Microsoft defends health care orgs, Mozilla funds innovation to fight COVID-19

scmagazine | April 03, 2020

Some welcome good news on the COVID-19 front: Microsoft Corporation said it is stepping up its efforts to protect hospitals and other critical services from opportunistic cyberattacks, while Mozilla has founded a new fund to support open-source projects that help fight the pandemic. In a company blog post, Microsoft said that it identified dozens of hospitals that were vulnerable to attacks via exploitable gateway and VPN appliances, and reached out to these health care providers with what it describes as a “first-of-its-kind targeted notification.” The alert contained “important information about the vulnerabilities, how attackers can take advantage of them, and a strong recommendation to apply security updates that will protect them from exploits of these particular vulnerabilities and others,” says the post, jointly authored by Microsoft’s Threat Protection Intelligence Team and Threat Intelligence Center (MSTIC).

Spotlight

Printers are an integral and ubiquitous part of the workplace. Despite this fact, many companies ignore the security risks associated with printers and other peripheral devices: Only 56% of IT managers realise they are vulnerable to cybercrime. How should you safeguard your confidential and sensitive data accessed at these endpoints? Are there printer security best practices? Can you control access to company printers? In this exclusive report, you will examine the risks dredged up by insecure printers and other peripheral devices in your business, as well as discover several best-in-class action strategies and practices for addressing end-point device and hardcopy document security.


Other News
DATA SECURITY,SOFTWARE SECURITY,WEB SECURITY TOOLS

Legit Security Discovers and Helps Remediate Software Supply Chain Vulnerabilities in Google Firebase & Apache Open-Source Projects

Legit Security | September 16, 2022

Legit Security, a cyber security company with an enterprise platform to secure an organization’s software supply chain, today announced that it discovered software supply chain attack vulnerabilities in popular open-source projects from Google and Apache. The discovered vulnerability affects GitHub, an extremely popular Source Code Management (SCM) system at the heart of many organization’s software supply chains and used by software developers globally. The Legit Security research team found a new type of CI/CD vulnerability called “GitHub Environment Injection” that allows attackers to take control of the vulnerable project's GitHub Actions CI/CD pipeline. Any GitHub user could exploit this vulnerability to modify the project’s source code, steal secrets, move laterally and attack inside the organization, and ultimately initiate a SolarWinds-like supply chain attack. The vulnerability was found in the Google Firebase project and in a very popular integration framework project from Apache. Both Google and Apache acknowledged and fixed the vulnerabilities after an initial disclosure by Legit Security. Legit Security has published a technical disclosure blog on their website including guidance for organizations to remediate this vulnerability. Legit Security’s Research Team discovered that a specially crafted payload written to a GitHub environment variable called “GITHUB_ENV” could allow an attacker to execute code on the target pipeline and thereby modify the source code or compromise the repository itself. This attack can be initiated by any GitHub user and is very easy to implement just by creating a “pull request” or a proposed change to the source code. The mere act of submitting the pull request will trigger the vulnerable build action and carry out a successful compromise and the attacker does not need to be subjected a code review approval from the source code maintainer for it to take effect. The Legit Security team disclosed these issues to Google and Apache project maintainers, along with remediation guidelines, and verified that these vulnerabilities weren’t exploited by a malicious actor. Both projects have been fixed and are now safe. However, these are not the only projects susceptible to this kind of attack. Since using the GITHUB_ENV file is currently considered the “safe” way to change environment variables in GitHub Actions, many repositories are using workflows that write untrusted data into this file, leaving them exposed to supply chain attacks. “This type of vulnerability joins many other software supply chain vulnerabilities and attacks targeting popular open-source projects, including GitHub, which is the largest and the de facto host of most open-source projects. “We, as a security community, must build the tools and processes to address these threats and allow organizations to trust software and use it safely. Here at Legit Security our mission is to secure every organization’s software supply chain and we are active conducting security research and collaborating on initiatives to achieve this goal." Liav Caspi, CTO and co-founder of Legit Security According to Gartner®, nearly half of organizations worldwide will experience an attack on their software supply chains by 2025, a three-fold increase from 2021. There has been a huge rise in attempts to compromise open-source projects and CI/CD build services, including GitHub Actions, to enable wide ranging attacks through software supply chains. For in-depth analysis of the GitHub Environment Injection vulnerability, along with broader information and guidance on how to protect your organization from software supply chain attacks, please visit the Legit Security website and blog. About Legit Security Legit Security protects software supply chains from attack by automatically discovering and securing the pipelines, infrastructure, code and people so that businesses can stay safe while releasing software fast. Legit provides an easy to implement SaaS platform that supports both cloud and on-premises resources and combines automated discovery and analysis capabilities with hundreds of security policies developed by industry experts with real-world SDLC security experience. This integrated platform keeps your software factory secure and provides continuous assurance that your applications are released without vulnerabilities.

Read More

DATA SECURITY,ENTERPRISE SECURITY,SOFTWARE SECURITY

Titan Security Group Announces Acquisition of Prudential Security, Inc.

Titan Security | September 06, 2022

Titan Security Group, LLC , a leading provider of security solutions headquartered in Chicago, IL, announced today that it has completed the acquisition of the security staffing operation of Prudential Security, Inc. ("Prudential"), a security solutions provider based in Taylor, Michigan. Titan is a portfolio company of Quad C Management, Inc. "We are very excited to welcome the Prudential team to the Titan family. "Our organizations are very complementary, with shared values, culture, and focus on providing a high level of service to our clients and team members. Together, we are better positioned to be a leading regional provider of high-end security services." Dave Pack, CEO of Titan Titan's acquisition of Prudential adds over 700 team members to the Titan brand and expands their existing service area to 14 states including Illinois, Michigan, Wisconsin, Indiana, Alabama, Kansas, Mississippi, North Carolina, New York, Ohio, Pennsylvania, South Carolina, Tennessee, and Texas. "This is an exciting collaboration," said Pack. "Our acquisition strategy is to identify like-minded companies, such as Prudential. Applying our combined talent and resources will lead to new opportunities for our clients and team members." Terms of the acquisition were not disclosed. Security ProAdvisors LLC represented Prudential Security Inc. in the transaction. About Titan Security Titan Security is one of the largest security services firms in the U.S. providing security staffing, consulting, and systems integration of enterprise security solutions including video surveillance, electronic access control, turnstiles, biometrics, visitor management, alarm monitoring and other solutions throughout the Chicago metropolitan area, Northern Indiana and Southern Wisconsin. About Prudential Prudential Security is a recognized leader in the security industry, providing a full range of security solutions to its clients in a wide range of industries. Prudential has built its business with a strong foundation of customer service and responsiveness. Prudential's longtime management team responds attentively to client concerns and issues, developing relationships with all clients, and forming a longstanding base of business, allowing Prudential to grow into one of the most sought-after security providers in the country. About Quad-C Founded in 1989 and headquartered in Charlottesville, Virginia, Quad-C is a middle market private equity firm focused on investing in well-established business and consumer services, food & beverage and consumer products, healthcare, industrials, specialty distribution and transportation/logistics companies. In its three-decade history, Quad-C has invested over $4.0 billion of capital in 80 platform companies. The Quad-C team is committed to partnering with entrepreneurs and management teams to accelerate growth and create long-term value.

Read More

SOFTWARE SECURITY

Red Canary and Palo Alto Networks expand collaboration to provide detection and response across security landscape

Red Canary | July 08, 2022

Red Canary, the Managed Detection and Response (MDR) trailblazer, has expanded its collaboration with industry leader Palo Alto Networks to help deliver on a bold vision: unifying threat investigation across a wide range of Palo Alto Networks products. To help achieve this goal Red Canary is now a part of the Palo Alto Networks Cortex® MSSP partner program. Today, Red Canary MDR supports Palo Alto Networks firewalls by integrating with PAN-OS version 9 and higher. This integration allows security alerts and event data generated by firewall appliances to feed into the Red Canary MDR platform for further investigation and remediation. Red Canary is working with Palo Alto Networks as an MDR partner for the Cortex XDR product, which includes built-in endpoint protection. While many MDR offerings simply ingest alerts generated by endpoint security tools, Red Canary is working toward being able to ingest raw telemetry as well as alerts from the Cortex XDR endpoint agent. Red Canary anticipates this will allow it to reduce false positives by up to 99% and significantly increase the detection of confirmed threats compared to what endpoint security tools can identify on their own. "The detailed endpoint telemetry generated by Cortex XDR enables leading scores in actual hands-on tests, such as MITRE's recent ATT&CK® evaluation," said Rick Caccia, SVP of Marketing for Palo Alto Networks. "Red Canary's ability to manage and analyze large volumes of endpoint, network, and other types of telemetry will make them an ideal partner for solving customers' most pressing security challenges. Together, we can help protect organizations from ransomware, phishing, and other modern threats." To complete our vision of unifying threat investigation across the Palo Alto Networks product line, Red Canary is also developing integrations for Prisma® Cloud, Threat Prevention, and the WildFire Analysis Environment. Red Canary's MDR everywhere strategy allows events from Palo Alto Networks products to be combined with multi-vendor events in a unified timeline. To learn more, visit https://redcanary.com/cyber-threat-investigation/. "Red Canary is meeting customer demand for security across the modern IT environment by integrating alert data from network, identity, and SaaS applications – all in a unified timeline. Our collaboration with Palo Alto Networks layers best-in-class managed detection and response across an industry-leading portfolio of cybersecurity solutions. The result is more choice and better security for our customers." Chris Rothe, CTO, Red Canary About Red Canary Red Canary stops cyber threats no one else does so organizations can fearlessly pursue their missions. The company's managed detection and response (MDR) solution works across enterprise endpoints, cloud workloads, network, identities, and SaaS apps. Red Canary operates as a security ally for customers and partners by providing unlimited 24×7 support, deep threat expertise and hands-on remediation to prevent threats from turning into business-defining incidents.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

One of Europe’s Largest Logistics Companies Selects IronNet to Increase its Network Visibility and Proactively Hunt for Cyber Threats

IronNet, Inc. | August 26, 2022

IronNet, Inc. , an innovative leader Transforming Cybersecurity Through Collective DefenseSM, announced today that a major European logistics company, offering courier, package delivery and express mail service, will deploy the IronNet Collective DefenseSM platform to help defend against increased cyber threats facing the sector. The logistics company is remaining anonymous to help protect its operational security. It serves millions of customers across Europe, provides pick-up and drop-off points for package and parcel services as well as door-to-door courier and fulfillment services for e-merchants. “Cyber attacks along the supply chain can bring the global consumer economy to a halt. We must protect ourselves and our customers from these attacks so we sought out a cybersecurity solution that could identify advanced threats invisible in our current stack,” said the logistics company’s Chief Information Security Officer. “By deploying the IronNet Collective Defense platform, we will benefit from relevant, real-time attack intelligence and extensive threat hunting capabilities. It will provide enhanced visibility into our network and allow us to work with others in the industry to strengthen our cybersecurity and protect our customers from attacks.” “Since the start of the pandemic, the global supply chain has been strained with increased demands on logistics and transportation companies. Now, with the growing conflict between Russia and Ukraine, we cannot risk this sector being hit with cyber attacks to cause even more damage. “By partnering with one of Europe’s largest logistics companies, IronNet is helping this team hunt for threats to stop attacks on their network before they happen and enable the secure, efficient flow of commerce across the continent.” General (Ret.) Keith Alexander, co-CEO and Founder of IronNet Amazon Web Services (AWS) serves as the backbone of the IronNet Collective Defense platform, and it will enable the logistics company to deploy the solution quickly across hundreds of enterprises and maintain a dynamic radar view of threats on enterprise networks comprehensively and at network speed. The logistics company will also use IronNet’s leading AI-based Network Detection and Response (NDR) solution as part of the Collective Defense platform to better detect and defend against cyber attacks. The security platform will enable the logistics company to leverage NDR capabilities, powered by behavioral analytics, to detect unknown threats on its network and, in turn, anonymously in real-time exchange visibility with others in the Collective Defense community. The IronNet Collective Defense platform is the only solution that can identify anomalous behaviors and deliver actionable attack intelligence to all the other participants in the IronNet community. It serves as an early warning system for all participating companies and organizations, strengthening network security through correlated alerts, automated triage, and extended hunt support. About IronNet, Inc. Founded in 2014 by GEN (Ret.) Keith Alexander, IronNet, Inc. (NYSE: IRNT) is a global cybersecurity leader that is transforming how organizations secure their networks by delivering the first-ever Collective Defense platform operating at scale. Employing a number of former NSA cybersecurity operators with offensive and defensive cyber experience, IronNet integrates deep tradecraft knowledge into its industry-leading products to solve the most challenging cyber problems facing the world today.

Read More

Spotlight

Printers are an integral and ubiquitous part of the workplace. Despite this fact, many companies ignore the security risks associated with printers and other peripheral devices: Only 56% of IT managers realise they are vulnerable to cybercrime. How should you safeguard your confidential and sensitive data accessed at these endpoints? Are there printer security best practices? Can you control access to company printers? In this exclusive report, you will examine the risks dredged up by insecure printers and other peripheral devices in your business, as well as discover several best-in-class action strategies and practices for addressing end-point device and hardcopy document security.

Resources