Israeli cybersecurity startup Mesh Security today emerged from stealth mode with a zero trust posture management (ZTPM) solution that helps organizations implement a zero trust architecture in the cloud.
Israeli cybersecurity startup Mesh Security today emerged from stealth mode with a zero trust posture management (ZTPM) solution that helps organizations implement a zero trust architecture in the cloud.
Founded in February 2022, the Tel Aviv-based company claims it can provide real-time visibility, control, and protection across all enterprise assets, regardless of where they are located.
The expansion of XaaS (Anything/Everything-as-a-Service) has created a broad attack surface that organizations may find difficult to protect.
Mesh believes that the adoption of a zero trust architecture helps mitigate these evolving risks, and has built a platform that organizations can use to implement a unified zero trust architecture on top of existing stacks.
The company claims that its ZTPM SaaS platform can map an organization’s entire cloud XaaS estate in minutes, to deliver complete visibility into its current zero trust posture.
Mesh also designed its platform to monitor for anomalous behavior, prioritize critical risks and sensitive assets, and help organizations automate remediation to improve security and ensure compliance.
Also today, Mesh warned of a MFA bypass and impersonation risk impacting over 100 vendors. Referred to as ‘Cookeys’, the problem exists because improper session cookie validation allows attackers to access mission-critical resources remotely.
“Among the [impacted organizations] are several leading Zero Trust vendors that surprisingly do not follow the first fundamental principle of Zero Trust: every system should explicitly verify every digital interaction,” Mesh says.
One of the identified issues was that stolen session cookies could be used to log into various resources and take over accounts. An attacker could use these stolen cookies even to bypass active MFA mechanisms.
“Cookie reuse without proper validation results in an adversary that can impersonate another user to perform business functions on their behalf. This threat can lead to internal phishing, fraud, data theft, and ransomware,” Mesh notes.
Cookeys, the company notes, can also be exploited for lateral movement, where adversaries use legitimate and verified identities to perform nefarious operations, such as accessing restricted business resources.
With access to a SaaS application account, the attacker could stealthily eavesdrop on data in transit, performing espionage, sabotage, or even data theft, Mesh notes. Furthermore, the attacker could gain access to a variety of XaaS resources and data, even to the organization’s most sensitive assets.
One of the organizations impacted by these risks, Mesh says, is Okta. When informed of the vulnerability, Okta said that it relies on browser and operating system protections to prevent cookie stealing and malicious plugin attacks.
“If an attacker were to have a foothold on your endpoint that allowed them access to user cookies, they would typically already have the ability to deploy malware or other methods to compromise the downstream applications,” Okta said.
By Ionut Arghire on Wed, 10 Aug 2022 13:34:20 +0000
Original link