PRESS RELEASE

San Jose, CA - October 1, 2024 — Stellar Cyber, the world’s most open AI-driven security operations platform powered by Open XDR technology, announced that it secured National “Don’t Click It” Day on October 16, 2024, coinciding with National Cybersecurity Awareness Month. This initiative aims to educate and raise awareness for people of all ages on the dangers of hackers and cyber threats. “Don’t Click It, Pitch It,” the program that has inspired their National Day, helps to teach people what to do when they receive a suspicious email or text message and how to ensure that their sensitive information is not compromised in a scam.  
“In the end, it is not about how much technology we can throw at cybercrime; a very big part of the issue is changing human habits, and we want to start with our youth,” said Steve Garrison, Senior Vice President of Marketing at Stellar Cyber and Founder of Don’t Click It, Pitch It. “Most cyber attacks happen because someone somewhere opened an email or clicked on a link they should not have.  Don’t Click It hones in on this habit and teaches children of all ages that if they do not know where something is from, throw it away. Curiosity killed the cat, but in this case, we hope to put a halt to curiosity and stop cybercrime from happening.”

Millions of phishing emails and fake alerts are sent out every day by hackers and criminals trying to gain access to bank accounts, financial records, and all other types of data. These methods can be extremely convincing to kids and young adults who have not been educated on the inherent risks of cyber attacks. Stellar Cyber has partnered with Minor League Baseball organizations, including the Ogden Raptors (Ogden, UT), the Oakland Ballers (Oakland, CA), and the Lake County Corn Dogs (Crown Point, IN), to help educate kids and teens about how to stay safe online.  

Through “Don’t Click It, Pitch It,” Stellar Cyber has also brought its curriculum to thousands of  students in Massachusetts and California, equipping these young people with the knowledge needed to identify and respond to phishing emails that contain bad links and attachments.  If we can change human habits, we can help end cybercrime.

Stellar Cyber encourages people to celebrate National “Don’t Click It” Day by posting examples of scam texts and emails that they have received to help spread awareness of the various methods that hackers and criminals employ to attempt to access our data and infiltrate our lives. The more we expose the common tactics that these hackers use and educate the public on the ways to identify a potential threat, the safer our online community will be and the more secure our sensitive information will become. 

What are our partners saying about Don’t Click It:

Judy Security CEO Raffaele Mautone said, “When we heard about the “Don’t Click it, Pitch It” campaign, we were all in.  Stellar Cyber is doing a great thing to help educate our children about being careful not to click on something from someone they do not know.”  
Blackswan Cybersecurity’s CEO Mike Saylor, Ph.D. said, ”Stellar Cyber understands the need to educate people of any age about being safe online, but starting with our children is brilliant.  Blackswan stands behind “Don’t Click It” and is thrilled to see the nonprofit have a national day to bring even  more awareness to the cause.”

CyFlare CEO Joe Morin said, “Business email compromise and phishing are the second largest attack vectors crippling organizations and dramatically impacting individuals, yet 100% of these attacks can be prevented if users are educated not to click. Teaching children cybersecurity awareness takes only a small amount of time but creates a lasting, impactful defense for the future.”

About Stellar Cyber

Stellar Cyber’s Automation-driven Security Operations Platform, including NG-SIEM and NDR and powered by Open XDR, delivers comprehensive, unified cybersecurity without complexity. It empowers lean security teams of any skill level to successfully secure their environments. As part of this unified platform, Stellar Cyber’s Multi-Layer AI™ enables enterprises, MSSPs, and MSPs to reduce risk with early and precise threat identification and remediation while slashing costs, retaining investments in existing tools, and improving analyst productivity. This results in a 20X improvement in MTTD and an 8X improvement in MTTR. The company is based in Silicon Valley. For more information, visit https://stellarcyber.ai  

About Don’t Click It, Pitch It!

Don’t Click It, Pitch It! aims to educate young adults and teens on cybersecurity, focusing on identifying and preventing cyberattacks like phishing and identity theft. By 2030, it seeks to teach over five million young people how to protect their personal information. The organization emphasizes safety, privacy, and confidence in digital interactions through educational programs and activities run by volunteers, with proceeds supporting its mission. For more information, visit Don’t Click It, Pitch It

Stellar Cyber Secures National 'Don't Click It' Day

PRESS RELEASE

DOWNERS GROVE, Ill., Sept. 24, 2024 – Cybersecurity is the top technology priority for the vast majority of organizations, but moving from aspiration to reality requires a top-to-bottom commitment that many companies have yet to make, according to new research released today by CompTIA, the nonprofit association for the technology industry and workforce.

CompTIA’s “State of Cybersecurity 2025” report reveals that cybersecurity is a primary or secondary priority for 98% of organizations. Yet only 25% of survey respondents feel that the overall direction of cybersecurity is improving dramatically, and only 22% characterize their organization’s cybersecurity efforts as completely satisfactory. Nearly 1,200 business and IT professionals across seven global regions were surveyed.

“Something is missing, either in the approach organizations are taking or in their expectations around what ideal cybersecurity would look like,” said Seth Robinson, vice president, industry research, CompTIA.

Cybersecurity’s unique status as a business imperative at all organizational levels – staff, management, executives and governing bodies – may be the reason of the disconnect.

“Gone are the days when achieving cybersecurity improvement was a simple matter of purchasing updated technology,” Robinson explained. “Businesses must have ongoing discussions around their cybersecurity technology stack, processes that ensure protection of assets and an organizational structure that provides cutting-edge expertise.”

Cybersecurity expertise needed

The report identifies a growing need to build multiple layers of cybersecurity expertise. Among North American companies, 53% are considering new hiring as an option. An even greater percentage (56%) plan to pursue training for their current cybersecurity workforce, and 42% plan to offer cybersecurity certifications as a way of establishing core concepts within the team and extending skillsets into emerging focus areas.

Hiring and training require a financial commitment, though, and that remains a challenge for some. While a significant majority of respondents state that cybersecurity is a high priority at their firm, only 49% feel that it is relatively easy to procure funds for cybersecurity activities or that budgets are increasing.

“Developing skills is the most significant action companies may take in improving efficiency, but there are other options as well,” Robinson noted. “Increasing visibility and awareness among senior executives, establishing organizational imperatives and metrics and building policies that drive employee behavior will create a culture of cybersecurity.”

AI and cybersecurity

Artificial intelligence (AI) has the potential to accelerate, automate and complicate cybersecurity efforts. North American companies are evenly split between an emphasis on using AI internally to improve their defense and on learning about new forms of AI-enabled attacks. Current AI-enabled use cases include monitoring network traffic, generating defense tests and predicting future breaches.

CompTIA’s “State of Cybersecurity 2025” report is available at https://www.comptia.org/content/research/cybersecurity-trends-research.

About CompTIA 

The Computing Technology Industry Association (CompTIA) is the world’s leading information technology (IT) certification and training body. CompTIA is a mission-driven organization committed to unlocking the potential of every student, career changer or professional seeking to begin or advance in a technology career. Millions of current and aspiring technology workers around the world rely on CompTIA for the training, education and professional certifications that give them the confidence and skills to work in tech. https://www.comptia.org/

Cybersecurity Success Hinges on Full Organizational Support, New CompTIA Report Asserts

PRESS RELEASE

ATLANTA, Sept. 24, 2024 /PRNewswire/ -- OneTrust, the market-defining platform helping organizations use data and AI responsibly, today announced new capabilities to help organizations enhance resilience across the financial sector and operationalize compliance with the EU's Digital Operational Resilience Act (DORA). Building upon its comprehensive OneTrust Third-Party Management solution, OneTrust will now offer first-to-market capabilities such as automated DORA "register of information" report creation and out-of-the-box depth of screening and compliance data.

"An organization's supply chain can be one of its biggest assets for efficiency and innovation, as well as its most significant obstacle to cyber resiliency. Amid growing global mandates for cyber resiliency like DORA, teams need a deep understanding of their extended enterprise and tools for managing risk at scale. By expanding on our robust Third-Party Management capabilities with game-changing, new capabilities, teams can gain much-needed visibility, automate risk and compliance management, and strengthen resilience," said Shiven Patel, Director of Third-Party Management at OneTrust.

With OneTrust, teams can gain much-needed visibility, automate risk and compliance management, and strengthen resilience

Introducing new capabilities to enhance resilience and operationalize DORA compliance

To further help organizations efficiently manage information and communication technology (ICT) and digital supply chain resilience and operationalize DORA compliance, OneTrust is delivering several new, standout capabilities:  

*   4th- and nth-party risk management: Now, teams can automatically identify, link, and assess fourth and even nth parties to efficiently monitor concentration risk and demonstrate proportionality. 
    
*   Two-click register of information reporting: Quickly generate a complete "register of information" in relation to all contractual arrangements on the use of ICT services provided by ICT Third-Party Service Providers (ICT TPPs) and ICT service supply chains.
    
*   Enhanced risk and compliance data feeds: Meet due diligence requirements and screen ICT service providers against out-of-the-box risk and compliance datasets from Dow Jones Risk & Compliance, HackNotice, ISS-Corporate, RapidRatings, RiskRecon, Security Scorecard, and Supply Wisdom.
    

How Third-Party Management already helps organizations comply with DORA

Today, Third-Party Management empowers organizations to centralize the end-to-end risk management lifecycle. For ICT and supply chain risks and more, the solution allows teams to implement a data-centric and risk-based approach to identifying and mitigating risk, while continuously monitoring for changes to risk posture. Thanks to OneTrust's cross-domain insights, organizations can align internal teams and guide risk-aware decision-making to create a more resilient, secure, and scalable third-party ecosystem. Ahead of DORA taking effect in January 2025, Third-Party Management helps organizations meet the Act's third-party ICT requirements pertaining to:

*   Pre-Contract ICT Assessment
    
*   Inventory, Link, and Report on the ICT supply chain 
    

Third-Party Management also integrates seamlessly with different solutions across the OneTrust Platform, including the newly introduced Compliance Automation. Compliance Automation and Third-Party Management work together to operationalize an actionable breakdown of the DORA regulatory requirements into measurable capabilities and build a fully compliant ICT risk management program.

Additional resources

*   Stop by booth 412 at the Gartner Security & Risk Management Summit, September 23-25 in London to learn more
    

About OneTrust

OneTrust unlocks the full potential of data and AI, responsibly. Our platform enforces the secure handling of company data, empowering organizations to drive innovation responsibly while mitigating risks. With a comprehensive suite of solutions spanning data and AI security, privacy, governance, risk, ethics, and compliance, OneTrust enables seamless collaboration between data teams and risk teams to enable rapid and trusted innovation. Recognized as the market leader in trust, OneTrust boasts over 300 patents and serves more than 14,000 customers globally, ranging from industry giants to small businesses. For more information, visit www.onetrust.com. 

© 2024 OneTrust LLC. All rights reserved. OneTrust and the OneTrust logo are trademarks or registered trademarks of OneTrust LLC in the United States and other jurisdictions. All other brand and product names are trademarks or registered trademarks of their respective holders.

OneTrust Automates DORA ICT Risk Management and Compliance

The vendor says there are no reports of the flaws being exploited in the wild nor any public exploit codes currently available.

Source: JHVEPhoto via Alamy Stock Photo

HPE Aruba Networking fixed three critical vulnerabilities found in its systems that could allow unauthenticated attackers remote code execution on compromised devices.

The vulnerabilities, tracked as CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507, lie in the command line interface (CLI) service of Aruba access points (APs) and can be exploited by sending packets to Aruba's AP management protocol UDP port to gain privileged access and execute arbitrary code.

The security bugs affect Aruba APs running Instant AOS-8 and AOS-10, according to the Hewlett Packard Enterprise subsidiary.

The impacted software includes AOS-10.6.x.x: 10.6.0.2 and below, AOS-10.4.x.x: 10.4.1.3 and below, Instant AOS-8.12.x.x: 8.12.0.1 and below, and Instant AOS-8.10.x.x: 8.10.0.13 and below.

While there are workarounds for devices running Instant AOS-8.x code and AOS-10, it's recommended that administrators install the latest updates HPE provided on its networking support portal to prevent attacks from malicious actors.

Other Aruba products such as Networking Mobility Conductors, Mobility Controllers, and SD-WAN Gateways have not been impacted.

There are no reports of the flaws being exploited in the wild and no public exploit codes currently available, according to the HPE Security Response Team.

**About the Author**

Security Upgrades Available for 3 HPE Aruba Networking Bugs

Companies in this industry vertical tend toward large financial transactions with partners, suppliers, and customers.

Source: devilmaya via Alamy Stock Photo

A small group of transportation and logistics companies in North America has been targeted in cunning business email compromise (BEC) attacks.

Since May, an unknown threat actor has weaponized at least 15 email accounts associated with its targeted companies. In a blog published on Sept. 24, Proofpoint researchers could not say how the threat actor first obtained access to these accounts. What is known is that the attacker is using the accounts to bury initial access malware inside of existing email chains, betting that recipients will have their guards down so deep into ongoing conversations with colleagues.

"Thread hijacking is obviously very effective," says Daniel Blackford, director of threat research for Proofpoint. "Once an account takeover has happened, this increased legitimacy makes it much harder for anyone but those who are the most vigilant" to spot it.

**Bespoke Phishing Attacks**

From May to July, the threat actor primarily hid payloads inside of Google Drive files leading to Internet shortcut (URL) files. When executed, the attack chain uses server message block (SMB) to retrieve an executable file from a remote share, which installs one of a number of different, known malware tools. Among them: Lumma, the most common infostealer in the world today; StealC; and the legitimate tool NetSupport.

In August, the attacker shifted to using the "ClickFix" technique for tricking victims into downloading its malware. With ClickFix, a malicious webpage presents the victim with a fake pop-up error message. Through a series of dialogue boxes, the victim is instructed to copy and paste a supposed fix for the issue into a PowerShell terminal or Windows Run. In fact, the so-called fix is a script, which downloads and runs an executable. In these recent phishing attempts, the executables for download included DanaBot and Arechclient2 (aka SectopRAT).

Why ClickFix works at all — despite asking for much more active engagement and technical monkeying from the victim — can seem confounding.

"The human psychology behind why really convoluted attack chains work continues to astonish me on a yearly basis," Blackford admits. He does, though, have a theory. "Something that I've heard is that it can be annoying to deal with IT, so if the 'solution' is right in front of you, and you don't have to communicate with a help desk and have people remote into your to your system to fix them, then maybe it's actually less trouble to just try to execute it yourself."

**Why Transport and Logistics Make Attractive Targets**

Various threat actors have disguised ClickFix behind fake Windows and Chrome updates. In this case, the attacker impersonated Samsara, AMB Logistics, and Astra TMS, platforms highly specialized for fleet and freight management, demonstrating the highly targeted nature of the campaign.

As Blackford notes, transport and logistics companies can make attractive targets for financially motivated cyberattacks. "They do business with lots of entities — suppliers for a lot of industrial manufacturers, for example," he says. "They're going to be corresponding with a lot of different companies. There's going to be a lot of moving parts — a lot of things in and out, constantly moving — so a lot of opportunities to find connected, future victims from just one company."

With fertile ground to sneak in amongst the many moving players and deals, he notes, "There are requests for quotes and invoices that are of a fairly large magnitude — that are, in terms of the finances involved, maybe an order of magnitude higher than in some other industries."

He adds that, while rare, "There also is some evidence recently of threat actors trying to redirect legitimate shipments to locations that are under their control."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Transport, Logistics Orgs Hit by Stealthy Phishing Gambit

PRESS RELEASE

NEW YORK, September 24, 2024 –Torq, the AI-first security hyperautomation leader, today announced the closing of its $70M Series C funding round, led by Evolution Equity Partners, with Bessemer Venture Partners, Notable Capital, Greenfield Partners, and Strait Capital participating. Combined with Torq’s expanded Series B in January, Torq has raised a total of $112m in 2024, bringing the company’s funding since its 2020 inception to $192M. It also has also established an aggressive 2026 ARR target of $100M. Torq will use the new round to increase expansion across EMEA and APAC, hire additional world class engineering, R&D, and sales talent, and double down on devoting more resources to deliver cutting-edge generative AI enhancements.

In addition, Torq announced that it more than tripled its revenue and customer growth for the second year in a row. Torq’s momentum reflects the elevating enterprise adoption of the recently-announced Torq HyperSOC, a purpose-built solution that harnesses the power of the AI-driven Torq Hyperautomation Platform to automate, manage, and monitor critical SOC responses at machine speed. It uses Natural Language Processing (NLP) to initiate and accelerate security event investigation, triage, and remediation at scale, deliver comprehensive case management capabilities with unprecedented ease, and automate complex processes. Torq HyperSOC saves analysts from alert fatigue and job burnout so they can focus on strategic security initiatives and innovation. 

**Rapid Global Enterprise Adoption**

Torq’s customer base includes major multinational enterprise customers, including Abnormal Security, Armis, Blackstone, Carvana, Check Point Security, Chipotle, Deepwatch, Lemonade, Lennar, Nubank, Rivian, SentinelOne, Telefonica, Wiz, and ZoomInfo, as well as Fortune 100 consumer packaged goods, fashion, financial, hospitality, and sports apparel companies.

“Our Series C round underlines the fact that Torq customers, partners, and employees have combined into one of the most powerful, influential, and fastest-growing ecosystems in all of cybersecurity,” said Ofer Smadari, CEO and co-founder, Torq. “We’ve rewritten the rules of the industry with Torq Hyperautomation and Torq HyperSOC, and our momentum reflects that shift. Torq has blown past all the frustrating, manual limitations of legacy SOAR that leave significant holes in the security perimeter. Torq plugs all those holes by delivering a new layer of AI-driven protection, all while making all of security operations more productive than ever.”

“Today, Torq HyperSOC investigates, triages, and remediates many of Check Point’s internal security alerts without any human intervention,” said Jonathan Fischbein CISO, Check Point. “If an alert meets certain parameters based on organizational security policies, the platform takes relevant predefined steps, such as initiating an MFA challenge or locking out a suspicious user. We can react automatically to problems before they become security incidents.”

“The incredible growth, customer traction, and industry momentum Torq Hyperautomation and Torq HyperSOC are experiencing showcases how Torq is dramatically transforming cybersecurity for the better,” said Richard Seewald, Founder and Managing Partner, Evolution Equity Partners. “Evolution is incredibly proud to back Torq as it continues to deliver such deep value for security operations teams worldwide. It’s now no longer a question of if, but when every enterprise will adopt AI-driven hyperautomation.”

Torq’s customer base also continues to rapidly grow due to the success of the Torq Partner Acceleration Program, which includes many of the world’s leading channel and security vendors. Torq tech alliance partners include Abnormal Security, Check Point, CrowdStrike, SentinelOne, Snyk, and Wiz. Its reseller and VAR ecosystem includes GuidePoint Security, Optiv, Stratascale, and Trace3.

“Torq is a rising star in cybersecurity,” said Oren Yunger, Managing Partner, Notable Capital. “Torq HyperSOC’s advanced AI capabilities are having a dramatic, positive impact on security operations teams worldwide by making them vastly more efficient and resilient than ever. Torq represents the next-generation of security operations and Notable Capital is certain the future is phenomenally bright for the company.”

**Key Analysts Unanimously Validate Torq Hyperautomation**

Analysts including Gartner, Forrester, IDC, and GigaOm all covered Torq Hyperautomation during 2024, with unanimous perspectives on the positive impact it’s making for customers.

“Every day, IDC is engaged with SOC professionals who communicate the existential challenges they’re facing, both in terms of keeping up with ever-escalating threat complexity and volume, and the incredible burden that places on the shoulders of their teams,” said Chris Kissel, Vice President, Security & Trust Products, IDC Research. “Torq is the first solution we’ve seen that effectively enables SOC professionals to mitigate issues including alert fatigue, false positives, staff burnout, and attrition. We are also impressed by how its AI augmentation capabilities empower these staff members to be much more proactive about fortifying the security perimeter.”

“Torq offers an extensive feature set, as reflected in its high scores across most of the key criteria, including case management, and collaboration, automated alert prioritization, triage and curation, autonomous operations, and validation and red teaming, and has acquired an impressive portfolio of customers,” said GigaOm in a 2024 Radar Report.

Learn more about Torq at Torq.io.

**About Torq**

Torq is transforming cybersecurity with its AI-first  enterprise-grade hyperautomation platform. By connecting the entire security infrastructure stack, Torq empowers organizations to instantly and precisely remediate security events, and orchestrate complex security processes at scale. Fortune 500 enterprises, including the world’s biggest financial, technology, consumer packaged goods, fashion, hospitality, and sports apparel companies are experiencing extraordinary outcomes with Torq.

Torq Announces $70M Series C Bringing Total 2024 Funding to $112M

PRESS RELEASE

JASPER, Ind., Sept. 23, 2024 /PRNewswire-PRWeb/ -- As National Cybersecurity Awareness Month approaches this October, PIER Group is drawing attention to the unique cybersecurity challenges faced by research-focused universities and institutions nationwide. With the rise of cloud computing and data sharing, safeguarding the sensitive research data, intellectual property, and high-value projects emerging from these academic hubs is more critical than ever. PIER Group, a leader in providing IT solutions and cybersecurity services to R1 and R2 universities, is at the forefront of helping these institutions navigate this complex cybersecurity landscape.

"R1 and R2 universities are some of the most targeted institutions by cybercriminals due to the immense value of the research they conduct and their large attack surface. Their networks handle hundreds of thousands of devices and connect to other universities all over the world," said Chad Williams, president of PIER Group. "At PIER Group, we see it as our responsibility to ensure that these institutions not only stay at the forefront of global research, but do so securely. We're building the infrastructures that allow them to innovate without fear of compromise."

During National Cybersecurity Awareness Month, universities have the opportunity to assess their cybersecurity strategies and adopt solutions that will protect their campuses, students, and research for years to come. Williams and his colleagues at PIER Group have identified five strategies that top universities should be implementing now or planning for:

1\. Adopt AI for Cybersecurity. For managing networks at the scale of major research universities, with thousands of devices connected to campus networks, AI is essential for detecting threats and responding quickly. AI-driven tools can analyze vast amounts of data to detect anomalies and provide automated threat responses.   
● What Universities Should Do: Adopt AI-enhanced cybersecurity tools that provide proactive monitoring and fast response to cyber threats.

2\. Implement Network Access Control (NAC) Systems. Modern access control solutions, often enhanced with AI, make it much easier for university staff to segment the university population so only authorized users can access sensitive information, applications and data.   
● What Universities Should Do: Implement sophisticated NAC systems that use AI for smarter, more effective user management.

3\. Combat Social Media Attacks. Cyber criminals are using social media apps like LinkedIn and Instagram to launch attacks on individuals, with an overarching goal of breaching a university network.   
● What Universities Should Do: Universities should always follow the 3-2-1-1 rule - three copies of data at two different locations, one offsite and one immutable. They should also educate campus communities on social media risks and employ cybersecurity solutions that monitor and mitigate these threats.

4\. Leave Legacy Equipment Behind. Most universities have older equipment, but even equipment that is just a few years old can leave universities vulnerable to cyberattacks. Transitioning networks and storage to the cloud is proving to be the most economical and flexible solution, adding greater security while allowing universities to quickly scale up or down.   
● What Universities Should Do: Focus on phasing out older equipment as soon as possible and migrate those computing needs to the cloud.

5\. Collaborate Securely with the Broader Research Ecosystem. Universities' openness for collaboration complicates security. Real-time partnerships with research centers and external partners demand secure data-sharing, supported by networks like The Quilt. Strong security measures are crucial to protect sensitive research and intellectual property. Secure collaboration fuels innovation in medicine and technology while safeguarding valuable data.   
● What Universities Should Do: Universities should ensure their networks are built to handle secure, high-speed collaboration with both internal and external research partners. PIER Group's support and partnership with R1 and R2 research organizations help facilitate university-wide collaboration, enabling discussions on the best procedures and solutions to secure student, institutional, and research data necessary for innovation.

As cyber threats become more sophisticated, universities must implement strategies to protect their students, staff, and the integrity of their research. By doing so, they contribute to a safer global research ecosystem. For more information on how R1 and R2 universities can achieve technology leadership, visit http://www.piergroup.com.

About PIER Group   
PIER Group is a leading IT and cybersecurity solutions provider with decades of experience specializing in research universities and large academic institutions. They excel in securing and optimizing campus and research networks, demonstrated by their work with top national R1 and R2 universities from coast to coast including Indiana University, University of South Carolina and the University of Maryland. PIER Group's expertise includes implementing robust security measures, such as Aruba ClearPass, to protect sensitive data and support national research networks like The Quilt. Their commitment helps universities navigate complex cybersecurity challenges and makes high-speed, high-stakes collaborations possible. For more information, visit piergroup.com.

5 Cyber Strategies Research Universities Can Adopt to Lead in Global Research

A researcher claims to have found a decade-old vulnerability rated 9.9 that affects all GNU/Linux systems, allowing attackers…

A researcher claims to have found a decade-old vulnerability rated 9.9 that affects all GNU/Linux systems, allowing attackers to gain control of vulnerable devices. The flaw is under investigation, with full disclosure expected next week.

Simone Margaritelli, a cybersecurity researcher and Linux developer has discovered a critical Linux vulnerability that could allow attackers to gain complete control of vulnerable systems. This Linux vulnerability affects GNU/Linux systems, specifically for Linux Remote code execution. If confirmed, it could be one of the worst vulnerabilities in history.

****A Decade-Old Flaw:****

The vulnerability, which has reportedly existed for over a decade, impacts all GNU/Linux systems. While specific details remain confidential, the severity score of 9.9 out of 10, confirmed by major Linux distributors like Canonical and Red Hat, indicates the immense potential for damage if exploited.

****The Controversy:** **

Despite the severity of the issue, no Common Vulnerabilities and Exposures (CVE) identifiers have been assigned yet, and developers are still debating whether certain aspects of the vulnerability pose a security risk. This disagreement has led to delays in addressing the issue and has caused frustration among security researchers.

Margaritelli has publicly expressed his disappointment with the handling of the disclosure. He claims to have provided proof-of-concept exploits, but developers have been more focused on debating the vulnerability’s impact rather than working towards a solution.

He has, therefore, decided not to go for responsible disclosure instead of full disclosure of the flaw. While his decision could accelerate the fix race but will also expose millions of Linux systems to malicious attacks if no swift countermeasures are taken.

For your information, Simone Margaritelli, aka evilsocket, is a renowned cybersecurity expert who has created numerous tools for professionals and researchers worldwide. One of his most notable contributions is Bettercap, an open-source tool designed for Man-in-the-Middle (MITM) hacking attacks and network penetration testing.

The vulnerability may affect known exposed services like OpenSSH and possibly filtering services like Net Filter, although there is no indication of which service may be affected, and these are just hypotheses.

As per the latest updates, the flaw will be initially disclosed to the Openwall security mailing list on September 30th, followed by full public disclosure on October 6th. Linux users are advised to stay informed about official updates and patch systems as soon as patches are available.

> \* Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago.  
> \* Full disclosure happening in less than 2 weeks (as agreed with devs).  
> \* Still no CVE assigned (there should be at least 3, possibly 4, ideally 6).  
> \* Still no working fix.  
> \* Canonical, RedHat and… pic.twitter.com/N2d1rm2VeR
> 
> — Simone Margaritelli (@evilsocket) September 23, 2024

Brian Fox, CTO of software security platform, Sonatype, and governing board member of the Open Source Security Foundation, has found similarities between this vulnerability and the **Log4j/Log4Shell** vulnerability (CVE-2021-44228). Fox is working closely with Sonatype’s research team and the open-source security community to understand the gravity of the issue and possible mitigation methods.

“While we don’t have the technical details yet, a vulnerability with a 9.9 CVSS indicates a low complexity to exploit and signs are pointing to the flaw existing at the core of the system. Considering this is Linux, the scope of this vulnerability is massive and successful exploitation could be devastating — everything from your wifi router to the grid keeping the lights on runs on Linux,” Brain explained.

He further added “This combination of low complexity and high usage is reminiscent of Log4Shell, though the scale of usage here is much more significant. I understand the logic in phasing out disclosure, as this vulnerability will take time to find and fix, however, we should also expect threat actors to be scrutinizing the commit history and looking for clues to exploit.”

“As we wait for more details to come out, enterprise security teams must scour their environments and SBOMs to understand where they might be vulnerable and be prepared to patch. Cancel your vacations because, on October 6, it could be a race against attackers,” Brian emphasised.

1.  **Telegram-Controlled TgRat Trojan Targets Linux Servers**
2.  **Critical Flaws Found in GNU C Library, Major Linux Distros at Risk**
3.  **Goldoon Botnet Hits D-Link Devices by Exploiting 9-Year-Old Flaw**
4.  **9-year-old Windows flaw dropped ZLoader malware in 111 countries**
5.  **7-Year-Old 0-Day in Microsoft Office Exploited to Drop Cobalt Strike**

Old Vulnerability Rated 9.9 Impacts All GNU/Linux Systems, Researcher Claims

The AI Incident Reporting and Security Enhancement Act would allow NIST to create a process for reporting and tracking vulnerabilities found in AI systems.

Source: zemkooo via Alamy Stock Photo

A House committee advanced a bill that would allow the National Institute of Standards and Technology (NIST) to create a formal process for reporting security vulnerabilities in artificial intelligence (AI) systems. As is the case for many security projects, funding concerns could stymie the initiative.

The AI Incident Reporting and Security Enhancement Act was approved by voice vote by the House Science, Space and Technology committee on Wednesday. The bill was introduced by a bipartisan trio of representatives from North Carolina, California, and Virginia. If approved by the full Congress and signed into law, it would give NIST the mandate to incorporate AI systems in the National Vulnerability Database (NVD).

NVD is the federal government's centralized repository for tracking security vulnerabilities in software and hardware. In its current form, the bill would add to the workload of the already-beleaguered NIST teams managing the NVD. NIST earlier this year paused updating data on reported vulnerabilities, in a move program manager Tanya Brewer said was the result of budget cuts, flat staff growth, and an increase in database-related email traffic.

The bill specifies that the increased workload for NIST would be "subject to the availability of funding," but Rep. Deborah Ross (D-NC), a sponsor of the bill, said that they were aware of "significant funding and scaling challenges" NIST already experienced maintaining the database.

"My colleagues and I on this committee are actively exploring solutions to help NIST address this problem and get the money," she said.

Even though the bill was approved in committee, some committee members expressed concern about some of the language used in the bill. There were concerns that terms such as "substantial artificial intelligence security incident" and "intelligence incident" would need to be clarified to make it more likely that the bill would pass. This kind of specificity is also a bigger concern in Congress in the wake of the Supreme Court overturning the Chevron doctrine.

The bill would also require NIST to consult with other federal agencies, like the Cybersecurity and Infrastructure Security Agency, private-sector organizations, standards organizations, and civil society groups, to develop a common lexicon for reporting AI cybersecurity incidents.

**About the Author**

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master's degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.

Congress Advances Bill to Add AI to National Vulnerability Database

British Transport Police and Network Rail are investigating the incident, in which bad actors posted Islamophobic messages on the transport system's network.

Source: mark phillips via Alamy Stock Photo

A cybersecurity incident is being investigated after Islamophobic messages were displayed to users through a compromised Wi-Fi landing page.

Network Rail, the non-departmental public body, is probing the incident, which affected 20 stations, all managed by the same body; 10 of the stations are in London, the rest are distributed across key commuter stations in Reading, Leeds, Glasglow Central, and others.

"We received reports at around 1703 yesterday \[Sept. 25\] of a cyberattack displaying Islamophobic messaging on some Network Rail Wi-Fi services," said the British Transport Police (BTP), which is also involved in the case. 

Telent, the communications company that operates Network Rail's Wi-Fi, reported that it is aware of the incident and is also involved in the investigation to identify the root cause.

"Nation states and criminals are increasingly targeting key third-party suppliers to cause widespread disruption to multiple industries at once, and the attack on the rail service is just the latest example of this," said Dan Schiappa, chief product and services officer at Arctic Wolf, in an emailed statement to Dark Reading. "It is vital every company, regardless of whether it is critical infrastructure or not, ensures the suppliers it works with have strong cybersecurity otherwise they are leaving a huge hole in their defenses."

And while it may be too soon to point fingers at any party involved, as the investigation continues, Network Rail has suspended Wi-Fi services for the time being.

**About the Author**

Latest News