FEED Validator

for Atom and RSS and KML

Congratulations!

This is a valid RSS feed.

Recommendations

This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

line 54, column 0: description should not contain loading attribute (4 occurrences) [help]
```
<div class="extendedBlock-wrapper block-coreImage undefined"><figure class=" ...
```
line 54, column 0: description should not contain decoding attribute (4 occurrences) [help]
```
<div class="extendedBlock-wrapper block-coreImage undefined"><figure class=" ...
```

line 54, column 0: description should not contain sizes attribute [help]

<div class="extendedBlock-wrapper block-coreImage undefined"><figure class=" ...

line 105, column 3: Use of unknown namespace: com-wordpress:feed-additions:1 (20 occurrences) [help]
```
			<post-id xmlns="com-wordpress:feed-additions:1">2148096</post-id><categor ...
   ^
```

Source: https://www.csoonline.com/feed/

<?xml version="1.0" encoding="UTF-8"?><rss version="0.92">
<channel>
<title>CSO Online</title>
<link>https://www.csoonline.com</link>
<description>Security at the speed of business</description>
<lastBuildDate>Fri, 14 Jun 2024 21:58:13 +0000</lastBuildDate>
<docs>http://backend.userland.com/rss092</docs>
<copyright>Copyright (c) 2024 IDG Communications, Inc.</copyright>
<language>en-US</language>

<item>
<title>The growing threat of identity-related cyberattacks: Insights into the threat landscape</title>
<pubDate>Fri, 14 Jun 2024 21:54:12 +0000</pubDate>
<description><![CDATA[<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>The last 12 months have witnessed a rapid-fire round of innovation and adoption of new technologies. Powerful new identities, environments and attack methods are shaping the quickly changing cybersecurity threat landscape, rendering it more complex and causing the diffusion of risk reduction focus. New CyberArk research indicates the rise of machine identities and the increasing reliance on third- and fourth-party providers are deepening the existing threats and creating novel vulnerabilities.</p>
<p>The <a href="https://www.cyberark.com/resources/ebooks/identity-security-threat-landscape-2024-report" target="_blank" rel="noreferrer noopener">CyberArk 2024 Identity Security Threat Landscape Report</a>, surveyed 2,400 identity-related cybersecurity experts and decision-makers across 18 countries to provide deep insights into the evolving threat landscape. The report reveals that an overwhelming majority (93%) of organizations have experienced two or more breaches due to identity-related cyberattacks. These organizations anticipate the total number of identities to increase more than 2.4 times in the next 12 months.</p>
<p>Several factors contribute to this surge in identity-related attacks, including the rise in volume and sophistication of cyberattacks perpetrated by both skilled and unskilled bad actors who utilize generative AI (GenAI) to amplify their attacks. These threat actors target an already intricate and expanding digital ecosystem, exploiting unsecured identities to gain access to their victims’ environments. To that end, the report finds that nearly all (99%) organizations affected by identity-related attacks suffer negative business impacts.</p>
<h3 class="wp-block-heading"><strong>The perils of GenAI</strong></h3>
<p>GenAI is, of course, not new to organizations or bad actors. In fact, 99% of organizations use AI-powered tools in their cybersecurity initiatives, while bad actors also use GenAI to increase the volume and sophistication of their attacks. As a result, 93% of organizations anticipate a negative impact from AI, expecting an increase in AI-augmented malware, phishing and data breaches. In the last 12 months, nine out of 10 organizations experienced a breach due to phishing or vishing attacks. With AI-powered cyberattacks becoming more challenging to detect, the likelihood of widespread organizational breaches increases.</p>
<p>Deepfake videos and audio generated by GenAI are becoming increasingly difficult to discern. Yet, in the B2B world, over 70% of respondents are confident that their employees can identify deepfake content featuring their organizations’ leaders. These insights suggest complacency among respondents, likely fueled by an illusion of control, planning fallacy – or just plain human optimism. The full extent of the potential damage that GenAI-augmented attacks can inflict and the damage multiplier of compromising the data models feeding defensive GenAI remains unknown, and our vulnerability to it may be greater than we realize. These responses underscore the need to plan for more advanced future attacks and invest in protecting the data models used by machine intelligence and extending strong governance to this new AI identity.</p>
<h3 class="wp-block-heading"><strong>New era: Rise of the machines</strong></h3>
<p>Nearly half of the 2,400 surveyed cybersecurity experts anticipate a threefold increase in machine identities, which are primarily under-secured and over-privileged, driving this growth. Ongoing automation efforts at scale and pervasive cloud computing further exacerbate the proliferation of vulnerable machine identities. The increase in the total number of these identities is neither new nor surprising. However, what is surprising (and concerning) is that nearly two-thirds (61%) of surveyed organizations have an exceedingly narrow definition of “privileged user,” which solely applies to human identities with access to sensitive data.</p>
<div class="extendedBlock-wrapper block-coreImage undefined"><figure class="wp-block-image size-large"><img loading="lazy" decoding="async" src="https://b2b-contenthub.com/wp-content/uploads/2024/06/Picture1_big_2f18e5.jpg?quality=50&strip=all&w=1024" alt="" class="wp-image-2148102" srcset="https://b2b-contenthub.com/wp-content/uploads/2024/06/Picture1_big_2f18e5.jpg?quality=50&strip=all 1370w, https://b2b-contenthub.com/wp-content/uploads/2024/06/Picture1_big_2f18e5.jpg?resize=300%2C137&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-content/uploads/2024/06/Picture1_big_2f18e5.jpg?resize=768%2C350&quality=50&strip=all 768w, https://b2b-contenthub.com/wp-content/uploads/2024/06/Picture1_big_2f18e5.jpg?resize=1024%2C466&quality=50&strip=all 1024w, https://b2b-contenthub.com/wp-content/uploads/2024/06/Picture1_big_2f18e5.jpg?resize=1240%2C565&quality=50&strip=all 1240w, https://b2b-contenthub.com/wp-content/uploads/2024/06/Picture1_big_2f18e5.jpg?resize=150%2C68&quality=50&strip=all 150w, https://b2b-contenthub.com/wp-content/uploads/2024/06/Picture1_big_2f18e5.jpg?resize=854%2C389&quality=50&strip=all 854w, https://b2b-contenthub.com/wp-content/uploads/2024/06/Picture1_big_2f18e5.jpg?resize=640%2C292&quality=50&strip=all 640w, https://b2b-contenthub.com/wp-content/uploads/2024/06/Picture1_big_2f18e5.jpg?resize=444%2C202&quality=50&strip=all 444w" width="1024" height="466" sizes="(max-width: 1024px) 100vw, 1024px" /></figure><p class="imageCredit">CyberArk </p></div>
<p>This definition contradicts our respondents’ observations, with nearly three-quarters (68%) indicating that up to 50% of all machine identities have access to sensitive data.</p>
<p>Still, their organization’s definition of a “privileged user” reveals a massive gap in excluding machine identities. Organizations report that they are primarily focused on securing human identities, which is a cause of concern in securing machine identities. They also report that a security incident requires significant manual effort to address or remediate.</p>
<p>Chain Reaction: Third and Fourth-party Risks</p>
<p>The report also highlights a lack of rigorous focus on vendor risk management despite the expanding web of our digital ecosystems. In the next 12 months, 84% of organizations plan to employ three or more cloud service providers (CSPs), and projections show an 89% annual increase in the number of SaaS applications, compared to 67% in 2023.</p>
<p>It’s crucial to understand that your network of third-party providers extends beyond CSPs and SaaS providers to include service providers, integrators, hardware and infrastructure suppliers, business partners, distributors, resellers, telecommunications and other external entities that enable digital business. Third- and fourth-party breaches can quickly cascade to your organization, creating a multiplier effect on risk.</p>
<p>The report finds that while 91% of respondents are concerned about third-party risks and 83% about fourth-party risks, vendor risk management remains a low priority for post-breach investments. It’s important to note that bad actors often employ a ‘buy one, get one’ approach, targeting multiple victims through double software supply chain and multi-tenant environment attacks. This means if bad actors target your third- or fourth-party providers, they could put your organization at risk. As such, regular vendor risk assessments and heightened vendor accountability are crucial. Likewise, this vendor accountability and risk assessment strategy should extend to cybersecurity vendors, too.</p>
<h3 class="wp-block-heading"><strong>Cyber debt: ‘Shiny object’ syndrome and a blind spot</strong></h3>
<p>Facing growing threats, organizations may prioritize adopting the latest technologies over foundational controls to address cybersecurity challenges. However, this can lead to the accumulation of <a href="https://www.cyberark.com/resources/blog/defense-in-depth-for-secrets-management-discovery-visibility-leak-detection-and-ai#:~:text=There%20are%20many%20secrets%20and,tools%20for%20remediating%20these%20challenges." target="_blank" rel="noreferrer noopener">cyber debt</a>, where organizations incur significant costs and risks by neglecting existing vulnerabilities. This shift in behavior and negative results shows a need for consistency across foundational and new attack paths and tooling. According to the report, core social engineering attacks like phishing and vishing remain highly effective, resulting in breaches and substantial financial losses for nine out of 10 organizations.</p>
<p>Organizations must balance addressing existing vulnerabilities and adopting new technologies. Despite the complexity and challenges inherent in the future of cybersecurity, organizations can mitigate risks by staying informed and adopting a proactive approach to risk management that is consistent across all identities and environments.</p>
<h3 class="wp-block-heading"><strong>Identity security: The key to a robust cybersecurity posture</strong></h3>
<p>In today’s fast-paced world, where challenges abound, every defense erected becomes a new tower that bad actors seek to conquer. Our most significant advantage against these threats lies in our ability to collaborate. As Michael Jordan famously said (I’m told…), “Talent wins games, but teamwork and intelligence win championships.” Our collective defense extends beyond immediate colleagues to encompass our entire organization and third- and fourth-party providers. Securing every identity across the IT environment is paramount, necessitating a new cybersecurity model centered on identity security. The future of security starts with identity.</p>
<p>Download the <a href="https://www.cyberark.com/resources/ebooks/identity-security-threat-landscape-2024-report" target="_blank" rel="noreferrer noopener">CyberArk 2024 Identity Security Threat Landscape Report</a> for comprehensive insights into navigating the evolving cybersecurity landscape.</p>
</div></div></div></div>]]></description>
<link>https://www.csoonline.com/article/2148096/the-growing-threat-of-identity-related-cyberattacks-insights-into-the-threat-landscape.html</link>
<post-id xmlns="com-wordpress:feed-additions:1">2148096</post-id><category>Cybercrime</category><enclosure url="https://www.csoonline.com/wp-content/uploads/2024/06/iStock-1488105137_800-1.jpg?quality=50&strip=all" length="695183" type="image/jpeg" />
</item>
<item>
<title>Microsoft president faces tough questions from Congress on China, security</title>
<pubDate>Fri, 14 Jun 2024 16:03:07 +0000</pubDate>
<description><![CDATA[<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>Microsoft’s president Brad Smith faced tough questioning on the company’s security track record and presence in China during a Congressional hearing on Thursday.</p>
<p>The <a href="https://homeland.house.gov/hearing/a-cascade-of-security-failures-assessing-microsoft-corporations-cybersecurity-shortfalls-and-the-implications-for-homeland-security/">House Committee on Homeland Security convened a hearing</a> to consider last summer’s Microsoft Exchange Online hack, attributed to Chinese-government-linked cyber-espionage group Storm-0558.</p>
<p>A highly critical March <a href="https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf">report by the Department of Homeland Security’s Cyber Safety Review Board</a> blamed Microsoft for a “cascade of security failures” that allowed attackers to steal Microsoft Services Account (MSA) key and forge authentication tokens before accessing targeted Microsoft Exchange accounts. This compromised access was used to hack into the Microsoft Exchange email accounts of State Department officials, among other (largely government) targets in the US and UK.</p>
<p>In his <a href="https://markgreen.house.gov/2024/6/chairman-green-opens-microsoft-hearing-the-american-people-and-federal-agencies-deserve-assurances-that-their-data-and-operations-are-protected">opening remarks</a>, Committee Chairman Rep. Mark Green characterised the attack as unsophisticated and preventable.</p>
<p>The attack made no reliance on “advanced techniques or cutting-edge technologies. Instead, Storm-0558 exploited basic, well-known vulnerabilities that could have been avoided through basic cyber hygiene practices,” Green said.</p>
<p>“The US government would never expect a private company to work alone in protecting itself against nation-state attacks.. but we do expect government vendors to implement basic cybersecurity practices,” Green argued, adding that the 2023 assault is not the first time “Microsoft has been the victim of an avoidable cyberattack.”</p>
<p>In response, <a href="https://homeland.house.gov/wp-content/uploads/2024/06/2024-06-13-HRG-Testimony-Smith.pdf">Microsoft’s Smith said</a> the company “accepts responsibility for each and every one of the issues cited in the CSRB’s report”.</p>
<p>The CSRB’s report provides 25 recommendations, 16 of which apply to Microsoft. “We are acting on all 16 of these recommendations,” according to Smith.</p>
<h2 class="wp-block-heading" id="secure-future-initiative">Secure Future Initiative</h2>
<p>Lessons taken from the Microsoft Exchange attack were used by Redmond to develop its <a href="https://www.microsoft.com/en-us/security/blog/2023/11/02/announcing-microsoft-secure-future-initiative-to-advance-security-engineering/">Secure Future Initiative</a>, a strategic “Secure by Default” initiative that was expanded in January following attacks blamed on Russia and further expanded upon publication of the CSRB’s report.</p>
<p>The CSRB’s report called for an overhaul in Microsoft’s security culture which was faulted as inadequate given its dominant role as a technology provider. Microsoft’s “corporate culture[has] de-prioritized both enterprise security investments and rigorous risk management”, the report concludes.</p>
<p>Aside from launching “the single largest cybersecurity engineering project in the history of digital technology”, Microsoft is looking to revamp its working practices and culture in response to criticisms.</p>
<p>Smith told the hearing that Microsoft’s board had agreed that a third of the potential performance bonuses for its 16 most senior executives every year would be judged on their success in achieving cybersecurity-focused targets and goals. In future, mainstream Microsoft employees would be evaluated on cybersecurity as part of their twice-a-year performance reviews, he said.</p>
<h2 class="wp-block-heading" id="chinese-walls">Chinese walls</h2>
<p>Representative Carlos Gimenez, a Florida Republican, questioned Microsoft’s operations in China, which Smith testified accounted for less than 1.5% of Microsoft’s sales. China’s 2017 National Intelligence Law obliges all organisations including foreign companies to cooperate with China’s intelligence agencies in matters of national security.</p>
<p>Smith, an attorney and Microsoft’s general counsel for more than a decade, said it does not comply with this law. “There are countries that enact certain laws but don’t apply them,” Smith said, adding that this was the case with China’s national security law.</p>
<p>He earlier said that Microsoft’s operations in China supported multinational customers operating in the country, and that Microsoft routinely turned down Chinese government requests to hand over source code or other sensitive data.</p>
<p>The Microsoft president and vice-chair added that Microsoft was looking to relocate 700 to 800 workers in China as it reduced its engineering presence within the country.</p>
<h2 class="wp-block-heading" id="trustworthy-computing">Trustworthy Computing</h2>
<p>During the three-hour-long hearing, lawmakers grilled Smith on Microsoft’s past failures to prioritize security over new product features, despite previous promises — most notably Bill Gates’ “Trustworthy Computing” memo from 2002 that pledged to make security a top priority.</p>
<p>Congressman Bennie Thompson cited a <a href="https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers">ProPublica investigation</a> that found Microsoft had ignored warnings from an employee about a critical vulnerability later exploited in the <a href="https://www.csoonline.com/article/570191/solarwinds-supply-chain-attack-explained-why-organizations-were-not-prepared.html">2020 SolarWinds supply chain attack</a>.</p>
<p>“One of the changes we’ve just made as part of the Secure Future Initiative is a new governance structure” that will better allow staff to offer feedback and report problems, Smith said. “The fundamental cultural change that we are seeking to make is to integrate security into every process,” the Microsoft president concluded.</p>
</div></div></div></div>]]></description>
<link>https://www.csoonline.com/article/2147906/microsoft-president-faces-tough-questions-from-congress-on-china-security.html</link>
<post-id xmlns="com-wordpress:feed-additions:1">2147906</post-id><category>Cloud Security, Email Security, Security</category><enclosure url="https://www.csoonline.com/wp-content/uploads/2024/06/us_capitol-100534505-orig.jpg?quality=50&strip=all" length="497655" type="image/jpeg" />
</item>
<item>
<title>Deepfakes: Coming soon to a company near you</title>
<pubDate>Fri, 14 Jun 2024 06:01:00 +0000</pubDate>
<description><![CDATA[<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>Deepfakes, the bane of celebrities and the fear of politicians, are poised to take off in the corporate world, as cybercriminals see them as a new way to make easy money, some security experts say.</p>
<p>CIOs, CISOs, and other corporate leaders need to be ready for AI-assisted attacks that use realistic, but faked, voice calls, video clips, and live videoconferencing calls, says Michael Hasse, a longtime cybersecurity and IT consultant.</p>
<p>Deepfakes involving voice calls are nothing new. Hasse recalls giving a presentation on the topic to asset management firms back in 2015, after some companies in the industry had fallen victim to voice-based scams.</p>
<p>Since 2015, however, the AI-based technologies used for deepfakes have not only gotten better by magnitudes, but they also have become widely available, he notes. The main factor holding back widespread use of deepfakes by cybercriminals is the absence of a packaged, easy-to-use tool to create faked audio and video, Hasse says.</p>
<p>But such a deepfakes package is coming soon, Hasse predicts, with it likely to start circulating in the criminal underground before the US elections in November, with political campaigns as the first targets.</p>
<p>“Every single piece that’s needed is there,” Hasse says. “The only thing that has kept us from seeing it just flooding everything is that it takes time for the for the bad guys to incorporate stuff like this.”</p>
<h2 class="wp-block-heading" id="deepfakes-as-credit-risks">Deepfakes as credit risks</h2>
<p>It’s not just cybersecurity experts who are warning of the corporate risk from deepfakes. In May, credit ratings firm Moody’s <a href="https://www.moodys.com/research/Digital-Economy-Cross-Region-GenAI-powered-deepfakes-introduce-new-and-transformed-Sector-In-Depth--PBC_1401006">issued a warning</a> about deepfakes, saying they create new credit risks. The Moody’s report details a handful of attempted deepfake scams, including faked video calls, that have targeted the financial sector in the past two years.</p>
<p>“Financial losses attributed to deepfake frauds are rapidly emerging as a prominent threat from this advancing technology,” the report says. “Deepfakes can be used to create fraudulent videos of bank officials, company executives, or government functionaries to direct financial transactions or carry out payment frauds.”</p>
<p>Deepfake scams are already happening, but the size of the problem is difficult to estimate, says Jake Williams, a faculty member at IANS Research, a cybersecurity research and advisory firm. In some cases, the scams go unreported to save the victim’s reputation, and in other cases, victims of other types of scams may blame deepfakes as a convenient cover for their actions, he says.</p>
<p>At the same time, any technological defenses against deepfakes will be cumbersome — imagine a deepfakes detection tool listening in on every phone call made by employees — and they may have a limited shelf life, with AI technologies rapidly advancing.</p>
<p>“It’s hard to measure because we don’t have effective detection tools, nor will we,” says Williams, a former hacker at the US National Security Agency. “It’s going to be difficult for us to keep track of over time.”</p>
<p>While some hackers may not yet have access to high-quality deepfake technology, faking voices or images on low-bandwidth video calls has become trivial, Williams adds. Unless your Zoom meeting is of HD or better quality, a face swap may be good enough to fool most people.</p>
<h2 class="wp-block-heading" id="youre-not-my-admin-assistant">You’re not my admin assistant</h2>
<p>Kevin Surace, chairman of multifactor authentication vendor Token, can provide firsthand testimony to the potential of voice-based deepfakes. He recently received an email from the administrative assistant of one of Token’s investors, but he immediately identified the email as an obvious phishing scam.</p>
<p>Surace called the administrative assistant to warn her that phishing emails were being sent from her account, and the voice on the other end of the call sounded exactly like the employee, he says. When the voice on the other end of the call started responding oddly during the conversation, he asked about her coworkers, and the voice didn’t recognize their names.</p>
<p>It turns out that the phone number included in the phishing email was one digit off from the administrative assistant’s real number. The fake phone number stopped working a couple of hours after Surace detected the problem.</p>
<p>Criminals who want to fake a voice now need only a few seconds of a recording, and technology to create realistic live video deepfakes is getting better and better, says Surace, known as the father of the virtual assistant for his work on <a href="https://en.wikipedia.org/wiki/General_Magic">Portico at General Magic</a> in the 1990s.</p>
<p>“People are going to say, ‘Oh, this can’t be happening,’” he says. “It has now happened to a few people, and if it happened to three people, it’s going to be 300, it’s going to be 3,000, and so on.”</p>
<p>So far, deepfakes targeting the corporate world have focused on tricking employees into transferring money to the criminals. But Surace can see deepfakes used for blackmail schemes or stock manipulation as well. If the blackmail amount is low enough, CEOs or other targeted people may decide to pay the fee instead of trying to explain that the person on the compromising video isn’t really them.</p>
<p>Like Hasse, Surace sees a deepfakes wave coming soon. He expects that there’s a lot of scam attempts, like the one targeting him, already being attempted.</p>
<p>“People don’t want to tell anyone it’s happening,” he says. “You pay 10 grand, and you just write it off and say, ‘It’s the last thing I want to tell the press about.’”</p>
<p>Widespread use of deepfakes may be close, but there are a few impediments remaining, beyond the lack of an easy-to-use deepfakes package, Hasse says. Convincing deepfakes can require a level of computing power that some cybercriminals do not have.</p>
<p>In addition, deepfake scams tend to work as targeted attacks, such as <a href="https://www.malwarebytes.com/whaling-attack?cjdata=MXxOfDB8WXww&c=cj&k=14452255&utm_source=cj&utm_medium=aff&utm_content=14452255&utm_campaign=AFF-CJ_5250933&tracking=cj&x-wts=cj&x-affid=5250933&ADDITIONAL_AFFID=cj-5250933&cjevent=2fb2cf87242d11ef8363027f0a82b838&clickid=2fb2cf87242d11ef8363027f0a82b838&pid=cj_int">whale phishing</a>, and it takes some time to research the quarry.</p>
<p>Potential victims, however, are helping cybercriminals by providing a wealth of information about their lives on social media. “The bad guys really don’t have a super-streamlined way to collect victim data and generate the deepfakes in a sufficiently automated fashion yet, but it’s coming,” Hasse says.</p>
<h2 class="wp-block-heading" id="no-easy-fixes">No easy fixes</h2>
<p>With more deepfake scams likely coming to the corporate world, the question is how to deal with this growing threat. With deepfake technology continuously getting better, easy answers don’t exist.</p>
<p>Hasse believes awareness and employee training will be important. Employees and executives need to be aware of potential deepfake scams, he says, and when a company insider asks them to do something suspicious, even if it’s on a video call, check back with them to verify the request. Making another phone call or verifying the request with a face-to-face conversation is an old-school form of multi-factor authentication, but it works, he says.</p>
<p>When the asset management industry first began to fall victim to voice scams nearly a decade ago, advisors started to take their know-your-customer approaches to new heights. Conversations with clients began to start with conversations about their families, their hobbies, and other personal information to help verify their identities.</p>
<p>Another defense for company executives and other critical employees may be to intentionally lie on social media to throw off deepfake attacks. “My guess is at some point there will be certain roles within companies where that is actually required,” he says. “If you’re in a sufficiently sensitive role in a sufficiently large corporation, there may be some kind of a level of scrutiny on the social media where a social media czar watches all the accounts.”</p>
<p>CIOs, CISOs, and other company executives need to be aware of the threat and realize they could be targeted, Surace adds.</p>
<p>His company sells a wearable multi-factor authentication device based on fingerprints, and he believes next-generation MFA products can help defend against deepfake scams. Next-gen MFA needs to be able to quickly and securely verify identities, such as every time employees log in to a Zoom meeting, he says.</p>
<p>IANS’ Williams isn’t sure new technologies or employee training will be effective fixes. Some people will resist using a new authentication device, and cybersecurity training has been around for a long time, with limited success, he notes.</p>
<p>Instead, companies need to put processes in place, such as using a secure application when employees transfer large sums of money. Using email or a voice call to ask for a huge money transfer isn’t secure, but some organizations still do it.</p>
<p>For centuries, people have used voices and images to authenticate each other, but that time is ending, he says.</p>
<p>“The reality is that using somebody’s voice or image likeness to authenticate that person has always been, if you look at it through a security perspective, inadequate,” Williams adds. “Technology is catching up with our substandard or ineffective processes.”</p>
</div></div></div></div>]]></description>
<link>https://www.csoonline.com/article/2140614/deepfakes-coming-soon-to-a-company-near-you.html</link>
<post-id xmlns="com-wordpress:feed-additions:1">2140614</post-id><category>Cybercrime, Phishing</category><enclosure url="https://www.csoonline.com/wp-content/uploads/2024/06/shutterstock_1684479364.jpg?quality=50&strip=all" length="12907382" type="image/jpeg" />
</item>
<item>
<title>New CISO appointments 2024</title>
<pubDate>Fri, 14 Jun 2024 06:00:00 +0000</pubDate>
<description><![CDATA[<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.</p>
<p>Follow this column to keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends. If you have an announcement of your own that you would like us to include here, contact Andrew Flynn, regional executive editor, at <a href="mailto:aflynn@foundryco.com">aflynn@foundryco.com</a>.</p>
<h2 class="wp-block-heading" id="new-ciso-appointments-june-2024">New CISO appointments, June 2024</h2>
<p><strong>Northwest Bank appoints Craig Dornon as CISO</strong></p>
<p>Northwest Bank has named Craig Dornon as senior vice president and CISO. With more than 25 years of leadership experience with enterprise risk and compliance programs in the financial, retail, and insurance sectors, Dornon previously served as vice president and chief operational risk officer at Bread Financial.</p>
<h2 class="wp-block-heading" id="new-ciso-appointments-may-2024">New CISO appointments, May 2024</h2>
<p><strong>Cisco names Sean Duca as CISO and practice leader for Asia-Pacific, Japan and China</strong></p>
<p>Former Palo Alto regional chief security officer for Asia Pacific Sean Duca has been appointed by Cisco as CISO and practice leader for the Asia-Pacific, Japan and China regions. He previously worked for more than 15 years at Intel Security’s McAfee, where he served as CTO.</p>
<p><strong>Former Apple cyber PR head named global director of cybersecurity at FleishmanHillard</strong></p>
<p>Global public relations and marketing firm FleishmanHillard has named Scott Radcliffe as its global director of cybersecurity. Radcliffe formerly headed cybersecurity communications at Apple. He had previously served as FleishmanHillard’s senior global data privacy and security expert.</p>
<p><strong>Dinesh Kamble new CISO at RBL Bank</strong></p>
<p>RBL Bank has appointed Dinesh Kamble as its new chief information security officer. Kamble spent eight years at IDFC FIRST Bank and has also held roles in technical sales at Symantec and McAfee.</p>
<p><strong>Nick Ritter named as CISO of Worldpay</strong></p>
<p>Payment company Worldpay has appointed 20-year veteran Nick Ritter as chief information security officer. Ritter was formerly senior vice president and CISO at First Financial Bank and has also served as product security officer at GE, where he was responsible for the security of GE’s commercial products, supply chain, manufacturing, internal applications, and third parties.</p>
<p><strong>Enablis appoints Leonard Kleinman as CISO</strong></p>
<p>Leonard Kleinman has been named to the new role of CISO at Australian managed-service provider Enablis. Kleinman has spent more than 32 working in security strategy, risk management, IT strategy, software development, and solution architecture. He was most recently field chief technology officer and evangelist — Cortex (Asia-Pacific and Japan) for Palo Alto. Kleinman is also an associate adjunct professor at Edith Cowan University.</p>
<p><strong>Dispel names Dean Macris as chief information security officer</strong></p>
<p>Dispel has appointed Dean Macris as the company’s CISO. Macris formerly served as theater operations officer for US Forces Korea, cyber technical director for naval special warfare, and managed General Dynamics Electric Boat company’s Signature Secret Network, its largest classified information system. He was also an instructor of cyber systems at the US Coast Guard Academy. He continues his service as a Lieutenant Commander in the US Navy.</p>
<p><strong>SandboxAQ appoints Chris Bates as CISO</strong></p>
<p>SandboxAQ today announced it has appointed veteran cybersecurity executive Chris Bates as its first CISO. Bates previously served as SentinelOne’s chief trust and security officer and has held technical leadership roles at various companies across multiple industries, including Nike, Fidelis Cybersecurity (General Dynamics), NuScale Power, and ACS (Xerox).</p>
<h2 class="wp-block-heading" id="new-ciso-appointments-april-2024">New CISO appointments, April 2024</h2>
<p><strong>Donna Kidwell named CISO and deputy CIO for the University of Toronto</strong></p>
<p>Donna Kidwell has been named as the CISO for the University of Toronto. Kidwell will also serve as deputy chief information officer. She has served for 18 years as an information technology leader in large public institutions including Arizona State University.</p>
<p><strong>PayPal names Shaun Khalfan as CISO</strong></p>
<p>Former US Department of Homeland Security Shaun Khalfan has been named CISO of online payment company PayPal. Khalfan, who has more than 20 years of experience in information security and risk management, was most recently CISO at Discover Financial Services. He has also served in CISO roles at Barclays International and Freddie Mac.</p>
<p><strong>State of Vermont names John Toney as chief information security officer</strong></p>
<p>Former US Secret Service agent John Toney has been named CISO of the State of Vermont. Toney, who was most recently CISO at City Electric Supply in Dallas, Texas specialized in network intrusion crimes and critical systems protection in the Secret Service. He has also served as director of forensic investigations at both KPMG and Ernst & Young.</p>
<p><strong>Kim Larsen named CISO at Keepit</strong></p>
<p>Cyber veteran Kim Larsen has been appointed CISO at Danish SaaS data backup and recovery firm Keepit. Larsen developed security organizations and partnerships in companies such as Verizon, Huawei, and Systematic and has served on the information security board of the Danish Industry Confederation and Danish Council for Digital Security for 10 years. His career began in the Danish National Police, after which Larsen spent nine years with the country’s Security and Intelligence Service where he served as delegate for the Danish government in both NATO’s and the EU’s security committees.</p>
<p><strong>Slalom appoints Christopher Burger as its first CISO</strong></p>
<p>Business and technology consulting company Slalom has named Christopher Burger as its first chief information security officer. Burger has spent 26 years in technology and information security, working for companies such as Washington Mutual, Corbis, Clearwire, and Russell Investments.</p>
<p><strong>Mitel names Bill Dunnion as CISO</strong></p>
<p>Business communications firm Mitel has appointed Bill Dunnion as CISO. Dunnion has held IT and cybersecurity leadership positions at Calian, 2Keys Security Solutions, and Bell Canada. Dunnion has a degree in mechanical engineering from Queen’s University in Kingston, Ontario. He serves as volunteer chair of the Canadian Cyber Forum in Ottawa.</p>
<p><strong>Avalon HealthCare Solutions promotes Jesse Webb to CISO</strong></p>
<p>Healthcare IT company Avalon HealthCare Solutions has promoted senior vice president and longtime employee Jesse Webb to CISO. Webb has formerly served in senior IT and security roles at PSS World Medical and e-MedSoft and served as a pilot in the Florida National Guard.</p>
<p><strong>PayPal names Shaun Khalfan as CISO</strong></p>
<p>Former US Department of Homeland Security Shaun Khalfan has been named CISO of online payment company PayPal. Khalfan, who has more than 20 years of experience in information security and risk management, was most recently CISO at Discover Financial Services. He has also served in CISO roles at Barclays International and Freddie Mac.</p>
<p><strong>Jameeka Green Aaron appointed CISO of Headspace</strong></p>
<p>Former Okta/Auth0 CISO Jameeka Green Aaron has been appointed CISO of online mental health provider Headspace. Green Aaron has held senior IT and Cybersecurity leadership positions at United Legwear & Apparel, Hurley, Nike, and Lockheed Martin. She also served as an information systems security manager in the US Navy.</p>
<p><strong>Jason Haddix joins Flare as field CISO</strong></p>
<p>Threat exposure management firm Flare has named security veteran Jason Haddix to a strategic advisory role as field CISO. Haddix (aka jhaddix) is the CEO, hacker, and trainer for Arcanum Information Security, a cybersecurity assessment and training company. He has also held positions of security leadership at Buddobot, Ubisoft, Bugcrowd, HP, and Redspin.</p>
<p><strong>Richard Marcus named CISO of AuditBoard</strong></p>
<p>Cloud-based Audit, risk, compliance, and ESG management company AuditBoard has named Richard Marcus as CISO. Marcus was previously vice president of information security at the company and has held senior cyber roles at Verizon Media and EdgeCast Networks.</p>
<h2 class="wp-block-heading" id="new-ciso-appointments-march-2024">New CISO appointments, March 2024</h2>
<p><strong>Matt Biber appointed Group CISO at Qantas</strong></p>
<p>Australian airline Qantas has named Matt Biber as its chief information security officer. Biber, who has more than 30 years of experience in IT, has been acting CISO at Qantas since September 2023. He was formerly head of the Qantas Group Cyber Security Centre. Before joining Qantas in 2015, Biber served as director of security services for AccessHQ, principal security consultant at ANZ, and executive manager/general manager at ES Service Security.</p>
<p><strong>Code42 Appoints Dennis Dayman as CISO</strong></p>
<p>Data loss and insider threat protection firm Code42 Software has named Dennis Dayman as chief information security officer (CISO). Dayman, who currently serves as chair of the Policy Subcommittee of the US Department of Homeland Security Data Privacy and Integrity Advisory Committee, previously served as the resident CISO for Proofpoint. He has also held senior security roles at Maropost, Return Path, and Eloqua.</p>
<p><strong>SaaS company Apptega names Wyman Lewis as CISO</strong></p>
<p>Apptega, a builder of continuous security and compliance solutions tailored to managed security providers, has named Wyman Lewis as chief information security officer. Lewis will helm internal security and help steer partner compliance best practices for the provider-first software company. Lewis has held senior roles at Securonix and Alert Logic, and helped lead internal security and compliance for enterprise software companies, including eBay, where he served as business information security officer.</p>
<p><strong>Rockwell Automation appoints Stephen Ford as new chief information security officer</strong></p>
<p>Rockwell Automation has named Stephen Ford as its new vice president and chief information security officer. Ford was previously vice-president of global security at pharmaceutical and medical supplies distribution company McKesson and has held senior IT roles at HP, Baylor College of Medicine and The University of Texas Health Science Center at Houston.</p>
<p><strong>Trey Ford named CISO of Deepwatch</strong></p>
<p>Rey Ford has joined Deepwatch as its CISO. A former general manager and current advisory board member of Black Hat, Ford also served as executive director and deputy CISO at Vista Equity Partners. For has held senior roles at Salesforce, Heroko, McAfee and Whitehat Security.</p>
<p><strong>Cyera appoints Lamont Orange as CISO</strong></p>
<p>Veteran cybersecurity leader Lamont Orange has been appointed as CISO of data security firm Cyera. Orange, who is an adjunct professor at Washington University in St. Louis, was previously CISO at Netskope and has held senior leadership positions at Websense, Charter Communications, and Ernst and Young.</p>
<h2 class="wp-block-heading" id="new-ciso-appointments-february-2024">New CISO appointments, February 2024</h2>
<p><strong>University of the Witwatersrand appoints Galeboe Mogotsi as its new CISO</strong></p>
<p>The University of the Witwatersrand in South Africa has appointed Galeboe Mogotsi as its new CISO. Mogotsi was formerly general manager for ICT: strategy and governance at the university and has held previous positions at the Gauteng Partnership Fund and Armscor.</p>
<p><strong>Former Bank of Ireland CISO Gary Delaney named BNY Mellon international CISO</strong></p>
<p>Cybersecurity veteran Gary Delaney has been appointed as international chief information security officer for investment bank BNY Mellon. Delaney formerly served as CISO for the Bank of Ireland and has held senior security roles with Allied Irish Bank, National Australia Bank, and the Commonwealth Bank. Delany will oversee an enterprise-level cybersecurity division that enables and protects the assets of BNY Mellon’s businesses and its clients. He will be based in Dublin, Ireland.</p>
<p><strong>Daniel Shalom appointed CISO of Earnix</strong></p>
<p>Cloud-based financial tech services provider Earnix has appointed Daniel Shalom as its new chief information security officer. Shalom has worked in cybersecurity in the military and civil sectors for more than two decades. A former major in the Israeli Air Force, where he addressed cyber threats and incidents, Shalom spent 13 years at cybersecurity consulting firm Citadel and has worked with major Israeli financial institutions such as Bank of Israel, Bank HaPoalim, and Harel Insurance.</p>
<p><strong>State of Kansas names John Godfrey as CISO</strong></p>
<p>John Godfrey has become the new chief information security officer for the State of Kansas, following the appointment of former CISO Jeff Maxon to Chief Information Technology Officer for Kansas. Godfrey will lead the Kansas Information Security Office in developing and implementing information security strategies, including cybersecurity strategies. He is formerly CISO-in-residence and founder of LionHeart Cybersecurity Advisors in Kansas City and previously served as CISO and associate vice chancellor for information security at The University of Kansas Medical Center.</p>
<p><strong>Jason Hart named head of proactive cyber at insurance provider CFC</strong></p>
<p>Specialist insurance provider CFC has named Jason Hart as its first head of proactive cyber. Hart is the founder of UK-based ethical hacking company WhiteHat Security and cloud-based authentication SaaS platform CRYPTOCard. Most recently, he served as CTO – EMEA at Rapid7 and has supported a number of cyber security and technology businesses as a board advisor. Hart will be responsible for leading the continued development of CFC’s market-leading cyber threat analysis, vulnerability and threat detection service.</p>
<p><strong>Kent Goodrow named new CISO at Systems Engineering</strong></p>
<p>Managed technology services provider Systems Engineering has appointed Kent Goodrow as chief information security officer. Goodrow has spent more than a decade at the New England-based firm, playing pivotal technical, professional, and leadership roles, according to the company. Goodrow will focus is on driving the strategic direction of the evolving security needs of Systems Engineering and its clients.</p>
<p><strong>Options Technology appoints Marlena Efstratopoulou as CISO</strong></p>
<p>Capital markets infrastructure firm has appointed Marlena Efstratopoulou as its new chief information security officer to reinforce its commitment to a unified and robust security strategy. Efstratopoulou was previously chief risk officer and chief security officer at Options Technology following its acquisition of the Fixnetix division from DXC, where she served as CSO.</p>
<h2 class="wp-block-heading" id="new-ciso-appointments-january-2024">New CISO appointments, January 2024</h2>
<p><strong>Maj. Gen. Lorna Mahlock takes helm of US Cyber Command’s Cyber National Mission Force</strong></p>
<p>Marine Corps Maj. Gen. Lorna Mahlock has taken command of the Cyber National Mission Force, succeeding Army Maj. Gen. William Hartman. Mahlock is responsible for more than 2,000 military and civilian personnel and contractors across 39 cyber teams organized in six task forces to conduct CNMF’s mission to plan, direct, and synchronize full-spectrum cyberspace operations to deter, disrupt, and defeat adversary cyber and malign influence actors. Mahlock was formerly deputy Director for Combat Support at the Cybersecurity Directorate, National Security Agency.</p>
<p><strong>Tim Bandos named CSIO of Xcitium</strong></p>
<p>Tim Bandos has been appointed as CISO of Xcitium after joining the threat detection and removal company two years prior as executive vice president of SOC services. Bandos served previously as CISO of Digital Guardian for six years and as cybersecurity director at DuPont for five years.</p>
<p><strong>Judy Security appoints Christopher Leach as CISO</strong></p>
<p>Small and medium business cybersecurity services provider Judy Security has appointed 30-year cybersecurity veteran Christopher Leach as CISO. Leach was formerly CISO for Bank One, which was later acquired by JPMorgan Chase where he continued in the role. He has also held senior positions at Hewlett Packard and Hewlett Packard Enterprise, where he collaborated with CISOs, CTOs, and CIOs on security strategies and emerging threats.</p>
<p><strong>Vanta appoints Jadee Hanson as CISO</strong></p>
<p>Trust management platform Vanta announced it has appointed Jadee Hanson as its CISO. Hanson will oversee the company’s security, enterprise engineering, privacy and governance, and risk and compliance initiatives. She has previously served as CISO and CIO at Code42 and held senior leadership roles in the security department of Target Corp. and as a security consultant at Deloitte. She is also the founder and CEO of the non-profit organization Building Without Borders, which serves those in poverty-stricken areas throughout the world through housing services.</p>
<p><strong>Former SAP CSO Tim McKnight appointed as operating partner by SYN Ventures</strong></p>
<p>CISO-founded venture capital firm SYN Ventures has appointed former SAP global chief security officer Tim McKnight as an operating partner. McKnight is the third former Fortune 500 CISO to be named a partner by SYN Ventures. He will focus on the firm’s $75-million cybersecurity seed fund, which invests in transformational and disruptive solutions where there is an opportunity to reduce technology risk, address the talent gap and help automate and enhance security programs. Before joining SAP, McKnight served as CISO for Thomson Reuters and as CISO for General Electric.</p>
<p><strong>Purdue University names Justin Greer as CISO</strong></p>
<p>Purdue University has appointed Justin Greer as chief information security officer. Greer had served as interim CISO since August 2023. He has more than 15 years of experience with Purdue Information Technology in various capacities including software developer, system engineer, and security architect and served as director, enterprise security from 2020 to 2023.</p>
<h2 class="wp-block-heading" id="new-ciso-appointments-december-2023">New CISO appointments, December 2023</h2>
<p><strong>Former Bank of America security leader John Denning appointed CISO of FS-ISAC</strong></p>
<p>John Denning has been named CISO of FS-ISAC, a not-for-profit organization that advances cybersecurity and resilience in the global financial system. Denning was formerly a global compliance and operational risk executive at Bank of America. He has also held roles as director of external affairs for the US Department of Homeland Security’s Office of Cybersecurity and Communication and as a congressional staff member focused on cybersecurity, telecommunications, and critical infrastructure protection. Denning’s appointment will be effective January 1, 2024. He replaces Linda Betz, who has served as interim CISO since February 2023. Betz remains with the organization as EVP of Global Community Engagement.</p>
<p><strong>Pax8 names Robb Reck as chief trust and security officer</strong></p>
<p>Cloud commerce marketplace Pax8 has appointed Robb Reck as its chief trust and security officer (CTSO). Reck will be charged with ensuring Pax8 maintains the trust of managed service providers, vendors, and customers, by advancing the security measures of its marketplace. He was formerly chief trust officer at managed detection and response provider Red Canary and CISO of Ping Identity. Reck is also co-founder of the Colorado = Security community for information security professionals in Colorado.</p>
<p><strong>Military Cyber Professionals Association names Christopher P. Cleary as first president</strong></p>
<p>Christopher P. Cleary has been appointed as the first national President of the Military Cyber Professionals Association<strong> (</strong>MCPA). Cleary has been involved with the association for more than 10 years. He served as an intelligence officer in the US Navy Reserves, beginning as an enlisted avionics technician. He went on to receive his commission and served 16 of 24 years on active duty in a variety of leadership roles supporting several commands including US Cyber Command. He recently concluded his tour as the inaugural principal cyber advisor of the Department of the Navy.</p>
<p><strong>Summer Craze Fowler becomes CISO of Torc Robotics</strong></p>
<p>Daimler Truck AG subsidiary Torc Robotics has named veteran security leader Summer Craze Fowler as chief information security officer. The self-driving vehicle technology company said Fowler will collaborate with leadership to develop a strategic security and risk management program, implement security policies and procedures, manage security technologies, and oversee security awareness training. Fowler was previously with Argo AI and has worked in senior roles in enterprise cybersecurity policies and procedures at Motional, Johns Hopkins University’s Applied Physics Laboratory, and Carnegie Mellon University.</p>
</div></div></div></div>]]></description>
<link>https://www.csoonline.com/article/1291069/new-ciso-appointments-2024.html</link>
<post-id xmlns="com-wordpress:feed-additions:1">1291069</post-id><category>CSO and CISO, IT Governance, IT Jobs, IT Leadership</category><enclosure url="https://www.csoonline.com/wp-content/uploads/2024/06/shutterstock_1906255501.jpg?quality=50&strip=all" length="17771673" type="image/jpeg" />
</item>
<item>
<title>What is Tor Browser? Software for protecting your identity online</title>
<pubDate>Fri, 14 Jun 2024 05:00:00 +0000</pubDate>
<description><![CDATA[<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<h2 class="wp-block-heading" id="tor-browser-definition">Tor Browser definition</h2>
<p>The Tor Browser is a web browser that anonymizes your web traffic using the Tor network, making it easy to protect your identity online.</p>
<p>If you’re investigating a competitor, researching an opposing litigant in a legal dispute, or just think it’s creepy for your ISP or the government to know what websites you visit, then the Tor Browser might be the right solution for you.</p>
<p>A few caveats: Browsing the web over Tor is slower than the clearnet, and some major web services block Tor users. Tor Browser is also illegal in authoritarian regimes that want to prevent citizens from reading, publishing, and communicating anonymously. Journalists and dissidents around the world have embraced Tor as a cornerstone of democracy online today, and researchers are hard at work improving Tor’s anonymity properties.</p>
<h2 class="wp-block-heading" id="advantages-of-using-tor-browser">Advantages of using Tor Browser</h2>
<p>Tor Browser offers users many advantages, including the following:</p>
<ul>
<li><strong>Anonymity:</strong> By routing your web traffic through a series of nodes, Tor Browser separates your IP address, making it difficult for other entities to track your activity or unmask your identity online.</li>
<li><strong>Privacy:</strong> Tor’s protocols encrypt your traffic at each node, making it additionally challenging to monitor your activity online.</li>
<li><strong>Free and open source:</strong> Code for the Tor Browser is open source and freely available for inspection and modification. It is also free of the kinds of compromises commercial browser vendors make in developing and maintaining their products.</li>
<li><strong>Access to the .onion sites and the dark web:</strong> Tor enables users to navigate to certain websites not available on the clearnet.</li>
</ul>
<h2 class="wp-block-heading" id="why-do-people-use-tor-browser">Why do people use Tor Browser?</h2>
<p>Tor users use Tor Browser for a variety of reasons, but for the main part they do so to have greater anonymity online. This may be because they want to protect their privacy from marketers or identity thieves, or to protect their communications and online activity from being tracked by corporations or government entities. Whistleblowers, journalists, citizens of autocratic regimes are among those who benefit from the anonymity that Tor Browser gives its users, as do IT professionals, executives, lawyers, military professionals, and many others who need to have their work communications and activities cloaked for a variety of reasons, including investigating competitors and keeping strategies confidential. And yes, some Tor users leverage the browser to bypass restricted contact, consume illegal materials, or participate in illegal activities.</p>
<h2 class="wp-block-heading" id="tor-browsers-levels-of-security">Tor Browser’s levels of security</h2>
<p>Tor Browser offers three levels of security:</p>
<ul>
<li><strong>Standard</strong>, which uses Tor’s onion routing (see below) and encryption</li>
<li><strong>Safer</strong>, which also disables additional web features for increased security, including JavaScript on non-HTTPS sites</li>
<li><strong>Safest</strong>, which disables JavaScript on all websites</li>
</ul>
<h2 class="wp-block-heading" id="where-to-download-tor-browser">Where to download Tor Browser</h2>
<p>Tor Browser is available for Linux, Mac, and Windows, and has also been ported to mobile. You can download desktop versions from the <a href="https://www.torproject.org/download/download.html.en">Tor Project website</a>. If you’re on Android, find Tor Browser or Orbot on the Google Play Store or F-Droid. iOS users can grab Onion Browser, which the Tor Project has endorsed in conjunction with Orbot, from the Apple App Store.</p>
<h2 class="wp-block-heading" id="how-to-use-the-tor-browser-on-mobile-and-cell-phones">How to use the Tor Browser on mobile and cell phones</h2>
<p>More and more people are browsing the web from their phones, and in poorer parts of the world that are mobile first, people are browsing the web only from their phones. As a result, the Tor Project is invested in building a better Tor Browser for mobile phone users.</p>
<p>In September 2019, the Tor Project announced the <a href="https://blog.torproject.org/orfox-paved-way-tor-browser-android" target="_blank" rel="noreferrer noopener">official release of Tor Browser for Android</a>, replacing the Guardian Project’s Orfox as the officially endorsed Tor Browser for Android. (The Guardian Project’s similarly named Orbot, a Tor proxy for Android that lets you tunnel all your app traffic over Tor, not just web traffic, continues to be alive and well.)</p>
<p>Due to technical restrictions on Apple’s proprietary iOS platform, the Tor Project has not yet released an official Tor Browser for iPhone and iPad users, but endorses <a href="https://onionbrowser.com/" target="_blank" rel="noreferrer noopener">Onion Browser</a> for iOS users who want to browse the web anonymously. Onion Browser maintains a <a href="https://github.com/OnionBrowser/OnionBrowser/blob/2.X/CHANGELOG.md">change log of release notes</a>, including security issues and results of previous security audits on GitHub. </p>
<h2 class="wp-block-heading" id="how-to-use-the-tor-browser-on-macos-and-windows">How to use the Tor Browser on macOS and Windows</h2>
<p>The Tor Project offers Tor Browser for macOS, Windows, and Linux, as well as Android. From a macOS or Windows desktop, navigate via web browser to the <a href="https://www.torproject.org/download/">Tor Browser download page</a> and select the version for your operating system. From there, the Electronic Freedom Foundation maintains a thorough step-by-step guide for installing and using Tor Browser on <a href="https://ssd.eff.org/module/how-use-tor-macos">macOS</a> and <a href="https://ssd.eff.org/module/how-use-tor-windows">Windows</a>. </p>
<h2 class="wp-block-heading" id="how-to-use-tor-browser">How to use Tor Browser</h2>
<p>For most people, using Tor Browser is as simple as downloading it and running it, the same way you’d download Chrome or Firefox. </p>
<p>If you’ve never used Tor, the first thing you’ll notice is that it’s slow — or at least, slower than regular internet browsing. Still, Tor has gotten quite a bit faster over the years, and with a good internet connection, you can even watch YouTube videos over Tor.</p>
<p>Tor Browser gives you access to .onion websites that are available only within the Tor network. For instance, try to access The New York Times at <a href="https://www.nytimes3xbfgragh.onion/">https://www.nytimes3xbfgragh.onion/</a> and Facebook at <a href="https://www.facebookcorewwwi.onion/">https://www.facebookcorewwwi.onion</a> using a regular web browser. Go on. We’ll still be here when you get back. Didn’t work, did it? You can only reach these sites over Tor. This makes it possible to read the news anonymously, a desirable feature in a country where you don’t want the government knowing which news sites you’re reading, when you’re reading them, and for how long.</p>
<p>Using Tor Browser comes with one major annoyance: Many prominent web services block access to Tor, often without useful error messages. If a site you normally visit suddenly returns 404 when visiting over Tor, the service is likely blocking Tor traffic and being needlessly opaque about it. Sites that do not block Tor might push you to click through a ton of captchas. It’s not the end of the world, but it is annoying.</p>
<h2 class="wp-block-heading" id="how-tor-browser-works">How Tor Browser works</h2>
<p>Tor Browser routes all your web traffic through the Tor network, anonymizing it. As the images below illustrate, Tor consists of a three-layer proxy, like layers of an onion (hence Tor’s onion logo). Tor Browser connects at random to one of the publicly listed entry nodes, bounces that traffic through a randomly selected middle relay, and finally spits out your traffic through the third and final exit node.</p>
<div class="extendedBlock-wrapper block-coreImage undefined"><figure class="wp-block-image size-full"><img decoding="async" src="https://images.idgesg.net/images/article/2018/07/how_tor_works_1-100763523-orig.jpg?quality=50&strip=all&auto=webp&quality=85,70" alt="how tor works 1" class="wp-image-68979" loading="lazy" width="400px" /><figcaption class="wp-element-caption"><p>How Tor works, step 1</p>
</figcaption></figure><a href="https://commons.wikimedia.org/wiki/File:How_Tor_Works_1.svg" target="_blank" class="imageCredit" rel="noopener">Electronic Frontier Foundation</a></div><p>As a result, don’t be surprised if Google or another service greets you in a foreign tongue. These services look at your IP address and guesstimate your country and language, but when using Tor, you will often appear to be in a physical location halfway around the world.</p>
<div class="extendedBlock-wrapper block-coreImage undefined"><figure class="wp-block-image size-full"><img decoding="async" src="https://images.idgesg.net/images/article/2018/07/tor-2-100763518-orig.jpg?quality=50&strip=all&auto=webp&quality=85,70" alt="tor 2" class="wp-image-68975" loading="lazy" width="400px" /><figcaption class="wp-element-caption"><p>How Tor works, step 2</p>
</figcaption></figure><a href="https://commons.wikimedia.org/wiki/File:How_Tor_Works_2.svg" target="_blank" class="imageCredit" rel="noopener">Electronic Frontier Foundation</a></div><p>If you live in a regime that blocks Tor or need to access a web service that blocks Tor, you can also configure Tor Browser to use bridges. Unlike Tor’s entry and exit nodes, bridge IP addresses are not publicly listed, making it difficult for web services, or governments, to blacklist those IP addresses.</p>
<div class="extendedBlock-wrapper block-coreImage undefined"><figure class="wp-block-image size-full"><img decoding="async" src="https://images.idgesg.net/images/article/2018/07/tor-3-100763520-orig.jpg?quality=50&strip=all&auto=webp&quality=85,70" alt="tor 3" class="wp-image-68977" loading="lazy" width="400px" /><figcaption class="wp-element-caption"><p>How Tor works, step 3</p>
</figcaption></figure><a href="https://commons.wikimedia.org/wiki/File:How_Tor_Works_3.svg" target="_blank" class="imageCredit" rel="noopener">Electronic Frontier Foundation</a></div><p>The Tor network routes TCP traffic of all kinds but is optimized for web browsing. Tor does not support UDP, so don’t try to torrent free software ISOs, as it won’t work.</p>
<h2 class="wp-block-heading" id="is-tor-browser-safe-to-use">Is Tor Browser safe to use?</h2>
<p>While Tor Browser enhancing your anonymity online, it does not protect users from all dangers of the web. Also, the final relay of the Tor network is not encrypted, meaning that traffic between the exit node and destination server could be monitored. Kaspersky offers advice on <a href="https://www.kaspersky.com/resource-center/definitions/what-is-the-tor-browser">staying safe while using Tor Browser</a>, including keeping the browser and all extensions up to date, employing a firewall and antivirus software, and using Tor Browser randomly to decrease the likelihood of leaking identifiable patterns in your online activity.</p>
<h2 class="wp-block-heading" id="disadvantages-of-tor-browser">Disadvantages of Tor Browser</h2>
<p>Like all software, Tor Browser has downsides, such as the following:</p>
<ul>
<li><strong>Slow performance:</strong> Tor’s routing and encryption can slow down internet performance, making certain activities challenging, such as downloading large files.</li>
<li><strong>Security issues:</strong> Tor Browser can be vulnerable at its entry and exit nodes, thus making it not a security panacea for web traffic.</li>
<li><strong>Untrusted sites:</strong> Tormayallow access to unsafe sites that may otherwise be blocked by other browsers. This could lead to exposure to unsafe content or untrusted downloads.</li>
</ul>
<h2 class="wp-block-heading" id="is-tor-browser-legal">Is Tor Browser legal?</h2>
<p>For most people reading this article, Tor Browser is completely legal to use. In some countries, however, Tor is either illegal or blocked by national authorities. China has outlawed the anonymity service and blocks Tor traffic from crossing the Great Firewall. Countries such as Russia, Saudi Arabia, and Iran are working hard to prevent citizens from using Tor. Most recently, <a href="https://www.accessnow.org/venezuela-blocks-tor/" target="_blank" rel="noreferrer noopener">Venezuela has blocked all Tor traffic</a>.</p>
<p>It’s easy to see why a repressive regime hates Tor. The service makes it easy for journalists to report on corruption and helps dissidents organize against political repression.</p>
<p>The freedom to communicate, publish, and read anonymously is a prerequisite for freedom of expression online, and thus a prerequisite for democracy today. Using and supporting Tor helps support freedom of expression around the world. Technically sophisticated users are encouraged to donate bandwidth to the Tor network by running a relay.</p>
<h2 class="wp-block-heading" id="how-to-get-on-the-dark-web">How to get on the dark web?</h2>
<p>Let’s get this “<a href="https://www.csoonline.com/article/564313/what-is-the-dark-web-how-to-access-it-and-what-youll-find.html">dark web</a>” nonsense out of the way once and for all. While it’s true that some criminals use Tor to commit crimes, criminals also use the regular internet to commit crimes. Bank robbers use getaway cars on public highways to commit crimes. We don’t slander highways or the internet, because that would be foolish. Tor has tons of legitimate uses and is considered by many a cornerstone of democracy today.</p>
<p>So when you hear people talking in scared whispers about the “dark web” or the “deep web” or somesuch nonsense, understand that there is a lot more going on here than just “The <a href="https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalypse" target="_blank" rel="noreferrer noopener">Four Horsemen of the Infocalypse</a> are using computers in non-normative ways.” Anonymity online is not merely the bailiwick of criminals and trolls.</p>
<p>As a practical matter, Tor is for ordinary people, because criminals willing to break the law can achieve better anonymity than Tor provides. As the <a href="https://www.torproject.org/docs/faq-abuse.html.en#WhatAboutCriminals" target="_blank" rel="noreferrer noopener">Tor FAQ</a> points out:</p>
<blockquote class="wp-block-quote">
<p><em>Doesn’t Tor enable criminals to do bad things?</em></p>
<p>Tor’s mission is to advance human rights with free and open-source technology, empowering users to defend against mass surveillance and internet censorship. We hate that there are some people who use Tor for nefarious purposes, and we condemn the misuse and exploitation of our technology for criminal activity.</p>
<p>It’s essential to understand that criminal intent lies with the individuals and not the tools they use. Just like other widely available technology, Tor can be used by individuals with criminal intent. And because of other options they can use it seems unlikely that taking Tor away from the world will stop them from engaging in criminal activity. At the same time, Tor and other privacy measures can fight identity theft, physical crimes like stalking, and be used by law enforcement to investigate crime and help support survivors.</p>
</blockquote>
<h2 class="wp-block-heading" id="is-tor-browser-anonymous">Is Tor Browser anonymous?</h2>
<p>Tor Browser offers the best anonymous web browsing available today, but that anonymity is not perfect. We are currently witnessing an arms race between researchers seeking to strengthen Tor, or even develop a <a href="https://arstechnica.com/information-technology/2016/08/building-a-new-tor-that-withstands-next-generation-state-surveillance/" target="_blank" rel="noreferrer noopener">next generation anonymity tool</a>, and governments around the world studying how to break Tor’s anonymity properties.</p>
<p>The most successful technique to de-anonymize Tor Browser users has been to hack them. The FBI has used this technique successfully in numerous criminal cases, and under <a href="https://www.csoonline.com/article/555935/supreme-court-approves-rule-change-that-expands-fbi-computer-search-powers.html" target="_blank">Rule 41</a>, enacted in 2016 by US Chief Justice Roberts of the Supreme Court, the FBI can now mass hack large numbers of computers anywhere in the world using a single warrant.</p>
<p>Such hacking techniques ought to concern everyone, as innocent Tor users will inevitably get caught up in such fishing expeditions.</p>
<p>Does that mean you shouldn’t use Tor? Certainly not, if you care about your privacy online. Tor Browser is an essential tool that will only improve with time. If you don’t care about your privacy? Well, <a href="https://mic.com/articles/119602/in-one-quote-edward-snowden-summed-up-why-our-privacy-is-worth-fighting-for" target="_blank" rel="noreferrer noopener">Edward Snowden said it best</a>:</p>
<blockquote class="wp-block-quote">
<p>“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”</p>
</blockquote>
</div></div></div></div>]]></description>
<link>https://www.csoonline.com/article/565798/what-is-the-tor-browser-how-it-works-and-how-it-can-help-you-protect-your-identity-online.html</link>
<post-id xmlns="com-wordpress:feed-additions:1">565798</post-id><category>Internet, Privacy, Security</category><enclosure url="https://www.csoonline.com/wp-content/uploads/2024/06/shutterstock_1522319825.jpg?quality=50&strip=all" length="3598101" type="image/jpeg" />
</item>
<item>
<title>11 times the US government got hacked in 2023</title>
<pubDate>Thu, 13 Jun 2024 15:34:09 +0000</pubDate>
<description><![CDATA[<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>Poor patch management, unsupported systems, and inadequate authentication controls have left some US federal government systems open to hackers, resulting in 11 major incidents in the fiscal year to September 30, 2023, according to a new <a href="https://www.whitehouse.gov/wp-content/uploads/2024/06/FY23-FISMA-Report.pdf" target="_blank" rel="noreferrer noopener">report</a> from the US Office of Management and Budget (OMB).</p>
<p>Over the 12-month period, federal agencies reported 32,211 information security incidents, up almost 10% from the 29,319 reported in fiscal year 2022.</p>
<p>The report, produced by the OMB in compliance with the 2014 Federal Information Security Modernization Act and the 2015 Cybersecurity Act, identified “improper usage” and “email/phishing” as the most common attack vectors, at 12,261 and 6,198 incidents respectively.</p>
<p>Not all of the incidents were consequential, but the OMB qualified 11 of them as “major”. Here’s the low-down on what happened.</p>
<h2 class="wp-block-heading" id="1-better-in-than-out">1. Better in than out?</h2>
<p>A ransomware attack targeted network file shares on a system owned and operated by a contractor working with the department’s Centers for Medicare and Medicaid Services (CMS). This resulted in the exposure of personal data for 2.8 million individuals, 1.3 million of them deceased. The compromised information included names, addresses, dates of birth, Medicare identifiers, and bank details. As a result of the incident, CMS moved the systems in-house and offered victims free credit monitoring.</p>
<h2 class="wp-block-heading" id="2-an-ounce-of-prevention">2. An ounce of prevention</h2>
<p>In another major incident involving HHS, attackers targeted two contractors using a zero-day vulnerability to access systems containing HHS data. There was no sign that HHS systems were compromised, but the compromise of the contractors’ systems potentially exposed the personal information of 1.88 million individuals held for agencies including the Centers for Disease Control and Prevention, the National Institutes of Health, and CMS. This included names, social security numbers, email addresses, phone numbers, dates of birth, medical diagnoses, and other information.</p>
<h2 class="wp-block-heading" id="3-us-marshals-held-to-ransom">3. US Marshals held to ransom</h2>
<p>In February 2023, ransomware hit a computer system at the United States Marshals Service (USMS) containing personal information on staff and those involved in legal processes, forcing the USMS to build a new system and restore from backup. Affected individuals were notified and offered free credit monitoring.</p>
<h2 class="wp-block-heading" id="4-justice-served">4. Justice served</h2>
<p>Another ransomware incident, this time in May 2023, hit systems at a vendor providing data analytics support for specific cases for the Department of Justice’s Civil Division and some US Attorneys’ offices. This attack compromised personal and medical data. A third-part incident response service was called to investigate and clean up, and individuals affected were offered credit monitoring services.</p>
<h2 class="wp-block-heading" id="5-oops-they-did-it-again">5. Oops, they did it again</h2>
<p>In an unforced error, the Internal Revenue Service (IRS) inadvertently exposed personal information that it had already exposed the previous fiscal year. The IRS is supposed to disclose 501(c)3 organizations’ miscellaneous income by publishing redacted versions of their Exempt Organization Business Income Tax Return (990-T) forms. It hired a contractor to help automate this process, but a coding error led to the forms of all 501(c) organizations being exposed until the error was reported in August 2022. Although the data was promptly removed from the public web server, it was inadvertently published again from a staging server in the following fiscal year.</p>
<h2 class="wp-block-heading" id="6-no-big-deal">6. No big deal?</h2>
<p>The OMB made a big deal of one incident involving a bad actor gaining access to the login credentials of just one employee for just 15 hours — maybe because that person worked for the Office of the Inspector General (OIG), which has full access to all records and materials available to the Treasury Department, determines which of them to audit or investigate, and writes the reports. Due to the OIG’s defense in depth, the nation-state sponsored actor behind the attack was unable to access any information resources nor introduce any malware during the time they had access. The Treasury Department updated its multi-factor authentication policies, validated software configurations, and subjected staff to awareness training to prevent a reoccurrence.</p>
<h2 class="wp-block-heading" id="7-zero-day-survey">7. Zero-day survey</h2>
<p>The US Office of Personnel Management (OPM) reported a major incident involving a zero-day vulnerability in a file transfer application — likely the <a href="https://www.csoonline.com/article/655373/sec-to-investigate-progress-software-over-mass-moveit-hack.html" target="_blank">MOVEit</a> hack, although it was not explicitly named — used by a contractor supporting the Federal Employee Viewpoint Survey (FEVS). The breach compromised government email addresses, unique survey links, and OPM tracking codes for about 632,000 employees at the Departments of Justice and Defense. In response, OPM stopped transferring FEVS data to the contractor, deactivated the survey links, assessed the harm, and notified affected individuals. The assessment found no evidence of unauthorized access or manipulation of survey results.</p>
<h2 class="wp-block-heading" id="8-cfpb-reinforces-loss-prevention">8. CFPB reinforces loss prevention</h2>
<p>A Consumer Financial Protection Bureau employee — no longer with the agency, naturally — sent to their personal email account 14 emails containing personal information and two spreadsheets with details of around 256,000 customers of one single financial institution. The former employee ignored demands from CFPB to delete the emails and send proof of deletion. The official assessment indicated the data couldn’t be used for account access or identity theft, but some affected individuals were notified just in case. In addition, the CFPB strengthened technical controls to prevent inadvertent breaches, reminded all staff and contractors of its privacy policies, and reviewed all its information management procedures.</p>
<h2 class="wp-block-heading" id="9-thanks-id-rather-drive">9. Thanks, I’d rather drive</h2>
<p>Federal employees benefitting from the TRANServe initiative may have regretted their decision to take the train. Approximately 237,000 of them were potentially affected when attackers <a href="https://www.csoonline.com/article/575437/federal-cyber-incidents-reveal-challenges-of-implementing-us-national-cybersecurity-strategy.html" target="_blank">breached</a> several administrative systems and stole personal data from the Parking and Transit Benefit System (PTBS), which administers incentives to federal employees to take mass transportation to work. The attackers exploited an unpatched critical vulnerability in an unnamed commercial web application development platform, obtaining names, home and work addresses, and the last four digits of social security numbers. The Department of Transportation rebuilt affected servers with patched software, and offered credit monitoring services to staff.</p>
<h2 class="wp-block-heading" id="10-forgotten-impact-assessment-has-big-impact">10. Forgotten impact assessment has big impact</h2>
<p>An authorized developer at the Interior Department’s Interior Business Center (IBC) modified a payroll system’s security policy, inadvertently allowing HR personnel to view 36 federal agencies’ employee records. This potentially exposed personal data of around 147,000 individuals. An investigation revealed that the IBC failed to conduct a privacy impact assessment after changes to its systems, prompting it to strengthen internal processes and training.</p>
<h2 class="wp-block-heading" id="11-radioactive-exposure-data-exposed">11. Radioactive exposure data exposed</h2>
<p>The Department of Energy reported that a known but unnamed ransomware group exploited a zero-day vulnerability in a supposedly secure file transfer product used by the Waste Isolation Pilot Plant (WIPP) and Oak Ridge Associated Universities (ORAU). The ransomware group was able to access WIPP and ORAU systems and claimed it had exfiltrated data, potentially involving the details of 34,000 individuals in a health monitoring program for former DOE employees and 66,000 individuals from the Office of Science. The compromised data included names, birthdates, social security numbers, and some health information. Affected individuals were notified and provided with identity monitoring services.</p>
<p>It’s not all bad news, though. Despite a year-on-year increase in security incidents, the OMB audit noted that agencies have improved in adopting cyber defensive measures. Every agency selected an enterprise EDR platform as per OMB directives and expanded its cyber detection capabilities. That resulted in 96 percent of federal civilian executive branch agencies reporting an increase in the “detect” category in In fiscal year 2023, compared to the previous year.</p>
</div></div></div></div>]]></description>
<link>https://www.csoonline.com/article/2145769/11-times-the-us-government-got-hacked-in-2023.html</link>
<post-id xmlns="com-wordpress:feed-additions:1">2145769</post-id><category>Cyberattacks, Data Breach, Government IT</category><enclosure url="https://www.csoonline.com/wp-content/uploads/2024/06/The_White_House_shutterstock_119973388.jpg?quality=50&strip=all" length="8260085" type="image/jpeg" />
</item>
<item>
<title>Download our cloud access security broker (CASB) enterprise buyer’s guide</title>
<pubDate>Thu, 13 Jun 2024 15:00:00 +0000</pubDate>
<description><![CDATA[<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>From the editors of CSO, this enterprise buyer’s guide helps security IT staff understand what cloud access security brokers (CASBs) can do for their organizations and how to choose the right solution.</p>
</div></div></div></div>]]></description>
<link>https://us.resources.csoonline.com/resources/download-our-cloud-access-security-broker-casb-enterprise-buyers-guide/</link>
<post-id xmlns="com-wordpress:feed-additions:1">2130482</post-id><category>Access Control, Cloud Security, Enterprise Buyer’s Guides</category><enclosure url="https://www.csoonline.com/wp-content/uploads/2024/06/casb-buyers-guide-primary.png" length="301381" type="image/png" />
</item>
<item>
<title>How shadow IT and obsolete software menace enterprise infrastructure</title>
<pubDate>Thu, 13 Jun 2024 13:00:00 +0000</pubDate>
<description><![CDATA[<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>One-in-16 of all IT assets have reached the end-of-life stage of support, potentially exposing enterprises to known-but-unpatched vulnerabilities, according to a new study.</p>
<p>The figure comes from an analysis of raw data aggregated from visibility into 1.2 million IT assets, including servers and devices, on the networks of Sevco customers and prospects.</p>
<p>In addition to finding 6% of assets had reached EOL, Sevco’s study also found that 28% of all IT assets are missing at least one critical control – either endpoint protection or patch management.</p>
<p>Third-party experts said that issues posed by out-of-date software and shadow IT systems (unsanctioned technologies used by workers outside of any administration or control by the IT department) are growing.</p>
<h2 class="wp-block-heading" id="in-the-shadows">In the shadows</h2>
<p>“The volume and availability of non-standard, unmanaged, devices exposed to the internet, and configured by non-security-minded users is growing exponentially,” said Rik Ferguson, VP of security intelligence at Forescout. “These devices are often not as well secured or as visible as the traditional IT estate and remain uniquely vulnerable.”</p>
<p>Last month a threat actor was spotted attempting to sell access to the large cloud security company Zscaler. Following an investigation, Zscaler discovered a <a href="https://trust.zscaler.com/zscaler.net/security-advisories">test server which was not hosted on its core infrastructure</a>.</p>
<p>In the 2023 Okta attack, <a href="https://blogs.manageengine.com/it-security/2024/01/25/understanding-the-okta-supply-chain-attack-of-2023-a-comprehensive-analysis.html">attributed to the use of unauthorized IT systems</a>, corporate credentials were saved to a personal Google account before a work laptop was infected by malware, underscoring how shadow IT can lead to unauthorized access and potential data breaches.</p>
<h2 class="wp-block-heading" id="end-of-life-but-not-end-of-risk">End of life — but not end of risk</h2>
<p>Out-of-date software poses significant risks by increasing the attack surface and making organizations more vulnerable to exploits.</p>
<p>For example, an outdated version of JavaScript was a contributory factor in a <a href="https://ico.org.uk/media/action-weve-taken/mpns/2618421/ba-penalty-20201016.pdf">high-profile breach against British Airways in 2018</a> (pdf). The risk posed by outdated Windows XP systems at UK hospitals and elsewhere was exposed by the <a href="https://www.csoonline.com/article/563017/wannacry-explained-a-perfect-ransomware-storm.html">infamous WannaCry malware</a> in 2017.</p>
<p>IT assets that vendors deem to have reached end of life (EOL) no longer benefit from regular software updates or security patches under standard maintenance contracts — although some vendors will offer extended support for a fee. The base price for <a href="https://www.computerworld.com/article/2081793/heres-how-much-microsoft-will-charge-for-win10-security-updates-once-support-ends.html">three years of extended security updates for a single Windows 10 PC will be $427</a>, for example, after it reaches end of life in October 2025, a little less than the $490 that it cost to keep a Windows 7 PC patched through 2023. Although enterprises may get better pricing, it’s perhaps not surprising that some cash-strapped organizations decide to take a gamble.</p>
<p>Javvad Malik, lead security awareness advocate at KnowBe4, said: “The biggest risk of out-of-date software is in areas which have historically not been connected to the internet. So things like hospitals or critical infrastructure can often be found to be running out of date software.”</p>
<p>Ilia Kolochenko, CEO at ImmuniWeb, argued that the problems of shadow IT and outdated software are “deeply intertwined”.</p>
<p>“To combat against the risks of shadow IT, organizations should maintain and continually update a comprehensive inventory of all their systems, software, users, accounts, data and third parties that have any access to corporate data,” Kolochenko told CSOonline.com.</p>
<p>Sometimes even officially sanctioned IT systems are not kept up to date — such as those without adequate patch management systems in place identified by the Sevco study.</p>
<p>It was an unpatched — but eminently patchable — instance of Apache Struts that enabled the great <a href="https://www.csoonline.com/article/567833/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html">Equifax data heist of 2017</a>, for instance.</p>
<p>Experts agree that organisations need to conduct thorough audits and risk assessments. The best defences involve tight configuration management, software bill-of-materials tracking, security awareness training, and limiting what can be installed.</p>
<p>“Understanding your attack surface and conducting regular external asset mapping exercises is critical,” Tim West, Director, Threat Intelligence at With Secure. “It is important to note that the answer is not just solely technological. There is a human element behind shadow IT and why it happens. Training and ensuring existing processes work for the needs of your staff is also critical.”</p>
<p>ImmuniWeb’s Kolochenko added: “Even experienced software developers may carelessly deploy a container, with production data, in a cloud to experiment with some new features, eventually forgetting about it, let alone non-technical users with their home computers used for business or mobile devices.”</p>
</div></div></div></div>]]></description>
<link>https://www.csoonline.com/article/2145724/how-shadow-it-and-obsolete-software-menace-enterprise-infrastructure.html</link>
<post-id xmlns="com-wordpress:feed-additions:1">2145724</post-id><category>Patch Management Software, Threat and Vulnerability Management</category><enclosure url="https://www.csoonline.com/wp-content/uploads/2024/06/windowsupdate-100944666-orig-1.jpg?quality=50&strip=all" length="77222" type="image/jpeg" />
</item>
<item>
<title>A CISO game plan for cloud security</title>
<pubDate>Thu, 13 Jun 2024 10:00:00 +0000</pubDate>
<description><![CDATA[<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>As businesses increasingly migrate to the cloud, chief information security officers (CISOs) face numerous critical challenges in ensuring robust cloud security. Don’t believe me? Experts highlighted this at the recent <a href="https://www.gartner.com/en/conferences/na/security-risk-management-us">Gartner Security & Risk Management Summit.</a> Gartner projects a significant 24% increase in spending on cloud security, positioning it as the fastest-growing segment within the global security and risk management market.</p>
<h2 class="wp-block-heading" id="adapt-adjust-execute">Adapt, adjust, execute</h2>
<p>The bottom line is that shifting to cloud computing necessitates fundamentally rethinking security. Organizations strive to integrate the cloud into standard business operations, however, this transition has more pitfalls than most CISOs understand. I’ve seen this in my research and my experience as a consultant for 20 years, cloud and prior.</p>
<p><a href="https://www.infoworld.com/article/3715335/a-ciso-game-plan-for-cloud-security.html">Continue reading on InfoWorld</a></p>
</div></div></div></div>]]></description>
<link>https://www.infoworld.com/article/3715335/a-ciso-game-plan-for-cloud-security.html</link>
<post-id xmlns="com-wordpress:feed-additions:1">2142095</post-id><category>Cloud Security</category><enclosure url="https://www.csoonline.com/wp-content/uploads/2024/06/shutterstock_1018105807-100936711-orig.jpg?quality=50&strip=all" length="756547" type="image/jpeg" />
</item>
<item>
<title>Mastering the tabletop: 3 cyberattack scenarios to prime your response</title>
<pubDate>Thu, 13 Jun 2024 06:00:00 +0000</pubDate>
<description><![CDATA[<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>Security leaders live by the axiom that it is not a matter of <em>if</em> but <em>when</em> they will fall victim to a cybersecurity incident.</p>
<p>Because of this, CISOs often strive to get ahead of the inevitable by implementing incident response and business continuity plans. But without running <a href="https://www.csoonline.com/article/570871/tabletop-exercises-explained-definition-examples-and-objectives.html">tabletops</a> — dry-run exercises oriented around <a href="https://www.csoonline.com/article/1311295/4-tabletop-exercises-every-security-team-should-run.html">specific security incidents and scenarios</a> — you can never know how your plans or team might stand up against a real-world incident.</p>
<p>For those who have never run a tabletop or are pressed for time to craft a specific scenario, the US Cybersecurity and Infrastructure Security Agency (CISA) provides detailed <a href="https://www.cisa.gov/resources-tools/services/cisa-tabletop-exercise-packages">Tabletop Exercise Packages (CTEP)</a> that can give security leaders a head start.</p>
<p>Here are three of CISA’s CTEPs that create incredible value due to their breadth and depth and flexible templatized packages for any organization to use.</p>
<h2 class="wp-block-heading" id="scenario-1-compromised-open-source-software-packages">Scenario #1: Compromised open-source software packages</h2>
<p>Software <a href="https://www.csoonline.com/article/561323/supply-chain-attacks-show-why-you-should-be-wary-of-third-party-providers.html">supply chain attacks</a> continue to rise, with malicious actors increasingly targeting open-source software (OSS) packages due to their high return on investment. Rather than targeting a single organization or product, attackers have realized they can compromise a widely used OSS package and have a massive downstream impact.</p>
<p>The problem is exacerbated by a lack of visibility into the full inventory of OSS components an organization consumes, either directly for internal development purposes or via products from vendors in their supply chain. Organizations such as Synopsys have pointed out that 70% to 90% of modern codebases contain OSS components and that OSS components make up 70% or more of the overall codebase.</p>
<p>These components, while offering key benefits such as cost savings, speed and efficiency, also come with risks such as a lack of resources for maintenance, with 25% of OSS projects having a single maintainer and 94% having fewer than 10.</p>
<p>This is why organizations such as Sonatype have found <a href="https://www.sonatype.com/en/press-releases/sonatype-9th-annual-state-of-the-software-supply-chain-report">245,000 malicious packages in the past year</a>, twice those found in all previous years combined that its report has been tracking.</p>
<p>From <a href="https://www.csoonline.com/article/574261/log4shell-remains-a-big-threat-and-a-common-cause-for-security-breaches.html">Log4j</a> to the latest <a href="https://www.csoonline.com/article/2077692/dangerous-xz-utils-backdoor-was-the-result-of-years-long-supply-chain-compromise-effort.html">XZ Utils</a> scare, the OSS ecosystem has key risks that organizations need to account for, which is exactly why CISA released the OSS CTEP.</p>
<h3 class="wp-block-heading" id="oss-ctep-structure">OSS CTEP structure</h3>
<p><a>CISA’s </a><a href="https://www.cisa.gov/sites/default/files/2024-04/Open-Source-CTEP-Situation-Manual-042024-508.docx">OSS CTEP</a> is structured over 180 minutes and includes various activities capped off by a hotwash. It orients around the NIST CSF in phases of govern, identify, protect, detect, respond, and recover. Some of the key objectives include:</p>
<ul>
<li>Discuss organizational resilience and response to threats targeting open-source projects.</li>
<li>Familiarize stakeholders with reporting processes and respective roles and responsibilities during a cyber incident stemming from a critical OSS project.</li>
<li>Identify areas for improvement in incident reporting processes, policies and procedures</li>
<li>Examine response coordination efforts between public, private and community stakeholders during a cyber incident</li>
</ul>
<p>The CTEP lays out a couple of scenarios involving the introduction of a vulnerability into an OSS community’s toolchain leading to a worldwide system of compromises and delays associated with patching the vulnerability.</p>
<p>While much of the CTEP is aimed at being an actionable exercise for the OSS community and maintainers themselves, it can serve as a useful framework for organizations as well.</p>
<h3 class="wp-block-heading" id="key-questions-around-oss-risks">Key questions around OSS risks</h3>
<p>Key questions could include:</p>
<ul>
<li>Do we understand what OSS components we’re consuming and using, what systems they reside on, and which vendors are integrating them into the products that we use?</li>
<li>In the event of an OSS package compromise, how would we go about following the incident management lifecycle as identified by NIST to respond to and recover from the incident?</li>
<li>What actions can we take to mitigate risk to the organization involving the impacted systems and products?</li>
<li>How can we make more risk-informed decisions around the OSS projects and components we consume and use?</li>
<li>How do we respond to our vendors in our supply chain to ensure we have transparency around the components in their products which may pass down risk to us?</li>
</ul>
<p>The outcomes of these thought-provoking questions and activities can be codified into organizational policies and processes to bolster the organization’s resiliency against OSS software supply chain attacks moving forward.</p>
<h2 class="wp-block-heading" id="scenario-2-ransomware-attack">Scenario #2: Ransomware attack</h2>
<p><a href="https://www.csoonline.com/article/563507/what-is-ransomware-how-it-works-and-how-to-remove-it.html">Ransomware</a> has easily become one of the most notorious and pervasive attack vectors wreaking havoc on the digital ecosystem. Some <a href="https://www.axios.com/2024/02/09/ransomware-earnings-2023-chart">estimates</a> have ransomware hackers in 2023 bringing in double the 2022 total of $567 million in cryptocurrency payments from cyberattacks.</p>
<p>Ransomware attackers seek to gain access to data or systems until some form of compensation or demand is met. Notable incidents include the <a href="https://www.csoonline.com/article/570729/colonial-pipeline-take-away-for-cisos-embrace-the-mandates.html">2021 attack on Colonial Pipeline</a> which not only had financial consequences but societal impact, bringing broader awareness to citizens that cyberattacks can affect daily life. Other notable events include <a href="https://www.csoonline.com/article/563017/wannacry-explained-a-perfect-ransomware-storm.html">Wannacry</a>, <a href="https://www.csoonline.com/article/573049/5-years-after-notpetya-lessons-learned.html">NotPetya</a>, <a href="https://www.csoonline.com/article/559143/inside-a-ransomware-attack-infecting-pc-with-locky.html">Locky</a> and <a href="https://www.csoonline.com/article/570361/the-worst-and-most-notable-ransomware.html">many others</a>, as the list continues to grow.</p>
<p>We’ve even now seen ransomware-as-a-service (RaaS) subscription-based models evolve in which ransomware groups sell their code or access to attackers and interested parties. They may sell or lease variants of their ransomware to buyers, which is compelling given <a href="https://www.crowdstrike.com/cybersecurity-101/ransomware/ransomware-as-a-service-raas/">estimates</a> put the average ransomware demand in 2021 for example at $6 million.</p>
<h3 class="wp-block-heading" id="bolstering-resilience-around-ransom-attacks">Bolstering resilience around ransom attacks</h3>
<p>CISA’s <a href="https://www.cisa.gov/sites/default/files/2023-09/Ransomware-CTEP-Situation-Manual-092023-508.docx">CTEP Situation Manual for Ransomware</a> can be used for tabletop exercises to bolster resiliency against ransomware attacks. Much like the OSS CTEP, it is 180 minutes long, involves a diverse set of stakeholders across the organization, and various activities oriented around the NIST CSF.</p>
<p>Key objectives include:</p>
<ul>
<li>Examining an organization’s response capabilities during a significant ransomware incident.</li>
<li>Examining the ability to coordinate information sharing.</li>
<li>Identify areas for improvement in cyber incident response plans and organizational resilience.</li>
<li>Exploring and bolstering an organization’s plans to recover from the incident, and restore services, mission-critical assets, or systems.</li>
</ul>
<p>One scenario involves an employee of the organization being targeted by a phishing email as the entry point to a network/system and attackers compromising PII data and installing ransomware — a common scenario.</p>
<p>Another scenario includes a CISA alert for a new ransomware variant, followed by dealing with end-of-life operating systems, a stolen laptop belonging to an employee, and employees contacting the VP of finance about a suspicious email with a PDF attachment. If these scenarios sound all too familiar, it is because they are.</p>
<p>Dealing with these sorts of situations can be frustrating and challenging in enterprise environments, as organizations scramble to try and make sense of what is happening, how they may be impacted and how they respond to the threat and recover from it once they determine the actual impact.</p>
<h3 class="wp-block-heading" id="understanding-threats-and-preparedness">Understanding threats and preparedness</h3>
<p>The ransomware CTEP explores aspects of an organization’s operational resiliency and poses key questions aimed at understanding threats to an organization, what information the attacker leverages, and how to conduct risk assessments to identify specific threats and vulnerabilities to critical assets.</p>
<p>Given that ransomware attacks focus on data and systems, the scenario asks key questions about the accuracy of inventories and whether there are resources in place dedicated to mitigating known exploited vulnerabilities on internet-facing systems.</p>
<p>This includes activities such as not just having backups, but their retention period and an understanding of how long it would take to restore from backups if necessary, in events such as a ransomware attack.</p>
<p>Questions asked during the tabletop also include a focus on assessing zero-trust architecture implementation or lack thereof. This is critical, given that zero trust emphasizes least-permissive access control and network segmentation, practices that can limit the lateral movement of an attack and potentially keep it from accessing sensitive data, files, and systems.</p>
<p>The exercise also involves assessing cybersecurity awareness training for employees. This is foundational when mitigating ransomware risks, because the initial attack vectors target employees via <a href="https://www.csoonline.com/article/514515/what-is-phishing-examples-types-and-techniques.html">phishing</a> and other social engineering tactics.</p>
<p>A robust cybersecurity awareness training program combined with procedures for employees to report suspected phishing attempts can help raise awareness among the security team and broader organization when malicious activity is potentially underway.</p>
<h3 class="wp-block-heading" id="a-typical-ransom-scenario-imagines-a-hack">A typical ransom scenario imagines a hack</h3>
<p>The scenario progresses to involve traffic outside standard business hours, systems throughout the organization receiving ransom messages and blank screens, and security researchers discovering hacking groups on the <a href="https://www.csoonline.com/article/564313/what-is-the-dark-web-how-to-access-it-and-what-youll-find.html">dark web</a> posting about compromising your organization. It’s posited that the hackers have accessed sensitive PII such as SSN’s, banking information, and more and shared a subset of the records to prove their success.</p>
<p>This leads to internal tabletop questions oriented around resiliency planning, such as sustaining continuity of operations for essential functions and having incident response plans and being able to prioritize and perform IT restoration. It also involves being able to distinguish between normal and abnormal network traffic and having a codified cybersecurity incident response plan (IRP) that employees are trained on and have practiced (as with the tabletop).</p>
<p>There is also a legal aspect for the organization depending on the nature of the data compromised, which is why questions in the scenario involve understanding security breach notification laws for a given country, state, and industry.</p>
<p>This is an evolving area of cybersecurity, with efforts like <a href="https://www.cisa.gov/topics/cyber-threats-and-advisories/information-sharing/cyber-incident-reporting-critical-infrastructure-act-2022-circia">CIRCIA</a> for critical infrastructure and SEC changes for publicly traded companies that have a “material” cybersecurity incident. Organizations need to be well-versed in their disclosure requirements and have thought out communication plans to ensure both compliance and properly delivered messaging to the public and regulatory authorities as well as media outlets.</p>
<p>There is also a need to understand what external partners need to be engaged from a legal and law enforcement perspective, all critical points organizations need to be aware of <em>prior</em> to a ransomware incident.</p>
<h2 class="wp-block-heading" id="scenario-3-insider-threat">Scenario #3: Insider threat</h2>
<p>The CISA <a href="https://www.cisa.gov/sites/default/files/2023-02/insider-threat-ctep-situation-manual-ncep-092020-508.docx">CTEP for Insider Threats</a> involves a hypothetical scenario in which a disgruntled former employee has taken advantage of the access they have through a third-party vendor with which the organization collaborates to exploit system vulnerabilities.</p>
<p>This is a very plausible scenario given inherent third-party risks and the struggle to manage the ever-growing length of the supply chain and constant integrations between systems and environments via network connections, APIs, and more.</p>
<p>The initial scenario involves an alert from CISA regarding a vulnerability in a specific microprocessor found throughout an organization that can allow attackers to access sensitive data. Replacing hardware can be expensive and time-consuming, so the threat can’t be entirely mitigated immediately.</p>
<p>Meanwhile, an employee is terminated for treating co-workers poorly. During their exit, the former employee threatens the organization that it will regret the decision.</p>
<p>This scenario generates questions to test how an organization actually receives these sorts of alerts from industry resources such as CISA and how they can potentially take action if they are relevant and potential threats.</p>
<h3 class="wp-block-heading" id="disgruntled-former-employees-as-a-typical-threat">Disgruntled former employees as a typical threat</h3>
<p>Also, given the employee’s history of bad behavior and threatening posture, there are questions about how contentious terminations should be handled and whether the organization has a procedure to retrieve the employee’s company equipment and remove access during the termination process. It also encourages the organization to consider what steps it can take to ensure former employees can no longer access organizational systems and data.</p>
<p>In the scenario, employees report missing and altered files and deleted backups. Security gets involved, identifying administrator-level access occurring and systems and files being tampered with. The account is deactivated, and the extent of the damage is not initially known.</p>
<p>Questions to think through during the tabletop include:</p>
<ul>
<li>How long does the organization keep backups?</li>
<li>How long does it take to restore from backups and has that process actually been tested?</li>
</ul>
<p>The tabletop also invites discussions around how the organization is prepared to respond to the discovery of unauthorized administrative activity, who would be notified, and how.</p>
<h3 class="wp-block-heading" id="helping-security-teams-think-of-everything-that-needs-to-be-done">Helping security teams think of everything that needs to be done</h3>
<p>The point of the exercise is to force security teams to consider what resources are required for incident response and what processes might be invoked to mitigate the impact from malicious activity from an insider threat.</p>
<p>There also may be a need to contact law enforcement and to sufficiently document the incident to be able to legally pursue the attacker and hold them accountable for the malicious activities.</p>
<p>Scenarios like these <a href="https://www.csoonline.com/article/2112460/employee-discontent-brewing-in-darkness-theres-the-source-of-your-insider-threat.html">can and often do play out</a>, with former employees becoming frustrated with a former employer and looking to use insider information they are privy to, to try and compromise or negatively impact the organization both technically, financially and reputationally.</p>
<p>Organizations need to have comprehensive plans and processes in place to halt malicious activities, mitigate the impact, respond to and recover from the incident and legally pursue the insider to hold them accountable for their actions.</p>
</div></div></div></div>]]></description>
<link>https://www.csoonline.com/article/2144047/mastering-the-tabletop-exercise-3-cyberattack-scenarios-and-how-to-plan-a-robust-response.html</link>
<post-id xmlns="com-wordpress:feed-additions:1">2144047</post-id><category>Ransomware, Security Practices, Threat and Vulnerability Management</category><enclosure url="https://www.csoonline.com/wp-content/uploads/2024/06/Modern-Factory-Office-Meeting-Room-Multi-Ethnic-Diverse-Team-Engineers-Managers-Conference-Table-Analyzing-Blueprints-strategy-security-plan.jpg?quality=50&strip=all" length="382589" type="image/jpeg" />
</item>
<item>
<title>Pure Storage says it was breached as Snowflake victim count continues to grow</title>
<pubDate>Wed, 12 Jun 2024 21:22:28 +0000</pubDate>
<description><![CDATA[<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>Storage vendor Pure Storage has named itself the latest company affected by the extraordinary series of cyberattacks affecting customers of data warehousing company Snowflake.</p>
<p>The <a href="https://www.csoonline.com/article/2140487/snowflake-no-breach-just-compromised-credentials-say-researchers.html">Snowflake attack</a>s are, collectively, already one of the biggest cyber-incidents of the year and as the victim list expands could turn into one of the most significant of the decade .</p>
<p>Pure Storage, known for its proprietary DirectFlash technology, has sought <a href="https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/Security_Bulletins/topics/concept/c_Security_Bulletin_for_Unauthorized_Access_to_Telemetry_Information.html">to downplay</a> what happened, describing how a third party had gained temporary access to a single data analytics workspace containing telemetry used for customer support.</p>
<p>That exposed company names, LDAP usernames, email addresses, and the version number of the company’s Purity software but no “compromising information such as passwords for array access, or any of the data that is stored on the customer systems,” a statement said.</p>
<p>The company said it was monitoring its infrastructure for unusual activity and had seen no evidence of any further attacks on itself or its large customer base. It didn’t reveal the security weakness that caused the breach.</p>
<h2 class="wp-block-heading" id="unfolding-cyberattack">Unfolding cyberattack</h2>
<p>Several issues revealed by the Snowflake-related incidents will be worrying experts: the long timescale over which some elements of it seem to have occurred, the scale of any subsequent data breaches, and the underlying security weaknesses that made it possible.</p>
<p>The Snowflake incident has already been connected to data breaches at Spanish bank Santander and ticketing giant Ticketmaster, plus a long list of other well-known companies originally named in a <a href="https://web.archive.org/web/20240531140540/https:/hudsonrock.com/blog/snowflake-massive-breach-access-through-infostealer-infection">May report</a> by cyber-intelligence company Hudson Rock (since removed after legal pressure from Snowflake).</p>
<p>On 10 June, reports by <a href="https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion">Google’s Mandiant</a> and CrowdStrike linked the attacks to a threat actor identified as UNC5537 which they said was compromising Snowflake accounts using customer credentials acquired from cybercrime forums.</p>
<p>In other words, the group gained access using compromised credentials rather than a weakness in the Snowflake platform itself. Data theft was being used to extort Snowflake customers, of which 165 had been notified of possible exposure, Mandiant said.</p>
<h2 class="wp-block-heading" id="single-factors-last-stand">Single factor’s last stand?</h2>
<p>According to Mandiant, most of the credentials used to break into accounts were acquired by Infostealers, a long-established type of malware which infects computers to silently steal data including passwords.</p>
<p>Alarmingly, in the case of Snowflake credentials some of this dated back four years. If attackers are still able to use these, this indicates that they haven’t been rotated. Credentials can be brute forced and even competently secured ones can be phished, but failing to rotate important credentials is a symptom of outright neglect.</p>
<p>This might have happened because the IT team didn’t know they existed. Created by developers on the hoof, they remained invisible and the access they provided was forgotten.</p>
<h2 class="wp-block-heading" id="mfa-not-mandated">MFA not mandated</h2>
<p>Another issue raised by the Snowflake attacks is that many credentials were apparently not protected by multi-factor authentication (MFA). On June 7, after the attacks had come to light, Snowflake said it now planned to <a href="https://community.snowflake.com/s/question/0D5VI00000Emyl00AB/detecting-and-preventing-unauthorized-user-access">make this setting mandatory</a> for customers:</p>
<p>“While we do so, we are continuing to strongly engage with our customers to help guide them to enable MFA and other security controls as a critical step in protecting their business,” the company said.</p>
<p>Given that MFA is now widely seen as a necessary protection for any privileged account, what’s less clear is why so many customers aren’t using it.</p>
<p>CSOonline.com asked security experts for their views, and all mentioned the same issue: that MFA was seen as inconvenient, even by developers and IT professionals.</p>
<p>“Unfortunately, IT departments receive pushback from users when it comes to using two-factor authentication. Users do not like using MFA, as it adds another step to the authorization process,” said Chris Hauk of privacy organization Pixel Privacy.</p>
<p>“This is despite MFA adding a minuscule bit of extra time to the login process. Management needs to back IT in cases like this. More authentication steps generally mean less breaches like this. Sadly, users do not enjoy change and will always pushback.”</p>
<p>MFA improves security but it also increases complexity because users have to be enrolled and managed, and the technology is never cheap to implement.</p>
<p>Compounding this was the issue of shadow IT. Developers sign up for cloud accounts without telling the IT team which means that MFA policies, if they exist, are never applied.</p>
<p>Service providers could solve this by mandating MFA but are reluctant to because they too think they’ll get pushback from customers.</p>
<p>If Snowflake tells us anything it’s that the gradualist approach to MFA security is obsolete. MFA is not a panacea but its universal application on cloud services would surely reduce the likelihood of mass data breaches by careless account holders.</p>
</div></div></div></div>]]></description>
<link>https://www.csoonline.com/article/2144139/pure-storage-says-it-was-breached-as-snowflake-victim-count-continues-to-grow.html</link>
<post-id xmlns="com-wordpress:feed-additions:1">2144139</post-id><category>Data Breach, Multi-factor Authentication, Vulnerabilities</category><enclosure url="https://www.csoonline.com/wp-content/uploads/2024/06/20170411-pure-storage-flasharray-x-100717464-orig.jpg?quality=50&strip=all" length="697548" type="image/jpeg" />
</item>
<item>
<title>Microsoft fixes dangerous zero-click Outlook remote code execution exploit</title>
<pubDate>Wed, 12 Jun 2024 20:49:03 +0000</pubDate>
<description><![CDATA[<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>As part of its Patch Tuesday cycle, Microsoft has fixed a high-risk vulnerability in its Outlook desktop client that could be exploited by attackers to execute malicious code when opening a specially crafted email message.</p>
<p>While opening an email is needed to exploit this flaw, the attack is technically zero-click because the Outlook Preview Pane is also affected.</p>
<p>“This lack of required user interaction, combined with the straightforward nature of the exploit, increases the likelihood that adversaries will leverage this vulnerability for initial access,” researchers from security firm Morphisec who found and reported the flaw said in <a href="https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability">a June 11 blog post</a>.</p>
<p>The vulnerability is tracked as <a href="https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30080">CVE-2024-30103</a> and Microsoft rates it as 8.8 (high) on the CVSS scale. The reason why it’s not rated critical is likely because it requires an attacker to be authenticated using valid Exchange user credentials, but this is not necessarily a big hurdle to overcome as Exchange credentials are often compromised during network breaches.</p>
<p>At the very least this exploit could enable easier lateral movement through networks once one corporate email account is compromised and the attacker can send email on its behalf.</p>
<h2 class="wp-block-heading" id="the-vulnerability-could-enable-the-creation-of-malicious-dll-files">The vulnerability could enable the creation of malicious DLL files</h2>
<p>While Morphisec has held back the technical details of the flaw, planning to include it in a presentation at the DEF CON conference this year, Microsoft does provide some hints in its advisory.</p>
<p>“An attacker who successfully exploited this vulnerability could bypass Outlook registry block lists and enable the creation of malicious DLL files,” the company said.</p>
<p>The arbitrary code execution occurs with the privileges of the current user, so, in order to fully take over a system, attackers would have to combine it with a privilege escalation flaw. The researchers who found this vulnerability claim to have found a second one that will be included in their DEF CON presentation, but which has not been patched yet.</p>
<p>Attackers have exploited Outlook vulnerabilities before in the wild, as email is the primary vector for distributing malware. Even APT groups have exploited Outlook flaws before <a href="https://www.csoonline.com/article/575293/microsoft-fixes-bypass-for-critical-outlook-zero-click-flaw-patch.html">including zero-click ones</a>.</p>
<h2 class="wp-block-heading" id="organizations-urged-to-update-outlook-clients">Organizations urged to update Outlook clients</h2>
<p>Even though Microsoft assessed the exploitability of this flaw as “less likely,” the Morphisec researchers believe it will be adopted by attackers once more details or a proof-of-concept exploit becomes available.</p>
<p>“Morphisec strongly urges all organizations to update their Microsoft Outlook clients immediately to mitigate the risk associated with this vulnerability,” they said. “Given the ease of exploitation, prompt action is crucial to ensure the security of systems and sensitive data.”</p>
<p>Microsoft patched a total of 51 vulnerabilities on Tuesday and only one of them was rated critical: a remote code execution flaw (<a href="https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30080">CVE-2024-30080</a>) in the Microsoft Message Queuing (MSMQ) feature that allows applications running on different processors and servers to communicate with each other. MSMQ is not enabled by default but multiple applications including Microsoft Exchange Server enable it as part of their installation routines.</p>
</div></div></div></div>]]></description>
<link>https://www.csoonline.com/article/2144119/microsoft-fixes-dangerous-zero-click-outlook-remote-code-execution-exploit.html</link>
<post-id xmlns="com-wordpress:feed-additions:1">2144119</post-id><category>Vulnerabilities, Windows Security</category><enclosure url="https://www.csoonline.com/wp-content/uploads/2024/06/shutterstock_680078968-100942780-orig.jpg?quality=50&strip=all" length="783028" type="image/jpeg" />
</item>
<item>
<title>Criminals, too, see productivity gains from AI</title>
<pubDate>Wed, 12 Jun 2024 12:00:00 +0000</pubDate>
<description><![CDATA[<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>Cyber criminals are beginning to use artificial intelligence to make their operations more effective — and their use goes way beyond creating better bait for phishing.</p>
<p>Just as in legitimate business, discussions about AI among criminals have accelerated this year compared to 2023, researchers from cybersecurity group Intel 471 reported in a new study published Wednesday, <a href="https://intel471.com/blog/cybercriminals-and-ai-not-just-better-phishing">Cybercriminals and AI: Not Just Better Phishing</a>.</p>
<p>Threat actors are closely watching, and they’re experimenting, the researchers said. Some threat actors are claiming to use AI for activities such as creation of deepfake videos, defeating facial recognition, and summarizing data stolen in data breaches. Others are building AI into their hacking tools or creating malicious chatbots.</p>
<p>However, the study said, “Perhaps the most observed impact AI has had on cybercrime has been an increase in scams, particularly those leveraging <a href="https://www.csoonline.com/article/1251094/deepfakes-emerge-as-a-top-security-threat-ahead-of-the-2024-us-election.html">deepfake</a> technology.”</p>
<p>Some of those scams have cost lives, the study said. For example, a group of cyber criminals known as the Yahoo Boys, primarily based in Nigeria, use deepfakes in romance and sextortion scams, gaining victims’ confidence with fake personas. They often persuade those victims to share compromising photos, which they then threaten to make public unless they’re paid. Intel 471 said that many of the targeted victims are minors and in some cases they have committed suicide.</p>
<p>Deepfake offerings have increased significantly since January 2023, the study said, and they have become less expensive. One threat actor claimed to generate audio and video deepfakes using an AI tool for between US$60 and US$400 per minute, depending on complexity, a bargain compared to 2023 prices. Other bad actors’ offerings include a subscription service costing US$999 per year for 300 face swaps per day in images and videos.</p>
<p>Others are using AI in business email compromise (BEC) scams and document fraud. One of them, the study said, allegedly developed a tool using AI to manipulate invoices, intercepting communications between parties, and altering information such as bank account numbers to redirect payments to the scammers.</p>
<h2 class="wp-block-heading" id="productivity-gains">Productivity gains</h2>
<p>“The invoice manipulation tool allegedly has a range of functionality, including the ability to detect and edit all portable document file (PDF) documents and swap international bank account numbers (IBANs) and bank identification codes (BICs),” the study said. “The tool is offered on a subscription basis for US$5,000 per month or US$15,000 for lifetime access. If this tool works as promised, this fulfills an often-cited use case of AI for productivity gains, albeit here in a criminal context.”</p>
<p>Another criminal claims to use Meta’s Llama large language model (LLM) to extract the most sensitive data from the fruits of a data breach to use in pressuring the victim to pay ransom.</p>
<p>However, noted Jeremy Kirk, analyst at Intel 471, not all claims of AI use may be accurate. “We use the word ‘purportedly’ to represent that it is a claim being made by a threat actor and that it is frequently unclear exactly to what extent AI has been incorporated into a product, what LLM model is being used, and so forth,” he said in an email. “As far as whether developers of cybercriminal tools are jumping on the bandwagon for a commercial benefit, there seem to be genuine efforts to see how AI can help in cybercriminal activity. Underground markets are competitive, and there is often more than one vendor for a particular service or product. It is to their commercial advantage to have their product work better than another, and AI might help.”</p>
<p>Intel 471 has observed many claims that are in doubt, including one by four University of Illinois Urbana-Champaign (UIUC) computer scientists who claim to have used OpenAI’s GPT-4 LLM to autonomously exploit vulnerabilities in real-world systems by feeding the LLM common vulnerabilities and exposures (CVE) advisories describing flaws. However, the study pointed out, “Because many of the key elements of the study were not published — such as the agent code, prompts or the output of the model — it can’t be accurately reproduced by other researchers, again inviting skepticism.”</p>
<h2 class="wp-block-heading" id="automation">Automation</h2>
<p>Other threat actors offered tools that scrape and summarize CVE data, and a tool integrating what Intel 471 called a well-known AI model into a multipurpose hacking tool that allegedly does everything from scanning networks and looking for vulnerabilities in content management systems to coding malicious scripts.</p>
<p>The study’s authors also highlighted some of the new risks emerging as AI use grows, such as the generation of recommendations from Google’s new AI-powered Search Generative Experience <a href="https://www.bleepingcomputer.com/news/google/googles-new-ai-search-results-promotes-sites-pushing-malware-scams/">directing users to malicious sites</a>, and vulnerabilities in AI applications. In addition, nation-states and other malicious entities were observed using LLMs for multiple kinds of attack. The study cited public blog posts from <a href="https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/">Microsoft</a> and <a href="https://openai.com/index/disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors/">OpenAI</a> that specifically identified five state-sponsored groups, one each from Russia, North Korea, and Iran, and two from China.</p>
<p>To counter this, the study noted, government agencies including the US Federal Communications Commission, the US Department of Homeland Security, the UK government, and others are initiating measures to monitor and regulate AI to ensure its safety and security.</p>
<h2 class="wp-block-heading" id="it-will-only-get-worse">It will only get worse</h2>
<p>Intel 471 concluded that, although AI had only played what it called “a small supporting role” in cybercrime in the past, the technology’s role has grown. Its analysts expect that deepfakes, phishing, and BEC activity will increase, along with disinformation campaigns fueled by LLMs’ ability to generate content.</p>
<p>And, the company added, “The security landscape will dramatically change when an LLM can find a vulnerability, write and test the exploit code and then autonomously exploit vulnerabilities in the wild.”</p>
<p>“Machine learning and technology dubbed as AI have been circulating in the security industry for a long time, from fighting spam to detecting malware,” Kirk said. “At a minimum, AI could aid in faster attacks but also in faster defenses. There will be times when attackers get the upper hand and defenders are catching up, but that is not unlike where we are now.</p>
<p>“How cybercriminals can use AI will also depend on the availability of LLMs and AI models with fewer guardrails and allow prompts for information or code that could help in malicious uses.”</p>
</div></div></div></div>]]></description>
<link>https://www.csoonline.com/article/2143864/criminals-too-see-productivity-gains-from-ai.html</link>
<post-id xmlns="com-wordpress:feed-additions:1">2143864</post-id><category>Generative AI, Threat and Vulnerability Management</category><enclosure url="https://www.csoonline.com/wp-content/uploads/2024/06/hacker-stealing-dollars-bank-cyber-crime-cybercrime-money-theft-100937830-orig.jpg?quality=50&strip=all" length="181297" type="image/jpeg" />
</item>
<item>
<title>8 critical lessons from the Change Healthcare ransomware catastrophe</title>
<pubDate>Wed, 12 Jun 2024 06:01:00 +0000</pubDate>
<description><![CDATA[<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>Lessons are beginning to cohere from Change Healthcare’s disastrous ransomware attack that starkly illustrated the fragility of the healthcare sector, prompting calls for regulatory action.</p>
<p>The February attack disrupted insurance claims processing across the US, creating chaos for clinics, pharmacies, and patients left unable to fulfil pre-authorized prescriptions or medical treatments covered by insurance.</p>
<p>The flow of payments to healthcare providers processed by Change Healthcare was brought to an abrupt halt as systems were taken offline in response to the attack.</p>
<p>Smaller healthcare providers and rural pharmacies in particular experienced huge revenue losses because of the attack with some taken close to insolvency. In the end, the attack exposed personal data of <a href="https://www.csoonline.com/article/2097479/unitedhealth-hack-may-impact-a-third-of-us-citizens-ceo-testimony.html">potentially a third of all US citizens</a> and cost parent company UnitedHealth Group (UHG) more than $872 million to <a href="https://www.unitedhealthgroup.com/newsroom/2024/2024-04-22-uhg-updates-on-change-healthcare-cyberattack.html">deal with the attack and the disruption it caused</a>.</p>
<p>Part of these costs has involved offering accelerated payments and no-interest, no-fee loans to thousands of providers. Another portion is earmarked for incident response and completely rebuilding Change Healthcare’s systems from the ground up. Revenue loss included, it is estimated that the attack will <a href="https://www.forbes.com/sites/noahbarsky/2024/04/30/unitedhealths-16-billion-tally-grossly-understates-cyberattack-cost/?sh=79f5a66e5aab">cost UHG over $1 billion</a>.</p>
<p>In response to the attack, US politicians have called for <a href="https://www.csoonline.com/article/2093196/consolidation-blamed-for-change-healthcare-ransomware-attack.html">mandated baseline cybersecurity standards in the health sector</a>, as well as better information sharing. They have also raised concerns that industry consolidation is increasing cyber risk.</p>
<p>Overall, the ransomware attack on Change Healthcare, which UHG acquired for nearly $8 billion in 2022, illustrates how often poor security controls come up as a factor in ransomware attacks. Following is a look at several lessons learned in the wake of the attack.</p>
<h2 class="wp-block-heading" id="mfa-is-essential">MFA is essential</h2>
<p><a href="https://www.finance.senate.gov/imo/media/doc/0501_witty_testimony.pdf">During Congressional testimony in early May</a> (pdf), UHG CEO Andrew Witty said that criminals used compromised credentials to <a href="https://www.csoonline.com/article/2096621/unitedhealth-hackers-exploited-citrix-vulnerabilities-ceo-to-testify.html">remotely access a Change Healthcare Citrix portal</a>, technology that allowed remote access to desktops, on or around Feb. 12. The portal was <a href="https://www.csoonline.com/article/2094609/authentication-failure-blamed-for-change-healthcare-ransomware-attack.html">unprotected with multi-factor authentication (MFA)</a>, a basic enterprise security control.</p>
<p>While <a href="https://www.csoonline.com/article/570795/how-to-hack-2fa.html">not entirely bullet-proof</a>, MFA has long been considered a best practice for securing systems against credential attacks. It is highly likely that MFA not being enabled played a key role in attackers being able to remotely access the systems at Change Healthcare — making the incident highly avoidable and a massive failure to adopt even the most basic cybersecurity principals, according to Tony Anscombe, chief security evangelist at ESET.</p>
<p>“What we don’t know is the reason why there was no MFA; was it incompetence, a budget limitation, user demand, or something else?” Anscombe said.</p>
<p>Trevor Dearing, director of critical infrastructure at Illumio, commented: “Too often a lack of efficient security controls is a factor in a successful ransomware attack. Whether that is a lack of MFA controls, an unpatched web portal, or a DLP [Data Loss Prevention] system with an elapsed licence, any hole can create a massive breach.”</p>
<h2 class="wp-block-heading" id="segment-your-systems">Segment your systems</h2>
<p>Having gained a foothold on Change Healthcare’s systems, the attackers then moved laterally and exfiltrated data before deploying the ALPHV/BlackCat ransomware nine days later on Feb. 21.</p>
<p>As such, another issue raised in many post-breach reports is that Change Healthcare’s systems suffered from a lack of segmentation, which enables easy lateral movement of the attack. This leads to the exposure of critical assets to the attackers, according to Dearing.</p>
<p>Segmentation involves breaking down a large network of systems into smaller, isolated subsegments, making it easier for security teams to secure and monitor IT assets by preventing lateral attacks such as the one used against Change Healthcare. Segmentation has long been key part of defense-in-depth strategies.</p>
<h2 class="wp-block-heading" id="ma-activity-requires-cyber-due-diligence">M&A activity requires cyber due diligence</h2>
<p>The Change Healthcare ransomware breach also offers lessons about due diligence post-merger of acquired systems.</p>
<p>UHG acquired Change Healthcare, the <a href="https://energycommerce.house.gov/posts/what-we-learned-change-healthcare-cyber-attack">US’s biggest clearinghouse for medical claims</a>, in October 2022, after a legal battle with the US Department of Justice, which argued the acquisition would harm competition in the markets for health insurance and technology used to process health insurance claims, giving UHG, the largest US health insurance provider, access to its competitors’ data.</p>
<p>As a result of the acquisition, Change Healthcare was merged with UHG’s Optum health services company, with Steven Martin, Optum’s CIO and CTO and UHG’s CISO, leading security operations.</p>
<p>Mergers and acquisitions create new cyber threats because they involve the integration of systems, data, and processes from different organizations, each with its own security protocols and potential vulnerabilities.</p>
<p>“During this transition, cybercriminals can exploit discrepancies in security measures, gaps in IT governance, and the increased complexity of managing merged IT environments,” Aron Brand, CTO of CTERA told CSOonline. “Additionally, the heightened sharing of sensitive information between parties provides more opportunities for data breaches.”</p>
<p>Given the complexity and risks involved, a comprehensive due diligence checklist is essential for both healthcare and non-healthcare organizations during mergers, Brand advised.</p>
<p>“This should include exhaustive security audits to evaluate the acquired company’s cybersecurity posture, identify vulnerabilities, and assess their incident response capabilities,” according to Brand. “For example, the breach at Change Healthcare might have been mitigated if thorough assessments had addressed the lack of robust MFA controls.”</p>
<p>Aaron Walton, a threat intel analyst at Expel, agreed.</p>
<p>“From the hearing, we didn’t learn what caused the delay, but it suggests that Change was not brought up to speed with all the same security policies as UnitedHealth Group,” he said. “Had Change implemented UnitedHealth’s upgrades, processes, and policies, it might have addressed some of the issues that led to the attack on Change Healthcare, such as the lack of MFA.”</p>
<h2 class="wp-block-heading" id="self-insure-at-your-peril">‘Self-insure’ at your peril</h2>
<p>In response to questions during Congressional hearings, <a href="https://www.csoonline.com/article/2098997/change-healthcare-went-without-cyber-insurance-before-debilitating-ransomware-attack.html">UHG chief exec Witty admitted that the company was “self-insured”</a> for cyber incidents.</p>
<p>Cyber insurance providers will mandate a high level of risk mitigation before they approve a policy. For many organizations, this alone provides incentive to ensure hardened systems. And for those who forego insurance, that goes double.</p>
<p>“The option to self-insure and accept the risk, the stance Change Healthcare appears to have adopted, should not be at the expense of cybersecurity measures,” ESET’s Anscombe told CSOonline. “I think it unlikely that insurance was not available due to the increased risk — everything is insurable; it’s just about the cost of the premium.”</p>
<p>Anscombe added: “Not insuring as premiums would be too high due to the risk because of non-compliant cybersecurity measures is unforgivable as it puts the business, customers, partners and many others at risk unnecessarily.”</p>
<p>Businesses should adopt a stance of being cyber risk insurance compliant or better still compliant with a recognized cybersecurity framework, Anscombe advised.</p>
<h2 class="wp-block-heading" id="living-with-the-enemy">Living with the enemy</h2>
<p>The attackers loitered on the Change Healthcare systems for over a week (nine days) before deploying ransomware.</p>
<p>This kind of delay is by no means atypical in enterprise attacks, according to experts. The time taken for attackers to escalate privileges and move laterally in compromised networks does not mean there’s a higher chance of being discovered. This is because attackers take pains to disguise their activities, for example by abusing legitimate programs and commands that will easily blend in with regular, expected traffic.</p>
<p>Silobreaker’s Baumgaertner commented: “Ransomware groups typically spend a very long time within a victim’s system, taking the time to move laterally within the network to cause the most amount of damage possible. In addition, the longer they stay undetected within a network, the more time they have to find and steal sensitive data.”</p>
<p>While it is hard to say whether Change Healthcare could have detected the attackers on their systems as they escalated their movements, these facts about how ransomware attacks progress should be taken under advisement when devising strategies to combat them.</p>
<h2 class="wp-block-heading" id="double-jeopardy-and-the-debate-over-ransom-payments">Double jeopardy — and the debate over ransom payments</h2>
<p>UHG chief exec Witty confirmed during his congressional testimony that the healthcare conglomerate had paid the equivalent of $22M in Bitcoin as ransom to cybercriminals from the BlackCat/ALPHV ransomware group.</p>
<p>BlackCat/ALPHV subsequently pulled off an exit scam and disappeared with the money, <a href="https://x.com/vxunderground/status/1777195380179959829">reportedly cheating</a> its affiliate Nichy out of its share.</p>
<p>That Change Healthcare paid the ransom has reignited the wider debate of whether it’s permissible to pay out on the extortionate demands of cybercriminals, especially as paying the ransom does not guarantee attackers will delete stolen data or refrain from future attacks.</p>
<p>ESET’s Anscombe commented: “The decision to pay a ransomware demand should be made by a court, in the same way some medical decisions are taken by the courts.</p>
<p>“However, it would appear the decision in most payment cases is purely financial, reducing business disruption and the ongoing task of rebuilding systems to recover,” he concluded.</p>
<p>CTERA’s Brand told CSOonline: “Recent surveys show that <a href="https://www.coveware.com/blog/2022/5/3/ransomware-threat-actors-pivot-from-big-game-to-big-shame-hunting">double extortion — where attackers demand a ransom and threaten to release stolen data — is part of 77% of ransomware attacks</a>. Ransom payments can also incentivize cybercriminals to target other organizations too, creating the ethical dilemma of perpetuating the cycle of ransomware attacks.”</p>
<p>In the end, paying the ransom failed to protect UHG from secondary attempts at extortion.</p>
<p>In April, cybercriminals from the RansomHub group threatened to leak portions of 6TB of sensitive data stolen from the breach of Change Healthcare, and obtained through Nichy, according to an <a href="https://www.forescout.com/blog/analysis-a-new-ransomware-group-emerges-from-the-change-healthcare-cyber-attack/">analysis by security vendor Forescout</a>. An estimated one in three Americans had their sensitive data exposed as a result of the attack.</p>
<h2 class="wp-block-heading" id="healthcare-increasingly-under-attack">Healthcare increasingly under attack</h2>
<p>Such secondary scams are becoming increasingly commonplace and healthcare providers are particularly at risk, according to compliance experts.</p>
<p>Victoria Hordern, a partner at international law firm Taylor Wessing’s technology, IP, and information team, told CSOonline: “A health data leak is a tantalizing prospect for a cybercriminal intending to carry out a ransomware attack since they know that a healthcare body will be paralyzed if it can’t access data to provide patient care.”</p>
<p>Hordern continued: “Where there is a multiplication of systems and a variety of different parties involved (i.e. patients, healthcare providers, tech support), there are also more points of weakness and vulnerability where bad actors can seek to gain entry into and control systems.”</p>
<p>The US Department of Health and Human Services (HHS) is <a href="https://www.hhs.gov/about/news/2024/03/13/hhs-office-civil-rights-issues-letter-opens-investigation-change-healthcare-cyberattack.html">investigating whether a breach of protected health information occurred</a> in assessing whether either UHG or Change Healthcare violated strict healthcare sector privacy regulations.</p>
<p>This investigation remains ongoing.</p>
<p>The Change Healthcare attack has coincided with a number of attacks on healthcare companies of late, including <a href="https://www.npr.org/sections/shots-health-news/2024/05/23/1253011397/how-the-ascension-cyberattack-is-disrupting-care-at-hospitals">Ascension</a>, <a href="https://www.cbc.ca/news/canada/british-columbia/hackers-london-drugs-data-1.7213141">London Drugs</a>, <a href="https://techcrunch.com/2024/05/24/cencora-americans-health-data-stolen-breach-cyberattack/">Cencora</a>, and <a href="https://www.csoonline.com/article/2138778/london-hospitals-face-days-of-disruption-after-ransomware-attack-on-supply-chain-partner.html">Synnovis</a>.</p>
<h2 class="wp-block-heading" id="ransomware-as-vibrant-as-ever">Ransomware as vibrant as ever</h2>
<p>ALPHV’s apparent exit scam and the emergence of RansomHub has done little to change the fundamental drivers in the lucrative ransomware-as-a-service (RaaS) market, according to experts.</p>
<p>Hannah Baumgaertner, head of research at Silobreaker, said: “ALPHV’s exit scam took place around the same time as the law enforcement action that took down LockBit, resulting in the two most-active ransomware-as-a-service groups no longer being operational.”</p>
<p>Baumgaertner warned: “While one might expect this to mean fewer ransomware attacks will occur, this has not been the case.”</p>
<p>Due to the nature of RaaS operations, any affiliates that previously worked with ALPHV will only have gone on to find a new operation to work with. Meanwhile the principal players behind ALPHV will likely work on a new project under a different name, according to Baumgaertner.</p>
<p>There has been more than a threefold (264%) increase in ransomware attacks over the past five years, according to the HSS. Meanwhile, ransomware now tops the list of CISO’s biggest perceived threats, according to Proofpoint’s recent <a href="https://www.proofpoint.com/us/resources/white-papers/voice-of-the-ciso-report">Voice of the CISO</a> survey.</p>
<p><em>CSOonline invited UHG to comment on lessons it has learned from its investigation into the Change Healthcare ransomware attack. We’re yet to hear back but will update this story as soon as more information comes to hand.</em></p>
</div></div></div></div>]]></description>
<link>https://www.csoonline.com/article/2140608/8-critical-lessons-from-the-change-healthcare-ransomware-catastrophe.html</link>
<post-id xmlns="com-wordpress:feed-additions:1">2140608</post-id><category>CSO and CISO, Cyberattacks, Data and Information Security, Healthcare Industry, Multi-factor Authentication, Ransomware</category><enclosure url="https://www.csoonline.com/wp-content/uploads/2024/06/shutterstock_editorial_14458176i.jpg?quality=50&strip=all" length="1956486" type="image/jpeg" />
</item>
<item>
<title>The pressure on CISOs is real: fixing the hiring process would help</title>
<pubDate>Wed, 12 Jun 2024 06:00:00 +0000</pubDate>
<description><![CDATA[<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>CISOs are under tremendous pressure and according to multiple surveys many are <a href="https://www.csoonline.com/article/2094656/the-rise-in-ciso-job-dissatisfaction-whats-wrong-and-how-can-it-be-fixed.html">looking for a graceful exit</a> to provide self-relief. A recent <a href="https://www.proofpoint.com/us/newsroom/press-releases/proofpoints-2024-voice-ciso-report-reveals-three-quarters-cisos-identify">report from Proofpoint</a> noted that “66% of global CISOs are concerned about personal, financial, and legal liability in their role.”</p>
<p>Those who are long in the tooth realize that taking the position of “assume a breach” is a pragmatic approach — but the reality is that many cybersecurity leaders are dealing with teams that are oftentimes understaffed, underfunded, and dealing with ever more complex scenarios.</p>
<p>Those complex scenarios (often referred to as “sophisticated attacks”, a catchall phrase for “we really didn’t understand it”) are a given these days. Our adversaries are pushing to advance technology just as hard as the defenders are gearing up to prevent attacks.</p>
<p>The funding issue more often than not requires the infusion of soft skills, the art of persuasion, and the ability to place the benefits of spending up front and center when asking for resources.</p>
<h2 class="wp-block-heading" id="considering-the-challenges-its-no-surprise-many-cisos-are-anxious">Considering the challenges, it’s no surprise many CISOs are anxious</h2>
<p>It is also worth noting that the Proofpoint report found that “72% of CISOs would think twice about joining an organization not offering director and officer insurance or similar coverage against financial liability in the event of a successful cyberattack.”</p>
<p>So, a stressful job that assumes the certainty of an attack, might leave you personally liable (as has happened in several high-profile cases), and does not have enough of the right personnel in place to ensure success, and it’s no wonder many cybersecurity leaders are feeling less than peachy these days.</p>
<p>The pressure on CISOs, created by personnel requirements going unfilled, can and is being addressed, yet may require some in-house adjustments between HR and cybersecurity. </p>
<p>The number 3.5 million is often tossed around as the global number of open positions, while a cursory search on <a href="https://www.linkedin.com/jobs/cybersecurity-jobs-worldwide">LinkedIn shows 93,000 open cybersecurity positions</a> currently advertised on the platform. By any measure, there is work out there for those with the skills or — as is far too often the case — the required pedigree.</p>
<h2 class="wp-block-heading" id="cybersecurity-recruiters-ask-for-too-much-from-candidates">Cybersecurity recruiters ask for too much from candidates </h2>
<p>On more than one occasion I have scratched my head wondering in what form of alternate reality the author of candidate requirements is residing when they describe a panoply of experience that would take a decade to achieve for a position a step above entry-level — and then they wonder why the position remains unfilled.</p>
<p>Let’s talk about pedigree. With more and more applications going through automated screening, the lack of one or another facet, such as a college education, continues to reject well-qualified candidates and sends their applications to the trash.</p>
<p>I recall my own experience from some years ago when I was engaged in the final series of interviews for a position with senior executives. Mind you, the position had to do with insider risk, an area in which I had more than 30 years of diversified experience (back then) when one of the senior executives noted that my paperwork didn’t explain where I had obtained my degrees.</p>
<p>I responded that if they were searching for college degrees, they would come up empty, as my highest level of education was secondary school. They ended the interview and that was that — no doubt doing us both a favor, but interesting nonetheless, that how a candidate looks on paper matters more to some than what they bring to the table.</p>
<p>This type of behavior adds to the false sense of lack of candidates when there are people available. And they are right there in front of you.</p>
<h2 class="wp-block-heading" id="the-us-is-moving-to-make-security-jobs-more-widely-accessible">The US is moving to make security jobs more widely accessible</h2>
<p>The White House’s Office of the National Cyber Director (ONCD), Harry Coker, Jr, is doing something about this pedigree issue in the United States. He <a href="https://www.whitehouse.gov/oncd/briefing-room/2024/04/29/press-release-wh-cyber-workforce-convening/">recently announced</a> the transition of the federal government, via the Office of Personnel Management, to the “2210 series,” which represents the jobs for IT workers within the federal space, approximately 100,000 current employees.</p>
<p>He continued to note that this transition was opening the door to “skills-based” hiring. “Thanks to a lot of work across federal agencies, we’re leading by example, ensuring that more Americans will have access to cybersecurity jobs in the federal government whether they are an employee or a contractor,” Coker said.</p>
<p>Private sector companies are also increasingly moving to expand our national cyber workforce, Coker said. “We need cybersecurity talent in every industry.”</p>
<p>The ONCD, he said, is “facilitating a nationwide effort to skill-based hiring, demonstrating partnership, collaboration and a dedication to building the talent pipeline and open opportunities to good paying jobs in cybersecurity.”</p>
<h2 class="wp-block-heading" id="most-cybersecurity-leaders-believe-its-a-headcount-gap-not-a-skills-gap">Most cybersecurity leaders believe it’s a headcount gap, not a skills gap</h2>
<p>This aligns perfectly with the findings of the “<a href="https://www.sans.org/mlp/2024-attract-hire-retain-midlevel-cybersecurity-roles/">2024 SANS-GIAC Cyber Workforce Research Report</a>” which indicates that “two-thirds of cybersecurity and HR managers believe the cybersecurity gap is a headcount gap, rather than skills-based.”</p>
<p>We can teach people the skills they need. What we need is more individuals interested in cybersecurity. The report goes on to note that CISOs are leaning with a “strong preference for certification-based training over traditional degree-based education by a two-to-one ratio.”</p>
<p>The impetus for skills-based hiring is to foster the creation of programs with an emphasis on skills, such as apprenticeships, rather than relying on two- or four-year college degree requirements. With such, perhaps one source of CISO pressure will be alleviated, and the focus can be turned to the operational implementation of state-of-the-art security solutions.</p>
<p>None of this can be accomplished overnight and will require time, effort, and a good dose of patience — three ingredients that are often lacking in the dynamic between cybersecurity and operations.</p>
<p>Grow your teams, hire for fit, teach and create experiences for the teams, protect yourself with D&O insurance or similar coverage and look inside your own organization for the new blood for your team, as that Proofpoint report noted that 65% of all cybersecurity hiring is from internal candidates.</p>
</div></div></div></div>]]></description>
<link>https://www.csoonline.com/article/2140548/the-pressure-on-cisos-is-real-fixing-the-hiring-process-would-help.html</link>
<post-id xmlns="com-wordpress:feed-additions:1">2140548</post-id><category>CSO and CISO, Human Resources, IT Skills, Security Practices</category><enclosure url="https://www.csoonline.com/wp-content/uploads/2024/06/shutterstock_2149902975.jpg?quality=50&strip=all" length="9125685" type="image/jpeg" />
</item>
<item>
<title>IT downtime cuts enterprise profit by 9%, says study</title>
<pubDate>Wed, 12 Jun 2024 01:10:00 +0000</pubDate>
<description><![CDATA[<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>Downtime cost large enterprises an average of $200 million annually, cutting 9% from yearly profits, according to a study commissioned by Splunk. And while ransomware accounts for a relatively small proportion of that total, enterprises should really be budgeting more for it.</p>
<p>For the study, titled “The Hidden Costs of Downtime,” Oxford Economics quizzed executives from Global 2000 companies about the causes and costs of downtime in IT systems. They counted any service degradation or unavailability of critical business systems due to cyberattacks as well as technical and operational failures as downtime.</p>
<p>“The true financial impact and nature of downtime are hard to pin down,” said Gary Steele, general manager, Splunk in the report. “Researchers often focus only on downtime caused by traditional IT issues, overlooking incidents brought on by cybersecurity failures, while also leaving secondary economic ramifications out of the equation.”</p>
<p></p>
</div></div></div></div>]]></description>
<link>https://www.cio.com/article/2142338</link>
<post-id xmlns="com-wordpress:feed-additions:1">2142265</post-id><category>Ransomware, Security</category><enclosure url="https://www.csoonline.com/wp-content/uploads/2024/06/shutterstock_2216535703-1.jpg?quality=50&strip=all" length="7145988" type="image/jpeg" />
</item>
<item>
<title>CISOs may be too reliant on EDR/XDR defenses</title>
<pubDate>Tue, 11 Jun 2024 19:08:01 +0000</pubDate>
<description><![CDATA[<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>Attackers are easily sidestepping endpoint detection and response (EDR) defenses, often catching enterprises unaware, according to a new study of cybersecurity threats.</p>
<p>The study of global cyberthreats, by EDR/XDR vendor Trellix, highlighted the danger posed by the emergence of “EDR killer tools” and their use to deliver ransomware or conduct attacks on telecommunications operators. It cited as examples the D0nut ransomware gang, which used an EDR killer to enhance the effectiveness of their attacks, and the Terminator tool developed by Spyboy and used in a new campaign in January 2024 that primarily targeted the telecom sector.</p>
<p>John Fokker, the head of threat intelligence at the Trellix Advanced Research Center, said that he was surprised by how boldly and blatantly some attackers have gotten with such sidestep attacks. “EDR evasion isn’t new, but what was interesting was when we saw an Russia-linked state actor actively leveraging this technique so out in the open,” Fokkeer said. </p>
<p>Matt Harrigan, a VP at Leviathan Security, reviewed the Trellix study and said he was not surprised by the attacks, but that he is surprised by how many enterprise CISOs today are overly reliant on their defenses and explicitly not preparing for EDR/XDR evasion tactics. </p>
<p>“They are overestimating the capabilities of their traditional EDR platforms. These technologies are being disabled and the attacks are successfully occurring,” Harrigan said. </p>
<h2 class="wp-block-heading" id="pointers-on-protecting-edr">Pointers on protecting EDR</h2>
<p>Another security executive, Jon Miller, CEO of Halcyon, gave CISOs some pointers for how to protect their EDR/XDR systems from harm. These evasions typically work from one of three security weaknesses, he said: vulnerable kernel drivers (unpatched known vulnerabilities); registry tampering; and <a href="https://www.ired.team/offensive-security/defense-evasion/bypassing-cylance-and-other-avs-edrs-by-unhooking-windows-apis">userland API unhooking</a>. “<a href="https://www.csoonline.com/article/654846/mgm-ransomware-attack-costs-100-million-in-busy-month-for-breaches.html">MGM</a> and Caesars, both of them were running EDRs that were subverted,” Miller said, referring to attacks on two Las Vegas casino operators.</p>
<p>Much of the Trellix study explored the changes in various attack methodologies leveraging different malware tools.</p>
<p>“Sandworm Team, historically known for its disruptive cyber operations, has seen a staggering increase in detections by 1,669%,” it said, suggesting that this meant a corresponding increase in attacks by the Russia-linked group, and not just an improvement in detection rates. APT29, a group known for cyber espionage, saw detections increase by 124%, while detections of activity by APT34 and Covellite also rose, by 97% and 85% respectively, hinting at the launch of new campaigns. Groups including Mustang Panda, Turla, and APT28, on the other hand, saw minimal changes in detections. “Noteworthy is the emergence of UNC4698, which saw a 363% increase in detections, suggesting the rise of a potentially significant new player in the APT landscape,” the study said.</p>
<p>It also noted meaningful decreases in detection of activity by groups linked to North Korea (down 82%), Vietnam (down 80%), and India (down 82%), but Fokker said that his team couldn’t determine why. “Unfortunately we haven’t got a clear explanation as to why their activity dropped. There can be a multitude of reasons behind the decrease in detections,” Fokker said. </p>
<h2 class="wp-block-heading" id="targeting-turkey">Targeting Turkey</h2>
<p>Detections in threats targeting Turkey increased by 1,458%, translating to a 16% rise in its proportional contribution to the total detections. “This remarkable increase indicates a significant shift in cyber threat focus towards Turkey, possibly reflecting broader geopolitical tensions or specific operational objectives of the APT groups,” the study said.</p>
<p>It also noted an increase in copycat attacks, where malware groups started impersonating other groups: “Following a global law enforcement action, Operation Cronos, Trellix observed imposters pretending to be LockBit, all while the group frantically tried to save face and restore the lucrative operation.”</p>
<p>Overall, the study found that the US remains the most targeted country, followed — for now — by Turkey, Hong Kong, India and Brazil. </p>
<p>There were notable differences in the volume of attacks between industries, too. Trellix saw transportation and shipping as most threatened by ransomware, generating 53% of ransomware detections globally in the fourth quarter of 2023, and 45% in the first quarter of 2024. The finance industry was next most targeted.</p>
<p>“From October 2023 through March 2024, Trellix observed a 17% increase in APT-backed detections compared to the previous six months,” the study said. “This is notable as our last report identified a staggering 50% increase in these detections. The APT ecosystem is fundamentally different from a year ago — more aggressive, cunning, and active.”</p>
</div></div></div></div>]]></description>
<link>https://www.csoonline.com/article/2142372/cisos-may-be-too-reliant-on-edr-xdr-defenses.html</link>
<post-id xmlns="com-wordpress:feed-additions:1">2142372</post-id><category>Advanced Persistent Threats, Endpoint Protection, Intrusion Detection Software</category><enclosure url="https://www.csoonline.com/wp-content/uploads/2024/06/shutterstock_2290955753-1.jpg?quality=50&strip=all" length="5469620" type="image/jpeg" />
</item>
<item>
<title>MFA soon compulsory for AWS users, passwordless authentication an option</title>
<pubDate>Tue, 11 Jun 2024 16:52:38 +0000</pubDate>
<description><![CDATA[<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>AWS has added support for FIDO2 passkeys, a passwordless authentication method under the Fast Identity Online (FIDO) framework, for multifactor authentication — and will soon make MFA mandatory for signing in to AWS accounts.</p>
<p>“Beginning in July 2024, root users of standalone accounts — those that aren’t managed with AWS Organizations — will be required to use MFA when signing in to the AWS Management Console,” Arynn Crow, senior manager for user authentication products at AWS, said at the company’s re:Inforce event on Tuesday. “Just as with management accounts, this change will start with a small number of customers and increase gradually over a period of months,” she said.</p>
<p>AWS will allow customers a grace period to enable MFA which will be displayed as a reminder at sign-in.</p>
<h2 class="wp-block-heading" id="aws-will-enforce-mfa-use-by-year-end">AWS will enforce MFA use by year end</h2>
<p>Presently, and as the first leg of its MFA enforcement program, AWS only imposes MFA on the ‘management account’ root users of AWS Organizations, a policy-based account management service that consolidates multiple AWS accounts into an ‘organization’, when they sign into AWS console.</p>
<p>It was in October 2023 that it first announced the coming <a href="https://aws.amazon.com/blogs/security/security-by-design-aws-to-enhance-mfa-requirements-in-2024/#:~:text=Beginning%20in%20mid%2D2024%2C%20customers,to%20enable%20MFA%20to%20proceed.">expansion of the MFA mandate</a> to standalone AWS root users, promising features that will “make MFA even easier to adopt and manage at scale”.</p>
<p>The changes do not apply — yet — to the ‘member accounts’ of AWS Organizations, Crow said on Tuesday. Member accounts are accounts other than the management account used to create and manage the “organization”.</p>
<p>AWS has plans to launch additional features later this year to help customers manage MFA for larger number of users, such as the member accounts in AWS Organization.</p>
<h2 class="wp-block-heading" id="passkeys-for-phishing-resistant-authentication">Passkeys for phishing-resistant authentication</h2>
<p>To ease the pain of having to use a second authentication factor to log in, Crow said AWS will support the use of FIDO2 passkeys.</p>
<p>These are more secure than one-time passwords or password-based MFA methods, according to Crow.</p>
<p>Passkeys are considered to be phishing-resistant as they are based on public key cryptography. After a user creates a passkey with a site or application, a private-public key pair is generated on the user’s device. While the public key is accessible through the site or application, it is useless in the hands of a threat actor without the private key.</p>
<p>Using a passkey for signing in is largely automatic, requiring no typing or entry, and is inherently more secure. This is because passkeys do not involve extra steps or codes that could be susceptible to theft, phishing, or interception if handled improperly.</p>
<p>Syncable passkeys, an implementation of the FIDO2 standard, allows for the passkeys to be shared across devices and operating systems once generated on a device. This is better as it will allow passkeys to be backed up and synced across devices, unlike storing in a physical device like a USB-based key, Crow explained.</p>
<p>“Customers already use passkeys on billions of computers and mobile devices across the globe, using only a security mechanism such as a fingerprint, facial scan, or PIN built into their device,” Crow added. “For example, you could configure Apple Touch ID on your iPhone or Windows Hello on your laptop as your authenticator, then use that same passkey as your MFA method as you sign in to the AWS console across multiple other devices you own.”</p>
</div></div></div></div>]]></description>
<link>https://www.csoonline.com/article/2142284/mfa-soon-compulsory-for-aws-users-passwordless-authentication-an-option.html</link>
<post-id xmlns="com-wordpress:feed-additions:1">2142284</post-id><category>Multi-factor Authentication</category><enclosure url="https://www.csoonline.com/wp-content/uploads/2024/06/shutterstock_1584762601.jpg?quality=50&strip=all" length="37452411" type="image/jpeg" />
</item>
<item>
<title>Fortinet grabs cloud security player Lacework</title>
<pubDate>Tue, 11 Jun 2024 12:51:51 +0000</pubDate>
<description><![CDATA[<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>Fortinet has reached an agreement to buy cloud security company Lacework for an undisclosed amount.</p>
<p>Founded in 2015, Lacework is known for its cloud-based machine learning, AI and automation technology that lets customers manage and secure cloud workflows. Its security technology looks for, filters out and shares details about abnormal or uncharacteristic activity that could indicate critical security problems, according to the company. A <a href="https://www.lacework.com/pdf/web/viewer?file=https://brand.lacework.com/m/7027d7e0a8ba240b/original/Lacework-2023-Global-Cloud-Workflow-Protection-Platforms.pdf">recent report from Frost & Sullivan</a> said Lacework has a clear roadmap for technology updates, focusing on areas such as security posture management, threat detection, investigation, and automated remediation.</p>
<p>Fortinet will integrate Lacework’s technology across a variety of its products, including its secure access service edge (<a href="https://www.networkworld.com/article/969119/what-is-sase-a-cloud-service-that-marries-sd-wan-with-security.html">SASE</a>) and Security Fabric packages. </p>
<p>Continue reading on <a href="https://www.networkworld.com/article/2140259/fortinet-grabs-cloud-security-player-lacework.html">Network World</a>.</p>
</div></div></div></div>]]></description>
<link>https://www.networkworld.com/article/2140259/fortinet-grabs-cloud-security-player-lacework.html</link>
<post-id xmlns="com-wordpress:feed-additions:1">2142090</post-id><category>Cloud Security</category><enclosure url="https://www.csoonline.com/wp-content/uploads/2024/06/business-handshake.jpg?quality=50&strip=all" length="101894" type="image/jpeg" />
</item>
<item>
<title>Netskope secures SaaS apps with genAI</title>
<pubDate>Tue, 11 Jun 2024 12:44:53 +0000</pubDate>
<description><![CDATA[<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p><a href="https://www.netskope.com/" target="_blank" rel="noreferrer noopener">Netskope</a> recently introduced generative AI and software-as-a-service security enhancements in its <a href="https://www.netskope.com/netskope-one" target="_blank" rel="noreferrer noopener">Netskope One</a> secure access security edge (SASE) platform, which industry watchers say will help enterprise IT organizations reduce genAI data leakage and better categorize SaaS applications.</p>
<p>The enhanced platform includes features that can secure the usage of generative AI applications, the company says, and provide information on specific risks. Using its data loss prevention (DLP) capabilities, Netskope One can also identify new risks, reduce security gaps, lower cost, address complexity, and increase protection.</p>
<p>“Netskope One is the first converged platform that uses AI to keep pace with the SaaS and genAI app explosion, categorizing new apps and their risks faster, more granularly, and more accurately than any other solution in the market,” said John Martin, chief product officer of Netskope, <a href="https://www.netskope.com/press-releases/netskope-revolutionizes-saas-security-leveraging-the-power-of-generative-ai" target="_blank" rel="noreferrer noopener">in a statement</a>. Netskope incorporated genAI algorithms into its cloud access security broker (CASB) module, which can provide automatic risk scoring of new and previously unseen SaaS apps and more.</p>
<p>Continue reading on <a href="https://www.networkworld.com/article/2140474/netskope-secures-saas-apps-with-genai.html">Network World</a>.</p>
</div></div></div></div>]]></description>
<link>https://www.networkworld.com/article/2140474/netskope-secures-saas-apps-with-genai.html</link>
<post-id xmlns="com-wordpress:feed-additions:1">2142085</post-id><category>Network Security</category><enclosure url="https://www.csoonline.com/wp-content/uploads/2024/06/shutterstock_669226204.jpg?quality=50&strip=all" length="4565978" type="image/jpeg" />
</item>
</channel>
</rss>

If you would like to create a banner that links to this page (i.e. this validation result), do the following:

Download the "valid RSS" banner.
Upload the image to your own server. (This step is important. Please do not link directly to the image on this server.)
Add this HTML to your page (change the image src attribute if necessary):

<a href="http://www.feedvalidator.org/check.cgi?url=https%3A//www.csoonline.com/feed/"><img src="valid-rss-rogers.png" alt="[Valid RSS]" title="Validate my RSS feed" /></a>

If you would like to create a text link instead, here is the URL you can use:

http://www.feedvalidator.org/check.cgi?url=https%3A//www.csoonline.com/feed/

Home · About · News · Docs · Terms