitfalls. Cybercriminals are exploiting these weaknesses using techniques such as social engineering, credential stuffing, privilege escalation, and utilizing lateral movement within cloud systems. Organizations must take a proactive approach to cloud security by continuously assessing their defenses and addressing vulnerabilities before they can be exploited.

What Organizations Can Do to Prevent Cloud-Based Threats

To fortify their organizations against cloud-based threats in 2025, security leaders must move beyond traditional, reactive approaches and adopt a comprehensive, proactive cybersecurity strategy that includes:

•Proactive Threat Validation: Organizations can no longer rely solely on periodic breach and attack simulations or penetration testing conducted after threats have been identified. Instead, they must integrate continuous validation of their security posture using real-world threat intelligence. By aligning defensive measures with the latest adversary tactics, techniques, and procedures (TTPs), organizations can prioritize the most pressing exposures and mitigate risks before they are exploited.

•Live Threat Intelligence Integration: The evolution of threat actors requires security teams to move from passive scanning to intelligence-driven security practices. By leveraging live threat intelligence, businesses can gain a predictive understanding of potential attack paths and adversarial behaviors specific to their industry. This approach helps prioritize vulnerabilities that align with known threats and allows for timely and strategic mitigation.

•Predictive Posture Assessment: Modern cloud environments demand a shift from traditional risk assessments to predictive posture validation. This involves analyzing indicators of potential adversarial activity and using that intelligence to strengthen defenses. Organizations can leverage AI-driven insights to correlate data on vulnerabilities, attack paths, and threat actor movements, ensuring a prioritized and dynamic security approach.

•Scaling Offensive Testing: Security teams must enhance their offensive capabilities by automating red team exercises. By emulating advanced adversaries at scale, organizations can identify security gaps without the need for extensive manual orchestration, enabling more efficient and thorough assessments of their cloud environments.

•Incident Response Optimization: A proactive security posture includes the ability to swiftly detect, contain, and remediate breaches. Simulating attacks on cloud access points enhances incident response readiness, enabling security teams to act decisively in the face of evolving threats.

Strengthening Cloud Security with Proactive, Intelligence-Driven Strategies

As cloud environments continue to evolve, organizations must adopt a proactive, intelligence-driven approach to security. Moving beyond traditional reactive measures, businesses need to continuously validate their security controls using real-world threat intelligence to anticipate and defend against emerging threats. 

The key to safeguarding cloud assets in 2025 lies in leveraging advanced security technologies and aligning defenses with evolving adversary tactics. Organizations that embrace continuous validation and tailored cybersecurity strategies will be better equipped to protect their critical assets and enhance overall resilience. By fostering a culture of continuous improvement and staying ahead of threats, businesses can confidently navigate the complexities of the modern cloud landscape.

 

 

 

The post Securing the Cloud Frontier: How Organizations Can Prepare for 2025 Threats appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/atSDB2z
via IFTTT

How Secure Are Cloud-Based Billing Systems? Addressing The Top Security Risks

~ Reporter ~ Leave a comment

Cybercriminals are constantly looking for ways to exploit financial data, and cloud-based billing systems have become a prime target. While these platforms offer automation, scalability and convenience, they also introduce security vulnerabilities that businesses must address. 

To fully benefit from cloud billing while mitigating risks, organizations need a proactive security approach. To help strengthen your defenses, let’s explore key security threats and best practices for protecting cloud-based financial systems. 

Key Security Risks in Cloud-Based Billing Systems 

While cloud-based billing platforms improve efficiency, they also require strong security measures to protect sensitive financial data. Without the right safeguards, these vulnerabilities can put businesses at risk: 

• Data Breaches and Unauthorized Access 

Financial data is a prime target for cybercriminals, and unauthorized access to billing records can lead to fraud, identity theft and compliance violations. Weak authentication measures and misconfigured access controls often increase the risk of breaches. 

• Inadequate Encryption Practices 

Without strong encryption, sensitive financial data remains vulnerable to interception. Cloud-based billing platforms must encrypt data both at rest and in transit to prevent unauthorized access. Poor encryption key management can further expose billing information to cyber threats. 

• API Security Vulnerabilities 

Billing platforms often rely on Application Programming Interfaces (APIs) to integrate with third-party applications and financial tools. If not properly secured, these APIs can become entry points for attackers to access sensitive data or manipulate transactions. 

• Insider Threats 

Employees and third-party vendors with access to billing systems can pose security risks, whether through accidental mishandling of data or malicious intent. Without strict access controls and monitoring, internal threats can lead to unauthorized transactions or data leaks. 

• Compliance and Regulatory Challenges 

Billing systems must comply with regulations such as Payment Card Industry Data Security Standard (PCI-DSS), General Data Protection Regulation (GDPR) and Service Organization Control 2 (SOC 2). Failure to meet these standards can result in legal penalties and reputational damage. Many organizations struggle to maintain compliance, leaving gaps in their security frameworks. 

• Distributed Denial-of-Service (DDoS) Attacks 

DDoS attacks overwhelm cloud-based platforms with excessive traffic, causing downtime and preventing legitimate transactions. These disruptions not only impact revenue but also erode customer confidence in the security of the billing system. 

• Weak Security Patching and Updates 

Cyber threats evolve rapidly, making it critical for cloud providers to release security patches regularly. However, businesses that delay updates leave themselves exposed to known vulnerabilities that attackers can exploit. 

Best Practices for Securing Cloud-Based Billing Systems 

To protect sensitive financial data and reduce security risks, cybersecurity professionals must implement a comprehensive security framework. The following best practices help mitigate threats and enhance billing platform security: 

• Strengthen Access Controls and Authentication 

Enforcing multi-factor authentication (MFA) and role-based access controls helps restrict unauthorized access to billing data. Strong authentication protocols reduce the risk of credential-based attacks. 

• Implement End-to-End Encryption 

Data encryption using industry standards such as the Advanced Encryption Standard (AES-256) protects billing information from interception. Businesses should also adopt secure encryption key management practices to safeguard stored financial records. 

• Secure API Integrations 

Since APIs connect billing platforms to various financial tools, securing them is essential. Organizations should implement API authentication measures and regularly audit API permissions to prevent unauthorized data access. 

• Conduct Regular Security Audits and Testing 

Routine security assessments – including penetration testing and vulnerability scanning – help identify weaknesses before they can be exploited. Working with third-party auditors allows businesses to uncover risks and improve security measures. 

• Choose a Secure and Reliable Billing Platform 

Selecting a subscription billing system that prioritizes security can help businesses reduce vulnerabilities while managing transactions efficiently. A well-designed system will include robust authentication controls, end-to-end encryption and compliance with industry security standards. 

• Monitor for Insider Threats 

Behavioral analytics tools can detect unusual activity within billing systems, allowing businesses to identify and mitigate potential insider threats before they cause damage.

• Protect Against DDoS Attacks 

Cloud-based DDoS protection services help prevent service disruptions by filtering malicious traffic before it impacts billing operations. Scalable network defenses keep transactions running smoothly, even during an attack.  

• Automate Security Patching 

Keeping billing platforms updated with automated patch management reduces exposure to cyber threats. Businesses should prioritize cloud providers that offer managed security updates and vulnerability monitoring. 

Cloud-Based Billing Security: A Smarter Approach 

Cloud-based billing platforms offer efficiency and scalability, but without strong safeguards, they remain prime targets for cyber threats. Going forward, organizations must prioritize access controls, encryption and secure integrations to protect their cloud-based infrastructure. 

After all, a well-protected billing system does more than prevent breaches – it builds trust, supports compliance and strengthens long-term financial stability. Taking proactive steps today will help businesses stay ahead of evolving threats and maintain a secure, reliable billing system for the future. 

AUTHOR BIO: Matt Ream is the Director of Product Marketing at BillingPlatform. With extensive experience in product marketing, particularly for B2B SaaS companies, Ream has a proven track record of establishing robust marketing foundations and positioning products as industry leaders. 

The post How Secure Are Cloud-Based Billing Systems? Addressing The Top Security Risks appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/zuPLikY
via IFTTT

Four Ways Agentic AI Helps Lean Security Teams Defend Against Threats

~ Reporter ~ Leave a comment

Agentic AI is becoming a hot topic in the security community. This emerging technology has already taken other industries by storm, such as customer service, healthcare, and financial services. Many security teams are intrigued by the concept of AI-powered agents that can learn, adapt, make decisions, and take action. Agentic AI can be an absolute game changer for lean, resource-strapped security teams and mid-market organizations to combat the onslaught of never-ending cyberattacks.

Defining Agentic AI

Don’t confuse the “agent” in Agentic AI with legacy endpoint agents, which are software components installed on connected devices to collect telemetry, enforce security policies, and enable remote administration. Agentic AI is not the same. Instead of being a passive collector of data or an execution mechanism for predefined rules, Agentic AI has the ability to adapt and make decisions in real-time.

Self-guided decision-making is what sets Agentic AI apart. Unlike traditional IT agents that must wait for commands to take the next step, Agentic AI, in the context of a security environment, autonomously detects, investigates, and mitigates threats without human intervention. It also has context-aware adaptability. This means agents don’t just follow narrow scripts or pre-programmed logic. Instead, they learn from their environments, attack patterns, and past responses. AI-powered agents are constantly refining their actions through feedback loops driven by continuous improvement. And, while traditional automation handles repetitive tasks, Agentic AI can chain multiple security actions together, thinking strategically about the broader security picture and reaching goals faster than manual procedures allow.

In short, Agentic AI functions like a security analyst, only faster and without burnout.

Building a Better SOC

With Agentic AI, transforming a Security Operations Center (SOC) into a more autonomous model is more achievable. Transitioning to an autonomous SOC model has many benefits for an organization’s overall security posture. An Autonomous SOC utilizes Agentic AI, generative AI, machine learning, and workflow automation to carry out security operations tasks with minimal human involvement.

Here are four ways Agentic AI helps lean security teams create a supercharged SOC that can defend against threats:

1. Automated Threat Detection and Response: Unlike SIEMs and other automated security systems that rely on rule-based detection, Agentic AI ingests alerts from a wide variety of sources across the network, including cloud, network, endpoint, and identity systems. AI-powered agents can automatically analyze the data from all of these ingestion points, identify abnormal behavior patterns, and surface potential threats quickly via machine learning. And Agentic AI doesn’t just detect—it acts, correlating related events pulled from these various sources with the rich context that human analysts need to neutralize and contain threats.

2.Automated Decision-Making: Instead of expecting security analysts to manually triage alerts, Agentic AI can prioritize incidents. It can also investigate anomalies and escalate threats intelligently for the analyst, lightening the workload and allowing them to work on more critical threats. Think of it as having a virtual Tier 1 security analyst who handles the heavy lifting. For lean security teams, this is paramount.

3.Dynamic Playbooks: Agentic AI dynamically executes multi-step response actions, such as blocking malicious traffic, isolating compromised endpoints, and initiating forensic data collection, based on real-time risk assessment. There is no waiting for analysts to hit “approve” on every alert.

4.Feedback Loops and Continuous Learning: Unlike static security tools, Agentic AI is designed to improve over time, learning from attack attempts, remediation steps, and analyst feedback to fine-tune detection and response mechanisms.

Leveling the Playing Field

SentinelOne introduced a maturity model for the Autonomous SOC toward the end of 2024. This programmatic concept, powered and influenced largely by AI, assists organizations in achieving the scalability and autonomy of their security operations.

However, many midmarket companies may find the pursuit of an Autonomous SOC program to be unattainable. While this model is a valuable resource, it is more easily achievable for larger, enterprise-sized organizations. These organizations typically have the benefit of larger budgets, more resources, and 24/7 security staff. Midmarket companies often lack the funding, infrastructure, and personnel of their enterprise-sized counterparts.

This is why Agentic AI changes the game for smaller, strapped security teams seeking more automation in their security operations. Agentic AI helps bridge a necessary gap in detection and response by automating manual efforts, acting as a helpful companion to the human security analysts worried about burning out.

For midmarket enterprises with smaller security teams, Agentic AI is the ingredient that powers an automated SOC that runs itself, saving them the overhead of hiring dozens of analysts.

Here are the key benefits of Agentic AI for lean security teams:

Faster Detection and Response: AI-powered agents can significantly reduce the time it takes to identify, detect, and respond to real-time attacks by replacing manual correlation with automated triaging, saving small teams thousands of hours a year.

● Less Burnou for Security Analystst: Small security teams get overwhelmed with security alerts, spending hours sifting through false positives which leads to burnout.

Agentic AI can significantly eliminate unnecessary alerts, helping teams focus on what matters most without burning through their bandwidth.

● Extracting More Value From Existing Tools: Most Agentic AI capabilities include open integration and interoperability of your security stack, adding tremendous firepower and ultimately ROI for your existing technology investments.

● Levels the Playing Field Against Cybercriminals: Mid-market organizations no longer have to play catch-up with their enterprise peers, as Agentic AI unlocks enterprise-grade security capabilities at scale without the hefty price tag.

Autonomy is the Goal

As cyber threats become more sophisticated, mid-market enterprises can’t afford to rely on traditional security models that require massive headcounts and budgets. They need to work smarter and faster. AI enables them to do just that.

With Agentic AI, the dream of an Autonomous SOC is now a reality for organizations of all sizes. Lean security teams can do more with less, stay ahead of threats, and defend with confidence.

For mid-market security leaders, the future isn’t just automation—it’s autonomy. Agentic AI is here to make it happen.

About the author

Subo Guha is Senior Vice President of Product Management at Stellar Cyber, where he spearheads the development of their award-winning, AI-driven Open XDR solutions. With more than 25 years of experience, Subo has held senior leadership roles at industry-leading companies like SolarWinds, Dell, N-able, and CA Technologies.

The post Four Ways Agentic AI Helps Lean Security Teams Defend Against Threats appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/qC0zx8P
via IFTTT

Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist

~ Reporter ~ Leave a comment

Safe{Wallet} has revealed that the cybersecurity incident that led to the Bybit $1.5 billion crypto heist is a “highly sophisticated, state-sponsored attack,” stating the North Korean threat actors behind the hack took steps to erase traces of the malicious activity in an effort to hamper investigation efforts.
The multi-signature (multisig) platform, which has roped in Google Cloud Mandiant to

from The Hacker News https://ift.tt/OqduUrC
via IFTTT

Enterprise AI Through a Data Security Lens: Balancing Productivity With Safety

~ Reporter ~ Leave a comment

Recently, 57 countries signed an agreement pledging an "open" and "inclusive" approach to AI’s development. The US and UK were not among them, with the US vice president implying productivity should be the priority over safety. Should the opportunity for AI to drive innovation and productivity be prioritized over safety and security?

from darkreading https://ift.tt/h9HNbKY
via IFTTT