PLATFORM SECURITY, SOFTWARE SECURITY
Vicarius | October 18, 2022
Vicarius, creators of vsociety, the open and independent social community for research and security professionals, has announced the publication of novel security research detailing multiple new exploits for popular developer tools. The publication comes in an effort to amplify safe hygiene practices during CISA’s Cybersecurity Awareness Month.
October 2022 marks the 19th anniversary of National Cybersecurity Awareness Month, with this year’s campaign theme — “See Yourself in Cyber” — demonstrating that while cybersecurity may seem like a complex subject itself, it’s really all about people. In alliance with the Cybersecurity and Infrastructure Security Agency (CISA), who leverages the month to spread awareness of good cyber hygiene, Vicarius looks to enhance the security posture of organizations by publishing new research along with steps to mitigate the risk.
Among the publications, which are provided to the community by independent researchers and validated by Vicarius, is a zero-day vulnerability for a popular Python developer tool called yacmmal. In the post, anonymous researcher “M” lays out the steps taken to compromise the application and execute code remotely, going further to warn “as this exploit is not known and no patches are available, usage of the package should be avoided until patches are public,” while providing a workaround for temporary protection.
In a few subsequent posts to the community, the same researcher details an exploit to a beloved developer resource called Flask as well as a method to exploit a deserialization vulnerability in a python library called Jsonpickle. Both of these examples illustrate the potential for remote code execution and the steps required to mitigate the threat. Vicarius stresses the importance of providing mitigation details for any exploit posted to vsociety. Research is only published on the platform if it follows responsible disclosure and is accompanied by remediation details and documentation.
“Our goal is to make organizations more aware of potential vulnerabilities in the wild and provide the steps necessary to protect against them. “With the growing popularity and prominence of Awareness Month, we aimed to go a step beyond the typical materials provided by other CISA partners, encouraging awareness of previously unpublished threats in the wild which all security teams should be cognizant of.”
Vicarius CEO Michael Assraf
Vicarius will release additional pieces of research that will be published to vsociety throughout the month.
Vicarius helps security teams protect their most critical apps and assets against software exploitation through TOPIA, the company’s end-to-end vulnerability remediation platform. Founded by three security experts and backed by tier one investors from Silicon Valley, Vicarius’ mission is to provide customers with problem-solving solutions that proactively reduce risk wherever computer software resides.
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Noname Security | November 02, 2022
Noname Security, the leading API security company, today shared its EMEA channel strategy, which builds on significant momentum achieved in the past six months and is led by Ides Vanneuville, recently appointed EMEA Channels & Alliances Director.
Vanneuville is an experienced leader in the cybersecurity market with a strong track record in cybersecurity and solutions engineering, having held a number of senior positions at organisations such as Palo Alto Networks, Nutanix, and Aviatrix.
Demand for API security solutions is accelerating throughout EMEA as businesses continue to transition to public cloud and are increasingly adopting cloud-native development strategies. High-profile API breaches have underlined the critical nature of API security and the need for advanced solutions such as the Noname API Security Platform that accelerate digital transformation while addressing API security risks and vulnerabilities.
This offers a new and growing market for established cybersecurity resellers and new entrants alike.
"I am excited to join Noname Security at a time when the channel is transforming to meet growing demand for the powerful yet easy-to-use API security that our platform delivers," comments Vanneuville. "We are building productive partnerships with traditional cybersecurity companies seeking to expand their offering into the DevSecOps market, along with the innovative application-centric resellers that are carving out opportunities in this space."
Noname Security operates a 100% indirect sales model, and its channel strategy focuses on building out presence across EMEA by securing key partnerships with a range of cybersecurity resellers, consultancies, systems integrators, and distributors.
Since March 2022, Noname Security has signed new partnerships with Oblivion, part of Xebia (Netherlands, Denmark & Germany), NewGens Pte (Singapore, Malaysia, Indonesia and Thailand), CyberGate Defense (UAE), Evanssion (Middle East & Africa), Aditinet (Italy), iSOC24 (Benelux) and HighPoint (UK & NL) . These partners join a diverse group of existing partners across Europe, the Middle East, and Africa.
These partners will be supported by Noname Security's global partner program, which provides the resources they need to address key customer pain points in their region and build sizable revenue opportunities in the API security market. The program is tailored to reflect the variations in maturity and background of the API security market in each geographic area.
"API security is a rapidly evolving area that wraps around the ways APIs are being used in different territories," adds Vanneuville. "For example, the increase in open banking in emerging regions like Turkey is driving demand for API security in that region, and we have new Noname Security partners in place to meet that need. Similarly, the booming m-commerce market in Africa is a valuable target for our partners to focus on. Our program helps partners target these key vertical markets and build a reputation for excellence."
API Security Workshops Provide Essential Partner and Market Education
Noname Security is running a series of workshops to educate the market and channel partners about the importance of protecting APIs against attacks and how to go about it. These are currently available, both virtually and in-person in a variety of worldwide cities, and will help Noname's channel partners as well as their end-users to understand:
The underlying security risks when deploying APIs
Emerging threats facing applications and APIs
Techniques used to exploit vulnerable APIs
How Noname Security monitors API traffic for anomalies.
"These educational workshops form an important part of Noname's go-to-market strategy," concludes Vanneuville. "An educated market is a receptive market, and with these workshops we aim to ensure that customers and partners fully understand the urgency of securing APIs in order to protect core revenue streams against disruptive attackers. This is a relatively new area, but one that is of critical importance for the success and stability of modern enterprises as the cloud transition continues and born-in-the-cloud businesses ramp up innovation and expansion."
About Noname Security
Noname Security is the only company taking a complete, proactive approach to API security. Noname works with 20% of the Fortune 500 and covers the entire API security scope across three pillars: posture management, runtime security and API security testing. Noname Security is privately held, remote-first with headquarters in Palo Alto, California, and offices in Tel Aviv and Amsterdam.
DATA SECURITY, ENTERPRISE IDENTITY
SandboxAQ | September 14, 2022
SandboxAQ, an enterprise SaaS company delivering the compound effects of AI and Quantum tech (AQ) to governments and the Global 1000, today announced it has acquired Cryptosense, a leading cybersecurity and encryption analysis software company. SandboxAQ's acquisition comes just weeks after the company unveiled its Strategic Investment Program and initial investment in evolutionQ.
The acquisition of Cryptosense complements and accelerates the deployment of SandboxAQ's Post-Quantum Cryptography (PQC) solutions to corporations and government institutions worldwide. SandboxAQ's cybersecurity products enable large enterprises to scale cryptography management across their IT infrastructure, providing CISOs with a single, 360° view of how encryption is used throughout the enterprise – a critical first step in migrating to PQC.
This migration to stronger cybersecurity is important for critical infrastructure sectors such as financial services, technology, energy, biopharma, logistics, and government.
Cryptosense is used by leading technology and financial services organizations and is a fellow NIST NCCOE partner. The combined customer relationships will help SandboxAQ bring its PQC solutions to market faster and protect these organizations and their customers from existing and emerging quantum threats, such as Store Now, Decrypt Later (SNDL) attacks.
"Rapid advances in quantum computing and AI challenge the effectiveness and performance of existing cryptography-based cybersecurity solutions. The combined leadership, talent, and expertise that SandboxAQ and Cryptosense bring to the marketplace accelerates the deployment of more effective cryptography solutions to protect the world against the security threats of today and tomorrow," said Jack D. Hidary, CEO of SandboxAQ. "The caliber of the Cryptosense team is recognized throughout the information security community, with the leadership by Graham Steel and Clément Jeanjean. We welcome Cryptosense to the SandboxAQ family and look forward to our continued success as one company."
"The complementary functionality and expertise between Cryptosense and SandboxAQ enables us to build and deliver SaaS solutions at scale with higher touch customer service. PQC implementation is critical to protect the world's sensitive data and together we will make a greater impact."
Dr. Graham Steel, Cryptosense founder
Cryptosense was advised by Stifel and Hogan Lovells and SandboxAQ was advised by Morgan Lewis.
SandboxAQ is an enterprise SaaS company, providing solutions at the nexus of AI and Quantum technology (AQ) to address some of the world's most challenging problems. The company's core team and inspiration formed at Alphabet Inc., emerging as an independent, growth-capital-backed company in 2022.
Cryptosense is an enterprise SaaS company that helps organizations identify and catalog the cryptography leveraged within their applications and infrastructure. Some of the largest technology and financial services companies worldwide use Cryptosense for their cybersecurity needs. Cryptosense announced a $4.8 million funding round in May 2021 backed by Amadeus Capital Partners, Elaia Partners and BGV.
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
KnowBe4 | November 29, 2022
KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced it is launching the new KnowBe4 Mobile Learner App to empower end users by introducing security awareness and compliance training on the go at no additional cost to customers, improving user engagement and strengthening security culture.
With a large majority of the world's population using smartphones today, mobile training revolutionizes the way people learn. This new app will enable end users to complete their security awareness and compliance training conveniently from their tablets or smartphones, giving them 24/7/365 access.
"The KnowBe4 Mobile Learner App is the first of its kind to launch in the security awareness and compliance training space, making it easier than ever to train users while subsequently strengthening an organization's security culture. "This new app will enable IT and security teams to improve engagement and completion rates for required training thanks to a seamless user experience. This will also help users to associate security with their personal devices, keeping it top of mind all the time rather than only when they are at work on their computers. We are making this substantial new capability available at no additional cost to all subscription levels as a show of our commitment to supporting our customers' security and human risk management objectives."
Stu Sjouwerman, CEO, KnowBe4
Based on subscription levels, KnowBe4 offers 100+ Mobile-First training modules that were designed specifically for mobile. The KnowBe4 Learner App supports push notifications for custom announcements, updates on assigned training as well as KnowBe4 newsletters.
KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, is used by more than 54,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.