TCT is committed to helping you keep your organization secure and compliant. Every quarter, we publish compliance and security insights that you can share with your employees to fulfill periodic security reminder requirements your organization may be subject to.
As an added bonus, we’ve highlighted some developing security trends and featured a quick tip to get more out of your compliance management.
What Is File Integrity Monitoring?
File integrity monitoring is a tool that checks to see if a file on a server has been modified. It’s used as a detection protection mechanism to quickly spot evidence of a bad actor in your system.
Normally, file integrity checks are scheduled on a weekly basis, although you can set them up more frequently. The tool compares the state of the files in the file system at time of validation to the previous check. If there are any differences, the system raises a flag.
The report will tell you if a new file was created, if an existing file was modified, or if a file was deleted. It’s a solid indicator of a problem, because file integrity monitoring spots any files that have been modified in any way.
When you get your file integrity monitoring report, look through it and line up the timestamps against your known change control activities. As long as everything lines up, things are good. If not, then raise the alarm and go into incident response mode.
File integrity monitoring will also alert you if there were changes by authorized users that didn’t go through the appropriate channels. For example, an administrator may have made a change to the system but neglected to do it through approved change control.
File integrity monitoring is one of the most important problem detection tools in your arsenal — which is why it’s required by PCI DSS and several other standards.
Quick Tip: Boost Your Automation with TCT’s API
TCT Portal’s new API allows you to import data or export status information to or from your other systems. TCT Portal keeps all of your data and evidence organized. The API is the next step for organizations that have developers that can write to APIs to attain the next level of automation.
If you want to enhance the automation of status delivery back to your organization, the API can extend the natural capabilities of TCT Portal very nicely. More importantly, the API allows you to extend the automation of your internal evidence collection by porting it over to TCT Portal.
For example, you need to include the file integrity monitoring report after it’s generated. You can use the API to retrieve the latest report and load it automatically to your compliance track in TCT Portal. You don’t need to have someone manually grab the report and load it into the compliance management system.
Take advantage of the automation capabilities that an API provides and further streamline your internal resource time for gathering evidence that’s needed for compliance. To get started with TCT’s API, reach out to the TCT Portal Support Team.
What’s Going on in Security Today
An attack path for attackers with file system access allows them to steal Microsoft Teams credentials. This is partly due to the fact that the Teams app stores authentication tokens in cleartext. This allows the attacker to guess the token holder’s identity, essentially creating a bypass for multi-factor authentication to the victim’s Microsoft Teams application.
If you’re running macOS, iPhone, or an iPad, Apple is recommending you to immediately install two fixes for zero-day exploits in each device’s operating system. The first flaw is a kernel bug, which allows attackers to maliciously execute code with kernel level privileges (root, etc.).
The second bug is a Webkit bug that lets the attacker craft web content, leading to code execution. WebKit is the engine that powers the Safari web browser, along with other third-party browsers in iOS.
LockerGoga is a ransomware that started running wild in 2019, specifically targeting industrial organizations. The creator of LockerGoga, in combination with the NoMoreRansom project, has created a tool that will instantly decrypt any LockerGoga infection. BitDefender is sponsoring the free decryptor.
Google has officially patched the fifth zero-day exploit this year. This particular bug allows remote code execution. There were ten other fixes issued during this patch. Three of the five zero-day exploits were in different components of the Chrome browser.
This trend in exploits is creating a lot of uncertainty for users of Chrome, and Chrome is seeing a drop-off in usage as a result of all these bugs and holes coming to the surface.
Google Chrome and Microsoft Edge web browsers are leaking sensitive information to Google and Microsoft. The leak, called “spell-jacking,” is releasing information that includes passwords, usernames, and email.
The particular settings that are enabled in Chrome are “Enhanced Spellcheck” and Edge’s “MS Editor.” Tests were performed on 30 websites, and more than 96% returned some form of PII (Personally Identifiable Information.)