NIBS (credit image/Pixabay/ Ryan McGuire)A busy week in cybersecurity, with conferences, reports, and news announcements galore.

SlashNext has found anti-bot services helping cybercriminals bypass Google’s Red Page warnings for phishing. It has named Otus Anti-Bot, Remove Red, and Limitless Anti-Bot as some of the services currently available.

Blackwire Labs has announced Blackwire.ai as a means of democratising cybersecurity expertise. It describes its first tech-enabled product as an “Enterprise-grade, GenAI tool that combines human expert-vetted knowledge with blockchain-powered integrity to deliver unparalleled cybersecurity insights.”

Quantum Dice and SCI Semiconductor have announced a partnership where the two companies will collaborate on future development. The two companies are to create joint solutions targeting advanced security systems. They are targeting smart energy and critical infrastructure, aerospace and defense, telecommunications, automotive, industry 4.0, and medical domains.

ThreatQuotient has announced its first Cyber Rhino Threat Week. It is an online event that starts on Monday, 9th December and runs for five days. Each day there is a single presentation, which people can register to watch. The sessions range from a keynote to a demo, a use case to a panel discussion, with each lasting for around an hour.

Forter announced new product capabilities in the October release of its platform. Key among those new capabilities are enhancements to its AI decisioning to increase accuracy as it delivers enhanced decision accuracy to combat fraud. It also deepens its identity intelligence as the company looks to block more forms of fraud.

Atul Rajput, EMEA Director, Channel Partners and End Customers at Axis Communications, discussed the need for trust and data integrity. He then showed how the Edelman Trust Barometer identifies trusted data as part of a company’s intangible valuation.

At WSO2 Oxygenate, Enterprise Times caught up with Devaka Randeniya, Chief Revenue Officer at WSO2. We discussed several things, including the EQT acquisition and what that means for API security company WSO2.

FBI

A man from Buffalo, New York, has been convicted and sentenced for buying stolen data from the Genesis Market. Wul Isaac Chol was caught in possession of over 700 unauthorized access devices. His plan was to use the devices and stolen data to commit fraud. He has been sentenced to serve 20 months in prison.

Between June 2019, and January 2021, Chol deposited approximately $105.08 worth of bitcoin in a Genesis account. The funds were used to purchase 21 packages of unauthorized access devices that consisted of 778 devices. He was also found guilty of obtaining $25,164.00 from the New York State Department of Labor.

JumpCloud

JumpCloud Chief Financial Officer (CFO) Michelle DeBella has been named one of Financial Executives International’s (FEI) CFO Women of the Year by the Silicon Valley chapter. FEI recognizes women’s incredible contributions in the accounting and finance fields. The awards acknowledge honorees’ extraordinary achievements in leading, inspiring, and motivating others.

DeBella commented, “I am incredibly honored to be named a CFO Woman of the Year by FEI. This award reflects the work and dedication of a much bigger and incredible team, whose commitment has been instrumental in driving JumpCloud’s success. I look forward to helping JumpCloud meet the complex needs of our customers and partners. I am as committed as ever to making IT management as simple as possible.”

National Cyber Security Centre

The NCSC is encouraging UK organisations to take immediate action to mitigate a vulnerability affecting Fortinet FortiManager (CVE-2024-47575) and to follow the latest vendor advice.

It says Fortinet has published a security advisory detailing a missing authentication vulnerability affecting FortiManager. CVE-2024-47575 may allow a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.

NOYB

noyb has filed a complaint against the social media platform Pinterest. It says that despite a CJEU ruling prohibiting this practice, the platform uses people’s personal data without asking for their consent. Pinterest falsely claims to have a “legitimate interest” and enables tracking by default.

With more than 130 million people in the EU currently using Pinterest, this is a lot of data being misused. Article 6(1)(a) GDPR covers people’s right to opt-out. However, Pinterest has used Article 6(1)(f) GDPR, which allows it to use data under a claim of legitimate interest. It has also turned tracking on by default.

Kleanthi Sardeli, data protection lawyer at noyb“Pinterest is secretly tracking European users without asking for their consent. This allows the social media platform to unlawfully profit from people’s personal data without them ever finding out.”

Qualys

GigaOm has named the Qualys Vulnerability Management, Detection and Response (VMDR) as the only company to be an “Outperformer” and “Leader” in the Continuous Vulnerability Management (CVM) category in its 2024 GigaOm Radar Report.

Over 20 vendors were reviewed against two axis, “Maturity versus Innovation” and “Feature Play vs Platform Play.”

US Department of Justice

Pennsylvania State University (Penn State) has agreed to pay $1,250,000 to resolve allegations that it violated the False Claims Act. It admits failing to comply with cybersecurity requirements in fifteen contracts or subcontracts involving the Department of Defense (DoD) or the National Aeronautics and Space Administration (NASA).

The settlement covers the years 2018 and 2023 when Penn State failed to implement cybersecurity controls that were contractually required by DoD and NASA. It also failed to adequately develop and implement plans of action to correct deficiencies it identified.

Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division, said, “Universities that receive federal funding must take their cybersecurity obligations seriously. We will continue our efforts under the department’s Civil Cyber-Fraud Initiative to hold contractors accountable when they fail to honor cybersecurity requirements designed to protect government information.”

Xalient

Xalient announced a strengthening of its global identity security partnership with SailPoint. In addition to becoming a silver sponsor of SailPoint Navigate US, the company announced it has achieved higher levels in SailPoint’s partner networks. It is now an MSP and a SailPoint Delivery Admiral Partner.

Security news from the week beginning 14 October 2024

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here