DATA SECURITY

Living Security Hosts a Panel of Industry Experts to Discuss Emerging Threats

Living Security | May 27, 2021

Living Security, a pioneer in Human Risk Management and a cybersecurity awareness training leader, is proud to host this year's Breaking Security Awareness Conference 2021, which will be held virtually on Thursday, June 24, 2021.

The free event will educate business, IT, and security leaders on the most recent threats emerging in our increasingly digital world, as well as explain how effective training can protect employees both at work and at home.


The conference will include a panel of industry thought leaders who will discuss topics such as:

• Human risk management
• Social engineering
• DEI in cybersecurity
• Enterprise security awareness
• Remote working security
• Ransomware

Among the speakers this year are executives from Amplitude, Cisco, CISO Series, Forrester, LARES, National CyberSecurity Alliance (NCSA), Netflix, Social Engineer, and Yass Partners.

About Living Security

The objective of Living Security, which was founded in 2017, is to help prevent cybersecurity breaches by providing a human risk management platform that does more than just meet compliance requirements. It has a real effect on behavior. Living Security believes that empowering individuals is the key to putting an end to breaches. Gamified learning and immersive experiences engage and educate users, while the science-backed, tech-enabled platform enables CISOs to measure efficacy and program ROI uniquely.

The Living Security team named one of Austin's Best Places to Work is made up of 50+ cybersecurity professionals dedicated to redefining security awareness training as we know it and transforming end-users into the enterprise's greatest asset against cybercrime. CVS Health, MasterCard, Verizon, MassMutual, Biogen, AmerisourceBergen, Hewlett Packard, JP Morgan, and Target are among the companies that rely on Living Security.

Spotlight

"Mobile security is often the target of unrealistic criticism. The truth? Mobile is, in fact, a more secure computing platform than traditional PCs and provides organizations with methods to address security needs - both for today and tomorrow.

Leveraging mobile device certificates, organizations can make VPN or Wi-Fi access easier by reducing password usage and ensure only authorized devices are accessing their networks. Plus, mobile authenticators offer a flexible way to address a wide range of authentication needs from a user-friendly device. Complement these tools by leveraging mobile SDKs, which help organizations build security into pre-existing and new mobile applications and enable greater user experience and security simultaneously."

Spotlight

"Mobile security is often the target of unrealistic criticism. The truth? Mobile is, in fact, a more secure computing platform than traditional PCs and provides organizations with methods to address security needs - both for today and tomorrow.

Leveraging mobile device certificates, organizations can make VPN or Wi-Fi access easier by reducing password usage and ensure only authorized devices are accessing their networks. Plus, mobile authenticators offer a flexible way to address a wide range of authentication needs from a user-friendly device. Complement these tools by leveraging mobile SDKs, which help organizations build security into pre-existing and new mobile applications and enable greater user experience and security simultaneously."

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Legit Security Discovers New Class of Development Pipeline Vulnerabilities; Open-Source Rust Programming Language Found Vulnerable

Legit Security | December 12, 2022

Legit Security, a cyber security company with an enterprise platform that protects an organization's software supply chain from attack and ensures secure application delivery, today announced that it discovered a new class of software supply chain vulnerabilities that leverage artifact poisoning to attack underlying software development pipelines. The vulnerability was found in GitHub Actions, a platform for orchestrating and automating software development pipelines, and the vulnerability was identified in the highly popular programming language Rust. Many other GitHub Action projects remain potentially vulnerable and a technical disclosure blog including information to protect organizations from attack is available on Legit Security’s website. The discovered pipeline vulnerability could allow any GitHub user to replace legitimate development artifacts with malicious ones, enabling attackers to modify source code, steal secrets and create CodeCov-like wide-reaching software supply chain attacks. Rust, an extremely popular programming language used by millions of developers, acknowledged and fixed the vulnerability after initial disclosure by the Legit Security Research Team. GitHub Actions is part of the extremely popular GitHub source code management system at the heart of many organization’s software supply chains and used by software developers globally. The vulnerability affects the GitHub Actions artifacts storage mechanism, which is used to store and transfer build artifacts between software development build jobs. Due to a limitation in the cross-workflow artifact communication mechanism, vulnerable workflows cannot distinguish between legitimate project artifacts and artifacts that were created by the project’s forks or copies, allowing any user to create a fork, and then craft a malicious artifact that will be treated as a legitimate one. “This is a different class of vulnerability that can lead to attacks and modification of the development pipeline itself, not just modification of the code. “A simple analogy could be made to a car assembly line. This is an attack on the assembly line itself that could include stealing sensitive parts, turning off certain steps, or substituting any valid part for a malicious one. It’s a powerful attack vector that gives cyber criminals a lot of options to inflict damage. In this case, the vulnerable targets are software supply chains that use GitHub Action.” Liav Caspi, co-founder and CTO, Legit Security The Legit Security Research Team also disclosed the security issue to the GitHub security team. GitHub responded by simply updating their API to include information that could help prevent this vulnerability. It should be noted that GitHub didn’t address the root cause of the issue, thus leaving many other GitHub Action projects vulnerable to the aforementioned software supply chain attacks. Legit Security’s technical disclosure blog includes important information on how to protect organizations from this type of attack. More information about general GitHub security best practices can also be found here. Legit Security Legit Security protects an organization's software supply chain from attack and ensures secure application delivery, governance and risk management from code to cloud. The platform’s unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments, and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Read More

PLATFORM SECURITY,SOFTWARE SECURITY

Omega Systems Fuels Growth in Northeast Region with Acquisition of the TNS Group

Omega Systems | January 10, 2023

On January 09, 2023, Omega Systems, a Pfingsten Partners portfolio company, announced the acquisition of The TNS Group, a leading IT services provider based in Stamford, CT. The acquisition strengthens and further expands Omega's footprint in the Northeast and key target industries, such as healthcare, fintech and non-profit. The TNS Group has been delivering the offices in Stamford, Fairhaven, MA, New York City, and with technology, IT consulting, and cybersecurity services for over 25 years. In contrast, Omega has over 700 mid-market and enterprise customers in financial services, manufacturing, healthcare, nonprofit, and state/local government across the United States. Bill Kiritsis, Omega Systems Founder & CEO, said, "The TNS Group is a valuable extension to our growing presence in the Northeast, and we're thrilled to welcome them to the Omega family." He further stated, "There are great synergies between our organizations – both in our corporate cultures and our commitment to customers – and we're eager to unite and accelerate our efforts to delivering the world-class IT, security and compliance services today's enterprises require." (Source – PR Web) TNS demonstrates Omega's third strategic acquisition in the past 12 months. Omega previously acquired PICS ITech and ACE IT Solutions, both in 2022. The company now employs over 185 total employees and a growing diverse managed services portfolio that includes managed IT compliance, managed cybersecurity, cloud hosting services, backup and disaster recovery, NOC and SOC services and strategic IT consulting. About Omega Systems Omega Systems is a major managed service provider (MSP) and managed security service provider (MSSP) for mid-sized businesses in the financial services, government, manufacturing, healthcare, and professional services industries. Omega's customer-first solutions are based on its approach to personalized service, designed to address the growing regulatory, compliance and data processing needs of the current highly regulated and security-conscious businesses. About The TNS Group The TNS Group, a Managed Service Provider (MSP), offers cloud solutions, managed security, business continuity, and IT consulting. Its portfolio of solutions helps develop business strategies through technology. It aims to bring value to its clients by simplifying innovative technologies and offering layers of expertise and flexibility to achieve overall goals. TNS serves clients in the fintech, healthcare, nonprofit and shipping/distribution industries.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Bitdefender Launches Industry’s First Chat Protection Feature for Mobile-Based Instant Messaging Applications

Bitdefender | November 03, 2022

Bitdefender, a global cybersecurity leader, today unveiled the first real-time chat protection capabilities for mobile-based instant messaging applications. Bitdefender Chat Protection immediately alerts users if malicious links are received or sent during live sessions over the world’s most popular chat applications including WhatsApp, Facebook Messenger, Telegram and Discord. A true industry innovation, the new capabilities help protect users from increased cybercriminal activities targeting mobile devices. Chat Protection is incorporated into Bitdefender Mobile Security for Android through Bitdefender Scam Alert technology, used by consumers worldwide for monitoring, detecting and stopping link-based attacks delivered via messaging applications, notifications, and SMS text messages. Chat Protection continuously monitors chat sessions alerting users of suspicious links that might attempt to steal financial data, credentials and other sensitive information. When malicious links are detected during chat sessions, the user receives a warning along with information about associated risks and a suggested course of action. If warnings are ignored, built-in web protection technologies prevents the user from navigating to the malicious webpage. More than two billion people use WhatsApp and more than one billion use Facebook Messenger globally. At the same time, malware and scams sent via instant messaging apps and SMS text message remain one of the top threats to mobile users in 2022. According to the 2021 Bitdefender Consumer Threat Landscape Report, spam and untrusted domains account for a combined 85% of detected malicious URLs. “Mobile threats continue to increase, and cybercriminals have evolved beyond email-based phishing attacks to include SMS text messages (smishing) and popular instant messaging applications. “With the new capabilities in Bitdefender Mobile Security for Android, users can rest easy and chat safely knowing they have strong, real-time protection against malware, malicious links and scams across their Android devices.” Ciprian Istrate, senior vice president of operations, Consumer Solutions Group at Bitdefender Key Features and Benefits Bitdefender Mobile Security for Android with Chat Protection customers benefit from: Preemptive alerting for financial and data loss risks -- When users receive a suspicious link in messaging applications, notifications or text messages they are notified to prevent accessing or sharing the link. Enhanced protection for friends and family -- If a potentially dangerous link is inadvertently shared, users have the options to recall or delete the message. Detection of sophisticated social engineering -- Phishing attempts that rely on human curiosity, urgency, and impersonation are recognized and flagged by Bitdefender offering users an additional layer of protection. About Bitdefender Bitdefender provides cybersecurity solutions with leading security efficacy, performance, and ease of use to enterprise organizations and consumers. Guided by a vision to be the world’s most trusted cybersecurity solutions provider, Bitdefender is committed to defending organizations and individuals around the globe against cyberattacks to transform and improve their digital experience.

Read More