Windows Malware Carries Valid Digital Signatures

Researchers from Masaryk University in the Czech Republic and Maryland Cybersecurity Center (MCC) monitored suspicious organizations and identified four that sold Microsoft Authenticode certificates to anonymous buyers. The same research team also collected a trove of Windows-targeted malware carrying valid digital signatures. “Recent measurements of the Windows code signing certificate ecosystem have highlighted various forms of abuse that allow malware authors to produce malicious code carrying valid digital signatures,” researchers wrote. In their work, the researchers also discovered several cases of potentially unwanted programs (PUPs), revealing that along with their ability to sign malicious code, bad actors are also able to control a range of Authenticode certificates. Gaining this type of unauthorized access has traditionally been easy for attackers using drive-by downloads and phishing, according to Gabriel Gumbs, vice president of product strategy at STEALTHbits Technologies. “And while endpoint security achieved some increases in efficacy over the last five years with the evolution of end point protection platforms, we only ever treated the symptom – and the not cause – of permissive access," Gumbs said.

Spotlight

Cyber attacks are increasing in volume, sophistication, and severity, and the federal government has taken notice. Now, they’re taking action — most recently in the form of new cybersecurity rules from the Securities and Exchange Commission. In “11 Ways to Streamline SEC Cybersecurity Compliance with Risk Cloud,” we explore a va

Spotlight

Cyber attacks are increasing in volume, sophistication, and severity, and the federal government has taken notice. Now, they’re taking action — most recently in the form of new cybersecurity rules from the Securities and Exchange Commission. In “11 Ways to Streamline SEC Cybersecurity Compliance with Risk Cloud,” we explore a va

Related News

Network Threat Detection

Fortinet expands its Universal SASE offering to securely connect any user to any application

iTWire | October 30, 2023

Fortinet, the global cybersecurity leader driving the convergence of networking and security, has announced the expansion of its Universal SASE offering to empower today’s hybrid workforce with FortiOS everywhere. Ken Xie, founder, chairman of the board, and chief executive officer, said, The Fortinet operating system, FortiOS, is the industry’s only enterprise-grade converged operating system able to support all secure access service edge (SASE) functions, including firewall, software-defined wide area network (SD-WAN), secure web gateway, encryption/decryption, cloud access security broker (CASB), data loss prevention (DLP), and zero trust network access (ZTNA), whether deployed in an appliance or cloud-delivered from Fortinet. “This approach enables over 30 converged networking and security functions to be managed through a single console. Fourteen of these functions are accelerated when deployed on our new FortiASIC Security Processor 5-based FortiGate 120G SASE appliance.” Expanding Fortinet Universal SASE Single-vendor SASE provides flexible access to critical resources and applications for users and devices. However, most enterprises rely on different vendors for each SASE function, which introduces significant challenges of controlling different operating system functionality and management consoles. Fortinet Universal SASE takes traditional single-vendor SASE one step further, providing consistent policies and controls on-prem and in the cloud while delivering seamless integration across all functions and deployments to better support today’s hybrid workforce while reducing information technology (IT) overhead. FortiOS runs the full SASE stack, including a bi-directional firewall, SD-WAN, secure web gateway, encryption/decryption, CASB, DLP, and ZTNA. It also has the flexibility to run on an appliance in accelerated mode as well as in the FortiSASE cloud, providing consistent networking, security, and policy management for every edge. This is further enhanced by FortiGuard artificial intelligence (AI)-powered security services, such as intrusion prevention system (IPS), domain name system (DNS) filtering, URL filtering, anti-malware, sandboxing, and more. This news expands Fortinet’s investment in Universal SASE by expanding the reach of its SASE stack in three key areas of the portfolio: Worldwide coverage of FortiSASE cloud locations FortiSASE, built on a global, scalable cloud network, delivers the same SASE stack as FortiGate appliances through its regional FortiSASE cloud locations. To deliver the best user experience and higher service availability, Fortinet now delivers over 100 FortiSASE cloud locations globally. Bringing accelerated SASE to the campus and branch To bring the full SASE stack to campus and branch locations, Fortinet is announcing the new FortiGate 120G SASE appliance. Because it is powered by Fortinet’s patented security processor 5 (SP5) custom application-specific integrated circuit (ASIC), it can accelerate many elements of the SASE stack, such as delivering three gigabits per second (Gbps) of secure sockets layer (SSL) inspection—an average of six times faster than the industry average—for visibility into encrypted traffic at scale. The following Secure Compute Rating table provides a comparison between equivalent solutions: Flexible consumption extended to Universal SASE FortiFlex, Fortinet’s flexible consumption program, has now been extended to Fortinet Universal SASE solutions. The entire SASE stack from Fortinet can be consumed as part of FortiFlex, whether customers want to use on-prem or FortiSASE cloud-based services. FortiFlex offers usage-based licensing across cloud, hybrid cloud, and on-premises deployments to give IT teams the flexibility to continually right-size their deployments, reduce excessive procurement cycles for new security solutions, simplify the deployment and provisioning of new services, and maximise budget and return on investment by enabling IT teams to scale down or pause services as needed.

Read More

Network Threat Detection

Fortinet Expands Its Global SASE Points-of-Presence with Google Cloud

GlobeNewswire | October 18, 2023

Fortinet (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today announced the expansion of its SASE Points-of-Presence (POPs) to new locations through a partnership with Google Cloud. The partnership allows Fortinet to leverage Google Cloud’s global network edge locations closest to their regions of presence, which deliver dedicated interconnect and 99.99% service availability, to accelerate the expansion of Fortinet’s Universal SASE solution. Single-vendor SASE is a critical architecture organizations adopt to connect their hybrid workforces securely. A robust network of SASE POPs that are scalable and globally available is crucial to delivering a superior user experience while enabling a strong security posture. By leveraging Google Cloud, Fortinet Universal SASE is even better positioned to serve a more extensive global footprint, ensuring that customers can seamlessly connect and secure their hybrid workforces to critical applications, said Michael Xie, Founder, President, and Chief Technology Officer of Fortinet. This partnership will expand our global POP resources and accelerate customer adoption of Fortinet’s Universal SASE solution. And because our SD-WAN solution is natively integrated with our SASE offering, Fortinet’s global SD-WAN customers now have an even broader ability to easily adopt integrated cloud-delivered security to implement a comprehensive Universal SASE solution. “Organizations worldwide rely on the Google Cloud for critical networking and access,” said Muninder Sambi, Vice President and GM of Networking at Google Cloud. “Our expanded partnership with Fortinet can enable high uptime for customers looking to support their hybrid workforces with Fortinet’s SASE solution, along with the advantages of using Google Cloud’s Cross-Cloud Network, which include lower costs and improved application experiences.” Converging Networking and Security with Fortinet Universal SASE Fortinet’s Universal SASE solution uniquely converges networking and security to support today’s hybrid workforce, expanding network edges and new microbranches to enable secure access to applications while providing high ROI through consolidation and improved digital user experience. Fortinet’s solution includes an extended portfolio of critical technologies and services that enable organizations to adopt a zero-trust security posture by effectively applying and monitoring context-based policies regardless of the resource a user is accessing. Fortinet Universal SASE offers a high-performance and scalable cloud network with best-in-class AI-powered security, unified management, and end-to-end digital experience monitoring to ensure secure access to web, corporate, and SaaS applications. Fortinet is the pioneer and leader of secure SD-WAN, the foundation of its Universal SASE solution. Universal SASE uses the same FortiOS operating system and AI-powered security services as its secure SD-WAN and cloud-delivered security service edge (SSE) solutions. This unique integrated approach extends secure web gateway (SWG), zero-trust network access (ZTNA), cloud access security broker (CASB), and Firewall-as-a-Service (FWaaS) solutions to its Universal SASE solution, enabling seamless connectivity, consistent end-to-end threat protection, and optimal user experience.

Read More

Data Security, Platform Security

Laminar Expands Data Security Platform with Support for Microsoft OneDrive and Google Drive

GlobeNewswire | August 31, 2023

Laminar, the leading data security posture management (DSPM) company, recently acquired by Rubrik, the Zero Trust Data Security™ Company, today announced that it has added support for Microsoft OneDrive and Google Drive. Customers can now use Laminar to continually discover overexposed and unprotected sensitive data in OneDrive and Google Drive, enabling proactive risk remediation and data leak detection. With this expanded support, organizations can safeguard sensitive data across their entire digital landscape, including major cloud service providers Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure as well as Snowflake, BigQuery, and other SaaS applications. As organizations increasingly leverage cloud file-sharing services like Google Drive and OneDrive for seamless data sharing and storage, the potential risks associated with data breaches, unauthorized access, and compliance violations have grown significantly. Data security and governance teams’ limited visibility into the contents of these files can lead to unprotected sensitive data. Additionally, unintentional file sharing and incorrect permissions can lead to oversharing internally and externally. To address these challenges, the Laminar Data Security Platform takes an agnostic approach to data security; discovering, classifying, and securing sensitive data as it moves across an organization’s digital environment, including collaborative cloud-based services. Laminar provides secure scanning, ensuring data is not removed from the customer environment. With the platform, data security and governance teams can see and secure enterprise data consistently across the entire digital landscape. "Today’s businesses are powered by cloud file-sharing services, which enable easy and rapid collaboration. This is why it is so critical to have a comprehensive approach to data security, so as to not leave these important files unprotected. With the integration of Microsoft OneDrive and Google Drive support into the Laminar Data Security Platform, we believe this is a giant step towards solving this sensitive data security challenge," said Amit Shaked, CEO and co-founder at Laminar. "We recognize that data security is a collective responsibility, encompassing every individual within an organization. Laminar is now positioned to provide an agile platform that safeguards sensitive information, no matter where it resides or whether it's utilized by developers, data scientists, or any employee across an organization." The news follows the acquisition of Laminar by Rubrik, the Zero Trust Data Security Company™. Together, Rubrik and Laminar create the industry’s first complete cyber resilience offering of its kind bringing together cyber recovery and posture across enterprise, cloud, and SaaS. About Laminar Laminar, a Rubrik company, combines cloud-native design with deep security expertise to provide the visibility and control organizations need to protect their most sensitive data. The Laminar Data Security Platform continuously discovers and classifies cloud data, structured and unstructured, across managed and self-hosted data stores, including unknown shadow data, without the data ever leaving your environment. It analyzes access, usage patterns, and security posture, and provides actionable, guided remediation for data security risk. Together, Rubrik and Laminar enable organizations to be even more proactive in the fight against cyberattacks and provide businesses with a complete cyber resilience solution. About Rubrik Rubrik is a cybersecurity company. We are the pioneer in Zero Trust Data Security™. Companies around the world rely on Rubrik for business resilience against cyber attacks, malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine intelligence, enables our customers to secure data across their enterprise, cloud, and SaaS applications. We automatically protect data from cyber attacks, continuously monitor data risks, and quickly recover data and applications.

Read More