Home > News > featured news > Robo Shadow officially launches free Cyber Security Platform

Platform Security

Robo Shadow officially launches free Cyber Security Platform

Robo Shadow | September 27, 2021

UK based Cyber Security start-up, Robo Shadow, have launched their initial product set as they attempt to take on the big guns in Cyber Security. The Platform boasts a range of features including Vulnerability Scanning, Hardware and Software reporting for all your devices, reporting on Windows Defender centrally (removing the need for third-party Anti-virus) and much more.

We want to democratise Cyber Security, by removing the cost and the complexity.The Robo Shadow Cyber Platform effectively is an attack surface management platform aimed at helping organisations quickly understand their cyber-attack surface. This is so people can See what the hackers see when they are planning their attacks. The easy-to-use Platform will also give all the helpful hints in closing the vulnerabilities that Penetration Tests and Vulnerability Assessments uncover. This cutting-edge software has a straightforward approach to how Cyber Information is displayed and digested by the users, supported by an extensive AI-driven cloud backend.

Terry Lewis, CEO and prolific tech investor

When asked about the commercial model for Robo Shadow, the team states: "We want people to use our software for free and will only have to pay if they require advanced services like support, penetration testing and consultancy. That way, anyone can get the free tech they need, whether they are a School, Business or even a Government Institution. If need be, they can pay for a subscription to use our internal team to help support and advise on the cyber outputs generated by the Platform. Free users to the Platform will still have access to developer style support."

Currently, the initial offering has everything from Vulnerability Scanners, Windows Defender Agents and Office 365 integration. Future versions of the Platform will include Google, Microsoft & Amazon Cloud Integration, Mac and Linux Cyber Agents and an array of technology for businesses to manage their Cyber-attack surface and deliver daily Sec Ops aspect to their business.

The team have enjoyed a decent first run boosted and helped by their popular Android App available in the App store. The App allows people to remotely scan their networks both inside and out for vulnerabilities to understand their attack surface better. Originally the Android App was built as a proof of concept to demonstrate how simple the tech needs to be to make a significant effect in helping people understand their Cyber Attack surface.

Spotlight

Securing Remote Access

How prepared was your organization for the pandemic of 2020? If your answer is “not very,” you are not alone. Few could have predicted the circumstances that sped up the work from home (WFH) movement and catapulted remote access to the forefront for many organizations. Prior, there was a steady trend by some to support geographi

More featured news

Spotlight

Securing Remote Access

How prepared was your organization for the pandemic of 2020? If your answer is “not very,” you are not alone. Few could have predicted the circumstances that sped up the work from home (WFH) movement and catapulted remote access to the forefront for many organizations. Prior, there was a steady trend by some to support geographi

Related News

Enterprise Security, Platform Security, Software Security

Legit Security Discovers and Helps Remediate CI/CD Vulnerabilities in Google Open-Source Projects

Prnewswire | July 19, 2023

Legit Security, a cyber security company with an Application Security Posture Management platform that helps organizations deliver fast and secure software releases, today announced that it discovered Continuous Integration/Continuous Delivery (CI/CD) security vulnerabilities in open-source projects from Google. The Legit Security Research Team found a vulnerability leveraging "GitHub environment injection" that allows attackers to take control of a vulnerable project's GitHub Actions CI/CD pipeline. In this case, any GitHub user could exploit the vulnerability found in the Google Orbit project to modify the project's source code, steal secrets, move laterally inside an organization and ultimately initiate a SolarWinds-like software supply chain attack. Google acknowledged and fixed the vulnerabilities after disclosure by Legit Security. For an in-depth description of the vulnerability and information on how to protect your organization, please visit the technical disclosure blog. GitHub Actions is part of the extremely popular GitHub source code management system at the heart of many organization's software supply chains and used by software developers globally. The recently discovered vulnerability relates to GitHub's special environment variables file called "GITHUB_ENV", which is used to control the pipeline container's environment variables. The vulnerable project had a GitHub Actions workflow that wrote untrusted user input into the GITHUB_ENV file. Legit Security's Research Team discovered that a specially crafted payload written to this file could allow an attacker to execute code on the target pipeline and thereby modify the source code or compromise the repository itself. This attack can be initiated by any GitHub user and is very easy to implement just by creating a pull request. The simple act of submitting the request will trigger the vulnerable build action and carry out a successful compromise. The attacker does not need a code review approval from the maintainer since the vulnerable build action is running on the pull request before the code is merged. The Legit team disclosed these issues via Google's vulnerability disclosure program, along with remediation guidelines, and verified that these vulnerabilities weren't exploited by a malicious actor. The Google project vulnerability was remediated quickly and is now safe. Unfortunately, there are many other projects using GitHub Actions that are susceptible to this same attack. Since using the GITHUB_ENV file is currently the widely accepted way to change environment variables in GitHub Actions, many repositories are using workflows that write untrusted data into this file, leaving them exposed these potential supply chain attacks. This type of vulnerability joins a large number of other disclosed vulnerabilities and successful supply chain attacks targeting popular open-source libraries. The Legit Security Research Team has previously discovered a wide range of vulnerabilities in popular Source Code Management systems including GitHub, as well as other Software Development Lifecycle Management (SDLC) systems and infrastructure commonly found in an organization's software supply chain. About Legit Security Legit Security provides application security posture management to ensure secure application delivery, governance and risk management from code to cloud. The platform's unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Read More

Platform Security, Software Security, API Security

Cequence Strengthens API Protection Platform with Game-Changing Generative AI and No-Code Security Automation

Businesswire | June 28, 2023

Cequence Security, the leader in API Protection, today announced new updates to the Unified API Protection (UAP) platform that strengthen customers’ ability to discover, manage risk and protect APIs. With the latest capabilities, organizations can rapidly deploy API Security Testing with built-in generative AI automation, protect users from online fraud and operationalize security findings with low-code/no-code workflows. “We are always exploring ways to further automate and improve our UAP solution and help our customers consolidate the tools required to stay ahead of the threat actors,” said Ameya Talwalkar, founder and CEO. “The updates to our platform continue to set us apart from other point solution vendors in the API security space as we are providing our customers with the only integrated best-of-suite approach to discover, comply, test and protect their APIs.” “Today, we are also excited to share we are the first API security vendor to take advantage of the game-changing Generative AI and no-code security automation within our UAP solution to better protect users from online fraud and simplify security findings,” continued Talwalkar. Enhance API Security Testing with Generative AI With the enormous potential of generative AI tools like ChatGPT and Google Bard, Cequence is one of the first cybersecurity companies and the first API Protection company to leverage its power to protect data and users from bad actors. Cequence has added several new capabilities to API Security Testing, including Test Plan generation using a new feature called Intelligent Mode that helps automate the generation of API Security Test Plans using plain English, extending the low-code/no-code approach to test case generation. Cequence UAP's Intelligent Mode automatically associates the appropriate APIs with the right test cases, given the functionality of that API. This not only drastically reduces the time needed to create a test plan to minutes, as compared to months with other solutions, it also ensures consistent experience across a customer's entire applications and environments. Several other enhancements include detailed insights and remediation workflows into test failures. The test catalog now has test cases for the latest OWASP API Top 10 2023. Cequence also empowers InfoSec teams to run API tests outside of CI/CD pipelines, and instead, point attack test suites directly against staging or even production servers. New Fraud Prevention Capabilities To enable organizations to protect their APIs from online fraud, Cequence has introduced the Fraud Prevention module in API Spartan. The new module enables organizations to protect their end-customers from online fraud and instantly take action, including blocking transactions and generating enterprise-grade notifications to relevant teams. Protecting applications and users against online fraud complements the existing capabilities of Cequence to detect and block business logic abuse, account takeover (ATO) attempts, common OWASP API Top 10 security risks and automated malicious traffic. Operationalize API Protection with Low-Code/No-Code Security Automation Cequence has introduced out-of-the-box integrations with over 300 third-party apps, including ServiceNow, PagerDuty, JIRA and Slack. Using off-the-shelf connections to these apps, security analysts can ensure security risks or threats are routed promptly to their business teams for remediation. Security analysts can use a low-code/no-code approach within Cequence to implement the equivalent of an API Security Orchestration and Response (SOAR) workflow, wiring together multiple third-party connections to achieve their desired outcomes. Using this approach, analysts can operationalize workflows that promptly remediate critical API security risks, such as the discovery of shadow APIs that have access to sensitive data and new security risks of weak authentication or non-conformance to OpenAPI specifications in newly built pre-production CI/CD pipelines. Enhanced Visibility of External Facing APIs with API Spyder New enhancements to API Spyder enable customers to easily identify APIs that are externally accessible, but not entirely protected by Cloud Security Posture Management (CSPM) infrastructure. Additionally, this approach offers a seamless complement to API Sentinel's deep insights into runtime API inventory and compliance checking using the OWASP API Security Top 10 and other custom risk categories. With the latest Unified API Protection platform updates, organizations can now protect their users from online fraud, operationalize security findings with low-code/no-code API SOAR-like workflows and rapidly deploy API Security Testing with built-in Generative AI automation. These capabilities continue to set Cequence apart from other point API security, bot management, anti-fraud and WAF vendors by having the industry’s first and only Unified API Protection platform that covers the entire API lifecycle. With UAP, customers can discover with API Spyder, comply with API Sentinel and protect with API Spartan. About Cequence Security Cequence Security, the pioneer of Unified API Protection, is the only solution that unifies API discovery, inventory, compliance, dynamic testing with real-time detection and native mitigation to defend against fraud, business logic attacks, exploits and unintended data leakage. Cequence Security secures more than 6 billion API transactions a day and protects more than 2 billion user accounts across our Fortune 500 customers. Learn more at www.cequence.ai.

Read More

Platform Security, Software Security, Cloud Security

Uptycs Continues Momentum in Helping Customers Achieve Security Operations Excellence with AWS

Globenewswire | July 28, 2023

Uptycs, provider of the first unified CNAPP and XDR platform, today announced it’s now part of the Amazon Web Services (AWS) Public Sector Partner (PSP) Program. The AWS PSP Program helps AWS Partners grow their public sector business through alignment with AWS public sector sales, marketing, funding, capture, and proposal terms. “We are delighted to be working with AWS to solve customers’ cloud security challenges, increase security operations efficiency, and protect developer environments as they move code from their workspaces into AWS production environments,” said Ganesh Pai, CEO and co-founder of Uptycs. Uptycs has built an integration with AWS Control Tower, which simplifies AWS experiences by orchestrating multiple AWS services on a customer’s behalf while maintaining the security and compliance needs of their organization. Leveraging the workflow with AWS Control Tower, Uptycs' deep integration with AWS Systems Manager allows organizations to achieve comprehensive security controls while reducing operational overhead in their Uptycs deployment. “Many organizations, especially in the public sector, are looking for ways to cost-effectively scale their cloud security program. Our integration with AWS Control Tower and AWS Systems Manager, along with our more unified shift up approach, delivers a more efficient way to improve customers’ security posture across cloud environments,” Pai said. Additionally, Uptycs also recently announced the achievement of AWS Security Competency Status, and an integration with the Amazon Security Lake. “Our model is proven to better support cybersecurity teams thanks to what we’ve already achieved for our public sector customers, as well as enterprise and commercial organizations,” Pai said. “Now, we’re even better at helping our customers reduce operational burden, and strengthen their threat detection, remediation, and forensic capabilities.” About Uptycs Uptycs, the first unified CNAPP and XDR platform, reduces risk by prioritizing responses to threats, vulnerabilities, misconfigurations, sensitive data exposure, and compliance mandates across clouds, containers, servers, and endpoints—all from a single UI. This includes the ability to tie together threat activity as it traverses on-prem and cloud boundaries, thus delivering a more cohesive enterprise-wide security posture. Get started with agentless coverage, then add runtime protection, and advanced remediation and forensics.

Read More

Enterprise Security, Platform Security, Software Security

Legit Security Discovers and Helps Remediate CI/CD Vulnerabilities in Google Open-Source Projects

Prnewswire | July 19, 2023

Legit Security, a cyber security company with an Application Security Posture Management platform that helps organizations deliver fast and secure software releases, today announced that it discovered Continuous Integration/Continuous Delivery (CI/CD) security vulnerabilities in open-source projects from Google. The Legit Security Research Team found a vulnerability leveraging "GitHub environment injection" that allows attackers to take control of a vulnerable project's GitHub Actions CI/CD pipeline. In this case, any GitHub user could exploit the vulnerability found in the Google Orbit project to modify the project's source code, steal secrets, move laterally inside an organization and ultimately initiate a SolarWinds-like software supply chain attack. Google acknowledged and fixed the vulnerabilities after disclosure by Legit Security. For an in-depth description of the vulnerability and information on how to protect your organization, please visit the technical disclosure blog. GitHub Actions is part of the extremely popular GitHub source code management system at the heart of many organization's software supply chains and used by software developers globally. The recently discovered vulnerability relates to GitHub's special environment variables file called "GITHUB_ENV", which is used to control the pipeline container's environment variables. The vulnerable project had a GitHub Actions workflow that wrote untrusted user input into the GITHUB_ENV file. Legit Security's Research Team discovered that a specially crafted payload written to this file could allow an attacker to execute code on the target pipeline and thereby modify the source code or compromise the repository itself. This attack can be initiated by any GitHub user and is very easy to implement just by creating a pull request. The simple act of submitting the request will trigger the vulnerable build action and carry out a successful compromise. The attacker does not need a code review approval from the maintainer since the vulnerable build action is running on the pull request before the code is merged. The Legit team disclosed these issues via Google's vulnerability disclosure program, along with remediation guidelines, and verified that these vulnerabilities weren't exploited by a malicious actor. The Google project vulnerability was remediated quickly and is now safe. Unfortunately, there are many other projects using GitHub Actions that are susceptible to this same attack. Since using the GITHUB_ENV file is currently the widely accepted way to change environment variables in GitHub Actions, many repositories are using workflows that write untrusted data into this file, leaving them exposed these potential supply chain attacks. This type of vulnerability joins a large number of other disclosed vulnerabilities and successful supply chain attacks targeting popular open-source libraries. The Legit Security Research Team has previously discovered a wide range of vulnerabilities in popular Source Code Management systems including GitHub, as well as other Software Development Lifecycle Management (SDLC) systems and infrastructure commonly found in an organization's software supply chain. About Legit Security Legit Security provides application security posture management to ensure secure application delivery, governance and risk management from code to cloud. The platform's unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Read More

Platform Security, Software Security, API Security

Cequence Strengthens API Protection Platform with Game-Changing Generative AI and No-Code Security Automation

Businesswire | June 28, 2023

Cequence Security, the leader in API Protection, today announced new updates to the Unified API Protection (UAP) platform that strengthen customers’ ability to discover, manage risk and protect APIs. With the latest capabilities, organizations can rapidly deploy API Security Testing with built-in generative AI automation, protect users from online fraud and operationalize security findings with low-code/no-code workflows. “We are always exploring ways to further automate and improve our UAP solution and help our customers consolidate the tools required to stay ahead of the threat actors,” said Ameya Talwalkar, founder and CEO. “The updates to our platform continue to set us apart from other point solution vendors in the API security space as we are providing our customers with the only integrated best-of-suite approach to discover, comply, test and protect their APIs.” “Today, we are also excited to share we are the first API security vendor to take advantage of the game-changing Generative AI and no-code security automation within our UAP solution to better protect users from online fraud and simplify security findings,” continued Talwalkar. Enhance API Security Testing with Generative AI With the enormous potential of generative AI tools like ChatGPT and Google Bard, Cequence is one of the first cybersecurity companies and the first API Protection company to leverage its power to protect data and users from bad actors. Cequence has added several new capabilities to API Security Testing, including Test Plan generation using a new feature called Intelligent Mode that helps automate the generation of API Security Test Plans using plain English, extending the low-code/no-code approach to test case generation. Cequence UAP's Intelligent Mode automatically associates the appropriate APIs with the right test cases, given the functionality of that API. This not only drastically reduces the time needed to create a test plan to minutes, as compared to months with other solutions, it also ensures consistent experience across a customer's entire applications and environments. Several other enhancements include detailed insights and remediation workflows into test failures. The test catalog now has test cases for the latest OWASP API Top 10 2023. Cequence also empowers InfoSec teams to run API tests outside of CI/CD pipelines, and instead, point attack test suites directly against staging or even production servers. New Fraud Prevention Capabilities To enable organizations to protect their APIs from online fraud, Cequence has introduced the Fraud Prevention module in API Spartan. The new module enables organizations to protect their end-customers from online fraud and instantly take action, including blocking transactions and generating enterprise-grade notifications to relevant teams. Protecting applications and users against online fraud complements the existing capabilities of Cequence to detect and block business logic abuse, account takeover (ATO) attempts, common OWASP API Top 10 security risks and automated malicious traffic. Operationalize API Protection with Low-Code/No-Code Security Automation Cequence has introduced out-of-the-box integrations with over 300 third-party apps, including ServiceNow, PagerDuty, JIRA and Slack. Using off-the-shelf connections to these apps, security analysts can ensure security risks or threats are routed promptly to their business teams for remediation. Security analysts can use a low-code/no-code approach within Cequence to implement the equivalent of an API Security Orchestration and Response (SOAR) workflow, wiring together multiple third-party connections to achieve their desired outcomes. Using this approach, analysts can operationalize workflows that promptly remediate critical API security risks, such as the discovery of shadow APIs that have access to sensitive data and new security risks of weak authentication or non-conformance to OpenAPI specifications in newly built pre-production CI/CD pipelines. Enhanced Visibility of External Facing APIs with API Spyder New enhancements to API Spyder enable customers to easily identify APIs that are externally accessible, but not entirely protected by Cloud Security Posture Management (CSPM) infrastructure. Additionally, this approach offers a seamless complement to API Sentinel's deep insights into runtime API inventory and compliance checking using the OWASP API Security Top 10 and other custom risk categories. With the latest Unified API Protection platform updates, organizations can now protect their users from online fraud, operationalize security findings with low-code/no-code API SOAR-like workflows and rapidly deploy API Security Testing with built-in Generative AI automation. These capabilities continue to set Cequence apart from other point API security, bot management, anti-fraud and WAF vendors by having the industry’s first and only Unified API Protection platform that covers the entire API lifecycle. With UAP, customers can discover with API Spyder, comply with API Sentinel and protect with API Spartan. About Cequence Security Cequence Security, the pioneer of Unified API Protection, is the only solution that unifies API discovery, inventory, compliance, dynamic testing with real-time detection and native mitigation to defend against fraud, business logic attacks, exploits and unintended data leakage. Cequence Security secures more than 6 billion API transactions a day and protects more than 2 billion user accounts across our Fortune 500 customers. Learn more at www.cequence.ai.

Read More

Platform Security, Software Security, Cloud Security

Uptycs Continues Momentum in Helping Customers Achieve Security Operations Excellence with AWS

Globenewswire | July 28, 2023

Uptycs, provider of the first unified CNAPP and XDR platform, today announced it’s now part of the Amazon Web Services (AWS) Public Sector Partner (PSP) Program. The AWS PSP Program helps AWS Partners grow their public sector business through alignment with AWS public sector sales, marketing, funding, capture, and proposal terms. “We are delighted to be working with AWS to solve customers’ cloud security challenges, increase security operations efficiency, and protect developer environments as they move code from their workspaces into AWS production environments,” said Ganesh Pai, CEO and co-founder of Uptycs. Uptycs has built an integration with AWS Control Tower, which simplifies AWS experiences by orchestrating multiple AWS services on a customer’s behalf while maintaining the security and compliance needs of their organization. Leveraging the workflow with AWS Control Tower, Uptycs' deep integration with AWS Systems Manager allows organizations to achieve comprehensive security controls while reducing operational overhead in their Uptycs deployment. “Many organizations, especially in the public sector, are looking for ways to cost-effectively scale their cloud security program. Our integration with AWS Control Tower and AWS Systems Manager, along with our more unified shift up approach, delivers a more efficient way to improve customers’ security posture across cloud environments,” Pai said. Additionally, Uptycs also recently announced the achievement of AWS Security Competency Status, and an integration with the Amazon Security Lake. “Our model is proven to better support cybersecurity teams thanks to what we’ve already achieved for our public sector customers, as well as enterprise and commercial organizations,” Pai said. “Now, we’re even better at helping our customers reduce operational burden, and strengthen their threat detection, remediation, and forensic capabilities.” About Uptycs Uptycs, the first unified CNAPP and XDR platform, reduces risk by prioritizing responses to threats, vulnerabilities, misconfigurations, sensitive data exposure, and compliance mandates across clouds, containers, servers, and endpoints—all from a single UI. This includes the ability to tie together threat activity as it traverses on-prem and cloud boundaries, thus delivering a more cohesive enterprise-wide security posture. Get started with agentless coverage, then add runtime protection, and advanced remediation and forensics.

Read More

More featured news