Cyber security firm finds 'multiple vulnerabilities' in Tik Tok security

abc6onyourside | January 15, 2020

A cybersecurity firm tested the security of Tik Tok and found "multiple vulnerabilities" in the app's code, allowing for security loopholes and hacking accounts. Check Point Research published their findings on the app, showing the security concerns. The firm's research shows they were able to manipulate code to mess with accounts' contents, delete and upload videos without the account owner's consent, make previously "hidden" videos public, and access personal information like email addresses. Researchers at Check Point say they were even able to exploit a feature where users can text themselves a link to download Tik Tok and use it to send malware to any phone number.

Spotlight

"This new cyber defense maturity report is based on survey results collected and analyzed by IDG Connect, and reveals a range of areas that are ripe for improvement as well as incident and control trends and operational confidence. While confidence in IT security management appears optimistic, overall findings showed a contradiction in efficacy and likely investment compared to where incidents have been most impactful. The full report provides a detailed view of these findings."


Other News
NETWORK THREAT DETECTION,PLATFORM SECURITY,SOFTWARE SECURITY

OneLayer Announces Partnership with Druid Software to Provide Superior Security for Private Networks

OneLayer | November 14, 2022

OneLayer, a pioneer in securing private LTE/5G networks for enterprises, announced today that it has partnered with Druid Software, the leading global provider of private cellular network core software solutions for enterprise. OneLayer will be securing Druid Software's 5G private network domain, ultimately providing its clients, including system integrators, with a platform and the abilities they need to successfully deliver and support end-to-end cellular networks to the enterprise. Private cellular networks provide organizations with connectivity on a completely different level, including increased reliability, a dedicated bandwidth with capacity and range, no lag time, and connectivity of IoT and OT devices across vast areas. As organizations increasingly adopt these networks, they must consider a critical element of successful network deployment, namely, integrating the cellular network with the enterprise's existing IT network. To successfully accomplish this integration, organizations must keep the network secured, including both visibility and segmentation. Druid Software, a core cellular network software company, and OneLayer's partnership now provide a solution that removes the security concerns for Druid's clients. OneLayer is integrating its SaaS solution on Druid Software equipment, allowing for seamless security for any private LTE/5G network running on Druid Software's core. Its solution for securing private cellular networks will enable network security using a Zero Trust approach, asset management, cellular and IoT device fingerprinting, policy enforcement that allows network segmentation, and anomaly detection, amongst other capabilities, securing devices connected to Druid Software's core. "We are excited to be working with Druid Software as a strategic partner. In addition to providing a security solution for Druid, we have also included Druid's core as a part of our new 5G Security Lab. "By providing a much-needed security solution for Druid we are giving users the confidence to invest in adopting an LTE/5G network that has the potential to take their business to the next level. We feel this first-hand through our own implementations and research" Dave Mor, CEO and Co-founder of OneLayer "By adding this security solution which brings further essential capabilities for network protection we are addressing a market need for our clients and ensuring them the best and safest 5G or 4G offering to date," said Tadhg Kenny, Senior Vice President for Partnerships at Druid. "Our clients rely on Druid for the quality of its Raemis core network. Now with OneLayer's additional levels of security, we will be providing an even more comprehensive product to serve their business needs" About OneLayer OneLayer provides enterprise-grade security for private LTE/5G networks. Its platform and IoT security toolkit can be implemented in private cellular networks to provide better visibility, control and protection for organizations. The company was founded by world-class cybersecurity experts with a deep understanding of both cellular protocols and IoT security needs along with veterans from the IDF's 8200 and 81 intelligence units. OneLayer is backed by industry-leading advisors and has partnered with experts both in the cybersecurity domain as well as the telecom industry. About Druid Software Druid Software is a core cellular network software company based in Ireland. Established in 2001 Druid Software has evolved into one of the world's leaders in Private 5G & 4G Cellular technology over the last 20 years. Druid Software's RAEMIS™ platform is a mature 3GPP compliant 4G/5G core network, with unique features designed specifically for business and mission critical use.

Read More

DATA SECURITY,ENTERPRISE SECURITY,PLATFORM SECURITY

Laminar Supports Launch of Amazon Security Lake

Laminar | November 30, 2022

Laminar, a leader in public cloud data security, today announced it is supporting the launch of Amazon Security Lake from Amazon Web Services (AWS). Amazon Security Lake automatically centralizes an organization’s security data from cloud, on-premises, and custom sources into a customer owned purpose-built data lake. With support for the Open Cybersecurity Schema Framework (OCSF) standard, Amazon Security Lake reduces the complexity and costs for customers to make their security solutions data accessible to address a variety of security use cases such as threat detection, investigation, and incident response. “All cybersecurity in the end is about protecting data and all cybersecurity is more effective and efficient with data-context. “Laminar is proud to be a launch partner for Amazon Security Lake, adding data-context to security events for better risk models, effective investigations and efficient remediation.” Amit Shaked, co-founder and CEO, Laminar Amazon Security Lake helps organizations aggregate, manage, and derive value from log and event data on the cloud and on-premises to give security teams greater visibility across their organizations. With Amazon Security Lake, customers can use the security and analytics solutions of their choice to simply query that data in place or ingest the OCSF-compliant data to address further use cases. Amazon Security Lake helps customers optimize security log data retention by optimizing the partitioning of data to improve performance and reduce costs. Now, analysts and engineers can easily build and use a centralized security data lake to improve the protection of workloads, applications, and data. Laminar is a Data Security Posture Management (DSPM) leader that delivers autonomous, agentless, and continuous data security for everything that you build and run on the cloud. Laminar provides autonomous discovery and classification for all data across AWS and hybrid cloud environments into a cloud data catalog, prioritization of data assets by our proprietary risk model, and an agentless and asynchronous approach to DSPM to reduce the exposure surface without impacting performance. “Data is every enterprise’s most valuable asset, which makes protecting it a critical capability for all cybersecurity solutions,” said Rod Wallace, General Manager for Amazon Security Lake. “Amazon Security Lake enables security teams to optimize security log data collection and retention by optimizing the partitioning of data to improve performance and reduce costs. With the Laminar integration, analysts and engineers can store their data in the OCSF format for further analytics to improve the protection of workloads, applications, and data.” About Laminar Laminar’s Cloud Data Security Platform protects data for everything you build and run in the cloud across cloud providers and cloud data warehouses. The platform autonomously and continuously discovers and classifies new datastores for complete visibility, prioritizes risk based on sensitivity and data risk posture, secures data by remediating weak controls and actively monitors for egress and access anomalies. Designed for the multi cloud, the architecture takes an API-only approach, without any agents, and without sensitive data ever leaving your environment. Founded in 2020 by a brilliant team of award winning Israeli red team experts, Laminar is proudly backed by Insight Partners, Tiger Global, Salesforce Ventures, TLV Partners, and SentinelOne.

Read More

PLATFORM SECURITY,SOFTWARE SECURITY

Stellar Cyber Integrates with Netskope to Deliver World-Class User Context, Speeding Investigations and Improving Security Outcomes

Stellar Cyber | December 20, 2022

Stellar Cyber, the innovator of Open XDR, today announced a new integration with Netskope, a global leader in secure access service edge (SASE). This powerful integration makes it easy for enterprise and MSSP users of the Stellar Cyber Open XDR platform to improve visibility of risks and threats by incorporating the rich user-centric data generated by Netskope in every investigation conducted by their security analysts. Under this integration, Netskope maintains visibility and control across five lanes of user traffic, including web, managed SaaS, unmanaged SaaS, cloud service providers, and public-facing custom apps in one single-pass cloud architecture. At the same time, Stellar Cyber ingests, normalizes, and analyzes Netskope data and all other collected data to identify potential threats creating prioritized, investigation-ready incidents. As security analysts complete incident investigations, Stellar Cyber automatically initiates response actions to third-party products integrated into the solution, including Netskope. “Making it easy for our customers that use Stellar Cyber to incorporate Netskope’s valuable user insights into their investigations is another way for us to bring them new levels of security visibility. “Making security analysts more productive means attacker dwell time decreases, reducing the risk of breach across our customer's environment.” Andy Horwitz, VP of Business Development at Netskope “Automatically incorporating Netskope’s rich user data into every investigation in the Stellar Cyber platform adds critical context that previously required significant manual effort, which should be especially important to customers with lean security teams focused on reducing the workload on their SOC analysts,” said Andrew Homer, VP, Technology Alliances at Stellar Cyber. “With this integration, we continue to deliver what our customers, and the market, expect.” About Stellar Cyber Stellar Cyber’s Open XDR platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

KnowBe4 Launches New Mobile Learner App for Anytime, Anywhere Cybersecurity Learning

KnowBe4 | November 29, 2022

KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced it is launching the new KnowBe4 Mobile Learner App to empower end users by introducing security awareness and compliance training on the go at no additional cost to customers, improving user engagement and strengthening security culture. With a large majority of the world's population using smartphones today, mobile training revolutionizes the way people learn. This new app will enable end users to complete their security awareness and compliance training conveniently from their tablets or smartphones, giving them 24/7/365 access. "The KnowBe4 Mobile Learner App is the first of its kind to launch in the security awareness and compliance training space, making it easier than ever to train users while subsequently strengthening an organization's security culture. "This new app will enable IT and security teams to improve engagement and completion rates for required training thanks to a seamless user experience. This will also help users to associate security with their personal devices, keeping it top of mind all the time rather than only when they are at work on their computers. We are making this substantial new capability available at no additional cost to all subscription levels as a show of our commitment to supporting our customers' security and human risk management objectives." Stu Sjouwerman, CEO, KnowBe4 Based on subscription levels, KnowBe4 offers 100+ Mobile-First training modules that were designed specifically for mobile. The KnowBe4 Learner App supports push notifications for custom announcements, updates on assigned training as well as KnowBe4 newsletters. About KnowBe4 KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, is used by more than 54,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.

Read More

Spotlight

"This new cyber defense maturity report is based on survey results collected and analyzed by IDG Connect, and reveals a range of areas that are ripe for improvement as well as incident and control trends and operational confidence. While confidence in IT security management appears optimistic, overall findings showed a contradiction in efficacy and likely investment compared to where incidents have been most impactful. The full report provides a detailed view of these findings."

Resources