SOFTWARE SECURITY

CyCraft Technology announced that CyCraft JP has officially joined the Nippon CSIRT Association .

prnewswire | November 03, 2020

CyCraft Technology, the quickest developing network safety firm in Asia, today declared that CyCraft JP has authoritatively joined the Nippon CSIRT Association (NCA).

CSIRT (Computer Security Incident Response Team, Computer Security Incident Response Team) alludes to a group of security investigators that not just arrangement with and react to network safety episodes, gather and examine occurrence related weakness knowledge, assault strategies, methods, and methodology (TTP) yet additionally plan playbooks and complete reactions to security occurrences.

Lately, Japanese associations have started building and building up their own personal inward CSIRTs; notwithstanding, cyberattacks in the 21st century are turning out to be increasingly complex and regular, making it increasingly more hard for one CSIRT to deal with independently. Nippon CSIRT Association (NCA) was set up to bring together the insight, assets, and ability of numerous CSIRTs with the goal that one CSIRT utilizing the knowledge, assets, and capacity of different CSIRTs could conquer security occurrences and increment Japan's general digital flexibility.

NCA isn't the principal CSIRT association CyCtaft has joined. Recently, CyCraft Taiwan joined the worldwide CSIRT association, FIRST (Forum of Incident Response and Security Teams). CyCraft Technology isn't simply dedicated to raising the strength of worldwide associations yet additionally dedicated to showing dependability, demonstrable skill, and precise and noteworthy danger insight, explicitly in the APAC market.

About CyCraft

CyCraft is a world-leading cybersecurity company and the fastest-growing cybersecurity company in Asia. They have developed multiple innovative AI-driven technologies to achieve security intelligent protection automation, such as threat intelligence gateway (TIG), network detection and response (NDR), endpoint protection(EPP), advanced and managed endpoint detection and response (EDR & MDR), and global cyber threat intelligence (CTI), all delivered via their information security monitoring platform, CyCraft AIR. They participated in the U.S. MITRE ATT&CK® Evaluations in 2019 and received top marks in automated detection capabilities with zero configuration changes.

CyCraft secures multiple government agencies, Fortune Global 500 firms, top banks and financial institutions, critical infrastructure, airlines, telecommunications, hi-tech firms, and SMEs. In Q1 2020, CyCraft won multiple gold awards in Cybersecurity Excellence Awards. In Q2 2020, US venture capital Momentum Cyber included CyCraft in the Advanced MSS & MDR and EDR sectors of their 2020 CYBERscape, and CyCraft won Best Security Solution of Interop Tokyo 2020.

Spotlight

MX’s approach to security includes a defense-in-depth strategy. This strategy is supported by an established, operational MX Security Program, with a robust suite of governing policies, processes, security controls, and procedures to achieve MX’s security strategy. MX enacts defense in depth by hardening each layer of MX’s infrastructure and supporting processes.

Spotlight

MX’s approach to security includes a defense-in-depth strategy. This strategy is supported by an established, operational MX Security Program, with a robust suite of governing policies, processes, security controls, and procedures to achieve MX’s security strategy. MX enacts defense in depth by hardening each layer of MX’s infrastructure and supporting processes.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Top-notch Compliance and Security With New Vonage Salesforce Shield Security for Contact Centers

Vonage | December 12, 2022

Contents 1. Enhanced Security with Vonage Contact Center with Salesforce 2. Salesforce Security Shield for Compliance and Security 3. Optimize Your Customer Engagement Having all your customer engagement data on a single platform is all about integrating all the communication channels the way you need them. It is important for contact centers to enhance trust, transparency, and governance for agents while they access information. It controls and improves the customer experience while meeting security requirements on a single, integrated platform. 1. Enhanced Cloud Security with Vonage Contact Center with Salesforce The Salesforce CTI integration is one of the most effective cloud-based contact center integrations, supporting a dynamic omni-channel experience. Vonage’s state-of-the-art contact center cloud-native solutions are built for flexibility, privacy, and reliability. It helps you get actionable data insights that let your conversations flow. 2. Salesforce Security Shield for Compliance and Security Salesforce integration with Vonage is the best in the market and enables features exclusively for contact centers, including optimizing team performance, contact center and customer experience. It uses full AES 256-bit encryption to protect sensitive data across all Salesforce apps. With the addition of Salesforce Shield, Vonage is ensuring that organizations worldwide can better serve their customers while meeting compliance or governance requirements – all from a single, secure platform. Sanjay Macwan, CIO & Chief Information Security Officer at Vonage 3. Optimize Your Customer Engagement Secure cloud communications via Vonage Contact Center (VCC) integration with Service Cloud Voice (SCV) assist your business in meeting the most recent cloud security compliances, regulations, and policies . Such communication not only provides a business and the customer with confidence but also ensures the entire chain of communication remains interconnected and seamless. This helps contact centers deliver a quality customer experience on time.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Netskope Further Improves Risk Visibility on AWS, Strengthening Customers' Security Posture

Netskope | December 01, 2022

Netskope, a global leader in secure access service edge (SASE), is announcing new support of Amazon Web Services (AWS) to further improve visibility of risks and threats on AWS services, resulting in even stronger security postures for customers. Through this work, Netskope will support the launch of AWS Verified Access and Amazon Security Lake to drive innovation for enterprises running on AWS. As the cybersecurity landscape becomes more complex and multifaceted, organizations want to confidently know their data, employees, and resources are safe from potential attacks. Netskope has helped thousands of customers, including more than 25 of the Fortune 100, improve their security posture through integrated zero trust network access (ZTNA), secure web gateway (SWG), cloud access security broker (CASB), cloud security posture management (CSPM), storage scanning with data loss prevention (DLP), cloud firewall, Borderless WAN, and more. By meeting the rigorous standards of supporting the launch of AWS Verified Access and Amazon Security Lake, Netskope and customers can have greater confidence in the company's deep technical expertise on AWS and its proven track record in securing even the most complex cloud journeys. "As organizations search for seamless support and unification of their cloud security services, our work with AWS will help customers achieve even better visibility and protection in a cloud-first, hybrid work environment. "Hybrid work today happens in the office, at home, or on the go, and with this new support of Amazon Security Lake and AWS Verified Access, we'll help customers navigate their cloud security journey by securing data from anywhere, on any device." Andy Horwitz, Vice President, Business Development and Technology Alliances at Netskope Netskope will support Amazon Security Lake and AWS Verified Access by providing visibility and real-time data and threat protection when accessing cloud services, applications, and data. Customers can expect broader and more granular data sharing to expose cloud threats and security gaps, better alert prioritization so security teams can remediate the highest threats first, and a stronger security posture with faster remediation strategies in place. "Netskope and AWS continue to help organizations with security capabilities they need to protect their users and data everywhere," said Chris Grusz, Director, ISV Partner and AWS Marketplace Business Development. "Netskope is a trusted security provider for many cloud-first organizations, and the expanded relationship with AWS will allow customers to better realize the full value of their AWS Security investments." About Netskope Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Legit Security Discovers New Class of Development Pipeline Vulnerabilities; Open-Source Rust Programming Language Found Vulnerable

Legit Security | December 12, 2022

Legit Security, a cyber security company with an enterprise platform that protects an organization's software supply chain from attack and ensures secure application delivery, today announced that it discovered a new class of software supply chain vulnerabilities that leverage artifact poisoning to attack underlying software development pipelines. The vulnerability was found in GitHub Actions, a platform for orchestrating and automating software development pipelines, and the vulnerability was identified in the highly popular programming language Rust. Many other GitHub Action projects remain potentially vulnerable and a technical disclosure blog including information to protect organizations from attack is available on Legit Security’s website. The discovered pipeline vulnerability could allow any GitHub user to replace legitimate development artifacts with malicious ones, enabling attackers to modify source code, steal secrets and create CodeCov-like wide-reaching software supply chain attacks. Rust, an extremely popular programming language used by millions of developers, acknowledged and fixed the vulnerability after initial disclosure by the Legit Security Research Team. GitHub Actions is part of the extremely popular GitHub source code management system at the heart of many organization’s software supply chains and used by software developers globally. The vulnerability affects the GitHub Actions artifacts storage mechanism, which is used to store and transfer build artifacts between software development build jobs. Due to a limitation in the cross-workflow artifact communication mechanism, vulnerable workflows cannot distinguish between legitimate project artifacts and artifacts that were created by the project’s forks or copies, allowing any user to create a fork, and then craft a malicious artifact that will be treated as a legitimate one. “This is a different class of vulnerability that can lead to attacks and modification of the development pipeline itself, not just modification of the code. “A simple analogy could be made to a car assembly line. This is an attack on the assembly line itself that could include stealing sensitive parts, turning off certain steps, or substituting any valid part for a malicious one. It’s a powerful attack vector that gives cyber criminals a lot of options to inflict damage. In this case, the vulnerable targets are software supply chains that use GitHub Action.” Liav Caspi, co-founder and CTO, Legit Security The Legit Security Research Team also disclosed the security issue to the GitHub security team. GitHub responded by simply updating their API to include information that could help prevent this vulnerability. It should be noted that GitHub didn’t address the root cause of the issue, thus leaving many other GitHub Action projects vulnerable to the aforementioned software supply chain attacks. Legit Security’s technical disclosure blog includes important information on how to protect organizations from this type of attack. More information about general GitHub security best practices can also be found here. Legit Security Legit Security protects an organization's software supply chain from attack and ensures secure application delivery, governance and risk management from code to cloud. The platform’s unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments, and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Read More