Latest Cyberthreats and Advisories – September 30, 2022

Russian cybercrime, social media corruption and a tidal wave of malicious app downloads…. ​​Here are the latest threats and advisories for the week of September 30, 2022.

Threat Advisories and Alerts

CISA Issues Warning to OT/ICS Owners and Operators

Operational technology/industrial control system (OT/ICS) assets continue to be an attractive target for cybercriminals, and ICS networks are rife with risk. OT/ICS technology has vulnerable IT components and large attack surfaces—and traditional security measures don’t adequately address modern threats. System owners should assume that they will be targeted. To mitigate attacks, operators and owners can limit the exposure of system information, conduct regular security audits and secure remote access points.

Source: https://www.cisa.gov/uscert/ncas/alerts/aa22-265a

Zero-Day Vulnerability Exploited in Sophos Firewall

A new critical zero-day vulnerability has been found in Sophos’ firewall product. The vulnerability (CVE-2022-3236), which impacts Sophos Firewall v19.0 MR1 (19.0.1) and older versions, has been exploited by attackers and could result in remote code execution. Users are recommended to apply the appropriate hotfixes immediately.

Source: https://www.csa.gov.sg/en/singcert/Alerts/al-2022-054

IRS Warns of an ‘Exponential’ Increase in Texting Scams

The IRS has a new warning for taxpayers: A surge in texting scams is putting personal and financial information at greater risk. This year, the agency has uncovered thousands of fraudulent websites that are connected to text-messaging scams often referred to as “smishing” or “SMS phishing.” The scams have increased over the course of 2022 but have especially surged in the last few weeks. In fact, the IRS says the fraud has “increased exponentially” recently.

Source: https://www.moneytalksnews.com/irs-warns-of-an-exponential-increase-in-texting-scams/

ICO Reprimands UK Organizations for GDPR Failings

The UK’s data protection regulator has taken action against seven public and private sector organizations for failing to meet their obligations under the GDPR and UK Data Protection Act.  UK organizations must respond to requests by members of the public for personal information held on them, known as Subject Access Requests (SARs), within one to three months. However, after receiving multiple complaints about the erring organizations, the Information Commissioner’s Office (ICO) was forced to step in.

Source: https://www.infosecurity-magazine.com/news/ico-reprimands-uk-organizations/

Emerging Threats and Research

Ad Fraud Apps Get 13 Million Downloads from Google Play and Apple Store

Up to 75 apps on Google Play and 10 on Apple’s App store were caught engaging in ad fraud. While the apps have since been removed, they were installed 13 million times. Some of the different types of fraudulent ad activity included spoofing popular apps to deceive advertising SDKs into placing ads, generating fraudulent ad clicks and serving “hidden” and out-of-context ads via off-screen WebViews.

Source: https://thehackernews.com/2022/09/experts-uncover-85-apps-with-13-million.html

Meta Shuts Down Widespread Russian Disinformation Network

Meta claims to have taken down an extensive network of thousands of Facebook and Instagram accounts pushing disinformation. The operation, which originated in Russia, spoofed several legitimate European news sites, posting original articles, memes and YouTube videos that supported Russia while criticizing Ukraine. Some of the news outlets that were impersonated included The Guardian, Bild, ANSA and la Repubblica.

Source: https://www.bleepingcomputer.com/news/security/meta-dismantles-massive-russian-network-spoofing-western-news-sites/

Ukraine Expects Massive Cyberattacks from Russia

This past Monday, the Ukrainian government warned that Russia is planning “massive cyberattacks” on their critical infrastructure facilities. “By the cyberattacks, the enemy will try to increase the effect of missile strikes on electricity supply facilities, primarily in the eastern and southern regions of Ukraine,” said Ukraine’s Ministry of Defense. The cyberattacks aren’t expected to be limited to Ukraine. The country’s closest allies—including Poland, Estonia, Latvia and Lithuania—could be hit with DDoS attacks on their critical infrastructure.

Source: https://thehackernews.com/2022/09/ukraine-says-russia-planning-massive.html

$5 million Lawsuit Filed Against Samsung by Customers Upset Over Breach

Samsung customers have filed suit against the Korean tech giant for careless data practices that have led to the theft of their personally identifiable information (PII). The lawsuit alleges that Samsung’s failure to improve its cybersecurity defenses after the Lapsus$ cyberattack in February led to the July cyber-heist, which resulted in a PII data theft. Customers believe that if Samsung must collect PII data, they have a reasonable expectation for the company to protect it. The plaintiffs are expecting a minimum of U.S. $5 million in costs and damages.

Source: https://www.theregister.com/2022/09/27/samsung_data_theft_lawsuit/

UK Government to Fine TikTok £27 Million

The UK’s privacy regulator has announced plans to fine TikTok £27m for breaching data protection laws. The Information Commissioner’s Office (ICO) believes TikTok broke several laws between 2018 and 2020, which include processing the data of minors under 13 without parental consent, lack of transparency with users and processing special data (like racial, genetic and biometric) without legal grounds. How much of a fine TikTok will eventually pay is anyone’s guess. Large organizations have a history of paying significantly less than the amount initially charged. 

Source: https://www.infosecurity-magazine.com/news/tiktok-facing-27m-uk-regulatory/

To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.

The post Latest Cyberthreats and Advisories – September 30, 2022 appeared first on Cybersecurity Insiders.

October 01, 2022 at 09:10AM

Read More

2022 State of Bot Mitigation Report: Growing Majority of Companies (69%) Lose Revenue Due to Bot-Driven Account Fraud

NEW YORK–(BUSINESS WIRE)–Kasada, provider of the most effective and easiest way to defend against advanced bot attacks, today released its annual report on the state of bot mitigation and automated fraud. The 2022 State of Bot Mitigation Report is based on the findings of organizations that are already using anti-bot solutions and compares results against last year’s report.

The company’s annual report shows that revenue loss from bot-driven account fraud and web scraping continues to skyrocket, despite companies spending more on bot mitigation solutions every year.

Key findings from the 2022 State of Bot Mitigation Report include:

• 69% of companies that have a bot management solution report losing more than 6% of their revenue due to account fraud this year, up from 64% in 2021.
  • 40% of companies lost 10% of revenue or more, a major increase from 2021 when only 5% reported that level of revenue loss.
  • Account fraud includes account takeovers (ATO) and new account fraud, where fraudsters create fake accounts to gain access to loyalty programs and take advantage of promotional discounts.
• 83% of companies say that bots are becoming more sophisticated and difficult for their security tools to detect. This amount increased from last year’s 80%.
• A majority of companies (62%) have spent more than $500,000 fighting bots within the past 12 months. This is a 14-point increase from last year, when only 48% were spending more than $500K.
  • 21% of companies have spent $2.5 million or more fighting bots this year.
  • 85% of companies expect to spend even more on bot mitigation in the next year, increasing from last year when only 63% reported that they planned to spend more.

“Bots continue to evolve and thrive at the expense of companies. As this year’s research confirms, it is imperative that companies have an anti-bot solution that evolves, keeping them a step ahead of attackers,” said Sam Crowther, CEO and founder of Kasada. “Too much money, time and effort are being wasted by companies on reactive solutions that require a great deal of management and don’t work well. We built Kasada to take an entirely different approach to bots – an approach that makes it difficult for attackers, yet easy for defenders.”

Additional findings:

• Companies continue to spend a majority of their bot management budget (66%) on management and remediation of their anti-bot tools vs. the anti-bot solution itself.
• Nearly 40% of companies also reported a 10% or greater loss of revenue due to bot-driven web scraping. This is an increase from the 7% that indicated web scraping was a problem last year. Web scraping occurs when bots extract prices or content to obtain a competitive advantage.

To download and review the entire 2022 State of Bot Mitigation Report, click here.

Research Methodology

Kasada commissioned Atomik Research, an independent market research agency, to conduct a survey of more than 200 technology professionals throughout the United States who said they or their teams have the responsibility of managing and/or mitigating bots. Fieldwork took place in August 2022.

About Kasada

Kasada stops the bad bots that other solutions cannot. Its modern, proactive solution adapts as fast as attackers do, making automated attacks unviable. Unlike legacy rule-based systems, Kasada is easy-to-use, offering long-lasting protection from bot attacks across web, mobile and API channels. Its invisible defenses eliminate the need for ineffective CAPTCHAs, ensuring a frictionless user experience. Kasada is based in New York and Sydney, with offices in Melbourne, Boston, San Francisco and London. For more information, please visit www.kasada.io and follow on Twitter, LinkedIn, and Facebook.

The post 2022 State of Bot Mitigation Report: Growing Majority of Companies (69%) Lose Revenue Due to Bot-Driven Account Fraud appeared first on Cybersecurity Insiders.

October 01, 2022 at 09:10AM

Read More

Menlo Security Names Kate Terrell Chief Human Resources Officer

MOUNTAIN VIEW, Calif.–(BUSINESS WIRE)–Menlo Security, a leader in cloud security, today announced that Kate Terrell has joined the company as Chief Human Resources Officer (CHRO). Reporting to Menlo co-founder and CEO, Amir Ben-Efraim, Terrell is chartered with leading and managing the company’s strategies for all aspects of HR including talent acquisition, talent management and development, engagement, communications, health and wellness initiatives, and outreach to the community.

Terrell was most recently the Chief People Officer at Aktana, a business intelligence company focused on strengthening the relationship between life-sciences enterprises and health care providers where she was responsible for creating and aligning the company’s people strategy to enable business results. Prior to joining Aktana, she was CHRO for Driscoll’s, a high-growth company with more than $3.5 Billion in sales. Terrell also held several leadership roles at Whirlpool, including leading human resources for the Global Product Development organization.

Terrell currently sits on the Cabrillo College Foundation board. She previously served as Board Chair of LeaderShape, a non-profit leadership development organization whose focus is to help young adults learn to live and lead with integrity.

“Kate is a proven leader with a great track record of developing a strong culture, a highly engaged workforce and high performing teams,” said Amir Ben-Efraim, Menlo co-founder and CEO. “Her experience across the wide spectrum of human resources, coupled with her strategic approach, will help ensure Menlo continues to execute at a high-level across all aspects of our business. I look forward to partnering with Kate as we continue to rapidly expand Menlo to better serve our customers for years to come.”

About Menlo Security

Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents, and email. Menlo Security’s patented isolation-powered cloud security platform scales to provide comprehensive protection across enterprises of any size, without requiring endpoint software or impacting the end user-experience. Menlo Security is trusted by major global businesses, including Fortune 500 companies, eight of the ten largest global financial services institutions, and large governmental institutions. Menlo Security is backed by Vista Equity Partners, Neuberger Berman, General Catalyst, American Express Ventures, Ericsson Ventures, HSBC, and JP Morgan Chase. Menlo Security is headquartered in Mountain View, California. www.menlosecurity.com.

The post Menlo Security Names Kate Terrell Chief Human Resources Officer appeared first on Cybersecurity Insiders.

October 01, 2022 at 09:10AM

Read More

70% of Security/IT Professionals Say They are Overwhelmed by the Complexity of their Authentication Systems

SANTA CLARA, Calif.–(BUSINESS WIRE)–Axiad, a leading provider of organization-wide passwordless orchestration, today announced the results of its 2022 Authentication Survey, revealing that executives have their hands full managing the underlying complexity of their authentication practices – a foundational element of most cybersecurity strategies around the globe.

The survey was conducted with 252 U.S. Security and IT executives (Director and above) in organizations of 2,500 or more employees across a broad variety of industry sectors. Respondents pointed to several internal challenges that prevent them from addressing authentication in a systematic fashion across the organization, including the variety of identity types to protect, numerous authentication methods used internally, varied operating systems in use, and existing investments in identity and access management that are often not interoperable.

According to the survey, 70% of security and IT professionals are overwhelmed by significant complexity related to authentication, which is underpinned by these key findings:

• 70% of respondents have 3 or more IAM ecosystems in use; 52% have 4 or more
• 83% said they have both Windows and MacOS operating systems in place; almost half (46%) said they must authenticate against Linux as well
• 89% use 3 or more authentication methods – the most popular are software one time passwords (OTP), passwords and mobile push authentication; 60% use more than 5
• 79% of respondents said it’s critical to secure people; 68% said machines are critical

This internal complexity often forces organizations to operate numerous, often disconnected, authentication strategies across the organization, which creates gaps and inconsistencies that can be exploited by bad actors.

In addition, security and IT professionals are challenged by external factors such as regulatory requirements, which impact how an organization must authenticate and vary widely according to vertical markets, international standards and the public sector. More than half of the organizations surveyed (54%) must comply with four or more regulatory requirements, and 38% must comply with 5 or more. The top regulatory and compliance requirements noted by respondents include ISO/IEC 27002, HIPAA, SOX and GDPR.

According to Bassam Al-Khalidi, Co-CEO & Co-Founder, Axiad, “Organizations today are grappling with a complex mix of systems and requirements, resulting in a siloed approach to authentication. We are seeing the negative repercussions of these fragmented strategies play out on the front pages right now, as cyber attackers are exploiting organizations that aren’t systematic in the way they validate a user (or machine) is who they say they are. To enhance your security posture and optimize protection, you need to tame that internal complexity and take a holistic approach to authentication.”

The IAM ecosystem is a typical example of authentication complexity. Companies merge, make acquisitions, grow internationally and typically end up working with at least 3 different IAM vendors, often 5 or more according to the survey, across the organization. It rarely makes sense to replace all of these disparate systems, but that puts pressure on security/IT professionals to manage the risks caused by interoperability issues and authentication inconsistencies. Magnify this complexity by similar challenges across identity types, authentication methods, operating systems and compliance regulations, and it’s clear why so many executives are overwhelmed.

The 2022 Authentication Survey was conducted on behalf of Axiad by Censuswide in August 2022. An executive summary of these results can be found here; the detailed results of the survey can be found here.

About Axiad

Axiad delivers organization-wide passwordless orchestration to secure users, machines and transactions for organizations that must optimize their cybersecurity posture while navigating underlying IT complexity. The company’s flagship offering, Axiad Cloud, is a comprehensive, secure and integrated authentication platform that allows customers to move to a passwordless future without the friction and risk of fragmented solutions. Axiad supports the widest range of credentials including FIDO, mobile MFA, AD CBA, Windows Hello for Business, YubiKeys, smart cards, TPM and biometrics, and is trusted by public sector organizations and Fortune 500 companies across aerospace & defense, financial services, insurance, healthcare, oil & energy and more.

For more information visit axiad.com and follow us on Twitter and LinkedIn.

The post 70% of Security/IT Professionals Say They are Overwhelmed by the Complexity of their Authentication Systems appeared first on Cybersecurity Insiders.

October 01, 2022 at 09:10AM

Read More

IronNet Launches IronRadar to Automatically Block Adversary Infrastructure

MCLEAN, Va.–(BUSINESS WIRE)–IronNet, Inc. (NYSE: IRNT), an innovative leader Transforming Cybersecurity Through Collective Defense^SM, has launched IronRadar^SM, a new solution designed to proactively and automatically update customers’ cybersecurity tools with malicious indicators for adversary infrastructure.

Developed by IronNet’s team of elite threat hunters, IronRadar uses an innovative process that fingerprints a server and determines whether it is a command and control (C2) server while those servers are being stood up, even before a cyber attack is initiated. IronRadar enriches the data creating purpose-built intelligence updates for proactively blocking adversarial infrastructure, and was observed to have 98% accuracy over six months of testing.

“We know that Cobalt Strike and other open-source tools provide the framework for legitimate ‘red team’ activities,” said Don Closser, Chief Product Officer of IronNet. “Unfortunately, open-source tools are being used by advanced persistent threat groups to gain access to systems, establish C2, and launch attacks. Thanks to our innovative and dedicated CyOC team, IronRadar can identify threats as new adversarial infrastructure servers appear and before they can be used in sophisticated cyber attacks.”

IronRadar is now available for all networks beyond the IronNet Collective Defense^SM platform community as an annual subscription – sold directly from the Amazon Web Services (AWS) Marketplace makes it cost effective and easy to buy and scale. Once installed, customers can easily upgrade to join the Collective Defense community at any time.

“Detecting weaponized C2 servers before they connect to a network and inflict damage like ransomware and eCrimes is a daunting challenge for all organizations,” said Christopher Kissel, Research Vice President of Security and Trust Products, at IDC. “The launch of the purpose-built threat intelligence feed from IronNet is a game changer because it proactively blocks known, new, and unreported C2 infrastructures.”

IronRadar is the only existing automated threat intelligence feed developed specifically to combat C2 behavior. This easy-to-use tool enables a customer’s SOC to:

• Actively block known C2 and emerging threat C2 IoCs.
• Integrate real-time threat intelligence into any security solution – SIEM, SOAR, Incident Response, and more.
• Accelerate threat response by exposing the adversaries and evolving tradecraft targeting infrastructure.

IronRadar integrates seamlessly with the IronNet Collective Defense platform, powered by AWS, which is the only solution that can identify anomalous behaviors and deliver actionable attack intelligence to all the other participants in the IronNet community. The Collective Defense platform serves as an early warning system for all participating companies and organizations, strengthening network security through correlated alerts, automated triage, and extended hunt support.

About IronNet, Inc.

Founded in 2014 by GEN (Ret.) Keith Alexander, IronNet, Inc. (NYSE: IRNT) is a global cybersecurity leader that is transforming how organizations secure their networks by delivering the first-ever Collective Defense platform operating at scale. Employing a number of former NSA cybersecurity operators with offensive and defensive cyber experience, IronNet integrates deep tradecraft knowledge into its industry-leading products to solve the most challenging cyber problems facing the world today.

Forward-Looking Statements

This press release includes “forward-looking statements” within the meaning of the “safe harbor” provisions of the United States Private Securities Litigation Reform Act of 1995, including, without limitation, statements regarding IronNet’s ability to provide visibility and detection of malicious behaviors and to help defend against increased cyber threats facing the globe. When used in this press release, the words “estimates,” “projected,” “expects,” “anticipates,” “forecasts,” “plans,” “intends,” “believes,” “seeks,” “may,” “will,” “should,” “future,” “propose” and variations of these words or similar expressions (or the negative versions of such words or expressions) are intended to identify forward-looking statements. These forward-looking statements are not guarantees of future performance, conditions, or results, and involve a number of known and unknown risks, uncertainties, assumptions and other important factors, many of which are outside IronNet’s management’s control, that could cause actual results or outcomes to differ materially from those discussed in the forward-looking statements. Important factors, among others, that may affect actual results or outcomes include: IronNet’s inability to recognize the anticipated benefits of collaborations with IronNet’s partners and customers; IronNet’s ability to execute on its plans to develop and market new products and the timing of these development programs; the rate and degree of market acceptance of IronNet’s products; the success of other competing technologies that may become available; IronNet’s ability to identify and integrate acquisitions; the performance of IronNet’s products; potential litigation involving IronNet; and general economic and market conditions impacting demand for IronNet’s products. The foregoing list of factors is not exhaustive. You should carefully consider the foregoing factors and the other risks and uncertainties described under the heading “Risk Factors” in IronNet’s Annual Report on Form 10-K for the year ended January 31, 2022, filed with the Securities and Exchange Commission (the “SEC”) on May 2, 2022, and other documents that IronNet files with the SEC from time to time. These filings identify and address other important risks and uncertainties that could cause actual events and results to differ materially from those contained in the forward-looking statements. Forward-looking statements speak only as of the date they are made. Readers are cautioned not to put undue reliance on forward-looking statements, and IronNet does not undertake any obligation to update or revise any forward-looking statements, whether as a result of new information, future events or otherwise, except as required by law.

The post IronNet Launches IronRadar to Automatically Block Adversary Infrastructure appeared first on Cybersecurity Insiders.

October 01, 2022 at 09:09AM

Read More

University of Phoenix Lead Cybersecurity Faculty Stephanie Benoit-Kurtz to Keynote Women in IT Special Event

PHOENIX–(BUSINESS WIRE)–University of Phoenix announces that Stephanie Benoit-Kurtz, MBA, Lead Cybersecurity Faculty at the College of Business and Information Technology, will be the keynote speaker at a special Women in IT breakfast event during the Trace3 Evolve Technology Conference. The special event will be held at the Cosmopolitan Hotel in Las Vegas, Nevada on October 6^th at 7:30am PST.

The Women in IT breakfast event at Evolve is part of an ongoing series that Trace3 hosts to support women in the technology industry. The event aims to bring together a community of women leaders in technology to help exchange ideas, network, showcase their leadership, and promote awards and recognition they receive. Attendees will hear from Benoit-Kurtz and other successful women in the technology field as they share experiences, lessons learned along the way, and can’t-miss opportunities that women meet as they continue to climb the ladder toward their professional and personal goals.

“It is a great honor to be named as a speaker at this exciting event featuring female leaders in the field of information technology,” said Benoit-Kurtz. “I am excited to be a part of the Evolve two-day leadership conference showcasing amazing women in the industry, and I value the opportunity to empower our attendees to create better workplaces now and in the future.”

In her work as faculty, Benoit-Kurtz focuses efforts on helping students understand today’s IT world and how it is evolving daily. She is often spotlighted in the media as a thought leader in cybersecurity and continues to help lead the charge for women in technology.

Learn more about the event at the Trace3 Evolve Technology Conference website.

About University of Phoenix

University of Phoenix is continually innovating to help working adults enhance their careers in a rapidly changing world. Flexible schedules, relevant courses, interactive learning, and Career Services for Life® help students more effectively pursue career and personal aspirations while balancing their busy lives. For more information, visit phoenix.edu.

The post University of Phoenix Lead Cybersecurity Faculty Stephanie Benoit-Kurtz to Keynote Women in IT Special Event appeared first on Cybersecurity Insiders.

September 30, 2022 at 09:08PM

Read More

HackNotice Adds Easy, Continuous Phishing to Its World-Class Threat Awareness Platform

AUSTIN, Texas–(BUSINESS WIRE)–HackNotice, the leading threat awareness platform, has added continuous phishing to its robust program. The additional phishing capability educates employees about phishing and social engineering attacks while helping businesses to achieve cybersecurity compliance.

HackNotice’s phishing helps people understand and recognize the different types of attacks threat actors can deploy. Writing, sending, and reviewing phishing campaigns is often a laborious process for the security team, with expensive phishing platforms leaving much to be desired.

HackNotice’s phishing, deployed with the press of a button, empowers people to identify phishing emails and what actions to take if they receive them. While HackNotice already helps people identify risky behavior, increase security awareness, and monitor, measure, and manage employee progress, the new addition helps companies create a comprehensive system to combat cyber threats. This is crucial, given both the rise of cyber crimes and the ambivalence of employees toward their company’s security training courses.

“Social engineering attacks are rampant, and this is after the fact that security awareness training and phish testing are mandatory programs people must enroll in at work. However, the problem is that these programs are compliance-focused instead of people-focused,” said Steve Thomas, HackNotice CEO. “Our new phishing capability not only helps companies get to compliance, it opens up the conversation about phishing and helps people to understand how phishing is tied to overall threat awareness,” he added.

For clients using HackNotice to protect their company, phishing is included with their current service. The new capability provides well-created, dynamic phishing emails and landing pages, open and click tracking, and further dashboards and statistics to see how your employees are improving.

You can learn more about the addition of phishing to HackNotice’s threat awareness platform here or in person at Identity Week America 2022 at Booth S34 between October 4-5 in Washington DC.

About HackNotice

Hacknotice is the only company-wide threat awareness platform making employees safer online. Users monitor, review, and take swift actions against their real cyber threats. The platform focuses on bridging the gap between security teams and other employees through real-time alerts, around-the-clock monitoring, recovery recommendations, and a full security training and assessment program. HackNotice’s mission is to make all employees threat aware, creating a resilient culture of security. Founded in 2019, HackNotice is located in Austin, TX. For more information, visit www.hacknotice.com.

The post HackNotice Adds Easy, Continuous Phishing to Its World-Class Threat Awareness Platform appeared first on Cybersecurity Insiders.

September 30, 2022 at 09:08PM

Read More

Affected Optus cyber attack customers to get police protection

Australian Police authorities have released a press statement on Optus Cyber Attack and confirmed that they are going to protect the details of 10,000 affected customers from leaking online. Although the Telecom giant admitted last week that information of over 10 million accounts was accessed by hackers, the law enforcement has claimed that it will only protect the leaked data of only 10k customers.

Justine Gough, the assistant commission for the cyber wing of Australian Federal Police (AFP) confirmed the news and disclosed that his agency was trying its best to protect the stolen info from leaking online.

Unconfirmed sources report that the Singapore Telecom giant owned company is unsure whether personal details of 10 million customers were leaked in the attack, or details related to 10 million repetitive accounts were leaked.

As of now, news is out that Optus will pay the charges related to passport replacement of all those whose passport details were leaked in the cyber incident.

Prime Minister Anthony Albanese led government has also assured that they will replace the driver’s licenses of compromised Optus consumers.

NOTE- To those who are concerned that their 100 point identification might have been compromised in the attack, the government of Australia has put banks on high alert for any kind of suspicious transactions and will do everything to prevent identity theft of targeted victims.

 

The post Affected Optus cyber attack customers to get police protection appeared first on Cybersecurity Insiders.

September 30, 2022 at 08:51PM

Read More

Kaspersky suffers because of the Russian war over Ukraine

Russian has waged a war with Ukraine in February this year and since then it has been trying many tactics to bring its enemy to its knees. Although the entire world is against the war and the killings of the innocent, Vladimir Putin is disinterested in calling off the war as he has lost a lot of time, ammunition, money and resources after the start of the war and is now in a situation where he cannot take a turn back.

Kaspersky, a cybersecurity firm that has nothing to do with the war or its consequences, seems to suffer severely because of the fickle minds of few Russian leaders.

The government of Romania and Germany have announced and passed a bill that the products and services supplied by Kaspersky will no longer approved to be used on the information systems of public sector organizations operating in its region.

Reason, is that the software maker’s origin is from the Putin led nation and there is a high probability that the software developer could gather intelligence and passing it to Kremlin for analysis.

Romanian government fears that the use of the Kaspersky anti-virus solutions might enable Russian federation to launch cyber-attacks and so has issued a ban on the use and purchase of the product/s for the public sector.

UK’s newly elected Liz Truss is also intending to impose an official ban on the software and other European Union Countries are about to follow.

According to a press update released shortly, all state institutions in Romania should replace the Russian software with another within 60 days after the law comes into effect and if found violating, this policy will be entitled to face severe legal consequences or harsh penalties.

NOTE- During the regime of Donald Trump as a President of the United States, Kaspersky was banned from being used in the public sector and the same was announced for the private sector as well. But still there are some companies operating in the healthcare sector that are using anti-malware solution from the said company.

 

The post Kaspersky suffers because of the Russian war over Ukraine appeared first on Cybersecurity Insiders.

September 30, 2022 at 11:47AM

Read More

55,000 Cybersecurity Candidates Join (ISC)² Workforce Programs in One Month

One month after launching three new initiatives, (ISC)² Candidates, (ISC)² Certified in Cybersecurity ^SM and (ISC)² One Million Certified in Cybersecurity, aimed at addressing the cybersecurity workforce gap, we are thrilled to share our initial successes.

We have seen a rapid adoption within the past 30 days of these programs among cybersecurity candidates looking to enter the field. The quick embrace highlights the importance of developing new and unique pathways to make cybersecurity careers more accessible worldwide. Through these initiatives, we are laying a strong foundation to encourage more people to explore the opportunities of a cybersecurity career.

In fact, in the past month, we have seen 55,000 individuals sign up to become an (ISC)² Candidate – a program for individuals looking to pursue or consider a cybersecurity career or work towards an (ISC)² certification. Participants gain access to exclusive resources and benefits that help strengthen their connection with the cybersecurity community.

Additionally, 2,700 cybersecurity career pursuers have already passed their (ISC)² Certified in Cybersecurity certification. A critical step to demonstrate foundational skills and knowledge to secure an entry- and junior-level cybersecurity job. The certification gives employers more confidence in employees’ abilities to enter the field.

Within the past 30 days, we have also seen more than 53,000 people register for a free Certified in Cybersecurity course and exam. The effort, part of the One Million Certified in Cybersecurity initiative, aims at providing free, entry-level cybersecurity certification exams and self-paced educational program courses to one million new professionals starting a career in cybersecurity.

Accessing Free Cybersecurity Education and Certification Exams

If you are looking to join the cybersecurity workforce – it’s not too late! Enrolling in these programs will provide the skills needed to start your cybersecurity career path.

To participate in the FREE (ISC)² Certified in Cybersecurity Online Self-Paced Training and exams, individuals must register as an (ISC)² Candidate.

To enroll, follow these simple steps:

1. Sign up as an (ISC)² Candidate for free (for a limited time) at isc2.org/candidate. You will be prompted to create an account with (ISC)² and answer several questions about your cybersecurity career goals.
2. After you complete your (ISC)² Candidate registration, you will be redirected to your (ISC)² Candidate benefits page. From there, you will find links to enroll in the Online Self-Paced Training and instructions for redeeming your free exam when you’re ready to take the test.

We are thrilled with these early successes as it shows our efforts have made a positive impact for individuals looking to enter into the cybersecurity industry – a step in the right direction to close the cybersecurity workforce gap.

Questions? Talk to us at candidate@isc2.org – we hope you’ll join us!

The post 55,000 Cybersecurity Candidates Join (ISC)² Workforce Programs in One Month appeared first on Cybersecurity Insiders.

September 30, 2022 at 09:09AM

Read More

IDC Financial Insights Recognizes CSI as a Top Fintech Provider for 11th Consecutive Year

PADUCAH, Ky.–(BUSINESS WIRE)–Computer Services, Inc. (CSI) (OTCQX: CSVI), a provider of end-to-end fintech and regtech solutions, has been named by IDC Financial Insights to its “2022 IDC FinTech Rankings” for the 11th consecutive year. The annual ranking highlights the top 100 global technology providers in the industry.

Rising seven spots from last year’s ranking and nine since the ranking in 2020, CSI appears at No. 51 on the list of providers, which were evaluated based on their calendar year revenues from financial institutions for hardware, software or services. During its fiscal year, CSI has continued to partner with community financial institutions to enable a seamless banking experience, growing its footprint across the country to deliver first-class service and a leading suite of fintech, regtech and cybersecurity solutions.

“We’re honored to be named as one of the top global technology providers by IDC Financial Insights,” said David Culbertson, CSI’s president and CEO. “We remain steadfast in our mission to provide our community financial institutions with cutting-edge technology to drive their growth and meet the needs of their digital-first customers.”

The annual report features providers who supply the technological backbone of the financial services industry—one for which IDC Financial Insights forecasts an estimated $590 billion in IT spending by 2025. Additionally, the “IDC FinTech Rankings” serve as a resource for financial institutions while navigating the industry landscape and evaluating third-party solutions.

“The 125 companies represented in our ‘IDC FinTech Rankings’ provide the innovation, efficiencies and scale for the industry to succeed in a digital-first world,” said Marc DeCastro, research director, IDC Financial Insights. “When it comes to providing financial services technology solutions, these organizations currently capture close to 60% of the total spend of hardware, software and services, which still leaves considerable opportunities for growth as well as new and emerging vendors to compete for the rest.”

Click here to view or download the report about this year’s findings. For more information about CSI, visit www.csiweb.com.

About Computer Services, Inc.

Computer Services, Inc. (CSI) delivers core processing, digital banking, managed cybersecurity, cybersecurity compliance, payments processing, print and electronic document distribution, and regulatory compliance solutions to financial institutions and corporate customers, both foreign and domestic. Management believes exceptional service, dynamic solutions and superior results are the foundation of CSI’s reputation and have resulted in the company’s inclusion in such top industry-wide rankings as IDC Financial Insights FinTech 100, Talkin’ Cloud 100 and MSPmentor Top 501 Global Managed Service Providers lists. CSI has also been recognized by Aite-Novarica Group, a leading industry research firm, as providing the “best user experience” in its AIM Evaluation: The Leading Providers of U.S. Core Banking Systems. For more information, visit csiweb.com.

The post IDC Financial Insights Recognizes CSI as a Top Fintech Provider for 11th Consecutive Year appeared first on Cybersecurity Insiders.

September 30, 2022 at 09:09AM

Read More

Half of US Consumer’s Personal Data was stolen in 2021

It might sound weird! But according to a survey, half of the US Consumer’s Personal Data was stolen or compromised last year. This was revealed in a 2022 Consumer Impact report released by Identity Theft Resource Center (ITRC) on Tuesday this week.

As per the response given by 1371 consumers who were questioned about their experience, it is estimated that half of the population have or might have experienced data theft that was stolen, or compromised in a data breach or misused last year.

Astonishingly, most of the information steals cases where or are yet to be solved and surged to 55% from 30% between 2020 to 2021.

Going forward on the same issue, the National Cyber Security Alliance and Cybsafe have released an annual security report in which it revealed that 1 in every 4 American citizens became a victim of identity theft between 2020-21.

Concernedly, all such siphoned info is being used for launching phishing attacks or to siphon money from bank accounts. And sometimes, 23% of them experienced cyber-bullying and around 20% of them became a victim of a romance scam.

Poor Password hygiene, using the same password for different accounts and not following the tactic of using a minimum 12-18 character password, is found to be doing a lot of damage to online users as it is leading them towards many data scams.

Just by creating awareness among employees, using proactive security solutions, deploying MFA, using password managers can help in mitigating most of the cyber risks to a large extent.

 

The post Half of US Consumer’s Personal Data was stolen in 2021 appeared first on Cybersecurity Insiders.

September 29, 2022 at 08:40PM

Read More

American Fast Company website shutdown after Cyber Attack

Fast Company that offers technology and business news through print and online circulation was hit by a cyber-attack recently, promoting the company to shut it down on a temporary note. Details are in that the hackers took control of the Content Management System and sent obscene messages to the home screens of Apple news subscribers from Tuesday night.

The US based media company acknowledged the hack as true on its social media account and added that it has taken all measures to block such incidents in the future.

FastCompany.com was unavailable for access till the wee hours of Wednesday, and then the firm’s IT staff figured out a solution and restored it to normalcy later.

Currently, Apple has officially suspended the FastCompany’s news application until further notification and started a high-level inquiry from its side.

Unconfirmed sources claim that the hack was triggered by a hacker named ‘Thrax’ as the individual pushed a detailed article on how they infiltrated the servers of the publishing news resource and how they could surpass the Apple’s access authentication tokens and Apple News API Keys.

A certain section of media stated that the attack was of the ransomware genre earlier. But as the time progressed it, just emerged into an infiltration and data breach attack. However, nothing can be confirmed yet.

 

The post American Fast Company website shutdown after Cyber Attack appeared first on Cybersecurity Insiders.

September 29, 2022 at 10:41AM

Read More

81% of Companies Had a Cloud Security Incident in the Last Year

SALT LAKE CITY–(BUSINESS WIRE)–Venafi^®, the inventor and leading provider of machine identity management, today announced the findings of new research that evaluates the complexity of cloud environments and its impact on cybersecurity. The study found that 81% of organizations experienced a cloud-related security incident over the last 12 months, with almost half (45%) suffering at least four incidents during the same time frame. The underlying issue for these security incidents is the dramatic increase in security and operational complexity connected with cloud deployments. And, since the organizations in this study currently host two fifths (41%) of their applications in the cloud but expect increase to 57% over the next 18 months, this complexity will continue to increase.

More than half (51%) of the security decision makers (SDMs) in the study believe security risks are higher in the cloud than on premises, citing several issues that contribute to those risks. The most common cloud-related security incidents respondents have experienced are:

• Security incidents during runtime (34%)
• Unauthorized access (33%)
• Misconfigurations (32%)
• Major vulnerabilities that have not been remediated (24%)
• A failed audit (19%)

The key operational and security concerns that SDMs have in relation to moving to the cloud are:

• Hijacking of accounts, services or traffic (35%)
• Malware or ransomware (31%)
• Privacy/data access issues, such as those from GDPR (31%)
• Unauthorized access (28%)
• Nation state attacks (26%)

“Attackers are now on board with business’ shift to cloud computing,” says Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “The ripest target of attack in the cloud is identity management, especially machine identities. Each of these cloud services, containers, Kubernetes clusters and microservices needs an authenticated machine identity – such as a TLS certificate – to communicate securely. If any of these identities is compromised or misconfigured, it dramatically increases security and operational risks.”

The study also investigated how responsibility for securing cloud-based applications is currently assigned across internal teams. This varies widely across organizations, with enterprise security teams (25%) the most likely to manage app security in the cloud, followed by operations teams responsible for cloud infrastructure (23%), a collaborative effort shared between multiple teams (22%), developers writing cloud applications (16%) and DevSecOps teams (10%). However, the number of security incidents indicates that none of these models are effective at reducing security incidents.

When asked who should be responsible for security cloud-based applications, again, there was no clear consensus. The most popular option shares responsibility between cloud infrastructure operations teams and enterprise security teams (24%). The next most popular options are share responsibility across multiple teams (22%), leaves responsibility with developers writing cloud applications (16%) and DevSecOps teams (14%).

The challenges connected with shared responsibility models is that security teams and development teams have very different goals and objectives. Developers need to move fast to accelerate innovation while security teams often do not have visibility into what development teams are doing. Without this visibility, security teams cannot evaluate how those controls stack up against security and governance policies.

“Security teams want to collaborate and share responsibility with the developers who are cloud experts, but all too often they’re left out of cloud security decisions,” continued Bocek. “Developers are making cloud-native tooling and architecture decisions that decide approaches to security without involving security teams. And now we can see the results of that approach: security incidents in the cloud are rapidly growing. We need to reset the approach to cloud security and create consistent, observable, controllable security services across clouds and applications. Architecting in a control plane for machine identities is a perfect example a new security model created specifically for cloud computing. This approach embeds security into developer processes and allows security teams to protect the business without slowing down engineers.”

For more information about this research, please read the blog.

About the research

Conducted by Sapio in July 2022, Venafi’s study evaluated the opinions of 1,101 security decision makers across the United States, United Kingdom, France, Germany, Benelux (Belgium, Netherlands, Luxembourg) and Australia.

About Venafi

Venafi is the cybersecurity market leader in machine identity management. From the ground to the cloud, Venafi solutions manage and protect identities for all types of machines—from physical and IoT devices to software applications, APIs and containers. Venafi provides global visibility, lifecycle automation and actionable intelligence for all machine identity types and the security and reliability risks associated with them.

Jetstack, a Venafi company, is a cloud native products and strategic consulting company working with enterprises using Kubernetes and OpenShift.

An open source pioneer, Jetstack has achieved notable industry recognition as the creator of cert-manager, the open source industry standard for cloud native machine identity management. Jetstack’s open source products and solutions protect the application environments and platform infrastructure of global banks, multinational retailing companies and defense organizations by providing enterprise platform and security teams the power to build, scale and security their cloud infrastructure.

With more than 30 patents, Venafi delivers innovative machine identity management solutions for the world’s most demanding, security-conscious organizations and government agencies, including the top five U.S. health insurers; the top five U.S. airlines; the top four credit card issuers; three out of the four top accounting and consulting firms; four of the five top U.S. retailers; and the top four banks in each of the following countries: the U.S., the U.K., Australia and South Africa.

For more information visit www.venafi.com and www.jetstack.io.

The post 81% of Companies Had a Cloud Security Incident in the Last Year appeared first on Cybersecurity Insiders.

September 29, 2022 at 09:08AM

Read More

Skybox Security Reduces the Risk of Data Breach by 55%, Total Economic Impact™ Study Reveals

SAN JOSE, Calif.–(BUSINESS WIRE)–Skybox Security today released an independent cost-benefit analysis of its industry-leading Security Posture Management Platform. The Forrester Total Economic Impact (TEI) Study, commissioned by Skybox Security, quantifies how Skybox customers can significantly reduce their exposure to data breaches resulting from internal and external threat actors.

After deploying Skybox, a composite organization comprised of Skybox customers reported:

• Three-year return on investment (ROI) of 142%
• 55% reduction in risk of a data breach
• 50% reduction in downtime of mission-critical assets
• 50% reduction in reliance on external auditors
• 30% improved productivity of security analysts
• 30% increase in security operations efficiencies
• Total benefits of over $3.7 million over three years

Forrester Consulting conducted the study by interviewing four Skybox Security customers to examine the ROI organizations have realized. Using Skybox, customers are able to prioritize and understand critical vulnerabilities while addressing compliance concerns on a global enterprise scale. Through increased visibility with the Skybox network model, customers acted on critical items faster across IT and OT functions – resulting in a 67% reduction in mean time to detect (MTTD) vulnerabilities.

ROI of proactive security posture management

“Legacy approaches to managing the enterprise attack surface are no longer enough. Skybox enables the most effective, systematic approach to security posture optimization across IT, OT, and cloud – going far beyond the traditional scan-and-patch playbook,” said Haggai Polak, Chief Product Officer, Skybox Security. “We believe this new study showcases the financial impact of the industry’s only solution that combines preventative security controls, advanced vulnerability prioritization, actionable security posture remediation options, and attack feasibility testing. As a result, Skybox exposure management and risk scoring uniquely identifies and mitigates the threats most likely to be exploited by adversaries.”

Additional customer benefits outlined in the study include:

• Decreases audit failures and reliance on external auditors
• Discovers, prioritizes, remediates, and reports on vulnerabilities across IT, OT, and cloud
• Makes complex security policy management easier, faster, and more effective
• Tests changes before implementing to avoid misconfigurations, non-compliance, and exposed vulnerabilities
• Consolidates processes to reduce IT/OT convergence risk
• Improves employee satisfaction with a reduction in menial tasks
• Eliminates the need for segmented homegrown tools, spreadsheets, and antiquated third-party solutions
• Provides opportunities for topline revenue growth

According to the Forrester Consulting study: “Keeping assets and data secure has become more difficult for companies operating complex internal networks on a global scale. These challenges are compounded by ever-increasing pressures from compliance and regulatory requirements. Implementing Skybox’s suite of products enables companies to discover, prioritize, remediate, and report exposed vulnerabilities as well as improve security policy management while driving efficiencies and decreasing operational downtime.”

Customer quotes

• “We have thousands upon thousands of vulnerabilities that show up in scans. What Skybox does is look at vulnerabilities in the context of all the other things in the network to [produce] a risk assessment, and that’s what allows us to prioritize the vulnerabilities that need to be fixed.” – Principal Network Engineer, IT Security Company

• “OT downtime is measured in lack of production. We had a four-hour incident every quarter, and now we don’t have that. We reduced quite significantly the risk surface by implementing Skybox.” – Director of Cybersecurity, Manufacturing Company

• “We did a bake-off, and the value of what the capabilities were with Skybox drove the decision… it was also because of the features that they offered, and [competitors] did not have those features.” – IT Security Manager, Financial Services Company

• A customer realized a 200% improvement in their ability to address internal attack vectors: “We’ve been able to use Skybox as a tool to limit movement once a threat is inside the network, to limit where it can go.” – Principal Network Engineer, IT Security Company

• “For a published threat, Skybox can tell you where to find it. There’s no argument that the source of information is credible.” – Director of Cybersecurity, Manufacturing Organization

• “Skybox has given us visibility across our network, and there’s no other tool that we’ve had in the past that allowed us to do that on a global scale.” – Principal Network Engineer, IT Security Company

• “The IT team spends less time on the audit; they used to handwrite a report and try to come up with explanations. Now they just take the information from Skybox and say, ‘here’s the proof.’” – Principal Network Engineer, IT Security Company

To read the new Forrester TEI study on Skybox Security, visit: https://www.skyboxsecurity.com/resources/increase-cybersecurity-budget-roi/

Forrester Total Economic Impact methodology

Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders. It consists of four components to evaluate investment value: cost, benefits, flexibility, and risk. It is a proven industry-standard framework that models all aspects of a piece of technology or solution and the associated impacts on the business and illustrates the ROI of products and services.

About Skybox Security

Over 500 of the largest and most security-conscious enterprises in the world rely on Skybox for the insights and assurance required to stay ahead of dynamically changing attack surfaces. Our Security Posture Management Platform delivers complete visibility, analytics, and automation to quickly map, prioritize and remediate vulnerabilities across your organization. The vendor-agnostic solution intelligently optimizes security policies, actions, and change processes across all corporate networks and cloud environments. With Skybox, security teams can now focus on the most strategic business initiatives while ensuring enterprises remain protected.

https://www.skyboxsecurity.com/

Forrester Consulting Total Economic Impact Study commissioned by Skybox Security, September 2022.

© 2022 Skybox Security, Inc. All rights reserved. Skybox Security and the Skybox Security logo are either registered trademarks or trademarks of Skybox Security, Inc., in the United States and/or other countries. All other trademarks are the property of their respective owners. Product specifications subject to change at any time without prior notice.

The post Skybox Security Reduces the Risk of Data Breach by 55%, Total Economic Impact™ Study Reveals appeared first on Cybersecurity Insiders.

September 28, 2022 at 09:09PM

Read More

CrowdStrike Named One of the Best Workplaces for Women

AUSTIN, Texas–(BUSINESS WIRE)–CrowdStrike (Nasdaq: CRWD), a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, today announced its recognition as one of the Great Place to Work® and Fortune magazine 2022 Best Workplaces for Women. This is CrowdStrike’s first time being named to this prestigious list, adding to the growing list of awards and recognition that CrowdStrike has recently garnered for its culture and leadership.

To determine the Best Workplaces for Women, Great Place to Work analyzed the survey responses of over 640,000 women who work for Great Place to Work-Certified companies that employ at least 50 women. The Fortune Best Workplaces for Women list is the only company culture award in the United States that selects winners based on how fairly women say they’re treated at their workplace. Companies must also have at least 20 percent of non-executive managers who are women, and at least one executive who is a woman. In the Great Place to Work survey, 97% of CrowdStrike’s women said CrowdStrike is a great place to work.

“This recognition is a significant milestone that exemplifies our continuous efforts toward improving diversity, equity and inclusion (DE&I) – and toward closing the broader cybersecurity skills gap – in what is traditionally considered a male-dominated industry,” said J.C. Herrera, chief human resources officer at CrowdStrike. “Our support for women inside and outside the CrowdStrike workforce starts at the top with leaders such as our General Counsel Cathleen Anderson, who paved the way to ensure women are represented and heard, and their needs are met across the organization. We’ve made tremendous strides in shifting the paradigm toward making our industry a better place for women, and there is always more work to be done. The women of CrowdStrike make extraordinary contributions toward defending our customers against breaches and building up CrowdStrike as one of the best companies in the business.”

To more effectively support women in the cybersecurity industry, CrowdStrike established initiatives such as the NextGen Scholarship program to provide financial support and internship opportunities to undergraduate and graduate students studying cybersecurity and artificial intelligence, many of whom are women. CrowdStrike also regularly supports organizations such as Girls Who Code to further foster the next generation of female talent in STEM industries. Additionally, CrowdStrike established the employee group “Women of CrowdStrike” – founded and led by General Counsel Cathleen Anderson – to amplify and enable the progress of women in every step of their career by supporting, investing in and empowering the global community of women and their allies. Programs include content and activities to highlight and support the development and advancement of women, recruitment initiatives, networking opportunities, mentoring and professional development.

“Congratulations to the Best Workplaces for Women and their commitment to ensuring equity for women at every level of the organization,” says Michael C. Bush, CEO of Great Place to Work. “These companies showed up for women in new ways to help them cope with challenges they face wherever they are—both inside and outside of work. Women in these companies are seen, heard and valued.”

Most recently, CrowdStrike also ranked as:

About CrowdStrike

CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with one of the world’s most advanced cloud-native platforms for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data.

Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.

Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.

CrowdStrike: We stop breaches.

Learn more: https://www.crowdstrike.com/

Follow us: Blog | Twitter | LinkedIn | Facebook | Instagram

Start a free trial today: https://www.crowdstrike.com/free-trial-guide/

© 2022 CrowdStrike, Inc. All rights reserved. CrowdStrike, the falcon logo, CrowdStrike Falcon and CrowdStrike Threat Graph are marks owned by CrowdStrike, Inc. and registered with the United States Patent and Trademark Office, and in other countries. CrowdStrike owns other trademarks and service marks, and may use the brands of third parties to identify their products and services.

The post CrowdStrike Named One of the Best Workplaces for Women appeared first on Cybersecurity Insiders.

September 28, 2022 at 09:09PM

Read More

Trellix Expands XDR Platform to Transform Security Operations

LAS VEGAS–(BUSINESS WIRE)–Xpand Live – Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), today announced the expansion of its XDR platform. Trellix XDR enables the company’s 40,000+ customers to build greater cyber resiliency, maximize the value of their existing security tools, and reduce mean time to detection and response.

“We have the most comprehensive XDR platform in the industry,” said Bryan Palma, CEO, Trellix. “Legacy security information and event management (SIEM) technology has failed to modernize security operations. We are confident Trellix XDR fills this critical gap.”

Trellix XDR

Arriving in the fourth quarter of 2022, the upgraded XDR engine provides security operations teams with enhanced playbooks for guided investigations, upgraded threat intelligence through the integration of McAfee and FireEye assets, and the launch of Trellix Event Fabric. Trellix Event Fabric bridges disparate security data from any cloud provider allowing security analysts to access and correlate data from anywhere. This combination of machine learning and automation allows security operations teams to reduce mean time detection and improve mean time to response.

“Trellix XDR gives us more visibility and context into threats,” said Kate Downing, Senior Director Security & Risk, Clario. “Events that would have not been addressed before, surface to a higher level of awareness, allowing our security teams to quickly focus and eliminate any further impact, thereby reducing the severity and scope of the attack.”

Trellix XConsole

XConsole simplifies the user experience across Trellix XDR providing a single interface for security operations teams. Delivering a common operating picture allows customers to maximize their investments in native Trellix technologies and third-party security tools. By leveraging a single user interface, analysts and responders can quickly baseline their overall threat posture through added visibility across network, endpoint, data, email, and cloud attack surfaces. Available early in 2023, XConsole becomes the control center for Trellix XDR.

“Trellix XDR, now incorporating a unified security operations console, brings it all together by ingesting data from all technologies in an organization,” said Dr. Ali Baghdadi, Senior Vice President & Chief Country Executive, Ingram Micro. “This easy-to-use platform is very attractive to our customers.”

Trellix Endpoint

Arriving early 2023, Trellix Endpoint unifies the best of McAfee and FireEye technologies across endpoint protection, endpoint detection and response, and forensics to deliver best-in-class layered endpoint defense.

This first step on the XDR journey provides:

• multi-stage ransomware prevention
• identity detection and response to prevent credential theft and abuse
• attack surface management to prioritize threats that matter
• digital forensics and incident response to quickly find root causes.

Trellix Network Detection & Response (NDR)

Trellix Network Investigator, now available to all customers, provides a holistic solution to detect, investigate and address threats across the kill chain. By combining our existing machine learning modules, event-based packet capture, and network traffic hunting into a single solution, customers can rapidly deploy NDR capabilities across their existing Trellix network products. Using signals from Trellix Intrusion Prevention System, Trellix Network Security, and Trellix Network Forensics products to identify activity after initial infection, customers are now able to prevent lateral movement and data exfiltration. In combination with triage and investigation features, the Trellix NDR solution immediately applies patching to protect against further exploitation. Trellix Network Investigator is complemented by our Detection as a Service subscription. Available now for all Trellix Intrusion Prevention System customers, and deployable with SaaS and private cloud options, customers receive zero-day protection and malware analysis.

Trellix Advanced Research Center

The Advanced Research Center brings together an elite team of security researchers, analysts, and responders to produce novel insights and actionable real-time intelligence. Leveraging security telemetry from Trellix’s network of sensors in the market coupled with unparalleled industry intelligence, ensures Trellix technology is powered by cutting edge threat indicators. The Advanced Research Center provides Trellix’s 40,000 customers with continuous adversarial research, threat intelligence, product updates, and machine learning algorithms.

Additional Resources

Source: Trellix

About Trellix

Trellix is a global company redefining the future of cybersecurity and soulful work. The company’s open and native extended detection and response (XDR) platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security. More at https://trellix.com.

The post Trellix Expands XDR Platform to Transform Security Operations appeared first on Cybersecurity Insiders.

September 28, 2022 at 09:09PM

Read More

Russian Cyber Attack acts as a wake-up call for Commercial Satellite Operators

Russia launched a cyber attack on a private satellite operator called KA-SAT Network, just after it started an invasion of Ukraine 8 months ago. Though the attack disrupted thousands of routers across the Zelensky led nation, it did some good as many commercial firms offering satellite-based services treated this attack as a wake-up call to bolster their IT infrastructure.

Tesla Chief Elon Musk who owns SpaceX’s Starlink Satellite services revealed in one his tweets that his teams have detected multiple such attacks on space systems in this year. And his company was one of the worst affected.

FBI, in collaboration with CISA and Ukraine’s Cyber Army, discovered that more such attacks could be launched by adversaries as cyberwarfare is turning into a lethal weapon that can reap in many benefits with minimal investment.

ViaSat’s investigation into the attack on KA-SAT confirmed that the state sponsored attacker exploited a configuration error into a VPN and gained remote access to the network that had controls over a vast database of home modems.

It’s already a known fact that Russia is losing its strength in its battle with Ukraine and so might resort to other threats such as digitally or physically attacking nuclear power stations across Europe or launch Kinetic attacks on Satellites to create mayhem across the west with power and communication blackouts.

Joe Biden, the US President, has already warned Putin over his threats on using nuclear warfare with the Ukraine military. And if the situation deteriorates, both nations along with others can launch such attacks on each other. Eventually leading to an apocalypse and slow & steady extinction of the entire human race.

 

The post Russian Cyber Attack acts as a wake-up call for Commercial Satellite Operators appeared first on Cybersecurity Insiders.

September 28, 2022 at 11:13AM

Read More

Latest Cyberthreats and Advisories – September 16, 2022

Vulnerabilities in popular tech, major WordPress plugin attacks and phishing, highlight this week’s cybersecurity news. Here are the latest threats and advisories for the week of September 16, 2022.

Threat Advisories and Alerts

Security Updates Released for Apple Zero-Day Vulnerabilities

For the eighth time this year, Apple has addressed zero-day vulnerabilities in its Mac and iPhone operating systems. The vulnerabilities apply to Safari 16,  iOS 15.7, iOS 16, macOS Monterey 12.6, macOS Big Sur 11.7 and iPadOS 15.7. Threat actors could exploit the flaws to take control of affected devices. Users of these products are recommended to apply the security updates immediately.

Source: https://www.cisa.gov/uscert/ncas/current-activity/2022/09/13/apple-releases-security-updates-multiple-products

Microsoft’s September Patch Tuesday Addresses 63 Vulnerabilities

In this month’s Patch Tuesday, Microsoft fixes 63 vulnerabilities, 5 of which are classified as critical because they allow remote code execution. Two zero-day vulnerabilities are also included, one of which has been actively exploited in attacks. Click the source link below for a complete list of this month’s Patch Tuesday security updates.

Source: https://www.bleepingcomputer.com/news/microsoft/microsoft-september-2022-patch-tuesday-fixes-zero-day-used-in-attacks-63-flaws/

Potential Increase in Phishing Attacks in Light of Queen’s Death

The National Cyber Security Centre has issued a warning that phishing scams may increase in the weeks following Her Majesty the Queen’s death. While the NCSC has yet to see a notable uptick in attacks, British citizens should remain vigilant as cybercriminals often exploit victims’ vulnerability around emotional events or topics. All suspicious emails should be reported to report@phishing.gov.uk.

Source: https://www.ncsc.gov.uk/news/potential-phishing-activity-update

Emerging Threats and Research

Customers’ Personal Information Exposed in U-Haul Data Breach

The American moving and storage company U-Haul revealed they suffered a data breach between November 5, 2021, and April 5, 2022. The incident occurred when an unauthorized person infiltrated the U-Haul rental contracts search portal to access some customers’ driver’s license information, names and rental contracts. Customers’ payment information wasn’t accessed, nor were U-Haul’s payment processing, financial or email systems.

Source: https://www.bleepingcomputer.com/news/security/u-haul-discloses-data-breach-exposing-customer-driver-licenses/

280,000+ WordPress Sites Attacked Due to WPGateway Plugin Vulnerability

The WordPress premium plugin WPGateway is being actively exploited. Over 4.6 million attacks on 280,000+ websites have occurred in the past month, trying to exploit the vulnerability. In the event of a successful attack, threat actors could take over a website. Users can tell their website has been affected if they see an admin with the username “rangex.” Until a patch is released, users are advised to uninstall the plugin.

Source: https://thehackernews.com/2022/09/over-280000-wordpress-sites-attacked.html

New Browser-in-the-Browser Phishing Technique Used to Steal Steam Credentials

Users of the video game digital distribution service Steam are being targeted by threat actors with a new type of phishing attack. The technique called Browser-in-the-Browser (BitB) opens a fake browser window within a legitimate active window. This malicious window masquerades as a sign-in pop up page for users to login. If users enter their information, it’s sent to the cybercriminals. Some of the Steam accounts that have been stolen are worth a reported $100,000 – $300,000.

Source: https://www.infosecurity-magazine.com/news/hackers-steal-steam-logins-bitb/

Nearly 5 Million Attacks Strike WordPress BackupBuddy Plugin Vulnerability

A zero-day vulnerability in the WordPress plugin BackupBuddy has had nearly 5 million attempted attacks since August 26, 2022. According to the plugin’s developer, "This vulnerability could allow an attacker to view the contents of any file on your server that can be read by your WordPress installation… This could include the WordPress "wp-config.php" file and, depending on your server setup, sensitive files like "/etc/password." BackupBuddy users are advised to update the plugin immediately.

Source: https://thehackernews.com/2022/09/hackers-exploit-zero-day-in-wordpress.html

To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.

The post Latest Cyberthreats and Advisories – September 16, 2022 appeared first on Cybersecurity Insiders.

September 28, 2022 at 09:09AM

Read More