NIBS (credit image/Pixabay/ Ryan McGuire)Last week, CompTIA announced it will deliver a new line of technology training and testing products through TestOut. A business that it acquired in early 2023. There were appointments from Babel Street and Ivanti and reports from Egress, LogRhythm, SecureWorks, Sonatype and WatchGuard. ManageEngine and Okta both revealed new products.

Babel Street

Maj. Gen. Mark Quantock (Ret.), EVP of Strategic Accounts at Babel Street, has been appointed to the AFCEA Intelligence Committee. The AFCEA International is a professional association with over 30,000 members worldwide. For individuals engaged in defence, intelligence, security, and all related technology disciplines. Its membership comprises military, government, industry, academic organizations, and individuals worldwide.

Lewis Shepherd, Chair of the AFCEA Intelligence Committee, commented, “Maj. Gen. Mark Quantock (Ret.) joining the AFCEA Intelligence Committee showcases the essential synergy between military intelligence and modern technology in today’s dynamic security landscape. His addition enhances the committee’s expertise and further elevates the contributions the private sector brings to the broader intelligence community.”

Corero

Corero Network Security and Datacipher have strengthened their strategic partnership by winning a significant new customer in India. The customer was not named.

Amarandhar Kotha, Managing Director at Datacipher, said, “We pride ourselves on providing transformative IT security solutions to our clients. We are very honoured to partner with Corero and delighted for the opportunity of bringing SmartWall ONE DDoS solution to our esteemed customers in India.”

Tanya Alfonso, Chief Revenue Officer at Corero Network Security, said, “This new customer win underscores the enormous potential for DDoS solutions in India, and we are thrilled to be partnering with Datacipher. Our technology, coupled with Datacipher’s specialized support and services, provide an ideal solution for the increasingly complex threat landscape faced by all organizations.”

Egress

Egress released its second Phishing Threat Trends Report. The findings demonstrate the evolving attack methodologies used by cybercriminals. Designed to get through traditional perimeter security, including secure email gateways.

The report delves into key phishing trends, including the most phished topic. It explores prevalent obfuscation techniques being used to bypass perimeter defences and examines whether chatbots have really revolutionized cyberattacks.

  • Missed voice messages accounted for 18% of phishing attacks, making them the most phished topic of the year so far
  • The most common type of payload is phishing links to websites (45%), up from 35% in 2022
  • 55% of phishing emails contain obfuscation techniques to help cybercriminals avoid detection, with HTML smuggling being the most popular technique
  • 34% of mail flow is ‘graymail’, and there is a direct correlation between the volume of graymail and the number of phishing emails received, according to the research

Jack Chapman, VP of Threat Intelligence, Egress, noted, “Without a doubt, chatbots or large language models (LLM) lower the barrier for entry to cybercrime, making it possible to create well-written phishing campaigns and generate malware that less capable coders could not produce alone.

“However, one of the most concerning but least talked about applications of LLMs is reconnaissance for highly targeted attacks. Within seconds a chatbot can scrape the internet for open-source information about a chosen target that can be leveraged as a pretext for social engineering campaigns, which are growing increasingly common. I’m often asked if LLM really changes the game, but ultimately it comes down to the defense you have in place.

“If you’re relying on traditional perimeter detection that uses signature-based and reputation-based detection, then you urgently need to evaluate integrated cloud email security solutions that don’t rely on definition libraries and domain checks to determine whether an email is legitimate or not!”

ESET

ESET researchers discovered a cyberespionage campaign against a governmental entity in Guyana. Named Operation Jacana by ESET, it believes with medium confidence that it is linked to a China-aligned threat group. In the attack, the operators used a previously undocumented backdoor, DinodasRAT (Remote Access Trojan). This can exfiltrate files, manipulate Windows registry keys, and execute commands. It encrypts the information it sends to the command and control server (C&C) using the Tiny Encryption Algorithm.

The deployed spearphishing emails referenced recent Guyanese public and political affairs. It indicates that the attackers are keeping track of their victims’ (geo) political activities to increase the likelihood of the operation’s success. One email, luring the victims with news concerning a “Guyanese fugitive in Vietnam,” contained a domain ending with gov.vn.

ESET researcher Fernando Tavella, who discovered Operation Jacana, said, “This domain indicates a Vietnamese governmental website; thus, we believe that the operators were able to compromise a Vietnamese governmental entity and use its infrastructure to host malware samples. ESET researchers notified the VNCERT about the compromised infrastructure.”

Europol

On 28 September, a large-scale voluntary Referral Action Day between TikTok, Europol’s European Counter Terrorism Centre (ECTC), and 11 countries took place. Targeting suspected terrorist and violent extremist content online. In collaboration with the video-sharing platform TikTok, investigators from the participating countries, together with the ECTC’s European Union Internet Referral Unit (EU IRU), performed an exercise to detect material glorifying past terrorist attacks or terrorist perpetrators.

TikTok regularly publishes content removal statistics for violent extremism content in its quarterly transparency reports. The latest report shows that TikTok proactively removed 95% of violent extremism content.

As part of the joint exercise, some 2,145 pieces of content were assessed. These were flagged to TikTok for voluntary review against their terms of service. Among the referred content were items linked to jihadism and violent right-wing extremism and terrorism, such as videos and memes.

Invicti

Invicti Security, the leading dynamic application security testing (DAST) company, has successfully attained the ISO 27001:2022 certification for all its products. This achievement demonstrates Invicti’s dedication to information security and data protection. Underscoring the organization’s commitment to protecting sensitive information, maintaining data integrity, and providing clients and stakeholders with the highest level of trust.

Matthew Sciberras, CISO and VP of Information Security and IT at Invicti Security, expressed pride in this achievement, stating, “Our team has worked tirelessly to achieve ISO 27001:2022 certification, and this accomplishment reflects our unwavering commitment to safeguarding the sensitive information entrusted to us. This certification reinforces our clients’ trust in our ability to protect their data and reaffirms our position as a leader in the application security sector.”

Ivanti

Ivanti announced four new leadership appointments in its product and engineering organization.

  • Ravi Iyer, Chief Technology Officer, Transformation
  • Ram Motipally, Vice President, Business Development
  • Aman Teja, Vice President, Engineering Core Services
  • Hitesh Kapoor, Vice President of Product Management, EXM

Srinivas Mukkamala, Chief Product Officer at Ivanti, noted, “These leadership appointments were made through a meticulous and deliberate selection process evaluating their industry knowledge, experience and proven track record of delivering results.

“I am thrilled to add these proven leaders to our already world-class team because they each perfectly align with our strategic goals and commitment to innovation. Expanding our product and engineering team at Ivanti is critical in leading us to a SaaS-driven future and accelerating opportunities.”

LogRhythm

LogRhythm announced its 6th consecutive quarterly release and the first anniversary of its groundbreaking cloud-native SaaS SIEM platform, LogRhythm Axon. This quarterly release introduces significant enhancements and expansion to Axon and the full suite of LogRhythm solutions. Underscoring the company’s commitment to continuous innovation in the global cybersecurity landscape.

Chris O’Malley, CEO of LogRhythm, said, “In a dynamic and ever-evolving cybersecurity landscape, LogRhythm is obsessed with delivering value our customers care about. As we celebrate the one-year anniversary of Axon’s launch, customer satisfaction is our first priority, guiding every decision we make.

“We believe that by driving continuous improvements in innovation delivery rooted in well understood customer needs, we can empower our product users to navigate the complex world of cybersecurity with confidence and efficiency.”

The updates include:

  • LogRhythm SIEM now provides seamless integration of log source onboarding through centralized management
  • New in-product resource centres for both LogRhythm SIEM and LogRhythm Axon
  • the successful expansion of their LogRhythm Axon SIEM platform to the APAC region, with a new instance in Australia
  • Additional enhancements with LogRhythm SIEM, LogRhythm NDR and LogRhythm Axon solutions

ManageEngine

ManageEngine launched Identity360, its cloud-native identity management platform that addresses identity and access management (IAM) complexities arising within enterprise workforces. ManageEngine also announced the addition of access certification and identity risk assessment functions to ADManager Plus. This is its on-premises identity governance and administration (IGA) solution.

Identity360 is a centralized platform that integrates directories and applications to streamline user identity management. Identity360 can enforce access controls across these integrated entities. It also offers end-to-end identity life cycle management with workflow orchestration and empowers organizations to optimize their business processes.

Manikandan Thangaraj, Vice President of ManageEngine, said, “Organizations, regardless of their infrastructure and size, commonly encounter identity security and management challenges. Identity360 can help them securely transition to the cloud and effectively manage identities and their access to applications, all while enforcing strong security controls.”

The IAM solutions provide:

  • Centralized Universal Directory that offers directory services and comprehensive reports on identities
  • Consolidated management of user identities across integrated systems with advanced capabilities like orchestration, smart templates and SCIM-based provisioning
  • Reduced password fatigue and risk of unauthorized access with MFA-secured SSO
  • Visibility into the security gaps in Active Directory environments, along with remediation measures to mitigate them proactively
  • Enhanced security by limiting access to network resources through periodic review and validation of access permissions

Microsoft

Microsoft security researchers recently identified a campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance. This attack technique demonstrates an approach we’ve seen in other cloud services, such as VMs and Kubernetes cluster, but not in SQL Server.

The attackers initially exploited a SQL injection vulnerability in an application within the target’s environment. This allowed the attacker to gain access and elevated permissions on a Microsoft SQL Server instance deployed in Azure Virtual Machine (VM).

The attackers then used the acquired elevated permission to attempt to move laterally to additional cloud resources by abusing the server’s cloud identity. Cloud identities are commonly used in cloud services, including SQL Server. These may possess elevated permissions to carry out actions in the cloud. This attack highlights the need to properly secure cloud identities. To defend SQL Server instances and cloud resources from unauthorized access.

A blog post explains the attack flow and its main technique: SQL Server to cloud lateral movement. It also revealed how Microsoft Defender for SQL can detect activities related to this type of threat and help responders mitigate such attacks.

Okta

Okta made a series of announcements.

It announced support for passkeys in early access as a passwordless authentication method for Okta Customer Identity Cloud, powered by Auth0. Passkeys are one of several new capabilities that expand Okta’s comprehensive solution for Customer Identity and Access Management (CIAM). Delivering convenience, security, and privacy for consumer and SaaS applications.

Okta also launched Identity Threat Protection with Okta AI (Identity Threat Protection), a new product for Okta Workforce Identity Cloud. This delivers real-time detection and response for Identity-based threats. Identity Threat Protection will be available in Limited Early Access in Q1 of 2024.

Okta announced the launch of a new initiative focused on finding and developing the best cybersecurity talent. It also provides equitable access to thriving careers in technology. Okta is committed to investing in two key areas.

The first is $1.6 million in philanthropic grants out of the Okta for Good Fund. This is a donor-advised fund held at Tides Foundation for organizations around the globe. Providing tech career opportunities for women, people of colour, veterans and other jobseekers from underrepresented communities.

The second is made up of 5,000 educational grants to unemployed professionals. Looking to make a career transition to cybersecurity by growing their Okta skills. The program focuses on veterans, military spouses, and tech workers impacted by recent layoffs.

It also announced Okta AI, a suite of AI-powered capabilities that empower organizations to harness the power of AI. Building better experiences and protection against cyberattacks.

Embedded across both Workforce Identity Cloud and Customer Identity Cloud, Okta AI powers real-time Identity actions. Using the latest AI models and Okta’s unique crowdsourced threat intelligence and Identity data. Okta has robust privacy and compliance teams to handle data ethically. In compliance with privacy regulations, responsibly accelerating innovation as the world’s most trusted Identity company.

Todd McKinnon, Co-Founder and CEO of Okta, said, “As AI blurs the line between humans and machines, Identity is crucial to ensure we can securely connect people to technology. Today, the world’s largest brands and fast-growing AI companies rely on us to secure their organizations and their customers.

“Coupled with our relentless focus on securing the industry’s most sensitive data, we are uniquely positioned to help companies responsibly innovate with AI as the connective tissue across every layer of their technology stack.”

Finally, Okta also announced that the team behind Uno, a leading design-centric consumer password manager, is joining Okta to accelerate its rollout of Okta Personal. This will help achieve its vision of delivering a world-class personal Identity product that goes beyond today’s consumer password managers.

Qualys

The Qualys Threat Research Unit (TRU) discovered a buffer overflow vulnerability in GNU C Library’s dynamic loader’s processing of the GLIBC_TUNABLES environment variable. It identified and exploited this vulnerability (a local privilege escalation that grants full root privileges) on the default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13.

It’s likely that other distributions are similarly susceptible. Importantly, Alpine Linux remains an exception due to its use of musl libc instead of glibc. This vulnerability was introduced in April 2021. Qualys Threat Research Unit advises security teams to prioritize patching this issue.

Secureworks

The Secureworks annual State of the Threat report examined the cybersecurity landscape from June 2022 to July 2023. The report found that in just 12 months, the median dwell time identified in the annual Secureworks State of the Threat Report has freefallen from 4.5 days to less than one day. In 10% of cases, ransomware was even deployed within five hours of initial access.

Don Smith, VP of Threat Intelligence, Secureworks Counter Threat Unit, said, “The driver for the reduction in median dwell time is likely due to the cybercriminals’ desire for a lower chance of detection. The cybersecurity industry has become much more adept at detecting activity that is a precursor to ransomware.

“As a result, threat actors are focusing on simpler and quicker to implement operations, rather than big, multi-site enterprise-wide encryption events that are significantly more complex. But the risk from those attacks is still high.

“While we still see familiar names as the most active threat actors, the emergence of several new and very active threat groups is fuelling a significant rise in victim and data leaks. Despite high profile takedowns and sanctions, cybercriminals are masters of adaptation, and so the threat continues to gather pace.”

Other key findings included:

  • While some familiar names, including GOLD MYSTIC (LockBit), GOLD BLAZER (BlackCat/ALPV), and GOLD TAHOE (Cl0p), still dominate the ransomware landscape, new groups are emerging. Listing significant victim counts on “name and shame” leak sites. The past four months of this reporting period have been the most prolific for victim numbers since name-and-shame attacks started in 2019.
  • The three largest initial access vectors (IAV) observed in ransomware engagements where customers engaged Secureworks incident responders were scan-and-exploit, stolen credentials and commodity malware via phishing emails.
  • The exploitation of known vulnerabilities from 2022 and earlier continued and accounted for more than half of the most exploited vulnerabilities during the reporting period.

Sonatype

Sonatype released its 9th Annual State of the Software Supply Chain Report. The key findings included:

  • 2023 saw twice as many software supply chain attacks as 2019-2022 combined: Sonatype logged 245,032 malicious packages in 2023. One in eight open-source downloads today poses known and avoidable risks.
  • Nearly all (96%) vulnerabilities are still avoidable: 2.1 billion OSS downloads with known vulnerabilities in 2023 could have been avoided. Because a better, fixed version was available – the same percentage as in 2022. For every suboptimal component upgrade made, there are typically 10 superior versions available.
  • Only 11% of open source projects are ‘actively maintained’: Sonatype analyzed 1,176,407 open source projects across four major ecosystems. They saw an 18% decline in ‘actively maintained’ open source projects. The finding demonstrates the importance of constant vigilance from consumers in tracking the health of dependencies over time. The report once again highlights suboptimal open source consumption habits as the root cause of open source risk. Contrary to public discourse often linking security risk with open source maintainers. In fact, the report demonstrates that maintainers, on average, promptly address and resolve issues.

Brian Fox, CTO at Sonatype, noted, “A lot of maintainers are very diligent – Big Tech companies go out of their way to hire talented people to maintain libraries they rely on. Our industry needs to direct its efforts towards the right place.

“The fact that there’s been a fix for almost all downloads of components with a known vulnerability tells us an immediate focus should be supporting developers on becoming better decision-makers and giving them access to the right tools.

“The goal is to help developers be more intentional about downloading open source software from projects with the most maintainers and the healthiest ecosystem of contributors. This will not only create safer software, but also recoup nearly two weeks of wasted developer time each year.”

Tenable

Tenable Holdings, Inc., the Exposure Management company, has closed its acquisition of Ermetic, Ltd. (“Ermetic”), an innovative cloud-native application protection platform (CNAPP) company and a leading provider of cloud infrastructure entitlement management (CIEM).

The combination of Tenable and Ermetic offerings will add capabilities to both the Tenable One Exposure Management Platform and the Tenable Cloud Security solution. This will deliver market-leading contextual risk visibility, prioritization and remediation across infrastructure and identities, both on-premises and in the cloud.

Amit Yoran, Chairman and Chief Executive Officer of Tenable, commented, “The unique combination of Tenable and Ermetic will give customers tightly integrated CNAPP capabilities for cloud environments, delivered through an elegant user experience that minimizes complexity and speeds adoption.

“We’re delivering unparalleled insights into identities and access, which are absolutely critical to securing cloud environments. And with the integration of insights from Tenable One, customers can also consolidate, simplify and reduce costs.”

Trend Micro

Trend Micro announced a complete redesign of the company’s worldwide partner program. This re-design will accelerate business growth for partners and allow them to further deliver exceptional value to end customers. The program is built around the Trend Vision One platform. Creating opportunities for partners to deliver services and assessments for both enterprise and SMB-focused partners.

Eva Chen, CEO at Trend, said, “Our partners have been an indispensable part of our extraordinary journey spanning over three decades. We anticipate the achievements still to come as we continue to strategically align with our partners to safeguard the digital world.

“As we introduce a new era of the channel with this completely re-designed partner program, I am proud to announce our joint mission to enable partners to become the most resilient cybersecurity companions and guide our customers through their security lifecycle.”

WatchGuard

WatchGuard announced the findings of its latest Internet Security Report. It details the top malware trends and network and endpoint security threats analyzed by WatchGuard Threat Lab researchers.

Key findings from the research include:

  • 95% of malware now arriving over encrypted connections
  • An 8% decrease in endpoint malware volumes in Q2 despite campaigns growing more widespread
  • Ransomware detections are on the decline amid a rise in double-extortion attacks
  • Double-extortion attacks from ransomware groups increased 72% quarter over quarter
  • Older software vulnerabilities persist as popular targets for exploit among modern threat actors
  • Attacks that abused Windows OS tools like WMI and PSExec grew 29%, accounting for 17% of all total volume
  • Six new malware variants in the Top 10 endpoint detections

Corey Nachreiner, Chief Security Officer at WatchGuard, said, “The data analyzed by our Threat Lab for our latest report reinforces how advanced malware attacks fluctuate in occurrence and multifaceted cyber threats continue to evolve, requiring constant vigilance and a layered security approach to combat them effectively.

“There is no single strategy that threat actors wield in their attacks and certain threats often present varying levels of risk at different times of the year. Organizations must continually be on alert to monitor these threats and employ a unified security approach, which can be administered effectively by managed service providers, for their best defense.”

Security news from the week beginning 25th September 2023

 

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here