NIBS (credit image/Pixabay/ Ryan McGuire)Last week was all about RSA as the cybersecurity industry went into all-out overdrive with new products and random announcements, especially about the AI magic bullet.

One company that bucked the trend was Backslash Security. It pointed out that LLM-generated code brings a new scale of problems, especially when it comes to code.

Enterprise Times also spoke with Paul Mountford from Protegrity who recently published a survey looking at data security. It seems that companies are struggling to find a balance between data security and accessibility.

Europol

Austrian scammers arrested

Law enforcement agencies from Austria, Cyprus and Czechia have arrested a gang of Austrian scammers. The six men are accused of running a series of cryptocurrency scams and were arrested after their exit scam.

The scammers created a trading company and used it to issue an initial coin offering (ICO) for a fake cryptocurrency. 10 million coins were to be made available, and investors paid using other cryptocurrencies such as Ethereum and Bitcoin. Within a couple of months, the company and the website disappeared.

After performing six house searches, law enforcement seized over EUR 500 000 in cryptocurrencies and EUR 250 000 in fiat currency and froze dozens of bank accounts. Furthermore, two cars and a luxury property worth EUR 1 400 000 were seized.

FBI

Cybercriminals Utilizing Artificial Intelligence

At the RSA conference, the FBI San Francisco division warned of an increasing threat of cybercriminals using artificial intelligence (AI). AI makes it easier for them to conduct sophisticated phishing/social engineering attacks and voice/video cloning scams.

The FBI says that AI provides augmented and enhanced capabilities to schemes that attackers already use. Importantly, it increases cyber-attack speed, scale, and automation. Cybercriminals are leveraging publicly available and custom-made AI tools to orchestrate highly targeted phishing campaigns, exploiting the trust of individuals and organizations alike.

Developer of Lockbit ransomware gets sanctioned

As part of the second phase of Operation Cronos, which saw the Lockbit ransomware taken down, the US, UK and Australia have announced sanctions against a Russian national. That individual has been named as Dimitry Yuryevich Khoroshev (Дмитрий Юрьевич Хорошев), aka LockBitSupp, LockBit, and putinkrab, 31, of Voronezh, Russia.

Khoroshev is alleged to be the creator, developer, and administrator of the LockBit ransomware group from its inception in September 2019 through the present.

Attorney General Merrick B. Garland said, “Earlier this year, the Justice Department and our U.K. law enforcement partners disrupted LockBit, a ransomware group responsible for attacks on victims across the United States and around the world.

“Today we are going a step further, charging the individual who we allege developed and administered this malicious cyber scheme, which has targeted over 2,000 victims and stolen more than $100 million in ransomware payments.”

Forescout

Forescout expands global sharing of threat intelligence

Forescout Technologies is expanding its threat intelligence-sharing program globally. It will be led by Forescout Research – Vedere Labs. Vedere Labs provides contextual threat intelligence to enhance global defenses and improve security posture. Last year alone, Vedere Labs tracked 420 million+ attacks, 300 million+ exploits, 19 million+ devices, and 50,000+ malware samples.

Elisa Costante, Vice President of Research at Forescout said, “The threat landscape continues to evolve in sophistication and frequency with highly targeted attacks against both the public and private sectors.

“Threat Intelligence is nothing new, however, the security industry is missing contextual enriched threat insights. Only by sharing metadata about the attacks within our community, can we grow stronger. This research and intelligence sharing initiative is critical to answering the questions that matter to harden global defenses against cyber risks.”

Jumpcloud

New features for Google Workspace and Google Cloud

JumpCloud Inc has released new features for Google Workspace and Google Cloud customers. The new features deliver enhanced security, greater IT admin efficiency, and an easier experience for IT teams and end users.

The company calls out three key features:

  • Passwordless access capabilities through JumpCloud Go that use biometrics for greater ease of use and provide phishing resistance.
  • Identity federation so customers can easily add device management to their environment using their Google Workspace credentials.
  • Temporary Elevated Device Privileges make it easy for organizations to secure their environment with the least privileged access to their JumpCloud-managed devices.

Greg Armanini, vice president of product management, JumpCloud, said, “Tool sprawl increases complexity and creates an enormous burden for IT admins, putting their organizations at significant risk.

“JumpCloud and Google Workspace together deliver a comprehensive solution across device, identity, and access management, while also giving IT teams the freedom to add industry leading tools that best fit their deployment’s needs.”

ManageEngine

ManageEngine release integration for Constella

ManageEngine has released an integration between its SIEM solution, Log360, and Constella Intelligence. Combining SIEM data with a risk protection platform allows enterprises to detect attacks earlier.

Emphasizing the value of this integration, Kevin Senator, CEO at Constella Intelligence, said, “Today’s interconnected business landscape demands proactive measures against the looming threat of supply chain attacks. With this integration, we are equipping organizations with a crucial first line of defense. By relentlessly hunting leaked credentials, we empower businesses to stay ahead of cyberthreats and safeguard their critical data and operations.”

There are five key parts to this integration mentioned in the announcement.

  • 24/7 dark web monitoring
  • Proactive mitigation and supply chain collaboration
  • Unified security response
  • Real-time alerts and threat intelligence
  • Predictions to preempt attacks

Noname Security

Akamai to acquire Noname Security

Akamai has announced that it will acquire Noname Security for $450 million. The announcement will see the API security solutions from both vendors combined into a new API security suite. It will see customers of both companies given access to the new solution, although it is unclear what additional costs customers might face.

Akamai also expects to gain from Noname’s customer base, partner channel, and other alliances. Partners will want early clarity on what that means for them and how this will change how they sell.

Oz Golan, chief executive officer and co-founder of Noname, said, “API development continues to proliferate as customers prioritize their investments in application modernization and digital transformation initiatives.

“Combining Noname with Akamai’s API Security offering will provide a solution for any type of customer. No matter where the customer’s applications reside – be it in the cloud, natively on the edge, on-premise, or on other vendor platforms – they will be protected.”

Qualys

Qualys expands TruRisk platform to enhance EASM capabilities

Qualys, Inc has launched CyberSecurity Asset Management 3.0 an expansion of the Enterprise TruRisk Platform. It brings together the company’s vulnerability assessment capability into its External Attack Surface Management (EASM) solution. The result is an accurate, real-time view of the external attack surface that eliminates more false positives to mitigate the risk of unknown assets.

At the heart of this is asset discovery. Many organisations have incomplete asset registers, especially after mergers and acquisitions. It means that security teams do not know the risk that the organisation is facing. An additional challenge is then knowing what to patch based on an accurate risk assessment rather than a knee-jerk reaction to a patch being issued.

Sumedh Thakar, president and CEO at Qualys said, “The ‘unknown’ asset continues to account for a sizeable amount of the cyber risk plaguing the modern enterprise because if you don’t know your assets, you don’t know your risk.

“With our groundbreaking EASM engine and discovery advancements, CyberSecurity Asset Management 3.0 is the only solution that provides every possible discovery method with the speed and accuracy that the modern organization requires.”

Qualys first quarter 2024 financial results show 12% revenue growth

Qualys released its first quarter 2024 financial results this week. It shows that the company has continued its growth trajectory with revenue growth of 12% year-over-year. Revenue was up to $145.8 million and GAAP gross profit surged to 14% ($118.6 million).

Key to growth is the TruRisk Platform. Not only did the company release v2.0 recently, it has also seen considerable uptake by customers and partners.

Sumedh Thakar, president and CEO of Qualys said, “By leveraging the advanced automation in the Qualys Enterprise TruRisk Platform, we offer customers and partners a highly differentiated and natively integrated solution to holistically measure, communicate, and ultimately work to eliminate cyber risk.

“Our continuous innovation to further strengthen our platform and TruRisk capabilities across on-prem, cloud, and multi-cloud environments enables a solution for modern security challenges at scale, further extends our leadership, and we believe strategically positions Qualys as the foundational risk management platform for the future and durable long-term growth.”

ThreatHunter

Threathunter launches Response:Ready

At RSA 2024, Threathunter.ai launched its Response:Ready solution. While it is aimed at all organisations, the company says it will appeal to the underserved SMB market. The solution is not just a software solution that companies deploy. ThreatHunter says it “offers immediate experience, expert threat triage, and in-depth investigations, ensuring that businesses are never left unguarded in their time of need.”

James McMurry, CEO and founder of ThreatHunter.ai said, “Response:Ready is the embodiment of our vision to democratize cybersecurity. For nearly two decades, ThreatHunter.ai has been a pillar of strength for organizations navigating the turbulent waters of cyber threats.

“Today, we renew our commitment: to blend cutting-edge technology with the fine scale craftsmanship of human expertise, offering unparalleled support across the cybersecurity landscape.”

Xalient

Xalient achieves continued compliance with ISO standard

In a recent audit, Xalient has maintained its ISO 20000:2018 certification for Service Management. Importantly, there were no non-conformance issues and the auditors gave positive feedback on how Xalient operates.

Craig Ingham, Xalient’s Group Information Security & Compliance Director, said: “We are delighted to maintain ISO 20000:2018 certification, which demonstrates our advanced Service Management processes. This underlines our commitment to service management excellence and recognises the efforts and dedication of our entire team.

“Achieving ISO 20000:2018 certification, in addition to our other certifications, demonstrates our commitment to providing excellent customer service. We continue to focus on using best practices and cutting-edge technologies to satisfy our clients’ evolving demands around the world.”  

Security news from the week beginning 29 April 2024

 

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here