Enterprise Security, Platform Security, Software Security
GlobeNewswire | August 21, 2023
ZeroFox, (Nasdaq: ZFOX), an enterprise software-as-a-service leader in external cybersecurity, announced today that it was recognized as a technology leader in the 2023 Quadrant SPARK Matrix ™ for Digital Risk Protection by Quadrant Knowledge Solutions. This recognition comes on the heels of other recent accolades in the DRP space, further solidifying the company’s position on the forefront of innovation for digital risk protection.
The SPARK Matrix™ from Quadrant Knowledge Solutions provides an in-depth analysis of the Digital Risk Protection landscape, including trends, the overall vendor landscape and the market. By ranking the vendors featured in the analysis, the SPARK Matrix ™ provides insights that allow companies to compare the potential capabilities – and the market position – of each company they would partner with in a more strategic way.
"In the age of rapid digital transformation, enterprises face complex challenges in safeguarding their external attack surface. Amidst evolving threats from every corner of the web – whether the surface, deep, or dark – ZeroFox has combined the strength of AI and full-spectrum threat intelligence to power solutions for digital risk protection. This empowers security teams to stay ahead of potential threats and shield their online footprint in our dynamic digital world," said John Prestridge, Chief Product Officer at ZeroFox. "Being named a technology leader in Quadrant Knowledge Solutions’ SPARK Matrix™ for Digital Risk Protection speaks volumes about our team's unwavering commitment and passion for protecting our customers. We're deeply honored by the acknowledgment of our continuous dedication to the industry."
“With its sophisticated technology platform, comprehensive functional capabilities, and roadmap, ZeroFox is well-positioned to maintain and grow its share in the DRP market,” Akshay Parmar, Analyst at Quadrant Knowledge Solutions notes in the report. The report notes “several key differentiators for ZeroFox’s External Cybersecurity Platform, including the recent launch of FoxGPT – which showcases the practical implementation of generative AI in addressing challenges within the cyber threat intelligence domain. Another is the team’s Threat Intelligence and Attack Surface Management solutions, both of which help the team to detect brand or executive impersonations, safeguard domains, detect phishing URLs, monitor brand mentions and negative sentiment, as well as identify data leaks and attack chatter on the deep and dark web.”
This recognition for ZeroFox as a leader in Digital Risk Protection from Quadrant Knowledge Solutions is a special accolade for the team – but not the first. ZeroFox was also a winner of the 2023 Global Infosec Awards for Most Comprehensive in the Digital Risk Protection category. The team was also recognized with the 2022 Frost & Sullivan Global Competitive Strategy Leadership Award, which highlighted ZeroFox’s leadership and exceptional strategic innovation and customer impact.
About Quadrant Knowledge Solutions
Quadrant Knowledge Solutions is a global advisory and consulting firm focused on helping clients in achieving business transformation goals with Strategic Business and Growth advisory services. At Quadrant Knowledge Solutions, our vision is to become an integral part of our client's business as a strategic knowledge partner. Our research and consulting deliverables are designed to provide comprehensive information and strategic insights for helping clients formulate growth strategies to survive and thrive in ever-changing business environments.
ZeroFox (Nasdaq: ZFOX), an enterprise software-as-a-service leader in external cybersecurity, has redefined security outside the corporate perimeter on the internet, where businesses operate, and threat actors thrive. The ZeroFox platform combines advanced AI analytics, digital risk and privacy protection, full-spectrum threat intelligence, and a robust portfolio of breach, incident and takedown response capabilities to expose and disrupt phishing and fraud campaigns, botnet exposures, credential theft, impersonations, data breaches, and physical threats that target your brands, domains, people, and assets. Join thousands of customers, including some of the largest public sector organizations as well as finance, media, technology and retail companies to stay ahead of adversaries and address the entire lifecycle of external cyber risks. ZeroFox and the ZeroFox logo are trademarks or registered trademarks of ZeroFox, Inc. and/or its affiliates in the U.S. and other countries. Visit www.zerofox.com for more information.
Enterprise Security, Platform Security, Software Security
Prnewswire | July 19, 2023
Legit Security, a cyber security company with an Application Security Posture Management platform that helps organizations deliver fast and secure software releases, today announced that it discovered Continuous Integration/Continuous Delivery (CI/CD) security vulnerabilities in open-source projects from Google. The Legit Security Research Team found a vulnerability leveraging "GitHub environment injection" that allows attackers to take control of a vulnerable project's GitHub Actions CI/CD pipeline. In this case, any GitHub user could exploit the vulnerability found in the Google Orbit project to modify the project's source code, steal secrets, move laterally inside an organization and ultimately initiate a SolarWinds-like software supply chain attack. Google acknowledged and fixed the vulnerabilities after disclosure by Legit Security. For an in-depth description of the vulnerability and information on how to protect your organization, please visit the technical disclosure blog.
GitHub Actions is part of the extremely popular GitHub source code management system at the heart of many organization's software supply chains and used by software developers globally. The recently discovered vulnerability relates to GitHub's special environment variables file called "GITHUB_ENV", which is used to control the pipeline container's environment variables. The vulnerable project had a GitHub Actions workflow that wrote untrusted user input into the GITHUB_ENV file.
Legit Security's Research Team discovered that a specially crafted payload written to this file could allow an attacker to execute code on the target pipeline and thereby modify the source code or compromise the repository itself. This attack can be initiated by any GitHub user and is very easy to implement just by creating a pull request. The simple act of submitting the request will trigger the vulnerable build action and carry out a successful compromise. The attacker does not need a code review approval from the maintainer since the vulnerable build action is running on the pull request before the code is merged.
The Legit team disclosed these issues via Google's vulnerability disclosure program, along with remediation guidelines, and verified that these vulnerabilities weren't exploited by a malicious actor. The Google project vulnerability was remediated quickly and is now safe.
Unfortunately, there are many other projects using GitHub Actions that are susceptible to this same attack. Since using the GITHUB_ENV file is currently the widely accepted way to change environment variables in GitHub Actions, many repositories are using workflows that write untrusted data into this file, leaving them exposed these potential supply chain attacks.
This type of vulnerability joins a large number of other disclosed vulnerabilities and successful supply chain attacks targeting popular open-source libraries. The Legit Security Research Team has previously discovered a wide range of vulnerabilities in popular Source Code Management systems including GitHub, as well as other Software Development Lifecycle Management (SDLC) systems and infrastructure commonly found in an organization's software supply chain.
About Legit Security
Legit Security provides application security posture management to ensure secure application delivery, governance and risk management from code to cloud. The platform's unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.
Business Wire | August 23, 2023
Conceal, renowned for its pioneering stance against web-based threats, today heralded its significant partnership with Kompingo, the UK's distinguished value-added distributor and managed security service provider. This collaboration signifies a major enhancement for Kompingo’s Managed Detection and Response (MDR) services, as it integrates Conceal’s patented zero-trust browser security into its offerings.
"As the digital threat landscape rapidly evolves, strengthening our MDR and managed services capabilities remains paramount. Integrating Conceal’s browser security solution aligns perfectly with our ambition to offer our customers top-tier, holistic security solutions," commented Toby Caton, Director at Kompingo. “Conceal also allows us to offer the product as a stand-alone solution to our growing MSP partners and reseller base for them to enhance their offerings further, too.”
Gordon Lawson, CEO of Conceal, further emphasized the partnership’s potential: "Kompingo's expertise in managed security services makes them an ideal partner. We’re confident that by infusing ConcealBrowse into their MDR offerings, we can provide users with unprecedented protection from web-centric threats."
Together, Kompingo’s state-of-the-art Security Operations Centre and ConcealBrowse promise a robust defense against today’s sophisticated web threats. With Kompingo’s AI and machine learning-enhanced operations now complemented by Conceal's dynamic web content analysis, both organizations are poised to set a new benchmark in cybersecurity.
Conceal is at the forefront of defending against web-based attacks, using innovative technology to detect, prevent, and shield businesses and individual users from ever-evolving online threats.
ConcealBrowse operates on the principle of proactive protection. Its AI-powered intelligence engine, ConcealSherpa, runs at machine speed with virtually zero latency to identify potentially harmful webpages autonomously, stopping cyber attacks that take advantage of weaponized links. For more information, visit https://conceal.io/.
Situated at the crossroads of innovation and technology, Kompingo has etched its mark as a leading light in the IT security arena. Famed for its comprehensive managed services, Kompingo is dedicated to incubating IT security start-ups, nurturing technological advancements, and driving growth. Their plethora of services, spanning from co-managed and fully managed offerings to vCISO and penetration testing, makes them an indispensable ally in the cybersecurity domain. With a steadfast dedication to the Cyber Essentials Scheme and their top-notch Managed Detection and Response services, Kompingo remains a name synonymous with excellence.