Unpatched Windows Zero-Day flaws exploited, Microsoft says

SC Magazine | March 23, 2020

Attackers are exploiting unpatched Windows zero day flaws, Microsoft said in a Monday security advisory. The company said “limited targeted attacks” could leverage two unpatched remote code executive (RCE) vulnerabilities in Windows “when the Windows Adobe Type Manager Library improperly handles a specially crafted multi-master font – Adobe Type 1 PostScript format.” Among the ways a hacker could exploit the flaws is convincing users to open “a specially crafted document or viewing it in the Windows Preview pane.” The company said it’s working on a fix but in the meantime users should use recommended mitigation and workarounds to reduce the risk, including disabling the Preview Pane and Details Pane in Windows Explorer, disabling the WebClient service and renaming ATMFD.DLL.

Spotlight

The most promising weapon in the endpoint security arsenal is machine learning with its ability to quickly learn, make instant decisions, and enable rapid response to prevent threats rather than dealing with them during execution or after the fact. One of the main advantages of machine learning is that it can capture minor devia


Other News
DATA SECURITY

Dataprise Expands its DRaaS and Data Protection Offerings with Acquisition of Industry Leader Global Data Vault

Dataprise | January 18, 2022

Dataprise, a leading strategic IT managed service provider, today announced the acquisition of Global Data Vault, a leader in Disaster-Recovery-as-a-Service (DRaaS), Backup-as-a-Service (BaaS) and modern data protection solutions. The addition of Global Data Vault creates one of the industry's broadest portfolios of integrated data protection and cybersecurity offerings to solve client's toughest business resilience, risk mitigation and compliance challenges. "Clients turn to Dataprise to be their one strategic IT partner, which requires we bring the broadest portfolio of services powered by the best technology and deepest expertise. Today, the mandate for a holistic cybersecurity and data protection strategy is a top priority for our clients, Global Data Vault is a powerful addition as they bring industry leading cloud-based data protection solutions that bolster our premier cybersecurity portfolio, top-notch employees, a strong Veeam partnership, and relentless focus on client success." Steve Lewis, CEO of Dataprise Founded in 2004, Global Data Vault is a recognized leader in the BaaS and DRaaS industry and holds the distinction of being a Platinum Veeam Cloud & Service Provider. Global Data Vault's mission is to protect organizations' critical data with modern data protection strategies to ensure business continuity and eliminate downtime. Headquartered in Dallas, TX, Global Data Vault protects hundreds of clients across the United States, Canada, and the United Kingdom. "Our clients are facing new challenges driven by dramatic changes in the cybersecurity threat landscape and evolution of IT strategies including cloud adoption," said Anthony Galley, Chairman of Global Data Vault. "Dataprise has an enviable portfolio of cybersecurity, managed IT services, and cloud services that enhance the value of our modern data protection and DRaaS offerings. Together with Dataprise we are perfectly positioned to provide our clients even greater value." "We're excited for the opportunity that joining Dataprise presents for our clients, employees and partners. We now have a much broader set of services, capabilities and resources all aimed at protecting client data and ensuring business continuity," said Will Baccich, CEO of Global Data Vault. This marks Dataprise's second acquisition as the company executes on its strategy to build the broadest managed services portfolio and give clients one strategic IT partner to solve it all. The recent acquisition of Wireless Watchdogs added a comprehensive Mobility Managed Services (MMS) and Mobile Device Management (MDM) portfolio aimed at solving mobile device, Internet of Things (IoT) and endpoint management challenges. About Dataprise Founded in 1995, Dataprise believes that technology should enable our clients to be the absolute best at what they do. This commitment to client success is why Dataprise is recognized as the premier strategic managed service and security partner to strategic CIOs and IT leaders across the United States. Dataprise delivers best-in-class managed cybersecurity, disaster recovery as a service (DRaaS), managed infrastructure and managed end-user services that transform business, enhance user experiences, and eliminate risks.

Read More

SOFTWARE SECURITY

Criminal IP New Cybersecurity Search Engine launches first beta test

AI Spera | April 12, 2022

AI Spera announced Criminal IP, a new cybersecurity platform, today. Criminal IP is a total Cyber Threat Intelligence (CTI) search engine intended to identify potential vulnerabilities that threatening companies or individuals' IT assets. It also offers a new way to manage them comprehensively by allowing users to find results for malicious IP address, malicious domains, phishing sites, forged certificates, all IT assets, and other security related information immediately. The company has been recruiting beta service testers and plans to operate beta service for three months from April 28. Testers pre-registering for beta service will be given a three-month free license and if testers participate in the service survey, they can receive an additional one-month free license as a reward. Criminal IP visualizes all IT assets connected to the Internet based on IP addresses held by companies and individuals. This allows users to see the details of their assets at a glance, from DB servers, files servers, middleware servers, administrator servers as well malicious sites, and easily spot the assets exposed to the attack surface. The solution also provides all possible information about domains in real time, including network logs, used programming technologies and security-related information, without having to directly access websites. Analyzing this information with AI/Machine learning technology, it shows an overall score of the domain and DGA (Domain Generation Algorithm) score in five stages (Critical, Dangerous, Moderate, Low, Safe) allowing users to determine and respond to threats. Users can prevent security problems in advance by searching for vulnerabilities in IT assets and identifying cyber attackers' attack points for attack surface management purposes through Criminal IP data. In addition, everything that has happened to a particular IP address can be recorded like a criminal record to track malicious behavior of an IP address. "Above all, this platform is the ultimate comprehensive solution that maximizes user's convenience by providing all CTI information distributed by different solutions in one place. In hopes that Criminal IP can be used in a variety of areas to defend against evolving cyber threats, including education and research, corporate security teams, white hackers, state agencies, and cybercrime investigations, we decided to operate free beta services to receive feedback on product improvement." Byungtak Kang, CEO at AI Spera Features and benefits of Criminal IP include: providing a wide range of cyber threat information, including malicious IPs, C&C domains, various domain information, threat intelligence images and CVEs, which map IP& Domain scoring algorithms and various threat information based on big data on 4.2 billion IP addresses and billions of domain addresses worldwide analyzing all possible details about domains including screenshots, domain category, whois information, used technologies, connected IP addresses, page redirections, certificates, network logs, cookies as well as interesting security-oriented features like possible malicious contents and replicated phishing domains with overall score of the domain and DGA (Domain Generation Algorithm) score searching and updating global IP addresses and domains in 24/7 to extract applications and services in use, and provide information on security vulnerabilities of IT assets to enable real-time automatic attack surface management offering straightforward search result based on a wide range of specific search filters so that users can conveniently access the right information they need About AI Spera AI Spera is a fast-growing company in the field of cyber threat intelligence. Based on AI and Machine Learning technology, the company focuses on detection of anomalies and data-oriented security solutions. The company supports as many corporates, security developers and researchers as possible to view the attack surface through the eyes of an attacker and provide various AI-based intelligence security solutions across industries including online games, financial, security and national institutions.

Read More

DATA SECURITY

Symphony Technology Group Announces the Launch of Skyhigh Security

Skyhigh Security | March 22, 2022

Symphony Technology Group (“STG”), a leading Menlo Park-based private equity firm focused on the software, data, and analytics sectors, today announced the launch of Skyhigh Security. The new portfolio company was created to satisfy the growing cloud security requirements for large and small organizations. Skyhigh Security’s unique approach extends security beyond data access to securing how the data is used. Its data-aware Security Service Edge (SSE) is built to meet the needs of the modern workforce with security that follows the data and users wherever they are. Earlier this year, STG announced it would be splitting McAfee Enterprise into two organizations—Trellix and Skyhigh Security—to better focus on the very distinct markets of Extended Detection and Response (XDR) and the SSE. At that time STG also announced that Gee Rittenhouse, who previously led Cisco’s cyber security business, would serve as CEO of the SSE business, bringing deep cloud security expertise. “Skyhigh Security has emerged as a dedicated cloud security company that is laser-focused on propelling businesses forward with a comprehensive and converged approach to data security. We’re committed to investing in this business, which is in one of the most important markets in security, SSE.” William Chisholm, managing partner, STG “With the majority of data in the cloud and users accessing it from everywhere, a new approach to security is needed,” said Rittenhouse. “Skyhigh Security has created a comprehensive security platform to secure both data access and data use via unified policies and data awareness. Organizations can now have complete visibility and control and seamlessly monitor and mitigate security risks—achieving lower associated costs, driving greater efficiencies and keeping pace with the speed of innovation.” “Organizations are at a crossroads navigating the hybrid workforce,” said Frank Dickson, vice president, IDC. “While the ‘work from anywhere’ model creates flexibility and agility, it can also be a point of security vulnerability, challenging perimeters and endpoints and opening new attack surfaces in the cloud. These organizations need a best-in-class cloud-native solution that simplifies the implementation of cloud security to protect data regardless of where it lies.” “Protecting the way data is used is as important as the way data is accessed—we must implement a powerful data-centric defense to meet the demands of how work is conducted today,” said Dan Meacham, chief information security officer, Legendary Entertainment. “Skyhigh Security’s platform approach is completely integrated and simple to use. With over 10 years focus on cloud security, they are a pioneer in the SSE space. Skyhigh Security’s innovations have been validated both by analysts and customers alike. It is truly one of the most solid and unique SSE solutions in the market today.” The Skyhigh Security SSE Portfolio includes Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA), Cloud Data Loss Prevention (DLP), Remote Browser Isolation technology, Cloud Firewall and Cloud Native Application Protection Platform (CNAPP). The company was most recently named a Leader in the 2022 Gartner® Magic Quadrant™ for Security Service Edge and recognized in the 2022 Critical Capabilities for SSE for its MVISION Unified Cloud Edge (UCE) solution. About Skyhigh Security: Skyhigh Security protects organizations with cloud-native security solutions that are both data-aware and simple to use. Its market-leading Security Service Edge (SSE) Portfolio goes beyond data access and focuses on data use, allowing organizations to collaborate from any device and from anywhere without sacrificing security.

Read More

DATA SECURITY

Armis Selects Radware to Deliver Cloud Security for AWS

Radware | December 30, 2021

Radware a leading provider of cyber security and application delivery solutions, today announced that Armis, a leading unified asset visibility and security platform provider, chose Radware’s Cloud Native Protector to safeguard its Amazon Web Services (AWS) environment. This born-in-the-cloud business adopted Radware’s solution to fortify its cloud security posture and identify potential vulnerabilities before they evolved into threats. Armis’ security platform enables companies to safely use and control IoT and other unmanaged devices without fear of compromise by cyberattacks. Armis was looking for a solution that would give its DevOps team full visibility and control of its public cloud environment. The company turned to Radware to make it easier for its team to remotely track assets, supervise access to sensitive resources, and detect suspicious activity. “The Radware team understands that we are a dynamic company with requirements that are constantly changing,” said Roi Amitay, head of DevInfra at Armis. “Radware’s Cloud Native Protector plays an essential role in securing our cloud environment. It helps us see our full cloud picture and focus on what matters most. Radware provides trusted products and support, making this the best solution for our company.” Radware’s solution enhances the visibility and control Armis has over its public cloud environment. It automates manual analysis and notifies Armis about any publicly exposed assets and potential cyberattacks to help the company prioritize its work. “Cloud-native companies like Armis have unique and constantly shifting security requirements that need specialized solutions,Our Cloud Native Protector not only secures Armis’ cloud workloads but also is continually assessing risks and improving visibility and governance of their cloud.” Gilad Barzilay, director of public cloud sales at Radware Radware’s Cloud Native Protector is an agentless solution that provides centralized visibility and reporting for workloads and accounts on AWS and Microsoft Azure. Its intuitive 360-degree centralized dashboard shows alerts across accounts and clouds with risk-prioritized alerting so that security teams know which alert to focus on first. Using a multi-layered approach that covers a wide security posture of the cloud and threats to individual workloads, the solution also identifies and prevents public exposure of public facing assets, cloud security misconfigurations, excessive permissions, and malicious activity in the cloud. About Radware Radware is a global leader of cyber security and application delivery solutions for physical, cloud, and software defined data centers. Its award-winning solutions portfolio secures the digital experience by providing infrastructure, application, and corporate IT protection, and availability services to enterprises globally. Radware’s solutions empower enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity, and achieve maximum productivity while keeping costs down. For more information, please visit the Radware website.

Read More

Spotlight

The most promising weapon in the endpoint security arsenal is machine learning with its ability to quickly learn, make instant decisions, and enable rapid response to prevent threats rather than dealing with them during execution or after the fact. One of the main advantages of machine learning is that it can capture minor devia

Resources