FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Friday, December 31, 2021

Cybersecurity in 2022, Predictions for digital ecosystem facing more challenges and sophisticated threats

This blog was written by an independent guest blogger.

In 2020, I published an AT&T blog called “Top Cybersecurity Trends & Predictions for 2020’” 2021 Cybersecurity Trends and Insights | AT&T Cybersecurity (att.com)  In the article I had forecasted that cybersecurity would become even more of a strategic priority for companies as the cost, sophistication, and lethality of breaches would continue to rise. Also, that threat actors, especially state-sponsored, and criminal enterprises would take advantage of the expanding cyber-attack surface by using their resources to employ more sophisticated means for discovering target vulnerabilities, automating phishing, and finding new deceptive paths for infiltrating malware.

The rash of high-profile breaches such as Solar Winds, Colonial Pipeline, Kaseya, and others proved those 2021 predictions to be accurate. In fact, “the number of publicly reported data compromises in the U.S. through September of 2021 has already surpassed the total number of compromises in 2020 by 17%, according to the Identity Theft Resource Center (ITRC).” Data Breaches Are on Pace to Break a New Record High in 2021 | Money Please see my article in FORBES for more of 2021’s alarming cybersecurity statistics. MORE Alarming Cybersecurity Stats For 2021 ! (forbes.com)

As we near 2022, the cyber threat landscape remains just as ominous. Including the continued challenges of protecting critical infrastructure, the supply chain, and the ever-present task of finding qualified cybersecurity workers to fill scores of vacant roles in corporations and government that I forecasted still issues for the coming year.

I have divided my 2022 predictions into two categories. Strategic, and Tactical. Strategic perspectives provide a glimpse of what cyber-trends will be pervasive, and tactical is focuses on what technical and policy remedies will need to be prioritized by CISOs, CIOs, and their IT shops.

STRATEGIC FORECAST

Ransomware

In 2022, ransomware attacks will continue at an alarming pace and will be more targeted. For hackers’ soft targets for ransomware extortion are plentiful, especially in the healthcare, financial, and manufacturing industries. We can expect to see more such attacks because the vulnerabilities to many networks remain open and accessible to hackers and because many victimized companies are still paying ransomware.

Ransomware is not new, and it has been around for decades. .A variant of ransomware called “WannaCry” spread swiftly in 2017 and 2018, reaching over 100 countries and infecting over 200,000 computers.  Ransomware is more favored by hackers nowadays because they can get paid in cryptocurrencies that are hard to trace. Because of the prevalence of ransomware attacks, the U.S. government created a Ransomware and Digital Extortion Task Force  created run by the Department of Justice (DOJ) to help track cyberattacks and digital extortion schemes and combat them. Department Of Justice Creates New Task Force To Take On Ransomware Attacks (forbes.com)

OT/IT and IoT convergence

The scale and frequency of cyber-attacks against critical infrastructure continues to grow. 2022 will be more of the same. Digital connectivity driven by the adoption of industrial internet of things and operational technology (OT) has further expanded the attack surface. IT/OT/ICS supply chains in CI can be particularly vulnerable as they cross pollinate and offer attackers many points of entry and older Legacy OT systems were not designed to protect against cyber-attacks.

In recent years, hackers and nation state adversaries have gained a deeper knowledge of industrial control systems and how they can be attacked and how weaponized malware can be deployed. Weaponized malware is a genuinely concerning and real threat to critical infrastructure. The firm Gartner Inc., projected deaths due to a cybersecurity threat weaponizing industrial facilities by 2025. The firm sees the cost of attacks that cause fatalities reaching $50 billion per year. DHS Secretary: “Killware,” Malware Designed To Do Real-World Harm, Poised To Be World’s Next Breakout Cybersecurity Threat – CPO Magazine

Also, in previewing the vulnerabilities of both hardware and software networks, Internet of Things (IoT) devices also will continue present special security challenges to CISOs as the number of connected devices to networks expands in Malthusian ways. “By 2025, it is expected that there will be more than 30 billion IoT connections, almost 4 IoT devices per person on average and that also amounts to trillions of sensors connecting and interacting on these devices. State of the IoT 2020: 12 billion IoT connections (iot-analytics.com). IoT complexity magnifies cyber risk and the lack of visibility to determine if a device has been compromised is challenging and will present more attack vectors for hackers.

Critical infrastructure and space: The new frontier

As Elon Musk, Jeff Bezos and William Shatner can attest, space is indeed the new frontier. A large part of our communication capacity as a civilization is becoming increasingly dependent on satellite relays and monitoring. With that comes cyber-risk. The national security community believes that satellites could be targeted by cyber-attacks to disrupt communications or information streams vital for commerce and security.

Many networks are now changing from terrestrial (land) based communications to the cloud, taking advantage of satellites to move data over large, international distances. There are more satellites circling in low earth than ever as launch costs have significantly lowered, which has created more targets and thus a wider attack surface for hackers to potentially attack both in space and at land-based control centers.

I agree with Samuel Visner, technical fellow at MITRE who says that “space systems should be a designated critical infrastructure. That would include launch systems, manufacturing plants, on orbit satellites and ground-based communication systems.” Industry panel: U.S. space systems need protection against cyber attacks – SpaceNews  There are many capable nation state threat actors who have the capacity to do damage to space infrastructure and it could happen very soon. For a deeper dive on the cyber space threat see: Protecting Space-Based Assets from Cyber Threats – HS Today

TACTICAL FORECAST

  • Industry and organizations will continue to move to Cloud, Hybrid Cloud and Edge Platforms to better optimize and securing data. This is a process that has been happening over the past several years. It will still be a major focus of budget spend for 2022.
  • Updating of legacy systems and assimilation of emerging technologies such as 5G and artificial intelligence into security platforms will be prioritized. There are many shiny new toys and tools for cybersecurity operators. The challenge will be knowing how to best orchestrate those tools and understanding what is available to best mitigate industry-specific threats.
  • OT and IT convergence and vulnerabilities will need to be addressed. Security by Design: OT and IT networks for industrial systems will need to be designed, updated, and hardened to meet growing cybersecurity threats. Security by design will require building agile systems with operational cyber-fusion between OT and IT to be able to monitor, recognize, and respond to emerging threats.
  • More attention will be applied to Zero Trust risk management strategies. There will be more of a focus on vulnerability assessments and securing code from production throughout the life cycle. Zero trust will become more of a prevailing theme for government agency cybersecurity too.
  • Protecting supply chains is still an area of key focus for CISOs. Sophisticated ransomware groups like REvil and Darkside were particularly active in 2021 against such targets. According to Microsoft, the SolarWinds hackers are already attacking more IT supply chain targets. SolarWinds hackers attacking more IT supply chain targets (techtarget.com) The security challenge comes down to understanding what is connected in the supply chain landscape, knowing how to best protect the most important assets, and effectively implementing strategies for mitigating and remediating a security incidents and breaches.
  • More automation and visibility tools will be deployed for expanding protection of remote employee offices, and for alleviating workforce shortages. The automation tools are being bolstered in capabilities by artificial intelligence and machine learning algorithms.
  • Cybersecurity will see increased operational budgets because of more sophisticated threats and consequences of breaches (and especially ransomware) to the bottom line. Cybersecurity becomes more of a C-Suite issue with every passing year as breaches can be disruptive and devastating for business.

There are dozens of other predictions I could add to the forecast, and I only highlighted several of the most pertinent ones. There are news items on cyber-threats and incidents published every week. As a society on the verge of unparalleled exponential connectivity, we are entering unchartered digital territory in 2022. New risks and unforeseen issues will no doubt confront us. Certainly, security teams will have many responsibilities and tasks at hand to address in the coming year.

The post Cybersecurity in 2022, Predictions for digital ecosystem facing more challenges and sophisticated threats appeared first on Cybersecurity Insiders.


January 01, 2022 at 09:09AM

Gloucester City Council hit by a possible Ransomware Cyber Attack

Gloucester City Council of UK was reportedly hit by a cyber attack on December 20th,2021 disrupting all of its online services such as council tax support, Caravan site information, Licensing, Recycling, Health and Leisure Centers, Housing Administration, Elections and Electoral Registration, Public Conveniences, test and trace support, housing benefits including payments and loan repay.

Though there is no confirmed news that the attack was of a ransomware virus, sources report that the restoration of services might take a few weeks as the incident seems to be more complicated after preliminary investigations were concluded.

Council reported the issue to the National Crime Agency (NCA) and National Cyber Security Centre (NCSC) to launch a detailed inquiry that is underway.

Gloucester City Council website’s home page is guiding its web traffic to some links in a hope of solving some taxing issues. However, information is out that those services are failing to open/connect due to some technical issues with certain ISPs.

Those wishing to claim benefits might contact the council via an email at “’benefits at gloucester dot gov dot uk”

Note 1- Formed on April 1st 1974, the council has now been split into 18 wards and is governed by over 39 councilors elected to rule the city council.

Note 2- A ransomware is a kind of malware attack where hackers steal data and then encrypt the entire database until a ransom is paid. Earlier, the threat actors only used to lock down the database until a ransom in cryptocurrency was paid. But now they are involved in double extortion tactics where they sell the data if the victim fails to pay the demanded ransom for any reason.

The post Gloucester City Council hit by a possible Ransomware Cyber Attack appeared first on Cybersecurity Insiders.


December 31, 2021 at 08:39PM

Why authorization and authentication are important to API security – and why they’re not enough

This blog was written by an independent guest blogger.

The number of machine identities for which organizations are responsible has “exploded” in recent years, according to Security Boulevard. These machine identities include  devices and workloads. But they also include application programming interfaces (APIs). Organizations use APIs to connect the data and functionality of their applications to those managed by third-party developers, business partners, and other entities, per IBM. These connections enable different applications to communicate with each other and to use the services of one another to help deliver and streamline functionality for users.

APIs and machine identities under attack

Digital attackers are increasingly taking an interest in APIs and machine identities. In 2020, for instance, Venafi found that attacks involving machine identities increased 400% between 2018 and 2019. Kount also released a report in 2020 in which 81% of enterprises revealed that they now deal with attacks driven by malicious bots. A quarter of respondents said they had experienced an attack that ended up costing them at least half a million dollars.

These findings raise the question: Why are these attacks happening?

The answer is that many developers are prioritizing speed of innovation over security. Yes, many of today’s mobile, web, and Software-as-a-Service (SaaS) applications would be impossible without APIs. But it’s also true that APIs can expose sensitive data including personally identifiable information when not properly secured, resulting in security incidents that can undermine organizations’ business interests. The Open Web Application Security Project (OWASP) was therefore correct in saying, “Without secure APIs, rapid innovation would be impossible.”

The challenge here is the multifaceted nature of API security. OWASP, which pioneered the OWASP Top 10 list of application attacks, recognized the need for a new list focused on API attacks and in 2019, it created the OWASP API Top 10.  Only one threat for the first list made it onto the second list, showing just how different API attacks are. The following two threats are great examples of how bad actors target APIs vs. applications:

  • Broken Object Level Authorization: As explained by Heimdal Security, Object Level Authorization is an access control mechanism that confirms a user can’t access objects that they shouldn’t have access to. Broken Object Level Authorization (BOLB) occurs when an application does not leverage this mechanism properly. In doing so, a BOLB vulnerability can enable an attacker to access sensitive information handled by the app.
  • Broken User Authentication: This type of vulnerability occurs in instances where authentication mechanisms do not function as intended because they weren’t implemented properly, noted OWASP. A malicious actor can subsequently weaponize Broken User Authentication to compromise a user’s authentication token and/or impersonate a user for a period.

An overview of authentication and authorization

API security might be multifaceted, but some things do repeat themselves. In fact, many of OWASP’s list of top 10 API vulnerabilities revolve around insufficient authentication and authorization controls. To understand the implications, it’s important to first define what these security controls entail.

In another article, Security Boulevard defined authentication as “the process of identifying users and validating who they claim to me.” Most authentication schemes use a set of credentials made up of a username and password to authenticate someone’s identity. However, some schemes layer on additional factors of authentication such as a fingerprint, a One-Time Temporary Password (OTTP) generated by an authentication app, or a physical security key to secure access to an account in the event of a password compromise.

Authorization comes after authentication. This stage involves granting full or partial access rights for databases, accounts, or other resources to an authenticated user. In this sense, a user can be authenticated, but they still might not have the authorization to access certain systems within the organization. Simultaneously, attackers can capitalize on a broken authentication system to abuse a victim’s level of authorization for accessing sensitive systems and data.

Authentication and authorization are necessary for defending against many security threats today. That’s especially the case for insider threats. The longer that people are with an organization, the more they tend to collect permissions over time that may exceed what’s required for their job. Some of those permissions might be relevant to current work duties, for example, while others might trace back to projects long-since completed. Others might provide rights the user never needed.

These types of permissions emphasize the importance of the principle of least privilege and ongoing permissions reviews. But it also underscores what can happen when robust authentication and authorization aren’t in place. For example, an external attacker can compromise an account protected with only a single layer of authentication (a single credential set) and abuse a lack of authorization checks to expose information handled by the API. Without proper validation, a malicious insider could do the same thing. There’s the belief that authenticated users won’t go look for things that they shouldn’t. But Account Takeover (ATO) attacks do happen, and certain authorizations enable these types of attacks to occur.

How to provide strong API authentication and authorization

Acknowledging the threats above, Salt Security provides the following recommendation: “Externalize your access controls and identity stores wherever possible, which includes mediation mechanisms like API gateways….” InfoWorld clarified that API gateways function as single points of entry into a system, allowing security teams to concentrate their system hardening efforts there instead of distributing their efforts across multiple APIs. Gateways help by facilitating authentication and authorization at the business level by concentrating security logic in a single location. Organizations can also use Identity and Access Management (IAM) solutions as well as key management technologies to further lock down their APIs.

It’s important to highlight, however, that authentication and authorization are not sufficient for API security. Organizations also need tooling that will identify when bad actors are able to manipulate API calls and adjust authentication or authorization parameters that, individually, look proper but have actually been changed to enable inappropriate access to accounts. So get your authentication and authorization done right, but don’t rest of those laurels.

The post Why authorization and authentication are important to API security – and why they’re not enough appeared first on Cybersecurity Insiders.


December 31, 2021 at 09:09PM

CynergisTek Finishes Year Strong, Closes Largest 2-Year Managed Service Contract for 2021

AUSTIN, Texas–(BUSINESS WIRE)–CynergisTek (NYSE American: CTEK), leading cybersecurity, privacy, compliance, and IT audit firm helping organizations in highly regulated industries navigate emerging security and privacy issues, today announced that it has signed the largest multi managed service contract of 2021 with a well-known managed care organization that has been a client since 2015. This 7-figure transaction expands on the partnership between CynergisTek and its client to provide the company’s flagship tailored multiyear Resilience Partner Program (RPP).

“We are pleased to announce that our company has just expanded our relationship with a client who we have worked with for the last six years, signing the largest multiyear contract of 2021,” said Mac McMillan, CEO, and President at CynergisTek. “This agreement represents our focus on our client relationships that build a strong renewal pipeline and represents the value we give our clients as the trusted partner for their cybersecurity, privacy, and compliance needs year in and year out,” he says. CynergisTek finishes Q4 by exceeding its goal for sales and posting the best annual bookings performance in the past three years.

CynergisTek’s signature Resilience Partner Program is designed to allow CynergisTek to work collaboratively with its clients to build a tailored set of services designed to help protect clients from cyber-related risks by building up their strategic defenses, improving operational efficiencies, and validating their programs work as expected. Under this Resilience Partner Program agreement, CynergisTek will provide annual risk assessments, medical device security, vendor security management, technical testing, and security control validation services. These services help healthcare organizations prioritize risk, maintain a constant eye on vulnerabilities associated with the expanding threat landscape, and ensure they have a strong and effective approach to risk that responds every day.

About CynergisTek, Inc.

CynergisTek (www.cynergistek.com), is a top-ranked cybersecurity consulting firm helping organizations in highly regulated industries, including those in healthcare, government, and finance navigate emerging security and privacy issues. CynergisTek combines intelligence, expertise, and a distinct methodology to validate a company’s security posture and ensure the team is rehearsed, prepared, and resilient against threats. Since 2004, CynergisTek has been dedicated to hiring and retaining experts who bring real-life experience and hold advanced certifications to support and educate the industry by contributing to relevant industry associations. For more information, visit www.cynergistek.com or follow us on Twitter or Linkedin.

Cautionary Note Regarding Forward Looking Statements

This release contains certain forward-looking statements relating to the business of CynergisTek, Inc. These forward-looking statements are within the meaning of Section 27A of the Securities Act of 1933, as amended (the “Securities Act”) and Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”) and can be identified by the use of forward-looking terminology such as “believes,” “expects,” “anticipates,” “would,” “could,” “intends,” “may,” “will,” or similar expressions. Such forward-looking statements involve known and unknown risks and uncertainties, including but not limited to uncertainties relating to product/services development; long and uncertain sales cycles; the ability to obtain or maintain proprietary intellectual property protection; future capital requirements; competition from other providers; the ability of the Company’s vendors to continue supplying the Company with supplies and services at comparable terms and prices; the Company’s ability to successfully compete and introduce enhancements and new features that achieve market acceptance and that keep pace with technological developments; the Company’s ability to maintain its brand and reputation and retain or replace its significant customers; cybersecurity risks and risks of damage and interruptions of information technology systems; the Company’s ability to retain key members of management and successfully integrate new executives; the Company’s ability to complete acquisitions, strategic investments, entry into new lines of business, divestitures, mergers or other transactions on acceptable terms, or at all; potential risks and uncertainties relating to the existing and ultimate impact of COVID-19, including the geographic spread, the severity of the virus, the duration of the COVID-19 outbreak, actions that may be taken by governmental authorities to contain the COVID-19 outbreak or to treat its impact, and the potential negative impacts of COVID-19 on the global economy and financial markets, and other factors that may cause actual results to be materially different from those described herein as anticipated, believed, estimated or expected. Certain of these risks and uncertainties are or will be described in greater detail in the Company’s Form 10-K and Form 10-Q filings with the Securities and Exchange Commission, which are available at http://www.sec.gov. Given the risks and uncertainties, readers should not place undue reliance on any forward-looking statement and should recognize that the statements are predictions of future results which may not occur as anticipated. Many of the risks listed above have been, and may further be, exacerbated by the COVID-19 pandemic, including its impact on the healthcare industry. Actual results could differ materially from those anticipated in the forward-looking statements and from historical results, due to the risks and uncertainties described herein, as well as others not now anticipated. CynergisTek is under no obligation (and expressly disclaims any such obligation) to update or alter its forward-looking statements whether as a result of new information, future events, or otherwise.

The post CynergisTek Finishes Year Strong, Closes Largest 2-Year Managed Service Contract for 2021 appeared first on Cybersecurity Insiders.


December 31, 2021 at 09:09PM

Thursday, December 30, 2021

Details of a failed Clop Ransomware attack on City of Toronto Canada

Cybersecurity Insiders has learnt that Clop ransomware gang operating from Russia accessed the servers of the City of Toronto to grab metadata of over 35k citizens. Their plan could be to later dump the data on the dark web and make money.

However, for some reason or because of a strict online vigil from Ukraine’s law enforcement agency, they did not post the details or dropped the plan to do for reasons best known to them.

Going deep into the details, in January 2021, cyber criminals from CLOP ransomware group got access to sensitive data related to the population of Toronto through a ZERO Day vulnerability exhibited in the Accellion file transfer system.

As soon as the cyber attack details were revealed in the prima facie launched by the IT staff of Toronto, they believed the city could receive a massive ransom request at any moment.

However, the development did not take place as per the expectation of the staff members.

Ontario’s Information Commissioner’s Office took a note of the incident and concluded that the year 2022 will witness a slew of attacks on public agencies- mostly those serving health sector.

Note- Accessed data by Clop Ransomware attack includes details related to over 30k property tax payers, info related to over 400 people who are fully vaccinated, patient data of over 100 people being treated by Toronto’s Paramedics, 3000 individuals related data linked to Toronto’s Public Health and their Corona test results and details of few flyers who visited America in Christmas 2020.

The post Details of a failed Clop Ransomware attack on City of Toronto Canada appeared first on Cybersecurity Insiders.


December 31, 2021 at 11:50AM

Redline malware stealing saved passwords from browsers

If you follow a custom of saving passwords in your browser, you better change it, before it’s too late. Because security researchers from a South Korean cybersecurity firm, AhnLab discovered that a new malware named Redline was seen lurking in the browsers and stealing saved passwords only to be transmitted to remote servers.

According to sources, RedLine Stealer was first discovered in May this year when most of the office work was going online. An employee from central Europe accidentally downloaded RedLine malware that later stole some essential passwords required for the management of some corporate systems online.

Then the credential stealing malware starting lurking in the network and planning to be distributed to other networks and spy on the workstation functionalities.

Three months later, RedLine has reportedly emerged into a stealer that majorly targets online users credit card details, auto-fills and cookies and is more interested in stealing their email account logins and passwords.

Like many other malicious software, RedLine stealer is also showing a lot of interest in stealing currency from cryptocurrency wallets.

Since November this year, the said malevolent software that is highly customizable is been cryptically distributed in the name of pirated movie, games and MS office software. And this, when downloaded, starts stealing passwords from browsers in the name of a logged-in user. As the activity seems to be recorded in the Login-Database, the browser releases unencrypted information, thus making way for the malware to fulfill its objective.

Till date, RedLine Botnet was found targeting chrome browsers mostly seen in Android devices. However, the developers have also infiltrated browsers such as Edge, Firefox and Opera in the recent weeks.

Note- From December 26th, 2021 Have I Been Pwned website is notifying users about 441,000 account details stolen through RedLine malware.

The post Redline malware stealing saved passwords from browsers appeared first on Cybersecurity Insiders.


December 31, 2021 at 11:48AM

Cyber Threat to Healthcare and Corona Virus Vaccine supply

Amid fears that the newly mutated & detected Omicron variant of Corona could trigger a lockdown across the world, security experts warn that some group of threat actors probably funded by adversary governments are threatening to disrupt the healthcare services and vaccine supply meant to contain the spread of COVID-19 on a global note.

According to a study made by researchers from Barracuda Networks, hospitals and healthcare organizations are at a greater risk of being cyber attacked in 2022 that is only a couple of days away.

The cloud based security services provider opinions that companies operating across the world, irrespective of the business field they are in, should proactively plan to secure their infrastructure from all kinds of cyber threats including ransomware attacks.

It’s perceived that security related conversations will dominate the year 2022, as data storage can no longer be leveraged without accountability.  

Hence, companies should be cautious while implementing new technologies, as they can lead to privacy concerns, if neglected.

Ransomware is perceived to dominate the whole of next year, as hacking groups will try their best to extort money by stealing or locking up valuable data or software from access.

So, all the company CEOs and CTOs out there whose business is related to vaccine research or supply you better be aware of the upcoming crisis and take proactive measures to avoid them by all means.

Note- A threat group possibly funded by North Korea intelligence was after the vaccine development data of AstraZeneca last year. However, it failed in stealing the vital info related to the British drug maker.

The post Cyber Threat to Healthcare and Corona Virus Vaccine supply appeared first on Cybersecurity Insiders.


December 30, 2021 at 10:20AM

Top 10 AT&T Cybersecurity blogs published in 2021

I enjoy being editor and managing this blog so much, I thought I'd share some of the best blogs of 2021. 2022 is right around the corner, but it's also a good time to look back at some 2021 highlights!

AT&T Alien Labs blog by Ofer Caspi in November 2021 AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

Fernando Martinez's AT&T Alien Labs blog from July Lazarus campaign TTPs and evolution

Ofer Caspi and Javi Ruiz's FatalRat analysis in August New sophisticated RAT in town: FatalRat analysis

Guest blogger Irfan Shakeel's helpful how-to on using Wireshark in September 2021 Network traffic analysis using Wireshark

Fernando Dominguez's Labs blog in August PRISM attacks fly under the radar

Ofer Caspi's September blog TeamTNT with new campaign aka “Chimaera”

April Labs blog by Dax Morrow and Ofer Caspi The rise of QakBot

Ofer Caspi's January Labs blog TeamTNT delivers malware with new detection evasion tool

Ofer's June 2021 blog Darkside RaaS in Linux version

Mary Blockowiak's helpful A beginner’s guide to SASE in February.

Great year! Happy holidays and keep on blogging!!

The post Top 10 AT&T Cybersecurity blogs published in 2021 appeared first on Cybersecurity Insiders.


December 30, 2021 at 09:09AM

Find A New Cybersecurity Job in 2022

Find A New Cybersecurity Job in 2022The 2021 (ISC)² Cybersecurity Workforce Study revealed that the global cybersecurity workforce gap is 2.72 million. This is the number of jobs within the industry that are necessary to fill to defend critical assets. With so many cybersecurity organizations looking to fill positions, you may think to yourself, “Is cybersecurity a good industry to enter?” or “What are the pathways to cybersecurity?” and “Where would I find a cybersecurity job?”

Cybersecurity Workers are Satisfied and Well-Compensated

This year’s Cybersecurity Workforce Study showed that 77% of cybersecurity professionals are satisfied or extremely satisfied in their current role compared to only 49% of overall American workers, according to a recent study from Zippia. Cybersecurity professionals are passionate about keeping information secure and with continuous and growing threats to privacy, they tend to be lifetime learners. Cybersecurity professionals are also strongly compensated. (ISC)² survey respondents reported an average salary before taxes of U.S. $90,900 (up from U.S. $83,000 among respondents in 2020 and U.S. $69,000 in 2019) with 31% reporting a median annual salary of U.S. $100,000 or more.

Pathways and Preparation for a Cybersecurity Role

Today’s pathways to cybersecurity are changing. While an IT background remains the single most common route taken that is giving way to a variety of entry points. Slightly more than half of cybersecurity professionals got their start outside of IT. Some 17% transitioned from unrelated career fields, 15% gained access through cybersecurity education and 15% explored cybersecurity concepts on their own. Learn more in this blog: Five Steps to Get a Cybersecurity Job

Find Cybersecurity Jobs

Looking to connect with cybersecurity professions for career guidance and more? Join the (ISC)² Community to find and participate in engaging discussions like Give Advice to Your Former Self and What are the Best Cybersecurity Job Boards and more.

The post Find A New Cybersecurity Job in 2022 appeared first on Cybersecurity Insiders.


December 30, 2021 at 09:09AM

Top 10 AT&T Cybersecurity blogs published in 2021

I enjoy being editor and managing this blog so much, I thought I'd share some of the best blogs of 2021. 2022 is right around the corner, but it's also a good time to look back at some 2021 highlights!

AT&T Alien Labs blog by Ofer Caspi in November 2021 AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

Fernando Martinez's AT&T Alien Labs blog from July Lazarus campaign TTPs and evolution

Ofer Caspi and Javi Ruiz's FatalRat analysis in August New sophisticated RAT in town: FatalRat analysis

Guest blogger Irfan Shakeel's helpful how-to on using Wireshark in September 2021 Network traffic analysis using Wireshark

Fernando Dominguez's Labs blog in August PRISM attacks fly under the radar

Ofer Caspi's September blog TeamTNT with new campaign aka “Chimaera”

April Labs blog by Dax Morrow and Ofer Caspi The rise of QakBot

Ofer Caspi's January Labs blog TeamTNT delivers malware with new detection evasion tool

Ofer's June 2021 blog Darkside RaaS in Linux version

Mary Blockowiak's helpful A beginner’s guide to SASE in February.

Great year! Happy holidays and keep on blogging!!

The post Top 10 AT&T Cybersecurity blogs published in 2021 appeared first on Cybersecurity Insiders.


December 30, 2021 at 09:09AM

Wednesday, December 29, 2021

Infineon Showcases Intelligent, Secured IoT Solutions and Dependable Electronics for Automotive at CES 2022

MUNICH & LAS VEGAS–(BUSINESS WIRE)–Infineon Technologies AG (FSE: IFX / OTCQX: IFNNY) today announced that at CES 2022 it will “Reimagine Innovation”, showcasing the company’s wide portfolio of IoT, power, security and automotive solutions. Infineon’s exhibits of new, innovative electronics solutions will be shown in the Ballroom San Polo 3405 and 3406, located at The Venetian Hotel, Level 3, Foyer East. Infineon is also participating in digital CES 2022. More information is available here.

Don’t miss the panel entitled “Unlocking Innovation and New Applications with Radar” on Thursday, January 6, 2022 from 11:00 to 11:40 am PT, located in the LVCC North Hall N259. This 40-minute moderated panel will include Infineon’s Vice President of Power and Sensor Solutions Preet Sibia, along with executives from Google, Blumio, Texas Instruments and Ford.

“Reimagine Innovation” with Intelligent IoT solutions

The company will highlight an extensive range of sensor, microcontroller and power electronic products for the IoT. Demonstrations will include the XENSIV™ radar sensors to help devices detect motion; REAL3™ 3D imager family with highly integrated time-of-flight (ToF) sensors; XENSIV PAS CO2 sensor to track the CO2 in the environment; a smart sleep monitoring device to monitor breathing using Infineon’s XENSIV 60 GHz mm-wave radar chip, developed in collaboration with Tsingray Technology; smart switching solutions in collaboration with Amber; and a portfolio of USB-PD chargers and adapters.

Solutions to secure and connect the IoT

Successful IoT solutions rely on secured connectivity from any device and any location, and Infineon demonstrations will showcase how the company creates trust in the digital world that allows users, enterprises and organizations to unleash the full potential of the IoT. Innovations highlighted in this category include the company’s AIROC™ Bluetooth devices for audio and IoT applications; Infineon’s recently launched CIRRENT™ Cloud ID, a service that automates cloud certificate provisioning and IoT device-to-cloud authentication; the OPTIGA™ Authenticate S, a hardware-based security solution for any device authentication challenge, and the OPTIGA Trust M – a high-end security solution that provides an anchor of trust for connecting IoT devices to the cloud.

Dependable electronics for the future of mobility

To “Reimagine Innovation” with dependable Electronics, the company will highlight the semiconductor backbone of the technologies that support automotive megatrends: electro-mobility, automated driving, connectivity and cybersecurity. Drawing on decades of automotive expertise, demonstrations will highlight dependable electronics for cybersecurity, sensor fusion, and vehicle electrification.

Solutions include the Semper™ NOR Flash Memory family for critical safety features, along with the SEMPER Secure Flash Memory; the REAL3 automotive imager based on 3D ToF technology for accurate and robust depth sensing; and Infineon’s proven TRAVEO™ and TRAVEO II automotive microcontroller product families for conventional, hybrid and virtual gauge instrument cluster.

Exclusive showcase for audio electronics

Infineon will also showcase its MERUS™ audio amplifier ICs, with a sneak peek into the upcoming new features. The company’s broad portfolio of easier-to-use, smarter and greener audio amplifiers will be featured in a private suite at The Venetian Hotel.

CES Innovation Award Honorees

Infineon’s XENSIV PAS CO2 sensor was selected as a CES 2022 Innovation Award Honoree in the “Smart Cities” category. The company’s Semper Secure Flash Memory was also selected as an Innovation Award Honoree in the “Cybersecurity and Personal Privacy” category.

Infineon at CES 2022

Visit Infineon at this year’s CES 2022 from 5 to 8 January 2022, at the Las Vegas Convention Center in Las Vegas, Nevada. See how Infineon helps “Reimagine Innovation” with dependable electronics and secured, intelligent and easy-to-use IoT solutions at the Ballroom San Polo 3405/3406, located at The Venetian Hotel, Level 3, Foyer East.

More information is available here. Editors interested in an interview with an executive, can contact their respective regional Media Relations manager listed below. Industry analyst interested in a briefing, can email: MarketResearch.Relations@infineon.com.

The post Infineon Showcases Intelligent, Secured IoT Solutions and Dependable Electronics for Automotive at CES 2022 appeared first on Cybersecurity Insiders.


December 30, 2021 at 09:08AM

N-able Technology Alliance Program Primed for Growth into 2022

DURHAM, N.C.–(BUSINESS WIRE)–N-able, Inc. (NYSE: NABL), the purpose-built technology partner for managed services providers (MSPs), is celebrating strong growth of the Technology Alliance Program (TAP) throughout 2021, adding more than 25 partners this year, more than half of which are focused on security. The program is aimed at helping N-able partners successfully manage, monitor, and protect their customers using the technology they need most to get the job done right, through seamless integrations into the platforms they rely on from N-able.

Since early 2021, relationships added include many well-known technology leaders, such as Cisco®, Sophos®, and Webroot®, as well as several emerging tech innovators—including Liongard® and Zomentum—bringing the total number of partners in the program to 65.

The growing partnerships align with the International Data Corporation prediction that by 2023, 60% of industry ecosystems will establish open innovation hubs for cross-industry collaboration, shared application development, personalized customer engagement, and 5% year-over-year participant growth.

“TAP provides members and our MSP partners with centralized access to more of the trusted technologies that are proven to integrate with and grow their businesses,” said Tyler McDonald, director of business development. “These relationships and investments will lead to more success for our partners and the MSP community and help us meet our partners where they are the messiest, as they are challenged with utilizing a growing myriad of tools and technologies to best support their customers.”

The most recent TAP Tank in October, with a focus on cybersecurity, introduced new and growing relationships with several software, hardware, and services companies, including Blackpoint, Vonahi, Corent, Zeguro, Bandura Cyber, Armor and Infosec.

“Infosec believes knowledge is power when fighting cybercrime,” says Jack Koziol, CEO and founder of Infosec. “Our partnership with N-able through TAP allows us to connect with a growing range of MSPs and their clients to expand their security awareness and training and empower learners with the skills and knowledge to detect, mitigate and defeat cybercrime.”

Beginning in 2021, N-able called on TAP members to provide discounted offerings and incentives for its growing MSP community. One such offering is included cybersecurity training through Infosec Skills, when partners purchase N-able security offerings.

View the N-able Technology Alliance Program (TAP) Overview for additional info. Providers interested in joining the N-able TAP ecosystem and extending the reach to our 25,000+ MSPs around the globe in 2022 can apply online now.

About N-able

N-able empowers managed services providers (MSPs) to help small and medium enterprises navigate the digital evolution. With a flexible technology platform and powerful integrations, we make it easy for MSPs to monitor, manage, and protect their end customer systems, data, and networks. Our growing portfolio of security, automation, and backup and recovery solutions is built for IT services management professionals. N-able simplifies complex ecosystems and enables customers to solve their most pressing challenges. We provide extensive, proactive support—through enriching partner programs, hands-on training, and growth resources—to help MSPs deliver exceptional value and achieve success at scale.

n-able.com

© 2021 N-able Solutions ULC and N-able Technologies Ltd. All rights reserved.

Category: Company

The post N-able Technology Alliance Program Primed for Growth into 2022 appeared first on Cybersecurity Insiders.


December 30, 2021 at 09:08AM

CynergisTek Signs Six-Figure Extension Contract with Nationally Ranked Hospital

AUSTIN, Texas–(BUSINESS WIRE)–CynergisTek (NYSE American: CTEK), leading cybersecurity, privacy, compliance, and IT audit firm helping organizations in highly regulated industries navigate emerging security and privacy issues, recently announced one of the top obstetric and pediatric hospitals in the country that is also part of a prestigious academic medical center has signed a six-figure extension contract for professional service hours. The hospital continues to invest in CynergisTek’s virtual staffing and remediation services, adding over one thousand more hours of support throughout the next year.

“I have no doubt that this will continue to be a strong partnership with this client, and we are pleased to expand on offering our custom staffing remediation services,” said Mac McMillan, President, and CEO of CynergisTek. “The recent contract supports CynergisTek’s strategy to expand client retention, develop stronger relationships, and help protect the healthcare industry as a whole. Our job is to help identify gaps in your programs and provide guidance on how to remediate those gaps because simply knowing they are there isn’t enough.”

The agreement is an extension to the original contract that began in 2020 and enables the client to continue to leverage the value of CynergisTek’s solutions to optimize virtual staffing resources and enhance the client’s security programs. As healthcare continues to be a target of cyber-related incidents, hospitals need to take necessary steps to not only identify cyber risks, but follow through with prioritized remediation efforts to protect patient data, and avoid obstructing patient care. CynergisTek’s Information Security Remediation Services provide healthcare organizations with subject matter expertise from seasoned professionals who offer guidance and suggestions based on industry best practices, and the NIST privacy/security framework, to help address and remediate gaps in privacy, cybersecurity, compliance, and/or IT Audit programs.

About CynergisTek, Inc.

CynergisTek (www.cynergistek.com) is a top-ranked cybersecurity consulting firm helping organizations in highly regulated industries, including those in healthcare, government, and finance, navigate emerging security and privacy issues. CynergisTek combines intelligence, expertise, and a distinct methodology to validate a company’s security posture and ensure the team is rehearsed, prepared, and resilient against threats. Since 2004, CynergisTek has been dedicated to hiring and retaining experts who bring real-life experience and hold advanced certifications to support and educate the industry by contributing to relevant industry associations. For more information, visit www.cynergistek.com or follow us on Twitter or LinkedIn.

Cautionary Note Regarding Forward Looking Statements

This release contains certain forward-looking statements relating to the business of CynergisTek, Inc. These forward-looking statements are within the meaning of Section 27A of the Securities Act of 1933, as amended (the “Securities Act”) and Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”) and can be identified by the use of forward-looking terminology such as “believes,” “expects,” “anticipates,” “would,” “could,” “intends,” “may,” “will,” or similar expressions. Such forward-looking statements involve known and unknown risks and uncertainties, including but not limited to uncertainties relating to product/services development; long and uncertain sales cycles; the ability to obtain or maintain proprietary intellectual property protection; future capital requirements; competition from other providers; the ability of the Company’s vendors to continue supplying the Company with supplies and services at comparable terms and prices; the Company’s ability to successfully compete and introduce enhancements and new features that achieve market acceptance and that keep pace with technological developments; the Company’s ability to maintain its brand and reputation and retain or replace its significant customers; cybersecurity risks and risks of damage and interruptions of information technology systems; the Company’s ability to retain key members of management and successfully integrate new executives; the Company’s ability to complete acquisitions, strategic investments, entry into new lines of business, divestitures, mergers or other transactions on acceptable terms, or at all; potential risks and uncertainties relating to the existing and ultimate impact of COVID-19, including the geographic spread, the severity of the virus, the duration of the COVID-19 outbreak, actions that may be taken by governmental authorities to contain the COVID-19 outbreak or to treat its impact, and the potential negative impacts of COVID-19 on the global economy and financial markets, and other factors that may cause actual results to be materially different from those described herein as anticipated, believed, estimated or expected. Certain of these risks and uncertainties are or will be described in greater detail in the Company’s Form 10-K and Form 10-Q filings with the Securities and Exchange Commission, which are available at http://www.sec.gov. Given the risks and uncertainties, readers should not place undue reliance on any forward-looking statement and should recognize that the statements are predictions of future results which may not occur as anticipated. Many of the risks listed above have been, and may further be, exacerbated by the COVID-19 pandemic, including its impact on the healthcare industry. Actual results could differ materially from those anticipated in the forward-looking statements and from historical results, due to the risks and uncertainties described herein, as well as others not now anticipated. CynergisTek is under no obligation (and expressly disclaims any such obligation) to update or alter its forward-looking statements whether as a result of new information, future events, or otherwise.

The post CynergisTek Signs Six-Figure Extension Contract with Nationally Ranked Hospital appeared first on Cybersecurity Insiders.


December 30, 2021 at 09:08AM

Ukraine President enforces Information Security Strategy

Amid extreme concerns related to cyber warfare from Russia, Ukraine’s President Volodymyr Zelensky announced a new information security strategy policy was launched and came into effect early this week.

Article 107 of the Constitution of Ukraine proposed a new security strategy for the country’s information systems on October 15,2021 and was waiting for the whole parliaments nod till date.

Yesterday, the Ukraine president pronounced a relevant decree, bringing the articulated decision into full effect.

Now, to those uninitiated, United States and United Kingdom on a combined note sent a team of cybersecurity experts to Ukraine in order to secure their critical infrastructure from Russia’s cyber attacks.

The concern was that the digital attack could trigger a third world war as attacks between two nations could encourage other nations to take sides and launch nuclear attacks, leading to devastation worldwide.

On the other hand, law enforcement agencies of Ukraine arrested over 51 people in connection with a data scam of selling information related to over 300 million people in countries like United States, and Europe.

Cyberpolice Department of the National Police of Ukraine reportedly seized about 100 storage servers containing 90GB information of Ukraine, US and European populace. The data includes surnames, names, addresses, contact numbers, email Ids and in some cases vehicle-registration details that are to be sold in marketplaces vying to collect such data for hacking, analytics and advertisement purposes.

Ukraine’s Security Service of Ukraine (SSU) arrested over 5 suspects to be gang members of an international Phoenix hacking group known to infiltrate mobile devices. The arrests were made from Kyiv and Kharkiv, along with Lviv, where a 3 member gang involved in siphoning of money from Cryptocurrency wallets in fraudulent ways were also arrested.

The post Ukraine President enforces Information Security Strategy appeared first on Cybersecurity Insiders.


December 29, 2021 at 08:41PM

Manual and semi-automated testing for IDORs using Burp Suite

This blog was written by an independent guest blogger.

This article explores how you can locate Insecure direct object references (IDORs) using Burp Suite. Primarily, there are two ways to test the IDOR flaw, manual and semi-automated. For automation, this article focuses on the Autorize Plugin in Burp Suite.

What are Insecure Direct Object References (IDOR)

Silent Breach discovered an IDOR vulnerability on the US Department of Defense website in November 2020 and discreetly notified it to the DOD's Vulnerability Disclosure Program. The flaw was solved by including a user session method into the account setup that required initially logging in to the website.

That was one of the IDORs incidents, but what is an Insecure Direct Object Reference?

Insecure Direct Object References (IDOR) occurs when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization and access resources in the system directly, for example, database records or files.” – owasp.org

Insecure Direct Object References allow attackers to bypass authorization and access resources directly by modifying the value of a parameter that points to an object directly.

Access control challenges are the source of this vulnerability. The word IDOR became famous once it came into the OWASP's top ten. However, it's really just some other form of Broken Access Control.

IDORs can cause privilege escalation either horizontally or vertically. To be considered an IDOR, they must meet the preceding requirements:

  • The request contains an entity identification, whether as a GET or POST option.
  • There must be an Access Control flaw allowing the individual access to information, for which they shouldn't be allowed.

Examples:

  • GET /receipt.php?id=18
  • POST /privateInfo.php
    • {userId:03,name:”bob”}
  • GET /invoice/test.txt

We have POST and a GET request with an identifier. In most cases, user A can only see receipts or private details that belong to him. An attacker can get an IDOR if he modifies this identifier and receives the same information as user A.

It might appear to be a simplistic explanation of IDORs, but that is essentially how they function. The interesting part is how we could automate scanning for this. We may use either a manual or semi-automated technique.

If you are just getting started in bug hunting, I suggest manual testing initially. It’s common practice to learn and grasp the working knowledge of your tool before putting your hands on it. You genuinely get to go into the depths of your capabilities.

Semi-automated test for IDORs

To automate the testing of IDORs, we need Autorize Plugin in Burp Suite.

You can install the Autorize plugin in the Burp suite from the Extender tab -> BApp Store.

Autorize plugin

After installing the autorize plugin:

  • Navigate to your target webpage, log in to User A (test2/test), and capture the traffic.
  • Copy the request (cookie and header details) and paste it on the Autorize tab.

Autorize on

  • Turn on Autorize.
  • Go to the target webpage, login with User B (test3/test), and capture the traffic.
  • Burp then makes the identical request with the given cookies and color-codes the outcomes for us.

Autorize target

Lastly, explore the target Web App and test every feature that requires admin credentials and is not accessible via a regular user; if you receive a Bypass/Enforced response, you have an IDOR vulnerability.

Testing IDORs manually in Burp Suite

To test the IDOR manually, I am using the Port Swigger lab here. Fire up Burp Suite and access the Portswigger Lab.

It's good practice to set the target scope in Burp Suite. As in our case, you can add the lab URL as the target scope, or you can add only the domain name.

I usually tick the advanced scope control, as it provides us with regex options if necessary.

Autorize manual

After setting the target scope, explore the target webshop. Browsing through the webshop reveals a variety of features. By this time, the site map must have clogged up with all the various requests.

Webshop

We can see various responses, but the one we're interested in is the download-transcript.

Navigate the webshop, capture the traffic on the proxy tab and send it to the repeater tab.

Webshop details

When we modify this download transcript number, the server will no longer verify that we have permission to download it.

no permission!

We must be capable of login into username Carlos and the password we just got. We don't particularly need to be signed in to get the documents because this is an unauthenticated IDOR.

Conclusion

The two ways we can use to test IDORs are:

  • Manual testing using Burp Suite.
  • Semi-automated testing using Autorize Plugin from Burp Suite.

Implementing an access control system is the only genuine approach to address this vulnerability. The server must authenticate the user before it can fulfil the request.

The post Manual and semi-automated testing for IDORs using Burp Suite appeared first on Cybersecurity Insiders.


December 29, 2021 at 09:10PM

What Were the Best Cybersecurity Webinars of 2021?

TopWebinars2021As cybersecurity professionals, you work in an industry that is always evolving. It is imperative to stay up to date on the most important topics. On top of your responsibilities on the job, it can be challenging to stay current or know where to look for the latest news or best practices. So, we’ve compiled the highest rated, ranked by your peers, (ISC)² cybersecurity webinars from 2021.

Our webinars have maintained consistent popularity and have have increased in viewership by more than 70% year-over-year growth this year. As so many in-person events were cancelled in 2021, free webinars make it easy to complete your educational requirements and maintain your membership status. (ISC)² members can receive CPE credits automatically for viewing webinars. As a reminder, your CPE credit requirements are due at the end of your three-year membership cycle – not annually.

We produce several live webinars each week and make them available on-demand for convenient viewing. Register now for our upcoming 2022 webinars on topics including cloud security, market trends, and Zero Trust so you stay current on trending topics.

In case you missed any, or you just want a refresh, here are the top-rated webinars of 2021 by region:

Top 10 Cybersecurity Webinars in North America

Top 10 Cybersecurity Webinars in Europe, Middle-East and Africa (EMEA)

Top 10 Cybersecurity Webinars in Asia-Pacific (APAC)

Stay in the know on important topics covered in these webinars while networking with your peers on the (ISC)² Community.

The post What Were the Best Cybersecurity Webinars of 2021? appeared first on Cybersecurity Insiders.


December 29, 2021 at 09:10PM

Details of T-Mobile December 2021 Data Breach

T Mobile that suffered a massive data breach in August this year has again fallen prey to a similar hack in December 2021 that saw information leak of a small set of the telecom company customers.

According to those reporting to our Cybersecurity Insiders, the attack took place in three forms, with the first targeting the customer proprietary network info(cpni), and second related to SIM swap and third involving customers targeted with both the said forms of incidents.

In the first attack, hackers might have accessed billing account details such as names, phone numbers, numbers linked to the accounts and rate plan details. In the 2nd instance, the threat actors somehow gained server access and tried to access information related to SIM cards and IMEI number that can be used by them later to hack into their online accounts.

The 3rd category of affected customers was those whose private CPNI was viewed and their SIM cards were swapped.

T-Mobile is yet to acknowledge the data breach on an official note. However, released a press update via twitter that its staff is yet to reach to a conclusion over the data breach and issues like who was involved and what type of data/information was accessed and stolen.

Note- On August 18th, 2021, T-Mobile confirmed it had become a victim of a cyber attack where sensitive information related to over 40 million of its customers was accessed by hackers. And the leaked data includes first and last names, birth dates, driving license details, social security numbers and phone numbers. As a compensation, the telecom giant offered a free-identity-protection service from McAfee to all the affected customers and urged them to change their account PINs as early as possible.

The post Details of T-Mobile December 2021 Data Breach appeared first on Cybersecurity Insiders.


December 29, 2021 at 11:23AM

Tuesday, December 28, 2021

McMenamins suffers a Ransomware Attack

McMenamins, a family owned company of crafted breweries in Oregon & Washington, has reportedly suffered a ransomware attack, blocking down several of its digital services like hotel room booking and such.

The employees of the company have been asked to use other digital services to stay in touch with each other and were given a hint that it might take at least 10 days for the business to recover from the incident.

A source based on the condition of anonymity said that those spreading Conti Ransomware gang could have attacked the servers of McMenamins and so a third party service has been hired to investigate the incident.

Conti Ransomware operating from Russia is known to first steal the information from the targeted database and then encrypt it entirely until a ransom is paid. If the victim fails to pay the ransom in cryptocurrency, they then sell the stolen data on the dark web.

Note 1– Recently, a US based company titled Shutterfly was also hit by Conti hackers who demanded a ransom of $10 million to unlock the database from encryption.

Note 2- Conti Ransomware gang has so far targeted corporate networks of companies operating in Manufacturing, power and government sector. Usually, they demand a ransom payment ranging between $10 million to $50 million. However, sometimes they were found negotiating the demanded sum and were also seen taking $1 million to free up the encryption driven database.

The post McMenamins suffers a Ransomware Attack appeared first on Cybersecurity Insiders.


December 29, 2021 at 11:21AM

Druva Appoints Tracey Newell to Board of Directors

SUNNYVALE, Calif.–(BUSINESS WIRE)–Druva Inc. today announced the appointment of Tracey Newell to the company’s board of directors. Newell brings more than 20 years of sales and marketing leadership experience to Druva, and will support the company as it prioritizes expanding routes to market and capturing the rapidly growing data protection market.

“Tracey’s impressive history as a sales leader at industry-leading enterprise software and SaaS companies, coupled with her ability to inspire and energize an organization, makes her an outstanding addition to our leadership team,” said Jaspreet Singh, founder and CEO, Druva. “As Druva focuses on helping organizations across the globe strengthen their data resiliency, we are excited to welcome Tracey as we focus on expanding opportunities and strengthening our position in existing markets.”

Newell is the former president of Informatica, where she also served as a member of the company’s board of directors for two years prior to being asked to join the management team. Prior to joining Informatica, Newell served as executive vice president of global field operations at Proofpoint, where she led sales through a five-year period of hypergrowth. Recognized as a Top 100 Sales Leader by The Modern Sale, Newell led Proofpoint’s go-to-market team to become a top five leader in the cybersecurity market. Newell has also served as executive vice president of global sales at Polycom, and held sales leadership positions at Juniper Networks, Webex, and Cisco Systems.

“Over the last two years, the urgency to strengthen data resiliency and protection has reached a crescendo, and is now a mission-critical priority of every enterprise,” said Newell. “As customers accelerate their cloud modernization journey, the Druva Data Resiliency Cloud brings the simplicity, security, and scalability that customers demand in a solution that is truly differentiated in the marketplace. I could not be more pleased to join Druva’s board and look forward to supporting the company’s incredible journey.”

Additional Information

About Druva

Druva enables cyber, data and operational resilience for every organization with the Data Resiliency Cloud, the industry’s first and only at-scale SaaS solution. Customers can radically simplify data protection, streamline data governance, and gain data visibility and insights as they accelerate cloud adoption. Druva pioneered a SaaS-based approach to eliminate complex infrastructure and related management costs, and deliver data resilience via a single platform spanning multiple geographies and clouds. Druva is trusted by thousands of enterprises, including 60 of the Fortune 500 to make data more resilient and accelerate their journey to cloud. Visit druva.com and follow us on LinkedIn, Twitter and Facebook.

The post Druva Appoints Tracey Newell to Board of Directors appeared first on Cybersecurity Insiders.


December 29, 2021 at 09:08AM

Meyer Shank Racing Partners with Arctic Wolf

PATASKALA, Ohio–(BUSINESS WIRE)–As the Ohio-based organization prepares for its largest competition campaign in team history, Meyer Shank Racing (MSR) is pleased to announce a new multi-year partnership with Arctic Wolf, a leader in security operations.

Arctic Wolf is one of the fastest-growing cybersecurity companies globally on a mission to end cyber risk. The company’s marquee solution, the Arctic Wolf Security Operations Platform, enables customers of all sizes to easily and effectively manage their security operations with a click of a button, seamlessly unifying their existing security tools into one experience ensuring protection against cyber attacks.

By combining the power, speed, and scale of the Arctic Wolf Platform and the company’s pioneering Concierge Delivery model, Arctic Wolf empowers its customers to effectively strengthen their security postures in an increasingly consequential cyber threat landscape.

Arctic Wolf will begin its partnership with MSR on both of the teams’ NTT INDYCAR SERIES and IMSA WeatherTech SportsCar Championship entries starting in 2022. The partnership will make its public debut in the 2022 Rolex 24 At Daytona as the team returns to Daytona International Speedway for the winner circle once again.

Arctic Wolf will have a presence on the No. 06 IndyCar driven by four-time Indianapolis 500 winner, Helio Castroneves and the No. 60 MSR IndyCar driven by Simon Pagenaud. Arctic Wolf will also be on the No. 60 MSR Acura ARX-05 DPi driven by Oliver Jarvis and Tom Blomqvist. Castroneves will also join the MSR IMSA effort for the season opening Rolex 24 At Daytona.

“We’re very excited to have another multi-year partnership in place as we continue to build and grow our organization,” said MSR co-owner Mike Shank. “Arctic Wolf’s team is comprised of talented and highly competitive people who are focused on solving problems for their clients so there is a natural fit there. This program should unlock more opportunities for MSR as well as Arctic Wolf and we’re excited to have them on both of our IMSA and Indy Cars.”

“Professional racing and cybersecurity share a commonality in speed and precision—where literal seconds can make or break any outcome,” said Dan Larson, chief marketing officer, Arctic Wolf. “As we continue our explosive business growth and expand our brand globally, we are proud to support the Meyer Shank Racing team with this partnership.”

Meyer Shank Racing will return to action in January for the annual Roar Before the 24 followed by the Rolex 24 At Daytona on January 29th.

About Arctic Wolf:

Arctic Wolf® is the global leader in security operations, delivering the first cloud-native security operations platform to end cyber risk. Powered by threat telemetry spanning endpoint, network, and cloud sources, the Arctic Wolf® Security Operations Cloud ingests and analyzes more than 1.6 trillion security events a week across the globe, enabling critical outcomes for most security use cases and optimizing customers’ disparate security solutions. Now deployed to more than 2,300 customers worldwide, the Arctic Wolf® Platform delivers automated threat detection and response at scale, and empowers organizations of any size to establish world-class security operations with the push of a button.

For more information about Arctic Wolf, visit arcticwolf.com or follow us on Twitter, LinkedIn, or Facebook.

© 2021 Arctic Wolf Networks, Inc., All Rights Reserved. Arctic Wolf, Arctic Wolf Platform, Arctic Wolf Managed Detection and Response, Arctic Wolf Managed Risk, Arctic Wolf Managed Cloud Monitoring, Arctic Wolf Managed Security Awareness, and Arctic Wolf Concierge Security Team are either trademarks or registered trademarks of Arctic Wolf Networks, Inc. or Arctic Wolf Networks Canada, Inc. and any subsidiaries in Canada, the United States, and/or other countries.

The post Meyer Shank Racing Partners with Arctic Wolf appeared first on Cybersecurity Insiders.


December 29, 2021 at 09:08AM