Home > News > featured news > Windows Malware Carries Valid Digital Signatures

Windows Malware Carries Valid Digital Signatures

Infosecurity Magazine | July 12, 2018

Researchers from Masaryk University in the Czech Republic and Maryland Cybersecurity Center (MCC) monitored suspicious organizations and identified four that sold Microsoft Authenticode certificates to anonymous buyers. The same research team also collected a trove of Windows-targeted malware carrying valid digital signatures. “Recent measurements of the Windows code signing certificate ecosystem have highlighted various forms of abuse that allow malware authors to produce malicious code carrying valid digital signatures,” researchers wrote. In their work, the researchers also discovered several cases of potentially unwanted programs (PUPs), revealing that along with their ability to sign malicious code, bad actors are also able to control a range of Authenticode certificates. Gaining this type of unauthorized access has traditionally been easy for attackers using drive-by downloads and phishing, according to Gabriel Gumbs, vice president of product strategy at STEALTHbits Technologies. “And while endpoint security achieved some increases in efficacy over the last five years with the evolution of end point protection platforms, we only ever treated the symptom – and the not cause – of permissive access," Gumbs said.

Spotlight

Exam Action Plan

Answer the Demand for Certified Professionals Prepping for an (ISC)² credential, like the CISSP, is a big commitment. Maybe you’ve started, but life got in the way of your goal… We get it. That’s why we created the (ISC)² Exam Action Plan to help keep you on track for success. Because we need talented, skilled people like you w

More featured news

Spotlight

Exam Action Plan

Answer the Demand for Certified Professionals Prepping for an (ISC)² credential, like the CISSP, is a big commitment. Maybe you’ve started, but life got in the way of your goal… We get it. That’s why we created the (ISC)² Exam Action Plan to help keep you on track for success. Because we need talented, skilled people like you w

Related News

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Tessian Launches Advanced Email Threat Response Capabilities for Security Teams

Prnewswire | April 26, 2023

Tessian, a leading Integrated Cloud Email Security company, today announced the general availability of Tessian Respond, a major improvement in how security teams identify and respond to email threats compared to traditional secure email gateway solutions. Security teams today face a backlog of end-user reported email threats, missed attacks by traditional controls, and spend too much investigating and remediating individual emails. Tessian Respond enables security teams to quickly identify and respond to all email threats by offering proactive threat hunting capabilities and enabling response and remediation for end-user reported emails. Security admins can now use powerful search queries that leverage intelligence and threat indicators from across the entire Tessian platform. Hundreds of world leading organizations trust the Tessian Cloud Email Security Platform which offers the industry's most complete set of capabilities required for cloud email security: Tessian Defend, Tessian Protect, Tessian Respond, and Tessian Coach, in a simple to deploy model. "At Tessian, we are focused on helping our customers eliminate email based threats," said Allen Lieberman, Chief Product Officer of Tessian. "As customers pivot to cloud based email platforms, they are reconsidering their email security stack to prevent more threats and simplify operations. With the introduction of Tessian Respond, combined with our existing Defend, Protect, and Coach capabilities, Tessian has established a platform that can be deployed in minutes, dramatically reducing email based risk and greatly simplifying operations." "Tessian stops email threats, including Phishing, Business Email Compromise and attacks that could lead to Ransomware or Credential theft on a daily basis," said Jason Patterson, Senior Director of InfoSec, Compliance and Risk Management at Nasuni. "Without Tessian, these threats would have reached our end users. The platform is easy to use for both administrators and end users. However, Investigating the larger impact of an email threat used to take 20 minutes or longer, due to pivoting between multiple tools and powershell scripts. With Tessian Respond, we can now pivot directly from a security event to an investigation in the Tessian platform that allows us to quickly understand the broader risk and remediate the full attack campaign in just a few clicks." About Tessian Tessian's mission is to secure the human layer by empowering people to do their best work, without security getting in their way. Using machine learning technology, Tessian automatically predicts and eliminates advanced threats on email caused by human error - like data exfiltration, accidental data loss, business email compromise and phishing attacks - with minimal disruption to employees' workflow. Founded in 2013, Tessian is backed by renowned investors like Sequoia, Accel, March Capital and Balderton Capital, and has offices in San Francisco, Boston and London.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Cyera Introduces Data Detection and Response and Unified Data Explorer for SaaS, IaaS and PaaS Revolutionizing Security Operations

Prnewswire | April 25, 2023

Cyera, the data security company, today unveiled revolutionary new operational capabilities in its AI-powered data security platform. The company's industry-first Unified Data Explorer provides an intuitive and easy way for security teams to understand where they manage data across their cloud landscape, and pinpoint sensitive data exposures to reduce their attack surface. To address real-time data exfiltration and sensitive exposures Cyera is announcing unified Data Detection and Response (DDR) to extend their Data Security Posture Management (DSPM) capability. Security practitioners can quickly and easily take action to remediate security exposures, and stop sensitive data exfiltration in real time. "Cyera impressed us with the ease with which we were able to understand exactly what data we are managing, where that data is stored, and how it is accessed," said Anthony Cunha, CISO at Mercury Financial. "Their platform allowed us to minimize the sensitive data we manage, improve our security posture, and assure compliance." Cyera's Unified Data Explorer allows security practitioners to deep dive into their company's data. This builds upon the deep context Cyera develops on data, and includes critical insights into security exposures, how specific data classes are distributed across cloud environments and regions, who can access the data, and the security controls that are in place. For example, the Unified Data Explorer highlights where a specific combination of data becomes identifiable. This occurs when data that is typically non-sensitive becomes highly sensitive due to its proximity to personal identifiers protected by privacy or compliance statutes. The Unified Data Explorer also enables security teams to understand who has access to a particular type of sensitive data to govern access and avoid misuse. For example, highlighting which users have access to PCI, HIPAA, or NYDFS protected data across cloud providers and environments, and remediating overly permissive access or a lack of encryption or tokenization that could lead to a breach. The solution also enables security teams to ensure that a company's employees are not abusing generative AI capabilities like ChatGPT. By dynamically developing this level of detail, Cyera pinpoints and remediates data security exposures, including misconfigurations, distribution, access issues and more. With multi cloud DDR, Cyera now identifies data exfiltration and exposures as they occur. This adds operational security capabilities to power incident response across SaaS, IaaS, and PaaS environments. Multi cloud DDR detects and remediates data exposure, configuration changes, non-sanctioned data access, and data exfiltration events as they happen across cloud platforms. For example, if a sensitive data store is made public, Cyera detects the configuration change and remediates the exposure. If a threat actor attempts to migrate data outside of the customer's cloud account or SaaS application, Cyera detects the exfiltration and immediately raises an alert. This includes the full context of the data, its sensitivity, the user, and the relevant privacy or regulatory framework violation so incident responders can take swift, decisive action to limit the impact of the breach. "In order to secure data, organizations must have a dynamic, detailed understanding of what it represents no matter where it is managed," said Yotam Segev, Cyera's CEO and co-founder. "Cyera is working with hundreds of security teams to build a unified data security platform to secure data across a multi cloud landscape. I am confident that our ability to support proactive, real-time, and incident response data security needs will be game changing for customers." To learn more about Cyera and to schedule a demo, visit https://www.cyera.io/demo or send a request to info@cyera.io. About Cyera Cyera is the data security company that gives businesses context and control over their most valuable asset: data. Cyera instantly provides companies visibility over all of their sensitive data, context over the risk it represents and their security exposure, and automated remediation to reduce the attack surface and ensure operational resilience. Backed by leading investors including Sequoia, Accel, and Cyberstarts, Cyera is redefining the way companies do cloud data security. To learn more, visit www.cyera.io.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Databricks Ventures Invests in Data Security Leader Immuta

Businesswire | May 05, 2023

Immuta, a leader in data security, today announced a new strategic investment from Databricks Ventures, the investment arm of the data and AI company and pioneer of the lakehouse. The investment builds on a longstanding partnership between the two companies and positions Immuta as one of Databricks’ trusted partners of choice for data security and access control. The investment will go towards product innovation to strengthen the integration between both platforms and new go-to-market initiatives to increase enterprise adoption. “Immuta is a trusted data security partner,” said Ali Ghodsi, CEO and Co-founder of Databricks. “Over the last six years, we've been successfully collaborating to serve global enterprise customers like ADP, Swedbank, and many others. By integrating directly with Databricks Unity Catalog, Immuta provides a seamless way for our joint customers to protect their data in the Databricks Lakehouse.” “Through our joint partnership with Databricks, Immuta is now embedded in some of the largest and most complex cloud data projects across industries," said Matt Carroll, CEO of Immuta. "With this new investment, we're going to make our tight integration with Databricks Unity Catalog even better so that our customers can take data security to a new level and continue to unlock more value from their data.” This investment comes after a year of immense growth for Immuta during which the company reported a 200% increase in Annual Recurring Revenue (ARR) for its Data Security Platform SaaS offering as it expanded globally into EMEA and APAC. This strong and consistent growth has been fueled by an equally strong track record of funding that includes investments from ServiceNow and NightDragon to support the growing demand for data security from customers around the globe. “As a company with over a million clients doing payroll for millions of people, ADP processes a large amount of data,” said Jack Berkowitz, Chief Data Officer at ADP. “Databricks helps us to manage that data and Immuta plays an important role in administering security and access control. As we look to innovate with new products and implement a multi-cloud strategy, we must treat the data properly – it must be governed.” “Swedbank needed to build an enterprise-scale advanced analytics platform that would also enforce trust in our security, management, and access to data internally, while protecting our customers’ assets and data,” said Vineeth Menon, Head of Data Lake Engineering at Swedbank. “Immuta and Databricks have been instrumental in helping us build that vision and we are excited to see their partnership go to the next level.” Forrester Consulting recently conducted a Total Economic ImpactTM study that found Immuta provided benefits totaling $6.08M and an ROI of 175% over three years for a composite organization, which was based on interviews with six Immuta customers. According to the commissioned Forrester study, “The efficiencies the organizations experienced with Immuta coupled with the ability to meet stricter compliance standards enabled them to scale data access across the organizations to better serve internal innovation efforts and, thereby, better meet external customer needs.” For more information about Immuta’s partnership with Databricks and the new integration between Immuta and Databricks Unity Catalog, please visit https://www.immuta.com/partners/databricks/. About Immuta Immuta enables organizations to unlock value from their cloud data by protecting it and providing secure access. The Immuta Data Security Platform provides sensitive data discovery, security and access control, data activity monitoring, and has deep integrations with the leading cloud data platforms. Immuta is now trusted by Fortune 500 companies and government agencies around the world to secure their data. Founded in 2015, Immuta is headquartered in Boston, MA. To learn more about Immuta, click here. About Databricks Ventures Databricks Ventures is the strategic investment arm of Databricks, the data and AI company. Databricks Ventures invests in innovative companies that align with our view of the future for data, analytics and AI; and are committed to extending the lakehouse ecosystem or using the lakehouse architecture to create the next generation of data and AI-powered companies.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Tessian Launches Advanced Email Threat Response Capabilities for Security Teams

Prnewswire | April 26, 2023

Tessian, a leading Integrated Cloud Email Security company, today announced the general availability of Tessian Respond, a major improvement in how security teams identify and respond to email threats compared to traditional secure email gateway solutions. Security teams today face a backlog of end-user reported email threats, missed attacks by traditional controls, and spend too much investigating and remediating individual emails. Tessian Respond enables security teams to quickly identify and respond to all email threats by offering proactive threat hunting capabilities and enabling response and remediation for end-user reported emails. Security admins can now use powerful search queries that leverage intelligence and threat indicators from across the entire Tessian platform. Hundreds of world leading organizations trust the Tessian Cloud Email Security Platform which offers the industry's most complete set of capabilities required for cloud email security: Tessian Defend, Tessian Protect, Tessian Respond, and Tessian Coach, in a simple to deploy model. "At Tessian, we are focused on helping our customers eliminate email based threats," said Allen Lieberman, Chief Product Officer of Tessian. "As customers pivot to cloud based email platforms, they are reconsidering their email security stack to prevent more threats and simplify operations. With the introduction of Tessian Respond, combined with our existing Defend, Protect, and Coach capabilities, Tessian has established a platform that can be deployed in minutes, dramatically reducing email based risk and greatly simplifying operations." "Tessian stops email threats, including Phishing, Business Email Compromise and attacks that could lead to Ransomware or Credential theft on a daily basis," said Jason Patterson, Senior Director of InfoSec, Compliance and Risk Management at Nasuni. "Without Tessian, these threats would have reached our end users. The platform is easy to use for both administrators and end users. However, Investigating the larger impact of an email threat used to take 20 minutes or longer, due to pivoting between multiple tools and powershell scripts. With Tessian Respond, we can now pivot directly from a security event to an investigation in the Tessian platform that allows us to quickly understand the broader risk and remediate the full attack campaign in just a few clicks." About Tessian Tessian's mission is to secure the human layer by empowering people to do their best work, without security getting in their way. Using machine learning technology, Tessian automatically predicts and eliminates advanced threats on email caused by human error - like data exfiltration, accidental data loss, business email compromise and phishing attacks - with minimal disruption to employees' workflow. Founded in 2013, Tessian is backed by renowned investors like Sequoia, Accel, March Capital and Balderton Capital, and has offices in San Francisco, Boston and London.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Cyera Introduces Data Detection and Response and Unified Data Explorer for SaaS, IaaS and PaaS Revolutionizing Security Operations

Prnewswire | April 25, 2023

Cyera, the data security company, today unveiled revolutionary new operational capabilities in its AI-powered data security platform. The company's industry-first Unified Data Explorer provides an intuitive and easy way for security teams to understand where they manage data across their cloud landscape, and pinpoint sensitive data exposures to reduce their attack surface. To address real-time data exfiltration and sensitive exposures Cyera is announcing unified Data Detection and Response (DDR) to extend their Data Security Posture Management (DSPM) capability. Security practitioners can quickly and easily take action to remediate security exposures, and stop sensitive data exfiltration in real time. "Cyera impressed us with the ease with which we were able to understand exactly what data we are managing, where that data is stored, and how it is accessed," said Anthony Cunha, CISO at Mercury Financial. "Their platform allowed us to minimize the sensitive data we manage, improve our security posture, and assure compliance." Cyera's Unified Data Explorer allows security practitioners to deep dive into their company's data. This builds upon the deep context Cyera develops on data, and includes critical insights into security exposures, how specific data classes are distributed across cloud environments and regions, who can access the data, and the security controls that are in place. For example, the Unified Data Explorer highlights where a specific combination of data becomes identifiable. This occurs when data that is typically non-sensitive becomes highly sensitive due to its proximity to personal identifiers protected by privacy or compliance statutes. The Unified Data Explorer also enables security teams to understand who has access to a particular type of sensitive data to govern access and avoid misuse. For example, highlighting which users have access to PCI, HIPAA, or NYDFS protected data across cloud providers and environments, and remediating overly permissive access or a lack of encryption or tokenization that could lead to a breach. The solution also enables security teams to ensure that a company's employees are not abusing generative AI capabilities like ChatGPT. By dynamically developing this level of detail, Cyera pinpoints and remediates data security exposures, including misconfigurations, distribution, access issues and more. With multi cloud DDR, Cyera now identifies data exfiltration and exposures as they occur. This adds operational security capabilities to power incident response across SaaS, IaaS, and PaaS environments. Multi cloud DDR detects and remediates data exposure, configuration changes, non-sanctioned data access, and data exfiltration events as they happen across cloud platforms. For example, if a sensitive data store is made public, Cyera detects the configuration change and remediates the exposure. If a threat actor attempts to migrate data outside of the customer's cloud account or SaaS application, Cyera detects the exfiltration and immediately raises an alert. This includes the full context of the data, its sensitivity, the user, and the relevant privacy or regulatory framework violation so incident responders can take swift, decisive action to limit the impact of the breach. "In order to secure data, organizations must have a dynamic, detailed understanding of what it represents no matter where it is managed," said Yotam Segev, Cyera's CEO and co-founder. "Cyera is working with hundreds of security teams to build a unified data security platform to secure data across a multi cloud landscape. I am confident that our ability to support proactive, real-time, and incident response data security needs will be game changing for customers." To learn more about Cyera and to schedule a demo, visit https://www.cyera.io/demo or send a request to info@cyera.io. About Cyera Cyera is the data security company that gives businesses context and control over their most valuable asset: data. Cyera instantly provides companies visibility over all of their sensitive data, context over the risk it represents and their security exposure, and automated remediation to reduce the attack surface and ensure operational resilience. Backed by leading investors including Sequoia, Accel, and Cyberstarts, Cyera is redefining the way companies do cloud data security. To learn more, visit www.cyera.io.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Databricks Ventures Invests in Data Security Leader Immuta

Businesswire | May 05, 2023

Immuta, a leader in data security, today announced a new strategic investment from Databricks Ventures, the investment arm of the data and AI company and pioneer of the lakehouse. The investment builds on a longstanding partnership between the two companies and positions Immuta as one of Databricks’ trusted partners of choice for data security and access control. The investment will go towards product innovation to strengthen the integration between both platforms and new go-to-market initiatives to increase enterprise adoption. “Immuta is a trusted data security partner,” said Ali Ghodsi, CEO and Co-founder of Databricks. “Over the last six years, we've been successfully collaborating to serve global enterprise customers like ADP, Swedbank, and many others. By integrating directly with Databricks Unity Catalog, Immuta provides a seamless way for our joint customers to protect their data in the Databricks Lakehouse.” “Through our joint partnership with Databricks, Immuta is now embedded in some of the largest and most complex cloud data projects across industries," said Matt Carroll, CEO of Immuta. "With this new investment, we're going to make our tight integration with Databricks Unity Catalog even better so that our customers can take data security to a new level and continue to unlock more value from their data.” This investment comes after a year of immense growth for Immuta during which the company reported a 200% increase in Annual Recurring Revenue (ARR) for its Data Security Platform SaaS offering as it expanded globally into EMEA and APAC. This strong and consistent growth has been fueled by an equally strong track record of funding that includes investments from ServiceNow and NightDragon to support the growing demand for data security from customers around the globe. “As a company with over a million clients doing payroll for millions of people, ADP processes a large amount of data,” said Jack Berkowitz, Chief Data Officer at ADP. “Databricks helps us to manage that data and Immuta plays an important role in administering security and access control. As we look to innovate with new products and implement a multi-cloud strategy, we must treat the data properly – it must be governed.” “Swedbank needed to build an enterprise-scale advanced analytics platform that would also enforce trust in our security, management, and access to data internally, while protecting our customers’ assets and data,” said Vineeth Menon, Head of Data Lake Engineering at Swedbank. “Immuta and Databricks have been instrumental in helping us build that vision and we are excited to see their partnership go to the next level.” Forrester Consulting recently conducted a Total Economic ImpactTM study that found Immuta provided benefits totaling $6.08M and an ROI of 175% over three years for a composite organization, which was based on interviews with six Immuta customers. According to the commissioned Forrester study, “The efficiencies the organizations experienced with Immuta coupled with the ability to meet stricter compliance standards enabled them to scale data access across the organizations to better serve internal innovation efforts and, thereby, better meet external customer needs.” For more information about Immuta’s partnership with Databricks and the new integration between Immuta and Databricks Unity Catalog, please visit https://www.immuta.com/partners/databricks/. About Immuta Immuta enables organizations to unlock value from their cloud data by protecting it and providing secure access. The Immuta Data Security Platform provides sensitive data discovery, security and access control, data activity monitoring, and has deep integrations with the leading cloud data platforms. Immuta is now trusted by Fortune 500 companies and government agencies around the world to secure their data. Founded in 2015, Immuta is headquartered in Boston, MA. To learn more about Immuta, click here. About Databricks Ventures Databricks Ventures is the strategic investment arm of Databricks, the data and AI company. Databricks Ventures invests in innovative companies that align with our view of the future for data, analytics and AI; and are committed to extending the lakehouse ecosystem or using the lakehouse architecture to create the next generation of data and AI-powered companies.

Read More

More featured news