This week, there were some interesting news announcements and a steady stream of reports. Secureframe launched a free Gap Assessment (registration required). It is designed to identify gaps in security posture and compliance especially for its partner channel.
CAST AI has launched its new Kubernetes Security Posture Management (KSPM) solution. The company claims KSPM blocks 20 times more runtime threats than legacy security tools, a claim that will interest a lot of people.
Privacera has announced that it has open-sourced its GenAI governance solution, Privacera AI Governance (PAIG). It is now called PAIG OSS and is free to download from the company’s GitHub repository.
Qumulo has released its latest solution, Cloud Native Qumulo (CNQ), on Amazon Web Services (AWS). The company claims it is the world’s first cloud-native solution for unstructured data, setting new standards in performance, scalability, flexibility and cost-efficiency. It also claims that CNQ will revolutionise enterprise data management.
ColorTokens has acquired PureID to strengthen its Xshield Microsegmentation platform. Microsegmentation is the latest evolution of network segmentation, a security and network technology that has existed since the 1980s and is seeing a new role today.
Pulseway has released version 9.8 of its RMM solution. This release focuses on improving the automation engine; however, there are also some other significant updates. For example, the Remote Control Session Recording feature announced in 9.7 is now generally available.
Endor Labs has published the 2024 Dependency Management Report, reinforcing a problem many developers have known for years. When you patch something, you are highly likely to break something else. From the report and based on its research, Endor Labs says that the chance of breaking something is as high as 75%.
BlueVoyant
BlueVoyant announced findings from a commissioned Total Economic Impact (TEI) study conducted by Forrester Consulting. The study focused on BlueVoyant’s Managed Detection and Response (MDR) services. It found that BlueVoyant’s offerings provided a 210% return on investment (ROI) and a financial benefit, or net present value (NPV) of $3.9 million over three years, for a representative 10,000-user organization.
“BlueVoyant has been a trusted partner to myself, to my boss, and to the senior leaders that run our 24×7 SOC,” said a deputy enterprise CISO for a large insurance organization interviewed by Forrester Consulting for the study. “I’ve appreciated all of their insights, and most importantly, their brutal honesty on our existing operations.”
Europol
At the 8th Global Conference on Criminal Finances and Cryptocurrencies, Europol discussed which crypto assets and innovations are abused to facilitate organised crime.
The conference also showcased how law enforcement agencies are working collaboratively with crypto asset service providers, blockchain analysis firms and specialist asset recovery and management agencies to fight back.
FBI
The FBI has released its Cryptocurrency Fraud Report for 2023. The FBI’s Internet Crime Complaint Center received more than 69,000 complaints from the public regarding cyber-enabled crime and financial fraud in 2023. It amounts to a loss of over $5.6 billion. The biggest single area of loss was from investment fraud with $3.9 billion lost.
FBI Director Christopher Wray said, “Scams targeting investors who use cryptocurrency are skyrocketing in severity and complexity. The best way to help stop these crimes is for people to report them to ic3.gov, even if they did not suffer a financial loss.”
The FBI also acted against three cryptocurrency recovery services. The web domains of MyChargeBack, Payback LTD, and Claim Justice have been seized. These companies claimed to provide cryptocurrency tracing and promised to recover lost funds.
The FBI’s action is aimed at stopping victims from being defrauded twice: once through the loss of their cryptocurrency and then a second time by companies that take large upfront costs and achieve nothing.
National Crime Agency
The NCA arrested a teenager from Walsall as it investigates the cyber security incident affecting Transport for London (TfL). The 17-year-old male was detained on suspicion of Computer Misuse Act offences in relation to the attack, which was launched on TfL on 1 September.
Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said: “We have been working at pace to support Transport for London following a cyber attack on their network, and to identify the criminal actors responsible.
“Attacks on public infrastructure such as this can be hugely disruptive and lead to severe consequences for local communities and national systems.”
NOYB
The Belgian data protection authority has ordered four major Belgian news sites to bring their cookie banners into GDPR compliance. It follows multiple complaints by noyb about the deceptive cookie banners of the news sites.
De Standaard, Het Nieuwsblad, Het Belang van Limburg and Gazet van Antwerpen must add a “reject” button to the first layer of their cookie banners. They must also change the currently misleading colour scheme of the buttons used. Failure to comply will result in a penalty of €50,000 per day per website.