Hacker Lexicon: Malvertising, the Hack That Infects Computers Without a Click

wired | September 12, 2015

MALVERTISING IS WHEN hackers buy ad space on a legitimate website, and, as the name suggests, upload malicious advertisements designed to hack site visitor’s computers.

Spotlight

Small businesses often assume they are safe from cyber attacks because they are too small to be of interest to hackers. Many small businesses also mistakenly assume they have taken adequate measures to protect themselves. This infographic highlights the risks faced by small businesses from hackers as well as gives a few tips to help safeguard against attacks.


Other News
SOFTWARE SECURITY

iboss Joins Microsoft Intelligent Security Association (MISA)

iboss, Inc. | June 02, 2022

iboss, a leader in Zero Trust Edge, announces the expansion of its relationship with Microsoft by joining the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors (ISV) and managed security service providers (MSSP) that have integrated their security products and services with Microsoft’s security products. Through this collaboration with Microsoft, joint customers benefit from secure, fast access to resources from anywhere, which also allows customers greater visibility and immediate response to threats. iboss has integrations with Microsoft Azure Active Directory, Microsoft Sentinel, Microsoft Defender for Cloud Apps and Microsoft Purview Information Protection to further enhance an organization’s value of their Microsoft 365 E5 investment. These solutions offer new capabilities that are fully integrated and simple to deploy. Identity: iboss forces modern authentication to all resources, including legacy applications under the Azure Active Directory (AAD) Umbrella. When users authenticate through Azure Active Directory, iboss grants or denies resource access on a per transaction basis, with real-time Conditional Access policies applied to reauthenticate or step-up Multi-factor Authentication with Azure Active Directory. Security: iboss integration with Microsoft Sentinel, now available in the Azure Marketplace, integrates high fidelity logs about users and resources being requested, also comes complete with real-time active defense workflows allowing SOC analysts fast automated responses to threats that matter. Deployment is live after only a few mouse clicks. In addition, iboss integration with Microsoft Defender for Cloud Apps extends visibility and protection with advanced CASB capabilities by automatically syncing policies and signatures from Microsoft Defender for Cloud Apps to enforce governance actions for secure cloud application access. Compliance: iboss detects and automatically prevents transfer of files tagged with Microsoft Purview Information Protection unified labels and leverages them with iboss Zero Trust DLP rules. In addition, full visibility into the denied transfer request between the user and resource is made available in Microsoft Sentinel to take additional steps as well as Conditional Access rules in Azure Active Directory Cloud: Protection of Azure resource workloads with iboss service being deployed and running directly inside the Azure on a per tenant basis is now available on Microsoft Azure Marketplace. With the ability of iboss service to now be deployed directly in Azure, allows for a customer’s unique IP address to be anchored to each Azure tenant ID, thus creating a tight Zero Trust linkage unmatched by any other Secure Service Edge vendor. “Our Zero Trust Edge platform enables Microsoft customers, and distributed workforces everywhere, to connect securely and directly to all applications from wherever they work. “We help Microsoft customers complete their Zero Trust journey by granting users secure access to critical resources on a per request basis. The depth and breadth of our integrations is unmatched and provides the most use-case protection scenarios. iboss is purpose-built to prevent breaches by shifting the focus from protecting the network perimeter to protecting resources, and we are proud to be expanding to cover Microsoft Security E5 applications through highly differentiated integrations.” Paul Martini, co-founder and CEO of iboss “Preventing unauthorized access to critical resources is essential for Zero Trust." said Desmond Forbes, General Manager of Business Development at Microsoft. "iboss capabilities ensure that trusted users are able to connect to protected resources from anywhere with advanced integrations across Microsoft’s Identity, Security and Compliance platform to help meet our joint customers’ Zero Trust objectives." The iboss Zero Trust platform is a purpose built, patented, cloud delivered security and has more than 100 points of presence globally. A Zero Trust Architecture built on iboss consolidates network security technologies (SWG, CASB, DLP, IPS, malware defense, browser isolation, firewall) into a single unified cloud platform and eliminates the need for a VPN while securing any device, regardless of location. By making all applications private, iboss eliminates the top three initial ransomware infection vectors as identified by Cybersecurity and Infrastructure Security Agency (CISA). With applications, data and services made only accessible through the iboss Zero Trust Edge, cyber risk is greatly reduced, breaches and data loss are prevented, and visibility and security are delivered consistently throughout an organization. About iboss, Inc. iboss is a cloud security company that enables organizations to reduce cyber risk by delivering a Zero Trust service designed to protect resources and users in the modern distributed world. Applications, data and services have moved to the cloud and are located everywhere while users needing access to those resources are working from anywhere. Built on a containerized cloud architecture, iboss delivers security capabilities such as SWG, malware defense, browser isolation, CASB and data loss prevention to protect all resources, via the cloud, instantaneously and at scale. This shifts the focus from protecting buildings to protecting people and resources wherever they are located. Leveraging a purpose-built cloud architecture backed by 230+ issued and pending patents and more than 100 points of presence globally, iboss processes over 150 billion transactions daily, blocking 4 billion threats per day. More than 4,000 global enterprises trust the iboss Cloud Platform to support their modern workforces, including a large number of Fortune 50 companies. iboss was named one of the Top 25 Cybersecurity Companies by The Software Report, one of the 25 highest-rated Private Cloud Computing Companies to work for by Battery Ventures, and CRN’s Top 20 Coolest Cloud Security Companies of 2022.

Read More

SOFTWARE SECURITY

Involta Partners With Tech Startup HacWare to Expand Enterprise Cybersecurity Awareness Services

Involta | August 08, 2022

Involta, an award-winning data center, hybrid IT, and cloud-forward consulting firm, announces today a partnership with HacWare, an AI-driven cybersecurity awareness and training SaaS (Software-as-a-Service) product that combines threat intelligence with user behavior to help lean IT teams combat today's most advanced phishing attacks. "Today, email phishing attacks remain the number one source of security breaches, causing over 90% of data breaches," states Tiffany Ricks, Founder and CEO of HacWare, Inc. "The average employee is vulnerable because they spend 1,500 hours a year using email, and many are unaware of email security best practices. Partnering with Involta gives us the opportunity to help businesses improve their email security awareness and build up their first line of defense against cyberattacks." HacWare's internal risk assessment provides real-time threat intelligence to show internal vulnerabilities. HacWare learns from the intelligence to provide personalized phishing simulations and training. The phishing technology leverages behavioral psychology best practices to improve cyber posture, saving businesses up to 40% in labor costs. "At Involta, we know the two most important things our customers can do to protect themselves from a phishing attack is awareness and education," comments Mark Cooley, Involta VP of Security and Compliance. "Making sure that your company's employees understand the prevalence and sophistication of these attacks is crucial. HacWare's security awareness technology combines open-source data and data science to show employees how to avoid scams while significantly saving on traditional security training and awareness labor costs. The automated, easy-to-use platform is the perfect addition to our robust security solution suite." Ricks' motivation comes from an entrepreneurial spirit and the desire to help people. She has led HacWare, Inc. to be widely recognized by leading publications such as The Wall Street Journal, Dark Reading, TechCrunch, Forbes and Women's Business Council. "We are thrilled to partner with Tiffany and her team at HacWare to bring her expertise and innovative solutions to our customers and prospects. "Not only is her product both superior and necessary in today's security landscape, but she is also a true role model for our industry's next generation of female leaders. As more women continue to enter into the world of security and digital infrastructure, it's critical to align with them and help bolster their positions while working alongside them to close the gender gap." Jim Buie, Involta President and CEO Involta's commitment to supporting women in tech and empowering girls to explore STEM fields includes a partnership with Girls, Inc. of Pinellas County, Florida, where they recently introduced digital infrastructure as a potential career path. About Involta Involta is an award-winning hybrid IT and cloud-forward consulting firm orchestrating digital transformation for the nation's leading enterprises. Involta's ongoing mission is rooted in partnership. Its personalized approach identifies customers' requirements while earning their trust to ultimately deliver Superior Infrastructure and Services, Operational Excellence and People Who Deliver, keeping with the Involta brand promise.

Read More

SOFTWARE SECURITY

Whistic Announces Support of Google’s Minimum Viable Secure Product Framework

Whistic | May 23, 2022

Today, Whistic, the proactive vendor security network for both buyers and sellers, announced support for the Minimum Viable Secure Product (MVSP) framework, a security baseline developed by Google in a collaborative effort with Okta, Slack, and Salesforce. Until the introduction of MVSP, there was no commonly accepted baseline available among security professionals that indicated the importance of security controls. With MVSP, vendors can demonstrate to their customers that they are meeting, at a minimum, the baseline of security as outlined by some of the industry’s top security professionals. “We believe a vendor-neutral security baseline is an important step in establishing minimum acceptable security requirements for enterprise software and services. “By assuring enterprise solutions include the core security building blocks, we can work to reduce third-party risk, and promote security as a key part of the product development lifecycle.” Chris John Riley, Senior Security Engineer at Google Vendors that utilize Whistic to share security documentation via the MVSP help streamline and accelerate the security review process for their customers, helping them to rapidly understand the vendor’s security posture. “Enabling companies to showcase their security posture using the MVSP and other industry frameworks is a key step toward ensuring transparent relationships between vendors and their customers,” stated Nick Sorensen, Whistic CEO. “In addition to announcing support of MVSP, we recently launched Whistic Basic Profile that enables any business regardless of size to proactively share their security posture with customers and publish it to the Whistic Vendor Security Network for free.” Basic Profile allows vendors to self-assess against industry standard frameworks, including MVSP. It also includes a limited number of Profile shares, and the ability to publish to the Whistic Trust Catalog, enabling Whistic customers to conduct Zero-Touch Assessments of the vendor’s security posture. “Okta has already added MVSP to our Whistic Profile and we look forward to seeing more and more of our vendors adopt this baseline in their Profiles,” said Gen Buckley, Director, Customer Assurance Customer Trust at Okta Security and founding committee member of MVSP. “We are always looking for ways to streamline our vendor security reviews and drive a more secure ecosystem, and MVSP helps accomplish that while also promoting transparency and collaboration between vendors and customers.” Marat Vyshegorodtsev, Enterprise Security JAPAC representative at Salesforce adds, “Organizations of all sizes often purchase dozens of software products managed by third parties. The onboarding process alone can take weeks or months, especially when it comes to vetting the security posture for each. MVSP helps solve this—it standardizes this process and eliminates overhead, complexity, and confusion for both parties while ensuring the minimum-security requirements.” About Whistic Located in the heart of the Silicon Slopes in Utah, Whistic is the network for assessing, publishing, and sharing vendor security information. The Whistic Vendor Security Network accelerates the vendor assessment process by enabling businesses to access and evaluate a vendor’s Whistic Profile and create trusted connections that last well beyond the initial assessment. Make security your competitive advantage and join businesses like Airbnb, Okta, Betterment, and Atlassian who are leveraging Whistic to modernize their vendor security programs.

Read More

SOFTWARE SECURITY

JFrog Advances Software Development Collaboration, Automation, Speed, and Security with New Microsoft Teams App

JFrog | July 12, 2022

JFrog Ltd. , the Liquid Software company and creators of the JFrog DevOps Platform, today unveiled new integrations for JFrog Artifactory - the world's leading binary repository – and its JFrog Xray advanced security solution - with the Microsoft Teams collaboration platform. Available immediately, the JFrog App for Microsoft Teams delivers organization-wide visibility into security and software development events, such as failed builds, security vulnerabilities, or compliance issues. Using the new app, development team members can both assign and execute the tasks required to address issues, accelerating time-to-resolution. "Designing software and keeping it up-to-date has always been a team effort – but the urgency of that collaboration becomes even more important when builds fail or security vulnerabilities strike. “Our goal is to empower developers with solutions that enable efficient, cross-team communications on the platforms they’re already using day-to-day, which is why integrating with Teams was a logical choice. The JFrog App for Microsoft Teams makes it easier for developers to notify and collaborate with the wider business to devise and execute a speedy path to resolution." Stephen Chin, Vice President of Developer Relations, JFrog Many software teams use Teams to collaborate and provide visibility into development events or security vulnerabilities using both public and private group channels, as well as direct messaging. The new JFrog App for Microsoft Teams delivers insight into whether artifacts are being uploaded, moved, copied, or deleted, so developers and their extended team of stakeholders from across the organization can quickly make informed decisions and take action to keep their software pipelines on track and secure. “Microsoft Teams changes the way work gets done. It helps remote colleagues and partners collaborate and stay connected even when they’re working apart – and there are few places where collaboration is as critical to a project’s success as software development,” said Ben Summers, Director, Teams & Microsoft 365 Platform Marketing at Microsoft. “This integration aims to make life easier for developers who are already using Teams for their everyday work to share project or security updates with their extended set of stakeholders in one click.” Other features and benefits of the JFrog App for Microsoft Teams include: Accelerated vulnerability resolution - Integrating JFrog Artifactory and JFrog Xray with Teams significantly decreases the time it takes to resolve development challenges or security issues. Improved collaboration - Developers can use Teams to both delegate action items to extended team members - across departments – and take action on assigned tasks and provide status updates during each phase of the software development lifecycle. Quality assurance – Easily configure JFrog Xray policies and watches to monitor targeted artifact repositories used for test and staging environments, and tag team members on security vulnerabilities and compliance violations through Teams for prompt resolution. About JFrog JFrog Ltd.is on a mission to power all the world’s software updates, driven by a “Liquid Software” vision to allow the seamless, secure flow of binaries from developers to the edge. The JFrog Platform enables software creators to power their entire software supply chain throughout the full binary lifecycle, so they can build, secure, distribute, and connect any source with any production environment. JFrog’s hybrid, universal, multi-cloud DevOps platform is available as both self-managed and SaaS services across major cloud service providers. Millions of users and thousands of customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely manage their mission-critical software supply chain. Once you leap forward, you won’t go back

Read More

Spotlight

Small businesses often assume they are safe from cyber attacks because they are too small to be of interest to hackers. Many small businesses also mistakenly assume they have taken adequate measures to protect themselves. This infographic highlights the risks faced by small businesses from hackers as well as gives a few tips to help safeguard against attacks.

Resources