CISOUpdate https://www.webpronews.com/technology/cisoupdate/ Breaking News in Tech, Search, Social, & Business Fri, 19 Jul 2024 14:33:37 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.2 https://i0.wp.com/www.webpronews.com/wp-content/uploads/2020/03/cropped-wpn_siteidentity-7.png?fit=32%2C32&ssl=1 CISOUpdate https://www.webpronews.com/technology/cisoupdate/ 32 32 138578674 CrowdStrike CEO Apologizes for Global IT Outage Affecting Banks, Airports, and Media Outlets https://www.webpronews.com/crowdstrike-ceo-apologizes-for-global-it-outage-affecting-banks-airports-and-media-outlets/ Fri, 19 Jul 2024 14:33:37 +0000 https://www.webpronews.com/?p=605851 A massive IT outage linked to a deployment issue by cybersecurity firm CrowdStrike has caused widespread disruption across various industries globally. Banks, airports, supermarkets, and media outlets are among the sectors impacted by the outage, which has left many critical services offline. CrowdStrike CEO George Kurtz joined ‘Squawk on the Street’ to provide insights into the situation and discuss the steps being taken to resolve the issue.

The Extent of the Outage

The outage has had a significant impact, causing major disruptions in various sectors. Financial institutions have reported system failures, preventing customers from accessing their accounts and conducting transactions. Airports worldwide, including those in the United States, Australia, and Europe, have experienced significant delays and cancellations due to the disruption of essential IT systems. Airlines have had to revert to manual check-in processes, causing long lines and frustration among travelers.

Media outlets have also been severely affected. The Australian Broadcasting Corporation (ABC) and several other media organizations have experienced major network outages, affecting their ability to broadcast and publish news. This incident has highlighted the widespread reliance on cybersecurity services like those provided by CrowdStrike.

CrowdStrike’s Response

In an interview with Jim Cramer on ‘Squawk on the Street,’ George Kurtz, CEO of CrowdStrike, addressed the incident. “First, I want to personally apologize to every organization, every group, and every person who’s been impacted by this,” Kurtz said. “We understand the gravity of the situation. This was not a code update; it was a content update that caused an issue only in the Microsoft environment.”

Kurtz explained that the problem was identified quickly and a fix was deployed. “We rolled back the problematic content file, and many organizations are beginning to recover. Systems that can be rebooted are coming back online and working,” he said. However, he acknowledged that some systems might take longer to recover fully, and CrowdStrike is working with each affected customer to ensure they return to operational status.

The Nature of the Problem

Kurtz elaborated on the nature of the issue, explaining that the content update involved a single file that drives additional logic on how CrowdStrike’s software detects bad actors. “This logic was pushed out and caused an issue specifically in the Microsoft environment,” he said. The update led to widespread crashes and the infamous “blue screen of death” on many Windows systems.

When asked why the update was not phased in gradually, Kurtz responded, “Traditionally, these updates go out in a phased approach and undergo extensive testing. We started seeing issues and pulled it back quickly. Not all of our customers were impacted—Mac and Linux systems were unaffected.”

Addressing the Liability and Future Prevention

Cramer pressed Kurtz on the potential liability facing CrowdStrike due to the widespread disruption. “You offered an apology, which to me suggests culpability and potential lawsuits from airlines, networks, and banks. What is the liability facing CrowdStrike?” Cramer asked.

“We have to sort out what that all looks like,” Kurtz replied. “Our focus right now is on our response and getting our customers back up and running. We will do a thorough review of how this happened and ensure it doesn’t happen again. Past that, we’ll deal with any legal repercussions.”

Recovery and Future Measures

The recovery process is ongoing, with CrowdStrike providing detailed guidance through its tech support and blogs. “Many systems are coming back online after a simple reboot, but some may require more manual intervention,” Kurtz explained. “We are working on ways to automate these fixes to minimize manual efforts.”

Kurtz also addressed concerns about the interaction with Microsoft’s systems. “We need to do a detailed analysis to understand the negative interaction with the Microsoft operating system. This includes identifying specific operating system versions or patch levels that were affected,” he said.

Industry Reactions and Expert Insights

Cyber expert Katherine Manstead emphasized the significance of the outage. “This incident highlights the interconnected nature of our digital infrastructure. A single point of failure in a widely used security solution can have ripple effects across multiple industries and geographies,” she said.

Manstead explained that CrowdStrike’s software is integral to many critical infrastructure organizations and major corporations. “CrowdStrike provides security monitoring and detection, which are essential for protecting against cyber threats. In this instance, a bug in their update caused widespread disruption,” she added.

Moving Forward

As organizations work to restore normal operations, this incident serves as a stark reminder of the vulnerabilities in the digital world. It underscores the importance of robust contingency plans and redundancy measures to ensure resilience against such disruptions.

CrowdStrike’s swift response and ongoing efforts to resolve the issue highlight the importance of effective incident management and communication strategies. As the global recovery unfolds, this event will likely prompt a reevaluation of cybersecurity practices across industries to better prepare for future challenges.

“This is a wake-up call for the entire cybersecurity community,” Manstead concluded. “We need to learn from this event and work collaboratively to enhance the resilience of our digital infrastructure. The lessons we take away from this incident will be crucial in preventing similar disruptions in the future.”

]]>
605851
openSUSE Aeon Introduces ‘Comprehensive Full Disk Encryption’ https://www.webpronews.com/opensuse-aeon-introduces-comprehensive-full-disk-encryption/ Fri, 12 Jul 2024 16:16:53 +0000 https://www.webpronews.com/?p=605699 openSUSE Aeon has announced plans to introduce comprehensive full disk encryption (FDE) by default, improving the security of the Linux distro.

Aeon is openSUSE’s “just works” Linux distro based on openSUSE Tumbleweed. Aeon is designed to simplify the process of running and administering Linux.

Aeon uses transactional updates “to provide atomic updates utilising the power of btrfs snapshots. Your system is updated inside a new snapshot leaving your current system unaffected.” As a result of this approach, updates are downloaded and applied in the background without impacting the current system until reboot, at which point the updated system is active. If an update fails for any reason, the updated “snapshot” is discarded and the system continues running.

Continuing its approach of providing a “just works” experience, Aeon’s developers are introducing FDE by default to provide comprehensive security.

Full Disk Encryption is planned to be introduced in the forthcoming release candidate of the Aeon Desktop to enhance data security for its users. The feature is expected to be included in the upcoming Release Candidate 3 (RC3).

Full Disk Encryption is designed to protect data in cases of device loss, theft or unauthorized booting into an alternative operating system. Depending on the hardware configuration of a system, Aeon’s encryption will be set up in one of two modes: Default or Fallback.

The developers outline the Default Mode for FDE’s implementation:

The Default Mode is the preferred method of encryption provided the system has the required hardware. This mode utilizes the Trusted Platform Module(TPM) 2.0 chipset with PolicyAuthorizeNV support (TPM 2.0 version 1.38 or newer). In this mode, Aeon Desktop measures several aspects of the system’s integrity. These including:

  • UEFI Firmware
  • Secure Boot state (enabled or disabled)
  • Partition Table
  • Boot loader and drivers
  • Kernel and initrd (including kernel command line parameters)

These measurements are stored in the system’s TPM. During startup, the current state is compared with the stored measurements. If these match, the system boots normally. If discrepancies are found, users are prompted to enter a Recovery Key provided during installation. This safeguard ensures that unauthorized changes or tampering attempts are flagged.

Fallback Mode exists for computers that don’t support TPM, requiring the user to enter a password on boot (not the password to log in, but the password that is required immediately on boot to unlock the disk). The developers address concerns that the Default Mode’s TPM implementation is less secure than manually entering a password:

Contrary to initial concerns, Default Mode is not less secure than Fallback Mode despite not requiring a passphrase at startup. The strong integrity checks in Default Mode protect against attacks that could bypass normal authentication methods. For example, it can detect changes to the kernel command line that could otherwise allow unauthorized access. Furthermore, it safeguards against modifications to initrd thereby preventing potential passphrase capture in Fallback Mode.

FDE is available on most Linux distros, and all of the major ones. Unfortunately, there are very few that make FDE the default option, with Pop!_OS being a notable exception. Making comprehensive FDE the default for openSUSE Aeon is a good move, hopefully one more distros will embrace.

]]>
605699
Biden Administration Poised to Ban Kaspersky Products https://www.webpronews.com/biden-administration-poised-to-ban-kaspersky-products/ Thu, 20 Jun 2024 16:42:18 +0000 https://www.webpronews.com/?p=605306 The Biden administration is reportedly poised to ban Kaspersky Lab’s security software given the company’s ties to the Kremlin.

Kaspersky is a popular maker of antivirus and security software, but the company is based in Russia. According to Reuters, officials are concerned by how widely used Kaspersky’s products are, including by organizations classified as critical infrastructure providers. The company’s software is also used by state and local governments.

Accusations of close ties between Kaspersky and the Russian government have been growing in recent months. According to CNET, there have been some reports that indicate the company is actively working with the FSB, while others claim that Russian intelligence has hacked the company’s products for its own benefit. Either way, officials are increasingly concerned that Kaspersky’s products represent a growing threat to national security.

“The case against Kaspersky Lab is overwhelming,” said Senator Jeanne Shaheen. “The strong ties between Kaspersky Lab and the Kremlin are alarming and well-documented.”

Given the popularity of Kaspersky’s products, a ban on its software will likely have significant repercussions for organizations and government entities alike.

]]>
605306
Senator Wyden: UnitedHealth CEO, Board ‘Should Be Held Responsible’ for Hiring Unqualified CISO https://www.webpronews.com/senator-wyden-unitedhealth-ceo-board-should-be-held-responsible-for-hiring-unqualified-ciso/ Fri, 07 Jun 2024 16:14:58 +0000 https://www.webpronews.com/?p=605100 Senator Ron Wyden, easily one of the most tech-savvy US lawmakers, has written a scathing letter saying UnitedHealth Group’s (UHG)CEO and board “should be held responsible” for hiring an unqualified CISO.

UHG suffered a devastating ransomware attack in early 2024. Hackers, claiming to be part of BlackCat, claimed to have absconded with six terabytes of data. UHG CEO Andrew Witty ultimately made the decision to pay a $22 million ransom to regain access to company systems.

In the wake of the attack, damning details have emerged regarding the company’s cybersecurity—or lack thereof. For example, as Senator Wyden writes in a letter to FTC Chairwoman Lina Khan, despite multi-factor authentication (MFA) being company policy for all “externally facing systems,” the company had failed to enforce it, leading to a remote server being compromised. To make matters worse, Witty revealed testimony before Congress, that MFA was not in place company wide at the time of his testimony, nor was the policy enforced in all instances.

“In certain situations where you might have, for example, older technologies which have been upgraded, you might — you may have security controls around those systems as a — as a compensatory factor,” Witty told Congress.

Senator Wyden emphasizes the utter lack of good judgment the above statement demonstrates.

The consequences of UHG’s apparent decision to waive its MFA policy for servers running older software are now painfully clear. But UHG’s leadership should have known, long before the incident, that this was a bad idea.

Senator Wyden then takes aim at UHG’s hiring of Steven Martin for the role of CISO, saying he appeared to be unqualified for the role.

One likely reason for UHG’s negligence, and the company’s failure to adopt industry-standard cyber defenses, is that the company’s top cybersecurity official appears to be unqualified for the job. Steven Martin, UHG’s chief information security officer (CISO), had not worked in a full- time cybersecurity role before he was elevated to the top cybersecurity position at UHG in June, 2023, after working in other roles at UHG and Change Healthcare. Although Mr. Martin has decades of experience in technology jobs, cybersecurity is a specialized field, requiring specific expertise. Just as a heart surgeon should not be hired to perform brain surgery, the head of cybersecurity for the largest health care company in the world should not be someone’s first cybersecurity job.

Senator Wyden makes a point of saying that Martin should not be scapegoated for UHG’s failure. Instead, the CEO and board bear responsibility.

Due to his apparent lack of prior experience in cybersecurity, it would be unfair to scapegoat Mr. Martin for UHG’s cybersecurity lapses. Instead, UHG’s CEO and the company’s board of directors should be held responsible for elevating someone without the necessary experience to such an important role in the company, as well as for the company’s failure to adopt basic cyber defenses. The Audit and Finance committee of UHG’s board, which is responsible for overseeing cybersecurity risk to the company, clearly failed to do its job. One likely explanation for this board-level oversight failure is that none of the board members have any meaningful cybersecurity expertise.

The senator calls on Lina Khan and the FTC to investigate UHG’s cybersecurity failures—making the point that there are likely many more given how serious this one is—and hold senior leadership accountable.

]]>
605100
Women in Cybersecurity: A Conversation with Rinki Sethi, CISO of BILL https://www.webpronews.com/women-in-cybersecurity-a-conversation-with-rinki-sethi-ciso-of-bill/ Fri, 07 Jun 2024 15:41:56 +0000 https://www.webpronews.com/?p=605089 In the rapidly evolving landscape of cybersecurity, the role of women continues to grow, inspiring future generations and reshaping the industry. In a recent episode of CISO Talk, host Steve Morgan sat down with Rinki Sethi, Vice President and Chief Information Security Officer (CISO) at BILL, a publicly traded leader in financial automation software for small and midsize businesses. The discussion, brought to you by Evolution Equity Partners, delved into Sethi’s career, the state of women in cybersecurity, and the ever-present challenges in the field.

A Journey Through Cybersecurity

Rinki Sethi’s impressive career spans two decades, during which she has held significant positions at major companies such as PG&E, Walmart, eBay, Intuit, Palo Alto Networks, IBM, Rubrik, and Twitter before joining BILL. “I’ve been here two and a half years, leading the IT and security organization,” she shared. Sethi’s extensive background and diverse experience have equipped her with a deep understanding of cybersecurity.

Her journey into cybersecurity was somewhat serendipitous. “I graduated during a downturn in the economy, and job opportunities were scarce,” she recounted. A chance encounter at a recruitment event led her to a Pacific Gas and Electric role in their information protection department. “I talked to a hiring manager about my favorite cryptography class, and that conversation changed everything,” she said. This fortuitous start set the stage for a thriving career in cybersecurity.

Sethi’s time at PG&E was a pivotal moment that shaped her career trajectory. “Working at PG&E gave me my first real taste of what cybersecurity entailed,” she explained. “I was fortunate to have mentors who guided me and provided opportunities to work on significant projects.” This foundation allowed her to build the skills to tackle more challenging roles at larger companies.

At Walmart and eBay, Sethi honed her skills further, managing large teams and dealing with complex security challenges. “Each role brought its own set of challenges and learning experiences,” she noted. “At Walmart, I was responsible for securing a vast network, which required a deep understanding of both retail and technology. eBay was another beast altogether, dealing with high transaction volumes and ensuring the safety of user data.”

Her subsequent roles at Intuit and Palo Alto Networks allowed her to delve deeper into the strategic aspects of cybersecurity. “Intuit was where I started to see the bigger picture, understanding how security fits into overall business strategy,” she said. “At Palo Alto Networks, I was at the forefront of developing advanced security technologies, which was incredibly exciting.”

Transitioning to Rubrik and then Twitter marked Sethi’s entry into executive leadership roles. “Taking on the CISO role at Rubrik was a significant milestone,” she said. “It was a chance to lead and shape the security posture of a growing company.” Her experience at Twitter, particularly during high public scrutiny and security challenges, further solidified her reputation as a cybersecurity leader.

Reflecting on her journey, Sethi emphasized the importance of adaptability and continuous learning. “Cybersecurity is an ever-evolving field,” she remarked. “You have to be willing to learn and adapt constantly. The threats change, the technology changes, and so must we.” Her career path underscores the dynamic nature of cybersecurity and the need for professionals to stay ahead of the curve.

Sethi has also advocated for diversity and inclusion in the tech industry throughout her career. “Being one of the few women in many of these roles, I realized the importance of representation,” she said. “I’ve made it a point to mentor and support other women in cybersecurity, helping to pave the way for the next generation.” Her efforts have contributed to a more inclusive and supportive environment for women in the field.

Rinki Sethi’s career is a testament to the opportunities and challenges in cybersecurity. From her early days at PG&E to her current role at BILL, she has navigated the complexities of the field with skill and determination. Her story inspires aspiring cybersecurity professionals, demonstrating that success is attainable with passion, resilience, and continuous learning. “I’m excited about what the future holds for cybersecurity and for the role of women in this industry,” she concludes.

The Early Hacker Mindset

Rinki Sethi’s interest in technology began at a young age, fueled by her family’s enthusiasm for computers. “I grew up with computers very early on, building my own machines,” she recalled. This early exposure was pivotal in developing her technical skills and curiosity. “My uncles were real techies and geeks, and our weekends were filled with discussions about the latest tech advancements,” she added. This environment nurtured her innate curiosity and problem-solving abilities, setting the foundation for her future career.

A particularly formative experience involved her father installing parental spyware on her computer, leading to a cat-and-mouse game that sparked her hacker mindset. “My dad had installed keylogger software to monitor my online activities,” Sethi recounted. “I found out he was reading my chats, which led me to write a program that detected and removed the spyware.” This experience was more than just a technical challenge; it was a turning point that ignited her interest in cybersecurity. “I realized the power of coding and problem-solving at a very young age,” she said. “It was my first real taste of what it meant to be a hacker, even though I didn’t know what a hacker was back then.”

The lessons from this early experience extended beyond technical skills. “It taught me resilience and the importance of staying one step ahead,” Sethi explained. “Every time I uninstalled the spyware, my dad would reinstall it, and I’d have to find a new way to detect it. It was a continuous learning process.” This iterative process of problem-solving and innovation became a core aspect of her professional ethos. “That mindset of constantly evolving and improving has stayed with me throughout my career,” she said.

Sethi’s early forays into hacking were about outsmarting her father and understanding the broader implications of cybersecurity. “I started to see how important it was to protect information and how vulnerable we could be if we didn’t take proper measures,” she explained. This realization shaped her approach to cybersecurity, emphasizing the need for proactive and adaptive strategies. “Cybersecurity is about anticipating threats and staying ahead of them, just like I did with my dad’s spyware,” she noted.

Her early experiences also highlighted the importance of mentorship and guidance. “My father, despite his invasive methods, was a significant influence,” Sethi acknowledged. “He pushed me to think critically and solve problems independently.” This support was crucial in her development as a technologist and cybersecurity expert. “Having someone challenge you and push your boundaries is essential for growth,” she added.

Reflecting on her journey, Sethi emphasized the value of early exposure to technology and the importance of nurturing young talent. “If I hadn’t been exposed to computers and encouraged to explore, I might not have found my passion for cybersecurity,” she said. She advocates for more programs that introduce children, especially girls, to technology at an early age. “We need to create opportunities for young people to experiment and learn in a supportive environment,” she urged.

These early experiences laid the groundwork for Sethi’s successful career in cybersecurity. Her story is a testament to early exposure’s impact, resilience’s importance, and continuous learning’s value. “Those early days of battling spyware were just the beginning,” she said with a smile. “They set me on a path of discovery and innovation that continues to this day.”

Women in Cybersecurity: Progress and Challenges

Discussing the current state of women in cybersecurity, Rinki Sethi acknowledged the significant strides made over the past decade. “I think it’s around 20 to 30% of the workforce now, which is a big improvement,” she noted. “A decade ago, it was closer to 10%.” However, despite this progress, Sethi emphasized that there is still a long way to go, particularly in leadership positions. “When you look at management, senior management, and CISO roles, the numbers are much lower,” she explained. “It shocks me every time someone asks me to introduce them to a woman CISO, and there are very few of us out there.”

Sethi attributed some of the challenges to broader issues women face in tech, including balancing career and family responsibilities. “As women start having families, a lot of the burden falls on them, making it hard to sustain a career in cybersecurity,” she said. This struggle often leads to women leaving the field or not advancing to higher levels of leadership. “Creating workplaces that are more inclusive and offer flexibility is crucial for retaining women in tech,” she emphasized.

The importance of mentorship and support networks was another key point Sethi highlighted. “Mentorship has been instrumental in my career,” she said. “Having role models and mentors who can guide you, provide advice, and open doors is invaluable.” She noted that organizations must foster environments where mentorship is encouraged and accessible to all. “We need to build strong networks of support to help women navigate their careers and overcome the unique challenges they face,” she added.

Sethi also pointed out that visibility and representation matter. “Seeing women in senior roles can be incredibly inspiring and empowering,” she said. “It sends a message that these positions are attainable.” She shared an anecdote about a young woman who approached her at a conference, expressing how seeing Sethi on stage motivated her to pursue a career in cybersecurity. “Moments like that remind me why representation is so important,” she said. “We need to show the next generation that they belong in this field.”

Despite the challenges, Sethi is optimistic about the future of women in cybersecurity. “We are seeing more initiatives and programs aimed at increasing diversity in the field,” she noted. “From early education programs to professional development opportunities, there is a growing recognition of the need to support women in tech.” She cited initiatives such as cybersecurity bootcamps and scholarship programs that are helping to bridge the gender gap. “These programs are making a real difference, and we need to continue to support and expand them,” she said.

Furthermore, Sethi emphasized the importance of organizational commitment to diversity and inclusion. “It’s not just about hiring more women; it’s about creating an environment where they can thrive,” she said. This involves implementing policies that support work-life balance, offering career development opportunities, and fostering a culture of respect and inclusion. “Organizations need to be proactive in addressing the barriers that women face and work towards creating a more equitable workplace,” she added.

Looking ahead, Sethi is hopeful that the increased focus on diversity will lead to more women in leadership roles within cybersecurity. “As we see more women entering the field and advancing in their careers, I believe we’ll start to see a shift,” she said. “It’s a gradual process, but the momentum is building.” She concluded with a call to action for the industry: “We all have a role to play in creating a more inclusive cybersecurity community. By supporting and uplifting each other, we can make a significant impact.”

Attracting More Women to Cybersecurity

To address the gender gap in cybersecurity, Rinki Sethi stressed the importance of early education and exposure. “Cybersecurity isn’t brought to kids at an early age, so they don’t learn about it until much later,” she said. This late introduction can be a barrier, as children may develop interests in other fields before they even know what cybersecurity entails. “We need to introduce cybersecurity concepts in schools just like we do with other subjects,” she emphasized.

Sethi recounted her experience with the Girl Scouts, where she helped create the first cybersecurity curriculum from kindergarten to 12th grade. “There are girls now graduating from those programs and pursuing cyber careers,” she said, highlighting the impact of such initiatives. “We need more programs like this to ensure that cybersecurity is seen as a viable and exciting career path from a young age.”

Moreover, Sethi believes companies should actively participate in outreach and education programs. “Companies need to invest in creating and supporting programs that introduce cybersecurity to young girls,” she urged. This includes partnerships with schools, community organizations, and initiatives like coding bootcamps and summer camps focused on technology and cybersecurity. “By getting involved, companies can help demystify cybersecurity and show that it’s an accessible and rewarding field,” she added.

Another crucial aspect is addressing the stereotype of cybersecurity professionals. “We need to break the hacker-in-a-hoodie image,” Sethi said. “Cybersecurity is much more diverse than that, and we need to showcase the variety of roles and the people who fill them.” Highlighting diverse role models in cybersecurity can inspire young girls and women to see themselves in those positions. “Representation matters,” she asserted. “Seeing someone who looks like you in a role you aspire to can be incredibly motivating.”

Sethi also highlighted the importance of family and community support in encouraging young girls to pursue cybersecurity. “Parents and educators play a critical role in supporting and nurturing girls’ interests in tech,” she explained. “We need to provide them with the resources and knowledge to encourage girls to explore cybersecurity.” This involves creating an environment where girls feel supported and empowered to pursue their interests in technology.

Furthermore, Sethi emphasized the need for mentorship and networking opportunities. “Mentorship can make a huge difference in someone’s career,” she noted. “Having a mentor to guide you, provide advice, and advocate for you can help women navigate the challenges of the cybersecurity field.” She encouraged organizations to establish mentorship programs and create spaces where women can connect, share experiences, and support each other. “Building strong networks of women in cybersecurity is essential for fostering growth and development,” she added.

Lastly, Sethi called for industry-wide initiatives to attract and retain more women in cybersecurity. “We need a concerted effort across the industry to address the gender gap,” she said. This includes policy changes, organizational commitments to diversity and inclusion, and ongoing support for professional development. “It’s about creating a culture where women feel valued and can thrive,” she concluded. “By working together, we can make cybersecurity a more inclusive and diverse field, benefiting everyone involved.”

The Threat Landscape Today

The current threat landscape in cybersecurity is vast and complex, presenting numerous challenges for professionals in the field. Rinki Sethi, with her extensive experience, provided a detailed overview of these challenges. “The threat landscape today is enormous, with so many issues to grapple with,” she said. “From ransomware to the weaponization of cyber criminals, the range of threats is broad and constantly evolving.” These persistent threats require cybersecurity experts to remain vigilant and adaptive.

Ransomware remains a significant concern. “Ransomware continues to be a major issue,” Sethi explained. “It’s a constant battle to protect against these attacks and ensure that our systems and data are secure.” The impact of ransomware can be devastating, causing financial losses and disrupting critical services and operations. “We have to be prepared to respond quickly and effectively to minimize the damage,” she added.

Identity theft and fraud are also critical areas of concern. “Identity theft is another major threat that we deal with on a regular basis,” Sethi noted. “Ensuring that our authentication mechanisms are robust and that we have strong protections in place is essential.” She emphasized the importance of continuous monitoring and implementing advanced security measures to safeguard personal and organizational data. “It’s about staying one step ahead of the attackers,” she said.

Sethi pointed out that while these traditional threats are still prevalent, new challenges are emerging with the rapid advancement of technology. “We have so much technology and innovation at our hands today,” she remarked. “It’s an exciting time for cybersecurity, but it also means that we have to be constantly on guard for new types of threats.” The integration of artificial intelligence and machine learning in cybersecurity, for instance, has opened up new avenues for both defense and attack. “AI can be a powerful tool in our defense strategy, but it can also be used by cybercriminals to launch more sophisticated attacks,” she explained.

The need for comprehensive coverage compounds the complexity of the modern threat landscape. “What worries me is the one thing you didn’t know about that creates a hole in your defenses,” Sethi admitted. “Ensuring that we have coverage on everything and being able to respond quickly if something slips through the cracks is crucial.” This highlights the importance of a robust response strategy and crisis management plan. “Companies need to focus on their response strategy and crisis management,” she advised. “Being prepared to handle breaches seamlessly can make all the difference.”

In addition to the technical challenges, Sethi discussed the importance of collaboration and information sharing within the cybersecurity community. “No one company can tackle these threats alone,” she emphasized. “Collaboration is key to staying ahead of cybercriminals.” By sharing insights and best practices, organizations can enhance their collective defenses and respond more effectively to emerging threats. “We need to work together to create a stronger, more resilient cybersecurity ecosystem,” she said.

Rinki Sethi’s insights into the current threat landscape underscore cybersecurity’s complexity and ever-evolving nature. Her emphasis on proactive measures, continuous learning, and collaboration highlights the multi-faceted approach required to protect against today’s sophisticated cyber threats. As the field continues to evolve, the importance of skilled, adaptive, and inclusive cybersecurity teams becomes increasingly apparent. “The challenges are significant, but so are the opportunities,” Sethi concluded. “By working together and leveraging our collective expertise, we can create a safer and more secure digital world.”

 

]]>
605089
CISA Makes Its Malware Analysis Tool Available to the Public https://www.webpronews.com/cisa-makes-its-malware-analysis-tool-available-to-the-public/ Mon, 15 Apr 2024 15:56:12 +0000 https://www.webpronews.com/?p=603398 Companies and individuals have a powerful tool in the fight against malware, thanks to CISA making its Malware Next-Gen malware analyzer available to the public.

CISA is on the forefront in the war against malware and cybersecurity threats, tracking threats and working with organizations to counter them. The agency’s Malware Next-Gen is a malware analysis platform that uses a combination of methods to identify malware.

CISA’s Malware Next-Generation “Next-Gen” Analysis platform provides automated malware analysis support for all U.S. federal, state, local, tribal, and territorial government agencies. Analysis is performed by a combination of static and dynamic analysis tools in a secure environment and results are available in PDF and STIX 2.1 data formats.

CISA has made the tool available to the public, with the ability to use it as a registered or anonymous user, although only registered users will receive analysis reports.

Please note, the Malware Next-Gen Analysis platform is a U.S. government computer and information system. To receive analysis of any malware samples you submit to this system, you will need to create a user account and consent to monitoring of your activities. Access to this system is restricted to authorized users only and subject to rules of behavior.

Users who wish to submit malware samples without registering may use Anonymous submission. Unregistered users are not required to provide any contact information; however, users who use this submission method will not have access to analysis results.

Users can submit files anonymously here. Users who wish to register can do so at login.gov.

]]>
603398
AlmaLinux Patches Security Issue Before Red Hat https://www.webpronews.com/almalinux-patches-security-issue-before-red-hat/ Wed, 10 Apr 2024 01:00:23 +0000 https://www.webpronews.com/?p=603029 AlmaLinux has patched a moderate security vulnerability before Red Hat Enterprise Linux (RHEL), a first for the RHEL clone distro.

AlmaLinux began its life as a 1:1 RHEL-compatible Linux distro, giving organizations a less expensive alternative to RHEL. When Red Hat announced its controversial decision to restrict access to RHEL’s source code, AlmaLinux pivoted to become Application Binary Interface (ABI) compatible.

A major benefit of this approach is that AlmaLinux no longer needs to wait for RHEL to patch a vulnerability, a point the distro has just proven. AlmaLinux OS Foundation Chair benny Vasquez announced the fix for CVE-2024-1086 on the organization’s website.

In January of this year, a kernel flaw was disclosed and named CVE-2024-1086. This flaw is trivially exploitable on most RHEL-equivalent systems. There are many proof-of-concept posts available now, including one from our Infrastructure team lead, Jonathan Wright (Dealing with CVE-2024-1086). In multi-user scenarios, this flaw is especially problematic.

Though this was flagged as something to be fixed in Red Hat Enterprise Linux, Red Hat has only rated this as a moderate impact. Our users have asked us to patch this more quickly, and as such, we have opted to include patches ourselves. We released this kernel patch to the testing repo last weekend and plan to push it to production on Wednesday, April 3rd.

Vasquez also took the opportunity to assure users that AlmaLinux was not impacted by the recent XZ backdoor.

The entire open source world exploded last Friday as a reporter shared that they had identified a backdoor in the open source data compression utility XZ. Thanks to both the diligence of the reporter, Andres Freund, and the nature of beta and rolling releases being used for testing, this back door was identified much earlier than it might have otherwise been. Because enterprise Linux takes a bit longer to adopt those updates (sometimes to the chagrin of our users), the version of XZ that had the back door inserted hadn’t made it further than Fedora in our ecosystem.

Vasquez concluded by emphasizing the newfound freedom that comes with being a “Red Had equivalent operating system,” rather than a 1:1 compatible one.

Security is a priority at AlmaLinux, and once again we’re patching something we feel is super important. This is part of the freedom that comes with being a community-powered Red Hat equivalent operating system. We appreciate the members of our community that reported, worked to fix, and have tested our security updates.

]]>
603029
Navigating the Security Landscape: Insights from AWS Chief Information Security Officer Chris Betz https://www.webpronews.com/navigating-the-security-landscape-insights-from-aws-chief-information-security-officer-chris-betz/ Fri, 29 Mar 2024 22:17:34 +0000 https://www.webpronews.com/?p=602306 In the intricate world of cybersecurity, few positions hold as much weight and responsibility as that of the Chief Information Security Officer (CISO). At the helm of Amazon Web Services (AWS), Chris Betz occupies this pivotal role, overseeing the protection of one of the world’s largest cloud computing platforms. In a recent conversation, Betz shared his journey from Capital One to AWS, offering unique perspectives on the evolving landscape of cybersecurity and the critical role of trust in the digital age.

Betz’s transition from Capital One to AWS was not merely a career move but a testament to the growing significance of cloud-based security solutions. “One of the things, as I spent several years there, that I kept on realizing was how much our work relied on the security of AWS. As you know, Capital One is all in the cloud and has closed its data centers. And so that journey at Capital One, the security work at Capital One with AWS led me to appreciate how incredibly important the technology we bring is to that trust and the security of so many businesses.”

Reflecting on his tenure at AWS, Betz highlighted the subtle yet profound shifts in perspective that come with assuming the role of CISO. “It’s one thing to hear about those conversations about security being Job Zero, the top priority at AWS. It’s another thing to live it, have those conversations, and be challenged by my business and technology partners about whether we are moving fast enough. Are we raising the bar enough? Are we staying ahead of the threats?”

Central to Betz’s approach is the recognition that effective cybersecurity transcends mere technical proficiency—it requires a fundamental shift in mindset and culture. “It does. There’s not a… Well, I mean, I’m in security, so every conversation I have will have that to some degree. But it’s amazing to be in meetings that are not even on security topics. As a senior leader, one of the things I do appreciate about AWS is that they involve security in non-security specific meetings. And I get to be part of those conversations and have other people bring up, ask about security, and think about how we do that better. Just like you said, that culture that is everywhere really, really matters.”

When measuring a security program’s effectiveness, Betz eschews conventional metrics in favor of a more nuanced approach. “It’s an excellent question. And often, when I’m asked that question, people expect me to jump to metrics or measurements. And there’s certainly a slew of metrics and measurements we can use to help describe what’s going on in security. But one of the things that I think is truly a leading indicator is the degree to which the business and the technology organizations see security as an enabler of them achieving their programs.”

In the realm of boardroom discussions, Betz emphasizes the need for security leaders to tailor their communication to the unique dynamics of each board. “That is a great question. And honestly, I have never seen two companies who do it the same way. Part of that is because it’s important to discuss risk within the business context.”

As Betz continues to navigate the ever-evolving landscape of cybersecurity, one thing remains clear: the CISO’s role is more critical than ever. With cyber threats growing in frequency and sophistication, organizations must invest not only in technology but also in the people and processes that form the foundation of effective cybersecurity. At AWS, under Betz’s leadership, the pursuit of security excellence remains steadfast, ensuring that businesses can trust in the integrity and resilience of the cloud.

]]>
602306
Exploring Cybersecurity Strategies for Critical Infrastructure: Insights from Javier García Quintela, Chief Information Security Officer at Repsol https://www.webpronews.com/exploring-cybersecurity-strategies-for-critical-infrastructure-insights-from-javier-garcia-quintela-chief-information-security-officer-at-repsol/ Mon, 25 Mar 2024 13:46:24 +0000 https://www.webpronews.com/?p=602084 In an era of digital transformation and heightened cyber threats, organizations are grappling with safeguarding their critical infrastructure against evolving risks. Rock Studios recently sat down with Javier García Quintela, Chief Information Security Officer at Repsol, a multinational energy company at the forefront of the energy transition, to shed light on this complex issue. In this exclusive interview, Quintela shares his expertise on cybersecurity strategies for critical infrastructure and the imperative of integrating cybersecurity into company culture.

Repsol’s commitment to the energy transition underscores its proactive stance towards embracing alternative energy sources and reducing carbon emissions. As Quintela explains, this shift necessitates a robust cybersecurity posture to mitigate risks associated with digital transformation initiatives. Quintela emphasizes the need for organizations to balance cybersecurity with operational efficiency, particularly in environments where information technology (IT) and operational technology (OT) converge.

Against the backdrop of an evolving threat landscape characterized by increasingly sophisticated cyber attacks, Quintela outlines three key strategies for critical infrastructure companies:

Understanding Cybersecurity as a Business Risk: Boards of directors must recognize cybersecurity as a business risk and assess its potential impact on organizational operations. This entails quantifying cyber threats and developing specific plans to achieve desired risk tolerance levels.

Staying Aware of Regulatory Requirements: Compliance with cybersecurity regulations, such as the NIS Directive in the EU and the SE Rule in the US, is essential. Boards must remain informed about evolving regulatory frameworks and ensure their organizations adhere to relevant laws and directives.

Investing in Resources and Specific Plans: Boards should support allocating resources and the development of comprehensive cybersecurity plans. This includes ongoing investments in cybersecurity controls and balancing security measures and operational needs.

Integral to effective cybersecurity is the integration of cybersecurity into company culture. Quintela underscores the importance of fostering a culture of cybersecurity awareness among employees at all levels. From business leaders making strategic decisions to frontline staff serving as the first line of defense against cyber threats, a culture where cybersecurity is ingrained in decision-making processes and everyday operations is paramount.

Quintela also discusses the criteria critical infrastructure companies consider when selecting trusted partners to assist in executing their OT cybersecurity roadmap. Compatibility, effectiveness, and innovation are key factors, ensuring that technology solutions are secure, adaptable, and capable of evolving alongside emerging threats.

Quintela’s insights underscore the critical role of cybersecurity in safeguarding critical infrastructure against cyber threats. By adopting proactive strategies, staying abreast of regulatory requirements, and fostering a culture of cybersecurity awareness, organizations can enhance their resilience and confidently navigate the cybersecurity landscape in an increasingly digitized world.

]]>
602084
The Evolution of the Chief Information Security Officer Role: From Silent Sentinel to Strategic Partner https://www.webpronews.com/the-evolution-of-the-chief-information-security-officer-role-from-silent-sentinel-to-strategic-partner/ Tue, 12 Mar 2024 11:32:48 +0000 https://www.webpronews.com/?p=601283 In a thought-provoking discussion, industry leaders gathered to explore the shifting landscape of the Chief Information Security Officer (CISO) role, shedding light on the evolving expectations and responsibilities facing modern security professionals.

The conversation began with a reflection on the past as panelists reminisced about the early days of the CISO role. “When I started, the CSO role was kind of a unicorn,” remarked one participant. “You rarely encountered someone with that title, and security was often viewed as a utility rather than a strategic asset.”

Indeed, the role of the CISO has undergone a remarkable transformation over the years, transitioning from a technical position to a critical business function. As cybersecurity threats continue to evolve and multiply, organizations increasingly recognize the importance of proactive risk management and compliance.

“In the past, technical skills were a must for aspiring CISOs,” noted another panelist. “But today, while technical acumen is still valuable, the soft skills set successful CISOs apart. Communication, collaboration, and the ability to translate complex security concepts into business terms are now essential.”

The discussion also touched on the growing accountability placed on CISOs, particularly in light of new regulations and mandates. “CSOs today are facing new challenges and increasing workloads,” explained one participant. “They’re being held more accountable for security actions or inactions taken by the business, and the struggle is only going to get harder.”

Despite the challenges, the panelists were optimistic, emphasizing the importance of agility, adaptability, and continuous learning in the ever-changing cybersecurity landscape. “The key to success as a CISO is the ability to evolve and innovate,” remarked one industry expert. “It’s about anticipating future threats, navigating complex regulatory environments, and effectively communicating with stakeholders at all levels of the organization.”

As the discussion drew to a close, there was consensus that the role of the CISO will continue to evolve in response to emerging threats and technological advancements. “The future of cybersecurity is uncertain,” concluded one panelist. “But with the right leadership, collaboration, and commitment to excellence, we can rise to meet any challenge that comes our way.”

In a world where cybersecurity is no longer an afterthought but a strategic imperative, the role of the CISO has never been more important. As organizations navigate the complex cybersecurity landscape, they can take comfort in knowing that they have dedicated professionals at the helm, guiding them safely through the digital wilderness.

]]>
601283
AI Driving CrowdStrike’s Impressive Growth https://www.webpronews.com/ai-driving-crowdstrikes-impressive-growth/ Sat, 09 Mar 2024 20:15:46 +0000 https://www.webpronews.com/?p=601125 The cybersecurity sector has been an intriguing space to watch in recent times. While many industries have faced budget tightening over the past two years, cybersecurity has shown resilience and even benefited from AI advancements. However, the past few weeks have brought about some significant shifts, particularly among key players like Palo Alto Networks, CrowdStrike, and Zscaler.

Palo Alto Networks surprised the market with a $600 million billings shortfall forecast, signaling cracks in its consolidation strategy. This development had a ripple effect, dragging down other consolidation players like CrowdStrike and Zscaler. However, a closer look at the dynamics reveals different stories for each company.

CrowdStrike’s Impressive Momentum

CrowdStrike’s recent earnings report showcased impressive momentum, with $3.44 billion in Annual Recurring Revenue (ARR), representing 34% growth. The company’s success can be attributed to its platform approach, which leverages AI and encompasses more than just endpoint security. CrowdStrike aims to expand beyond its core endpoint business, with cloud, identity, and next-gen security modules driving growth.

One of CrowdStrike’s key strengths lies in its ability to adapt and innovate, evident in its focus on AI-driven solutions like Charlotte Gen AI. This platform expansion strategy positions CrowdStrike as a formidable player in the cybersecurity space, with a clear path to becoming a next-generation software company.

Challenges for Palo Alto and Zscaler

On the other hand, Palo Alto Networks faced challenges with spending fatigue among customers and difficulties in converting them to its platform. This resulted in the company offering free trials to bridge the gap and retain customers. Meanwhile, Zscaler’s recent earnings report, despite beating expectations, faced scrutiny from analysts, leading to concerns about billing and guidance.

The Power of Platforms

The success of CrowdStrike underscores the importance of platforms in cybersecurity. Unlike traditional product-focused approaches, platforms offer unified solutions that simplify deployment and management for customers. CrowdStrike’s founder-led, mission-driven approach, coupled with its cloud-native architecture and AI capabilities, positions it as a leader in the space.

As cyber threats continue to escalate, organizations recognize the value of investing in robust cybersecurity solutions. While budget constraints may pose challenges, the ROI of cybersecurity lies in reducing the impact of breaches and mitigating associated risks. Ultimately, companies that prioritize innovation and adaptability, like CrowdStrike, are poised to thrive in an increasingly complex threat landscape.

Recent developments in the cybersecurity sector highlight the importance of platform-based approaches and innovation in addressing evolving threats. While challenges persist for some players, those that prioritize customer needs, leverage emerging technologies, and demonstrate resilience are well-positioned for long-term success.

]]>
601125
Google Rolls Out AI Cyber Defense Initiative https://www.webpronews.com/google-rolls-out-ai-cyber-defense-initiative/ Mon, 26 Feb 2024 18:30:06 +0000 https://www.webpronews.com/?p=601016 Google is rolling out a new initiative aimed at using AI to bolster cybersecurity at a time when companies are experiencing more threats than ever.

Companies and organizations of all sizes are facing unprecedented cybersecurity threats, with AI increasingly being used to carry out attacks. Google is trying to turn the tables, using AI to help bolster cybersecurity. The company wants to help organizations tackle “Defender’s Dilemma” with its new AI Cyber Defense Initiative.

Phil Venables, Google Cloud VP, CISO, and Royal Hansen, VP of Engineering for Privacy, Safety, and Security outlined the initiative in a blog post:

Today, and for decades, the main challenge in cybersecurity has been that attackers need just one successful, novel threat to break through the best defenses. Defenders, meanwhile, need to deploy the best defenses at all times, across increasingly complex digital terrain — and there’s no margin for error. This is the “Defender’s Dilemma,” and there’s never been a reliable way to tip that balance.

Our experience deploying AI at scale informs our belief that AI can actually reverse this dynamic. AI allows security professionals and defenders to scale their work in threat detection, malware analysis, vulnerability detection, vulnerability fixing and incident response.

The executives outline Google’s three-part plan, including its efforts to foster a “secure by design and by default” AI ecosystem; empower organizations with expansions to its Google.org Cybersecurity Seminars Program and open-sourcing its AI-powered Magika that is used to help detect malware; and advancing AI-powered security researched with $2 million in research grants.

The company has a detailed report available for those looking to learn more.

]]>
601016
Experts: More Cybersecurity Firms Will Follow IronNet’s Collapse https://www.webpronews.com/experts-more-cybersecurity-firms-will-follow-ironnets-collapse/ Sun, 22 Oct 2023 16:36:03 +0000 https://www.webpronews.com/?p=599456 Experts are issuing strong warnings to the cybersecurity industry, saying more companies will follow IronNet into bankruptcy.

IronNet surprised the industry when it announced it would file for bankruptcy and shut down. The firm originally launched to much fanfare, boasting former NSA director Keith Alexander as one of its founders.

Unfortunately, experts warn IronNet is just the beginning. The industry’s issues stem from what many see as unrealistic expectations regarding potential growth, setting firms up for disaster.

“We will see more of these bankruptcies with highly leveraged cybersecurity companies, even those with ‘unicorn status’,” Approov CEO Ted Miracco told SC Media, highlighting an IANS Research report showing a 6% expansion in security budgets.

“This is fundamentally incompatible with the large cadre of VC backed companies that expect triple-digit growth figures, especially in this current economic environment,” he added.

Mirraco says the firms that are best-positioned to survive are those that already have a track record of thriving in challenging environments and have a solid focus on innovation and profitability.

“With a fragile economy and a very crowded NDR market, it’s even more critical for those of us in this space to get back to these basic principles,” said Stamus Networks CEO Ken Gramley.

]]>
599456
Update Your Linux Installation to Fix ‘Looney Tunables’ Flaw https://www.webpronews.com/update-your-linux-installation-to-fix-looney-tunables-flaw/ Mon, 09 Oct 2023 14:44:42 +0000 https://www.webpronews.com/?p=599235 The world’s major Linux distros have released patches to address a security flaw impacting nearly all of them.

“Looney Tunables” is a GNU C Library (glibc) privilege escalation exploit that grants local users full root access. The flaw was discovered by security researchers at Qualys. Because of glibc’s widespread use, the vast majority of distributions are affected by this particular flaw, according to Saeed Abbasi, Product Manager – Threat Research Unit:

We have successfully identified and exploited this vulnerability (a local privilege escalation that grants full root privileges) on the default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13. It’s likely that other distributions are similarly susceptible, although we’ve noted that Alpine Linux remains an exception due to its use of musl libc instead of glibc. This vulnerability was introduced in April 2021.

Abbasi says the vulnerability poses “significant risks” to Linux distributions and their users:

Our successful exploitation, leading to full root privileges on major distributions like Fedora, Ubuntu, and Debian, highlights this vulnerability’s severity and widespread nature. Although we are withholding our exploit code for now, the ease with which the buffer overflow can be transformed into a data-only attack implies that other research teams could soon produce and release exploits. This could put countless systems at risk, especially given the extensive use of glibc across Linux distributions. While certain distributions like Alpine Linux are exempt due to their use of musl libc instead of glibc, many popular distributions are potentially vulnerable and could be exploited in the near future.

Fortunately, Debian, Gentoo, Ubuntu, and Red Hat have already patched the issue. Needless to say, users should update immediately.

]]>
599235
Red Hat Security Mailing List Is Shutting Down https://www.webpronews.com/red-hat-security-mailing-list-is-shutting-down/ Sat, 07 Oct 2023 12:30:00 +0000 https://www.webpronews.com/?p=599230 Red Hat is shutting down the “rhsa-announce mailing list,” a mailing list that is used for security notifications.

Red Hat made the announcement in an email to the list:

This is a notification to inform all subscribers that on October 10, 2023, the rhsa-announce mailing list will be disabled by Red Hat Product Security, and no additional Security Advisory notifications will be sent to this list.

Moving forward, users will need to use their Red Hat account to receive security notifications, or subscribe to the company’s RSS feed:

To continue receiving information about released security advisories, logged-in users that have active Red Hat Subscriptions can set up notifications at:

https://www.redhat.com/wapps/ugc/protected/notif.html

Alternatively, all users can make use of the Red Hat Security Errata RSS feed published at:

https://access.redhat.com/security/data/metrics/rhsa.rss

Or consume security advisories in a machine-readable format at:

https://access.redhat.com/security/data/csaf/v2/advisories/

]]>
599230
Cybersecurity Firm IronNet Shuts Down https://www.webpronews.com/cybersecurity-firm-ironnet-shuts-down/ Tue, 03 Oct 2023 10:30:00 +0000 https://www.webpronews.com/?p=599108 IronNet, the cybersecurity firm founded by former NSA director Keith Alexander, has shut down and is headed for bankruptcy.

The company announced the news in a regulatory filing:

On September 29, 2023, given the unavailability of additional sources of liquidity and after considering strategic alternatives, IronNet, Inc. (the “Company”) ceased all activities of the Company and its subsidiaries and terminated the remaining employees of the Company and its subsidiaries. As a result, all of the material business activities and operations of the Company ceased, the Company does not have the ability to satisfy its debts and related obligations, the Company will no longer have the capability to prepare financial statements and other disclosures required for periodic reports for filing with the Securities and Exchange Commission, and the related actual and potential effects on the Company and its subsidiaries will be material and adverse. The board of directors of the Company further authorized the Company to take such actions necessary to prepare for and, subject to final approval by the board of directors to be given at a subsequent meeting, file a voluntary petition for relief under the applicable provisions of the United States Bankruptcy Code (the “Bankruptcy Code”) in the United States Bankruptcy Court (the “Bankruptcy Filing”) as expeditiously as possible.

The revelation is an ignominious end to a company that once held quite a bit of promise in the cybersecurity industry.

]]>
599108
NordVPN Unveils NordLabs to Deliver Cutting-Edge Security https://www.webpronews.com/nordvpn-unveils-nordlabs-to-deliver-cutting-edge-security/ Tue, 03 Oct 2023 00:55:40 +0000 https://www.webpronews.com/?p=598733 NordVPN has unveiled NordLabs, the company’s place to develop and test cutting-edge cybersecurity tools.

NordVPN is one of the most well-respected VPN providers in the world. The company is working to deliver even more cybersecurity tools and will use NordLabs to develop and test them, according to a company tweet:

NordLabs by NordVPN is here! NordLabs is a place where cutting-edge cybersecurity tools are born. It will let you try and experience new online security tools, evaluate them, and contribute to overall safety online. Sign up today: https://content.nordvpn.com/47Rq7QP

NordVPN (@NordVPN) — August 28, 2023

Among the areas of focus is using artificial intelligence to provide improved cybersecurity and combat threats posed by bad actors using AI.

One such effort is Project Sonar:

Turning the tables: Employ AI to identify phishing attacks*

Phishing attacks are evolving together with AI technology, and we’re here to beat cybercriminals in their own game. Meet Sonar, a browser extension that detects phishing emails. Install it, open an email, scan it, and Sonar will let you know how likely it is to be a phishing scam. It will also point out which aspects of the email affected that decision and tell you what signs to look out for. **

Phishing attacks are evolving together with AI technology, and we’re here to beat cybercriminals in their own game. Meet Sonar, a browser extension that detects phishing emails. Install it, open an email, scan it, and Sonar will let you know how likely it is to be a phishing scam. It will also point out which aspects of the email affected that decision and tell you what signs to look out for.

Another project is Project Pixray:

Fighting fire with fire: Using AI to detect AI generated images

A talented artist with a vivid imagination or a layperson with unlimited Midjourney credits? No need to count the fingers and teeth — upload images to Pixray and check them for AI-generated content.

The company is looking for feedback to help it identify which projects can become viable options to help keep users safe and secure:

And we are inviting you to join us — by using these experimental tools and giving feedback, you will help us understand which of them have a fighting chance to keep us safe from digital threats. Some tools will work flawlessly, others may have a bug or two, so expect the unexpected.

]]>
598733
Security Firm CEO Blasts Microsoft’s ‘Grossly Irresponsible’ Azure Security https://www.webpronews.com/security-firm-ceo-blasts-microsofts-grossly-irresponsible-azure-security/ Sun, 01 Oct 2023 11:00:00 +0000 https://www.webpronews.com/?p=591605 Tenable CEO Amit Yoran has blasted Microsoft for “grossly irresponsible” Azure security, saying the company is bordering on “blatantly negligent.”

In a LinkedIn post, Yoran detailed how researchers at his company discovered a flaw in Azure that could “enable an unauthenticated attacker to access cross-tenant applications and sensitive data, such as authentication secrets. To give you an idea of how bad this is, our team very quickly discovered authentication secrets to a bank.”

Tenable’s researchers notified Microsoft of the issue in March 2023 when it was discovered. Unfortunately, Yoran says Microsoft didn’t fix the issue:

Did Microsoft quickly fix the issue that could effectively lead to the breach of multiple customers’ networks and services? Of course not. They took more than 90 days to implement a partial fix – and only for new applications loaded in the service.

Yoran then details the implications of Microsoft’s failure to address the problem:

That means that as of today, the bank I referenced above is still vulnerable, more than 120 days since we reported the issue, as are all of the other organizations that had launched the service prior to the fix. And, to the best of our knowledge, they still have no idea they are at risk and therefore can’t make an informed decision about compensating controls and other risk mitigating actions. Microsoft claims that they will fix the issue by the end of September, four months after we notified them. That’s grossly irresponsible, if not blatantly negligent. We know about the issue, Microsoft knows about the issue, and hopefully threat actors don’t.

In one of his most damning statements, Yoran cites Google Project Zero’s research showing that “Microsoft products have accounted for an aggregate 42.5% of all zero days discovered since 2014.”

Microsoft has faced growing scrutiny over its security practices, with Senator Ron Wyden writing a letter last week to the DOJ, CISA, and the FTC asking the agencies to “hold Microsoft responsible for its negligent cybersecurity practices, which enabled a successful Chinese espionage campaign against the United States government.”

Microsoft may be the second-largest cloud provider, nipping at the heels of AWS. If the company can’t get its act together when it comes to security, it may soon find itself losing ground in the cloud wars.

]]>
591605
Ubuntu Users Uniquely Vulnerable to Linux Kernel Security Flaws https://www.webpronews.com/ubuntu-users-uniquely-vulnerable-to-linux-kernel-security-flaws/ Sat, 30 Sep 2023 18:38:05 +0000 https://www.webpronews.com/?p=525877 A new report says nearly 40% of Ubuntu users are vulnerable to a pair of kernel vulnerabilities unique to Ubuntu and its derivative distributions.

According to Wiz researchers Sagi Tzadik and Shir Tamari, the issues stem from Ubuntu’s OverlayFS module. Several years ago, Ubuntu made custom modifications to OverlayFS. When combined with the changes made to the mainline Linux kernel, however, vulnerabilities in Ubuntu were overlooked, as the researchers describe:

The two vulnerabilities are exclusive to Ubuntu because Ubuntu introduced several changes to the OverlayFS module in 2018. These modifications did not pose any risks at the time. In 2020, a security vulnerability was discovered and patched in the Linux kernel, however due to Ubuntu’s modifications, an additional vulnerable flow was never fixed in Ubuntu. This shows the complex relationship between Linux kernel and distro versions, when both are updating the kernel for different use cases. This complexity poses hard-to-predict risks.

The researchers say that Ubuntu’s modifications pose serious risks to users:

Our team has discovered significant flaws in Ubuntu’s modifications to OverlayFS. These flaws allow the creation of specialized executables, which, upon execution, grant the ability to escalate privileges to root on the affected machine. Linux has a feature called “file capabilities” that grants elevated privileges to executables while they’re executed. This feature is reserved for the root user, while lower-privileged users cannot create such files. However, we discovered that it’s possible to craft an executable file with “scoped” file capabilities and trick the Ubuntu kernel into copying it to a different location with “unscoped” capabilities, granting anyone who executes it root-like privileges.

Fortunately, the researchers say that remote exploitation of these vulnerabilities — labeled CVE-2023-2640 and CVE-2023-32629 — is “improbable,” and local access to a machine is likely required.

However, all users should update their kernel as soon as possible to mitigate these two security issues.

]]>
525877
CISA Says Citrix ShareFile Flaw Is Being Actively Exploited https://www.webpronews.com/cisa-says-citrix-sharefile-flaw-is-being-actively-exploited/ Thu, 17 Aug 2023 19:51:28 +0000 https://www.webpronews.com/?p=592219 The Cybersecurity and Infrastructure Security Agency says a Citrix ShareFile flaw is being actively exploited, adding it to its Known Exploited Vulnerabilities (KEV) catalog.

According to The Hacker News, the bug could allow an attacker to gain access to vulnerable instances remotely. The bug was labeled CVE-2023-24489 and given a severity score of 9.8.

While Citrix addressed the issue in an update in June, The Hacker News says the first evidence of active exploitation started showing up the following month, in July. This would seem to indicate that customers had not yet installed the necessary patch.

With CISA now including the vulnerability in its KEV catalog, any organizations that have still not installed the patch should do so immediately.

]]>
592219