The cybersecurity has spent the last week at Black Hat in Las Vegas. Vendors have been showing off products and making a raft of announcements. It was not just vendors and the conference that was making the news. Hotels took measures that upset many delegates.
When delegates checked in, some hotels gave them pieces of paper saying that their rooms would be subject to unannounced searches by hotel security. Others didn’t provide advance notification and just waited for delegates to make complaints about missing items. Security was given a list of items to look for inside hotel rooms that could be used for hacking, and they were to seize any such items without talking to the occupant, causing significant upset.
It was not only hotel security that got bad press. The organisers are in the middle of a public fight over the conference badges and the company they contracted to create them. At the moment, both sides are using social media to issue claims and counterclaims. It will be a while before the truth is fully known, but it does not reflect well on either of them.
In news stories that Enterprise Times covered, Qualys announced TotalAI, an update to its TruRusk Enterprise platform. It is aimed at helping organisations understand the risks associated with Generative AI and large language models.
Qualys also published its 2024 Midyear Threat Landscape Review. It says the number of CVEs reported year-on-year has surged by 30%, and the number of zero-day attacks is on the rise. Older CVEs are also increasingly being weaponised, showing that there is no room for complacency when it comes to patching.
AttackIQ has launched automated testing for DORA, an EU regulation that came into force in January 2023. Organisations were given until January 2025 to prepare for enforcement. This automated testing by AttackIQ is a significant step towards preparing organisations for the enforcement date. Any organisation not ready after that will face fines.
Beyond Identity launched RealityCheck, an identity assurance plugin for Zoom. The company claims it will protect organisations from deepfakes and impersonation attacks. The solution will certify the participants and improve trust.
The UK Information Commissions Office (ICO) is considering a fine against Advanced Computer Software Group (Advanced). It relates to a data breach that affected 82,946 people and impacted NHS and social care services.
1Password says its Extended Access Management (XAM) solution is driving growth in revenue and customers. The number of customers spending over $100,000 with 1Password has surged by 50% year-over-year and is expected to continue. It also announced new functionality for the solution, saying that it has accelerated development due to customer demand.
FBI
Kalani S. Uehara, 26, from Albuquerque, has admitted to cyberstalking, computer intrusion and identity theft. The offences cover a period from March 2016 to December 2019. Uehara assumed the identities of other people to send threats to individuals, schools and law firms.
She threatened to kill, harm, or extort her victims and took steps to assume others’ identities, open false email accounts in their names, make false accusations, and persistently send vulgar, harassing, and terrifying messages.
Having pled guilty, she faces up to five years in prison and a fine of up to $250,000 for each conviction. She will also face three years of supervised release when her sentence is served.
Forescout
Forescout and Finite State released a new report, Rough Around the Edges (registration required), looking at the software supply chain in OT/IoT routers. The report found that OT and IoT cellular routers, as well as those for small offices and homes, have outdated software, which means that they are at risk of known vulnerabilities.
They also lack a number of security features and some are still shipping with default credentials. When vendors do patch, the lack of quality control and testing means they introduce new issues. They also fail to increment the software versions meaning that nobody knows which is the most up-to-date version.
Daniel dos Santos, Head of Research at Forescout Research, Vedere Labs, said, “Our recent Sierra:21 research found tens of thousands of devices with outdated firmware are exposed online, easily accessible to hackers.
“Following the publication of Sierra:21, we wanted to understand the state of software components in OT/IoT network devices from other vendors, and what threat actors might uncover if they looked more closely at this software supply chain. Instead of finding new vulnerabilities, our goal was to look at what is already known (“n-day”), but still present in the latest firmware releases of routers.”
NCSC
At Black Hat in Las Vegas, Felicity Oswald, CEO of the NCSC, shared insights into securing the recent UK elections in cyberspace. Oswald outlined how close partnerships across government, industry, and international allies were essential to ensure security measures.
Oswald has also published a blog post giving her thoughts on what was done right. One key point that she makes is that prior preparation was key to the success of protecting the election. It meant that despite the UK having just a seven-week election cycle, it was well prepared.
Interestingly, there has been little such reflection from the recent swathe of elections across Europe. In those elections, the issue of online misinformation has been blamed for some of the results. With the US well into its election cycle and with three months still to go, the UK experience may well help agencies there to ensure elections are secure.
Qualys
Qualys published its second quarter 2024 financial results showing revenue continues to climb, up 8% year-over-year. Total revenues for Q2, 2024 were $148.7 million with net income under GAAP of $43.8 million.
Sumedh Thakar, president and CEO of Qualys, said, “We delivered a strong quarter of rapid innovation on the Qualys Enterprise TruRisk Platform, reflecting our ongoing commitment to extend our technology leadership and customer success.”
“Our comprehensive multi-sensor architecture and rapid innovation engine underscore our growing thought leadership and the value proposition we deliver to customers seeking to transform, consolidate, and fortify their security posture. We believe Qualys has created strong competitive differentiation and is strategically well positioned as the foundational risk management platform for the future with multiple avenues to drive sustainable long-term growth.”