Application security teams from Fortune 500 companies are already using Noma's life cycle platform, which offers organizations data and AI supply chain security, AI security posture management, and AI threat detection and response.

Source: BillionPhotos.com via Adobe Stock Photo

The rapid adoption of artificial intelligence (AI) and machine learning (ML) tools in enterprises has put the pressure on security teams to secure the data and AI life cycle. Organizations can be compromised via misconfigured data pipelines, insecure MLOps tools, and vulnerable and malicious open source models.

Noma emerged from stealth today with a platform to help organizations manage the risks around AI applications. The platform offers organizations with end-to-end AI discovery, security, protection, and compliance. Noma deploys across any cloud-based, software-as-a-service, or self-hosted environment, and does not require agents or code changes, the company said.

Noma protects against supply chain risks, such as vulnerable data pipelines, unscanned code in data science environments, misconfigured MLOps tools, and sensitive data used for model training. The platform also protects organizations vulnerable and malicious models, runtime prompt injection, and other threats.

The Noma platform is already in use by paying customers, including Fortune 500 companies.

As part of the launch, Noma announced $32 million in series A funding from Ballistic Ventures and "dozens of strategic angel investors." The company had a previously undisclosed seed round less than a year ago. Noma's co-founders, Niv Braun and Alon Tron, have experience leading security and data science teams, the company said.

Noma Launches With Plans to Secure Data, AI Life Cycle

Knee-jerk reactions to major vendor outages could do more harm than good.

Source: SOPA Images Limited

COMMENTARY

The now-infamous July CrowdStrike outage sparked global chaos and countless conversations about vendor security. Despite the industry noise and myriad headlines about the outage — and its potential cost of more than $5 billion to Fortune 500 companies alone — there is a bigger picture we must consider. And that is how, as an industry, we understand the risks involved and respond to major outages and other cybersecurity crises. 

While the CrowdStrike outage was a freak accident, it's likely not the last time we'll witness this kind of meltdown from a major technology provider. As our digital ecosystems become further interconnected and enterprises increasingly put their trust in singular vendors, business leaders will have to grapple with the inevitability of similar events, whether from a simple outage or a malicious hack. In every case along that spectrum, however, these leaders must avoid knee-jerk reactions that could ultimately do more harm than good. Blindly switching to a new vendor or making drastic changes to IT and security processes could introduce security holes that exacerbate vulnerabilities in an organization's overall security posture, rather than improving it.  

Instead of immediately jumping ship, here are the three things companies should do in the wake of a CrowdStrike-like event to ensure business continuity and high operational standards.  

**1\. Assess Vendors' Overall Reliability and Risk**

Switching vendors after an incident isn't as simple — or as beneficial — as it may seem. Before switching, businesses must evaluate both the existing and potential vendor, and assess each vendor's overall reliability and risk. For instance, Resilience customer data shows that despite the July incident, CrowdStrike Falcon is highly effective. It has the lowest percentage of material claims of endpoint detection and response (EDR) vendors in Resilience's portfolio, with fewer than 3% of clients with Falcon experiencing a cyber-insurance claim with losses. Of course, no company can — or should — claim the ability to avoid 100% of incidents, but in these kinds of deliberations, it's critical to put a vendor's long-term track record into perspective. On the flip side, however, if a vendor shows a consistent history of outages or vulnerabilities (as has VPN provider Ivanti, of late), poor performance or communication, and long delays in remediation, an incident could be the helpful forcing factor in considering the benefits of trying something new.  

It's also important to note the costs of switching vendors that go beyond sticker price, such as implementation time, staff training costs, and adjusting workflows to incorporate the new system and meet business needs. These third-party risk considerations must be considered, with leadership weighing the business interruption costs of an outage with the existing vendor against the total costs that come with making a switch.  

**2\. Avoid Radical Changes to the Update Process**

This particular outage raised the issue of update cadence and testing frequency, with many arguing that the affected organizations should have taken a more cautious, thorough approach to testing the update before rolling it out. But delaying updates is a calculated risk, and not necessarily one that most companies should be taking. Antivirus and EDR signatures are designed to counter quick-breaking, emerging threats toward existing systems, so while you can decide to wait to allow the days or weeks it may take to fully test the update, you may be leaving your systems vulnerable to new exploits in the process. Threat actors only grow faster and more sophisticated in their approaches, so quick security updates are more crucial than ever. The risk of taking additional precautions in testing may not be worth it for every company, especially since most updates happen seamlessly. After all, part of the reason CrowdStrike made headlines was because the outage was so out of the ordinary. 

In a perfect world, where bad actors weren't a consistent threat and update processes took no extra time, following the typical best practice of testing each and every update that comes from each and every vendor might be feasible. But in the real world, changes to the update process are likely to slow down your defenses. Ultimately, there is no one-size-fits-all answer, and the best approach will depend on the specific organization and its risk tolerance.  

**3\. Don't Panic**

It's tempting to liken incidents like CrowdStrike to natural disasters (such as catastrophic hurricanes), but that oversimplification distracts from the heart of the issue. While many insurers use this analogy to describe cyber events, it's neither accurate nor useful, as it becomes an apples-to-oranges comparison that frames cyber incidents or outages as one-sided and world-ending. But the reality is far different. There's no tangible way for individuals to prevent or mitigate the intensity of category hurricanes or tornadoes, but there are certainly simple, actionable steps we can take to mitigate the financial impact of an outage or counteract the negative effects of a potential attack. This includes implementing proper cyber hygiene, transferring financial risk through cyber insurance, and having a detailed cybersecurity action plan in the event of an attack or outage. It's not only feasible but essential that companies take these steps to remain operable and functioning in the midst of an incident.  

In short, decision-makers across the board can't allow themselves to make reactive or fear-based decisions on their security posture directly following a cyber incident. These knee-jerk reactions could lead to greater complications and introduce a host of new vulnerabilities just waiting to be exploited. Instead, leaders must focus on understanding the root cause of the incident, learning from it, and making risk-driven decisions that mitigate the greatest financial loss and improve their organization's overall cyber resilience. This includes taking a proactive approach and incorporating third-party risk management into business continuity planning. That way, you'll be able to avoid catastrophic interruptions to your day-to-day business and maintain continuity and resilience in the face of a cyber incident. 

**About the Author**

CEO & Co-Founder, Resilience

Vishaal Hariprasad, best known as "V8," co-founded what is now known as Resilience in 2016 to bridge the divide between cyber insurance and cybersecurity. As a licensed insurance broker and producer, as well as a veteran of both the US Air Force and the cybersecurity industry, Vishaal brings the leadership skills he honed in his years with the military to his position as CEO for Resilience. After graduating from the United States Air Force Academy, V8 was commissioned to military service as a Cyber Operations Officer for the Air Force. Hariprasad is an Iraq War veteran and a recipient of a Bronze Star Medal. In 2012, he co-founded Morta Security, which was acquired by Palo Alto Networks, where he then served as a threat intelligence architect. In 2015, V8 was tapped to serve as a founding partner at the Pentagon's newly established Defense Innovation Unit Experimental (DIUx) in Mountain View, California, an office under the Secretary of Defense charged with leveraging commercial technology to solve defense challenges. V8 holds a B.A. in Mathematics from the US Air Force Academy and an M.S. in Information Technology from Virginia Polytechnic Institute and State University (Virginia Tech).

The Case Against Abandoning CrowdStrike Post-Outage

On the heels of a Chinese APT eavesdropping on phone calls made by Trump and Harris campaign staffers, Beijing says foreign nations have mounted an extensive seafaring espionage effort.

Source: US Navy Photo via Alamy Stock Photo

Just days after Chinese state-sponsored hackers attacked the presidential campaigns of both Donald Trump and Kamala Harris, Beijing is leveling accusations at unnamed foreign entities, accusing them of using secret maritime buoys and seabed equipment to spy on its naval activities.

In a message on WeChat — China's biggest social media app — the country's Ministry of State Security (MSS) claimed it has discovered devices designed for "reconnaissance and monitoring of our country's waters" and "intelligence collection and technical theft activities."

It went on to allege that foreign "secret guards" are lurking as drifting "spies" and acting as "lighthouses" to guide outsider submarines.

"Faced with the severe and complex situation of covert struggle in the deep-sea security field and the real threat of foreign espionage intelligence agencies, the national security agencies will ... firmly defend our sovereignty," the MSS reportedly said. 

"It’s highly unlikely we will ever find out for definite if these claims are accurate, but when it comes to the culprits, suspicion will definitely land on the West," says Ryan McConechy, chief technology officer at Barrier Networks. "The key lesson here is that the online world has become the preferred playing field for all adversaries today. Nation-states and criminals can operate much stealthier, they can often get deeper into networks and secrets than physical access would allow, and it is much safer for the troops who can physically distance themselves from targets."

Related:Dark Reading Confidential: Meet the Ransomware Negotiators

William Wright, CEO of Closed Door Security, noted that at-sea ships do make for juicy espionage targets.

"Few people fully understand the importance of the maritime industry today, but vessels are like floating computers, and they often contain highly sensitive information," he explains. "Whether the information relates to China's rapidly growing navy, or information on trading, it could prove to be very valuable to another nation-state and China is clearly concerned."

**Tit for Tat? News Follows Reported Chinese Campaign Hacks**

The claims from Beijing come on the heels of reports from the Washington Post and Reuters last weekend that an unnamed advanced persistent threat (APT) infiltrated the Verizon Communications telecom network and intercepted phone calls and texts made by campaign staffers for both Trump and Harris.

In addition, the eavesdroppers also reportedly targeted Trump's own phone calls, along with those of his running mate JD Vance — though how successful these latter attempts were is unknown.

Related:Facebook Businesses Targeted in Infostealer Phishing Campaign

Following the reports, the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed they were investigating "unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People's Republic of China," and acknowledged they were seeing "specific malicious activity targeting the sector," though they did not name victims or mention the candidates.

Verizon told Reuters meanwhile that it was "aware of a sophisticated attempt to target US telecoms and gather intelligence."

**China-US Tensions: Time to Up Critical Infrastructure Cyber Defense**

The activity aligns with prior attacks from the now-infamous Chinese state-sponsored APT Volt Typhoon, which first came to light in March 2023 after compromising telecom networks in Guam. It has since consistently targeted critical infrastructure in the US, with the observed purpose of espionage — and, potentially, the ability down the line to disrupt communications in the event of military conflict in the South China Sea and across the Pacific.

Similarly, another Chinese APT known as Salt Typhoon attacked US ISPs last month. The focus on high-value communications service provider networks in the US likely indicates a similar dual set of goals, researchers said at the time — to steal information and set up a launchpad for disruptive attacks.

Related:Canada Grapples With 'Second-to-None' PRC-Backed Threat Actors

"While it's alarming, the recent campaign targeting is also pretty unsurprising," says Casey Ellis, founder and adviser at Bugcrowd. "Given the US election season, and the access that Salt Typhoon had, I'd be surprised if they didn't target the elected officials and candidates for the presidential election."

All industries should learn from these types of campaigns, says Barrier Networks' McConechy, who notes that the seafaring espionage might be in retaliation for Volt Typhoon's assaults.

"Whether it's spyware implanted into routers, snooping hot air balloons, or spying submersibles, nation-states are getting increasingly creative when it comes to eavesdropping on other countries, so critical industries must be prepared for these assaults," he stresses. "In the digital world, these types of cyber-physical espionage campaigns have become the norm. Most countries will deny they conduct them, but they will be, they just won't want to publicly announce it, or let their target know."

He adds, "All systems must be scanned regularly for malware, and the locations close to where critical infrastructure resides must be continuously monitored for intruders, whether human or robotic. Improving defenses both physically and digitally must be a priority.”

**About the Author**

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

China Says Seabed Sentinels Are Spying, After Trump Taps

Despite the absence of laws specifically covering AI-based attacks, regulators can use existing rules around fraud and deceptive business practices.

Source: mike via Adobe Stock Photo

As AI-generated deepfakes become more sophisticated, regulators are turning to existing fraud and deceptive practice rules to combat misuse. While no federal law specifically addresses deepfakes, agencies like the FTC and SEC are applying creative solutions to mitigate these risks.

The quality of AI-generated deepfakes is astounding. "We cannot believe our eyes anymore. What you see is not real," says Binghamton University professor Yu Chen. Tools are being developed in real time to distinguish between an authentic image and a deepfake. But even if a user knows an image isn't real, there are still challenges.

"Using AI tools to trick, mislead, or defraud people is illegal," Federal Trade Commission chair Lina M. Kahn said, back in September. AI tools used for fraud or deception are subject to existing laws, and Khan made it clear the FTC will be going after artificial intelligence fraudsters.

**Intent: Fraud and Deception**

Deepfakes can be used for other corporate unfair business practices, such as creating a false image of an executive who announces their company is taking an action that could cause stock prices to change. For example, a deepfake could declare a company is going out of business or make an acquisition. If stock trading stock is involved, the SEC could prosecute.

When a deepfake is created with the intent to deceive, "that is a classic element of fraud," says Joanna Forster, a partner at the law firm Crowell & Morning and the former deputy attorney general, Corporate Fraud Section, for the State of California

"We've all seen the past four years a very activist FTC on areas of antitrust and competition, on consumer protection, on privacy," Forster says.

In fact, an FTC official, speaking on background, says the agency is aggressively addressing the issue. In April, a rule on government or business impersonation went into effect. The agency also is continuing its efforts on voice clones designed to deceive and defraud victims. The agency has a business guidance blog that tracks many of these efforts.

Several state and local laws address deepfakes and privacy, but there is no federal legislation or clear rules defining which agency takes the lead on enforcement. In early October, U.S. District Judge John A. Mendez granted a preliminary injunction blocking a California law against election-related deepfakes. Even though the judge acknowledged AI and deepfakes pose significant risks, California's law likely violated the First Amendment, Mendez said. Currently, 45 states plus the District of Columbia have laws prohibiting using deepfakes in elections.

**Privacy and Accountability Challenges**

There are few laws that protect non-celebrities or politicians from a deepfake violating their privacy. The laws are written so that they protect the celebrity's trademarked face, voice and mannerisms. This differs from a comic impersonating a celebrity for entertainment's sake where there is no intent to deceive the audience. However, if a deepfake does try to deceive the audience, that crosses the line of intent to deceive.

In the case of a deepfake of a non-celebrity, there is no way to sue without first knowing who created the deepfake, which is not always possible on the internet, says Debbie Reynolds, privacy expert and CEO of Debbie Reynolds Consulting. Identity theft laws might apply in some cases, but internet anonymity is difficult to overcome. "You may never know who created this thing, but that harm still exists," Reynolds says.

While some states are looking at laws specifically focusing on the use of AI and deepfakes, the tool used for the fraud or deception is not significant, says Edward Lewis, CEO of CyXcel, a consulting firm specializing in cybersecurity law and risk management.  Many corporate executives do not realize how easy deepfakes and other AI-generated content are to create and distribute.

"It's not so much about what do I need to know about deepfakes; It's rather who has access, and how do we control that access in the workplace, because we wouldn't want our staff to be engaging for inappropriate reasons with any AI," Lewis says. "Secondly, what is our firm's policy on the use of AI? What context can or can't it be used for, and who actually do we grant access to AI so that they can carry out their jobs?"

Lewis notes, "It's much the same way as we have controls around other cyber security risks. The same controls need to be considered in the context of the use of AI."

As AI-generated deepfakes become more sophisticated, regulators are working to adapt by leveraging existing fraud and privacy laws. Without federal legislation specific to deepfakes, agencies like the FTC and SEC are actively enforcing rules against deception, impersonation, and identity misuse. But the challenges of accountability, privacy, and recognition persist, leaving gaps that both individuals and organizations need to navigate. As regulatory frameworks evolve, proactive measures—such as AI governance policies and continuous monitoring—will be essential in mitigating risks and safeguarding trust in the digital landscape.

**About the Author**

Stephen Lawton is a veteran journalist and cybersecurity subject matter expert who has been covering cybersecurity and business continuity for more than 30 years. He was named a Global Top 25 Data Expert for 2023 and a Global Top 20 Cybersecurity Expert for 2022. Stephen spent more than a decade with SC Magazine/SC Media/CyberRisk Alliance, where he served as editorial director of the content lab. Earlier he was chief editor for several national and regional award-winning publications, including MicroTimes and Digital News & Review. Stephen is the founder and senior consultant of the media and technology firm AFAB Consulting LLC. You can reach him at \[email protected\].

Regulators Combat Deepfakes With Anti-Fraud Rules

The company's data loss prevention platform helps customers identify and classify data across SaaS and GenAI applications, endpoints, and email.

Source: YAY Media AS via Alamy Stock Photo

Organizations have a lot of data  — application data, log files, personal information, source code, customer information, business collateral, and credentials, to name a few — and the volume continues to grow exponentially. But a lack of visibility across IT environments and difficulty with classifying data make it difficult to protect all of that data from falling into the wrong hands.

MIND emerged from stealth today with a data loss prevention (DLP) platform that promises both "visibility of data risks" and prevention of data leaks. The company said its platform discovers and classifies sensitive data across IT workloads, including software-as-a-service (SaaS) and generative artificial intelligence (GenAI) applications, endpoints, on-premises systems, and email.

An "intelligent" DLP platform integrates AI and smart automations to help customers identify, detect, and prevent data leaks, the company said.

"MIND AI is made of hundreds of tailored algorithms and a proprietary AI engine to classify and categorize sensitive unstructured data, understand context-aware business views to determine risk severity, and take automated prevention and remediation actions," the company said.

Founded in 2023, MIND was co-founded by Eran Barak, who previously founded Hexadite; Itai Schwartz, who previously worked at Torq and Axonius; and Hod Bin Noon, who specialized in real-time vulnerability detection and remediation at Dazz. As part of the launch, MIND announced it raised $11 million in seed round funding from YL Ventures and several individual investors.

MIND Launches 'Intelligent' DLP Platform

A national security memorandum on artificial intelligence tasks various federal agencies with securing the AI supply chain from potential cyberattacks and disseminating timely threat information about them.

Source: Marcos Alvarado via Alamy Stock Photo

President Joe Biden issued the first national security memorandum on artificial intelligence (AI), recognizing that advances in the field will have significant implications for national security and foreign policy. The memorandum builds on the administration's policies to drive the safe, secure, and trustworthy development of AI. 

The White House directed the US government to create systems that ensure the country will lead in the global race to develop AI technology for national security purposes and to advance international regulations and governance. The memorandum also seeks to ensure that AI adoption reflects democratic values and protects human rights, civil rights, civil liberties, and privacy while encouraging the international community to adhere to the same values. 

"While the memorandum holds broader implications for AI governance, cybersecurity-related measures are particularly noteworthy and essential to advancing AI resilience in national security applications," wrote R Street cybersecurity fellow Haiman Wong in an analysis of the memorandum. 

The memorandum, issued last week, tasks the National Security Council and the Office of the Director of National Intelligence (ODNI) with reviewing national intelligence priorities to improve the identification and assessment of foreign intelligence threats targeting the US AI ecosystem, Wong noted. A group of agencies, including ODNI, the Department of Defense, and the Department of Justice, are responsible for identifying critical nodes in the AI supply chain that could be disrupted or compromised by foreign actors, ensuring that proactive and coordinated measures are in place to mitigate such risks.

The memorandum tasks the Department of Energy with launching a pilot project to evaluate the performance and efficiency of federated AI and data sources in order to refine AI capabilities that could improve cyber threat detection, response, and offensive operations against potential adversaries, Wong said. The Department of Homeland Security, the FBI, the National Security Agency, and the Department of Defense are tasked with publishing unclassified guidance on known AI cybersecurity vulnerabilities, threats, and best practices for avoiding, detecting, and mitigating these risks during AI model training and deployment, as well.

"Our competitors want to upend U.S. AI leadership and have employed economic and technological espionage in efforts to steal U.S. technology," the White House said in a statement. "This NSM makes collection on our competitors' operations against our AI sector a top-tier intelligence priority, and directs relevant U.S. Government entities to provide AI developers with the timely cybersecurity and counterintelligence information necessary to keep their inventions secure." 

These guidelines are an important step in making sure that AI is leveraged in safe, thoughtful ways for both industry and national security, stated Jeffrey Zampieron, distinguished software engineer at defense technology firm Raft, in an email to Dark Reading.

"Fundamentally, this is quality control," he said. "We want to ensure that AI behaves in a manner that is safe and efficacious for the application of interest. Guidelines provide creators with structured consistent ways to evaluate their work and provide consumers with confidence that the AI will work as intended."

The risks of unregulated AI technologies could be severe, he said. 

"Risks lead to hazards and hazards lead to harms," he said. "The primary risk is that we give AI control of some critical behavior and it acts in a way that causes harm: physical, property, financial. It's very application-specific. What's the risk of using AI to tell jokes? Not much. What's the risk of using AI to fire ordinance? Quite high."

**About the Author**

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master's degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.

White House Outlines AI's Role in National Security

The Russian-backed group is using a novel access vector to harvest victim data and compromise devices in a large-scale intelligence-gathering operation.

Source: Funtap via Shutterstock

"Midnight Blizzard," a threat group linked to Russia's foreign intelligence service, is stoking more concern than usual for both its sheer scope and its use of a new tactic for harvesting information and gaining control of victim systems.

Microsoft this week said its threat intelligence group observed Midnight Blizzard actors sending out thousands of spear-phishing emails to targeted individuals at more than 100 organizations worldwide since Oct. 22.

**Large-Scale Campaign**

Besides its wide scope, the campaign is noteworthy for Midnight Blizzard's use of a digitally signed Remote Desktop Protocol (RDP) configuration file in its spear-phishing emails. The RDP file connects to a server controlled by a threat actor; when the file is opened, it allows the attacker to harvest user credentials and detailed system information to aid further exploit activity.

"The emails were highly targeted, using social engineering lures relating to Microsoft, Amazon Web Services (AWS), and the concept of zero trust," Microsoft said on its threat intelligence group blog this week. "Microsoft has observed this campaign targeting governmental agencies, higher education, defense, and non-governmental organizations in dozens of countries, but particularly in the UK, Europe, Australia, and Japan."

Midnight Blizzard — aka Cozy Bear, APT29, and UNC2452 — has been the proverbial thorn in the side of security organizations for some years now. The group's many victims include SolarWinds, Microsoft, HPE, multiple US federal government agencies, and diplomatic entities worldwide. Its well-documented tactics, techniques, and procedures (TTPs) include using spear phishing, stolen credentials, and supply chain attacks for initial access. Midnight Blizzard actors have also targeted vulnerabilities in widely used networking and collaboration technologies such as those from Fortinet, Pulse Secure, Citrix, and Zimbra to gain an initial toehold on a target network.

**Bidirectional Connection**

The RDP file in the Microsoft, AWS, and zero-trust themed emails in Midnight Blizzard's latest campaign allows the attacker to establish a quick, bidirectional connection with a compromised device. The threat actor is using it to harvest a range of information including user credentials, files, and directories on the victim system and connected network drives; information from connected smart cards and other peripherals; Web authentication credentials; and clipboard data. The RDF file is signed with a LetsEncrypt certificate to lend it an air of legitimacy. "This access could enable the threat actor to install malware on the target's local drive(s) and mapped network share(s), particularly in AutoStart folders, or install additional tools such as remote access Trojans (RATs) to maintain access when the RDP session is closed," Microsoft cautioned.

Stephen Kowski, field CTO at SlashNext, says Midnight Blizzard's use of signed RDP files in its current campaign is significant. Signed RDP files can bypass traditional security controls since they appear to come from a legitimate source, he points out.

"This technique is particularly cunning because RDP files are commonly used in business environments, making them less likely to raise immediate suspicion, while the legitimate signature helps evade standard malware detection systems," he says. He advocates that organizations scan all email attachments in real time, with a particular focus on RDP files and other seemingly legitimate Microsoft-related content. "The use of legitimately signed files creates a significant blind spot for conventional security tools that rely heavily on signature-based detection or reputation scoring," Kowski advises.

**Mitigating the Threat**

Microsoft has released a list of indicators of compromise for the new Midnight Blizzard campaign, including email sender domains, RDP files, and RDP remote computer domains. It has recommended that security teams review their organizational email security settings and antivirus and anti-phishing measures; turn on Safe Links and Safe Attachments settings in Office 365; and enable measures for quarantining sent email if needed. Other recommendations include using firewalls to block RDP connections, implementing multifactor authentication, and strengthening endpoint security configurations.

Venky Raju, field CTO at ColorTokens, says the campaign is a reminder why organizations need to maintain a tight rein over the use of Microsoft's remote desktop. While it can be useful to share devices, folders, and clipboard content over an RDP session, it gives attackers a way into a user's device. "Signing the RDP configuration file may prevent email security systems from classifying the email as having a suspicious link or attachment. It may also reduce the warnings presented by the RDP client," he points out.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

'Midnight Blizzard' Targets Networks With Signed RDP Files

PRESS RELEASE

DALLAS, Oct. 29, 2024 (GLOBE NEWSWIRE) -- MEF, a global consortium of network, cloud, security, and technology providers driving enterprise digital transformation, today announced significant advancements in its MEF 3.0 Secure Access Service Edge (SASE) Certification Program. Technology providers Fortinet and Versa have achieved full SASE certification, while service providers AT&T, BT, Colt, Comcast Business, Console Connect, Liberty Latin America, Lumen, Orange Business, TPG, and Verizon have also earned full SASE certification. Additionally, technology providers Broadcom Inc. and Palo Alto Networks, and service provider Sparkle, are expected to achieve full SASE certification shortly. Organizations that achieve SASE certification through MEF’s rigorous independent program receive a rating on product effectiveness and are listed in MEF’s registry of certified companies. SASE certification is now available to all MEF members.

"As cyber threats continue to escalate in complexity and frequency, enterprises need absolute confidence in their security solutions,” said Nan Chen, Chief Executive Officer, MEF. “MEF's independent SASE certification program provides that assurance, enabling organizations to choose validated solutions that protect their digital assets and support their transformation initiatives."

Validated Security for the Enterprise   
MEF's comprehensive certification program addresses today's critical cybersecurity threats through rigorous testing of SASE, which includes Software-Defined Wide Area Network (SD-WAN), Security Service Edge (SSE), and Zero Trust (ZT) capabilities. The program is delivered in partnership with CyberRatings.org (CRO), a world-class testing laboratory that ensures transparency and confidence in cybersecurity solutions.

Technology providers must successfully complete all three certification modules to achieve full SASE certification. Service providers can achieve certification by integrating MEF-certified technology solutions, ensuring enterprise customers can trust the security and performance of their provider's ecosystem.

"Building secure, high-performing networks is critical to enterprise success,” said Pascal Menezes, Chief Technology Officer, MEF. “By achieving SASE certification, technology and service providers are proving their commitment to delivering reliable, scalable, and secure solutions."

Setting the Standard for Network Security   
The certification program validates compliance with MEF standards, including MEF SD-WAN (MEF 70.1) and industry-first standards for SASE (MEF 117) and Zero Trust (MEF 118). Certified solutions receive detailed ratings displayed in MEF's certification registry, enabling enterprises to make informed decisions about their security investments.

As SASE becomes central to Network-as-a-Service (NaaS) offerings, certified solutions give enterprises confidence in the cybersecurity embedded within their network environments. To help organizations navigate this landscape, MEF recently released its "State of the Industry Report: SASE – Validating Cyber Defense in an Era of Unprecedented Threats."

More information about MEF’s SASE certification program can be found here.

SASE certifications and advancements will be featured at MEF’s Global Network-as-a-Service Event (GNE) from Oct 28–30, 2024, in Dallas, Texas. Visit gne.mef.net.

About MEF  
MEF is a global consortium of service, cloud, cybersecurity, and technology providers collaborating to accelerate enterprise digital transformation. It delivers standards-based frameworks, services, technologies, APIs, and certification programs to enable Network-as-a-Service (NaaS) across an automated ecosystem. MEF is the defining authority for certified Lifecycle Service Orchestration (LSO) business and operational APIs and Carrier Ethernet, SASE, SD-WAN, Zero Trust, and Security Service Edge (SSE) technologies and services. MEF’s Global NaaS Event (GNE) convenes industry leaders building, delivering and consuming the next generation of NaaS solutions. For more information about MEF, visit MEF.net and follow us on LinkedIn, Twitter and YouTube.

15 Leading Technology and Service Providers Achieve SASE Certification

In a vengeful move against the happiest place on Earth, the former employee allegedly used his old credentials to make potentially deadly changes.

Source: Shannon Crighton via Alamy Stock Photo

A former Disney employee was arrested and charged after allegedly hacking into the company's systems and altering its restaurant menus.

Michael Scheuer, an ex-menu production manager at Disney, was charged with violating the Computer Fraud and Abuse Act (CFAA) on three different occasions.

He was fired from this position in June, after unspecified misconduct; his dismissal was described as "contentious" and "not considered to be amicable," according to court documents.

Scheuer allegedly used his work credentials, which were still functioning after his termination, to log into the Disney menu creation system contracted by a third-party company and change the fonts in the system to Wingdings symbols.

When the menu creator was launched, it would reach for these altered font files, believing them to be correct. 

"As a result of this change, all of the menus within the database were unusable because the font changes propagated throughout the database," read the complaint.

Scheuer also allegedly deleted allergen information from the menus, suggesting some foods were safe when they weren't, leading to potentially deadly consequences. The menus were identified and isolated by Disney before they could be shipped.

The menu changes caused the system to go offline for a couple of weeks and required backup to restore.

Scheuer has also been accused of being the root cause of several distributed denial-of-service attacks against several Disney employees, their information found in a folder on one of Scheuer's virtual machines, labeled "dox." According to the FBI, the evidence found in the investigation pointed to Scheuer as the perpetrator. He has been charged on two violations of the CFAA and remains in jail pending a bond hearing. If found guilty, he faces up to 15 years in prison.

Ex-Disney Employee Charged With Hacking Menu Database

PRESS RELEASE

TEL AVIV-YAFO, Israel – Oct. 29, 2024 – Zenity, the leader in securing agentic AI, today announced they have received $38 million in Series B funding co-led by Third Point Ventures and DTCP, pushing the total capital raised to over $55 million. It follows the recent strategic investment by Microsoft’s venture arm M12, with strong support from existing investors Intel Capital and Vertex Ventures. The funds will be used to grow the team across product, engineering, sales, and marketing, as well as launching a partner program to expand the ecosystem of supporting enterprises globally as they adopt agentic workflows including agentic AI, enterprise copilots, and applications built on low-code platforms. With Forbes estimating more than 51% of companies are actively adopting AI for process automation, and Microsoft stating the number of people who use Copilot daily at work has nearly doubled quarter-over-quarter, many enterprises have already taken a bold leap into the world of AI. However, per Salesforce, only 11% of CIOs say they’ve fully implemented AI, with the number one reason for holding full implementation back being around security and data infrastructure concerns. This round of funding serves to further accelerate and expand Zenity’s ability to enable the use of AI apps and agents among Fortune 500 enterprises, including current Zenity customers that exist across financial services, technology, manufacturing, energy and pharmaceutical industries.

Ben Kliger, Zenity’s CEO and co-founder, said: “The future of work is now. For the first time, large enterprises are on the cutting edge by placing the power of AI and low-code at all users’ fingertips, meaning anyone can now use and build AI agents and business applications to get more done. As such, security teams need robust and purpose-built solutions to properly manage the risks that come when utilizing the most powerful tools we have ever seen. We are proud to partner with Third Point Ventures and DTCP to continue our mission in supporting the world’s largest and most consequential organizations to enable innovation securely.” Recently, Zenity researchers found that the average large enterprise has nearly 80,000 AI agents, apps, and automations that are built using low-code development platforms, with over 62% containing some type of security vulnerability. Additionally, Zenity CTO and co-founder Michael Bargury presented research at Black Hat 2024 revealing how easy it is for bad actors to take control over enterprise copilots, such as Microsoft 365 Copilot, all without requiring a compromised account. What these themes have in common, is that business users of all technical backgrounds are at the forefront for business productivity. It also means that IT organizations are lacking visibility, as AI agents and applications are being built and used across the enterprise. These applications exist with an implicitly shared responsibility model, similar to the cloud, and security teams do not have visibility into what risks exist. Zenity provides visibility, risk assessment, and governance that security teams need in order to fully harness AI agents. Having gotten their start as the pioneers in the low-code/no-code application security space, Zenity is uniquely positioned with this latest round of funding to support enterprises as they continue placing more power at the hands of business users via Agentic AI workflows. As a community-oriented organization, having led and co-sponsored initiatives like the OWASP Top 10 for Low-Code/No-Code Security and the newly minted GenAI Attacks Matrix, Zenity is at the forefront of both security research and product development to be able to continue as a force enabler to the world’s enterprises. 

Sapir Harosh, Partner, Third Point Ventures, said: “In the rapidly evolving realms of AI and low-code development, Zenity stands out as a first mover dedicated to securing enterprises from emerging threats. We are proud to invest in Zenity and work closely with the team as they enable enterprises to harness powerful tools safely and drive transformative change. At Third Point Ventures, we are on the lookout for visionary companies like Zenity—those with deep connections to technology and a bold mission to serve large enterprises. We look forward to supporting their next wave of growth as they continue to innovate with advancements in AI and low-code technologies.” 

Dean Shahar, Head of Israel, DTCP, said: “We are incredibly impressed with Zenity’s achievements and are thrilled to partner with them in their next phase of growth. It’s no secret that the race to secure AI is on, but Zenity is way ahead of the competition, driven by a strong customer base and over 3x YoY growth. Their research-driven and community-focused approach, combined with their expertise in securing and understanding low-code environments, gives them a distinctive advantage in securing how business users operate today – one that’s already delivering real value to their customers. We’re excited about the opportunity to work with Ben, Michael and their incredible team and look forward to a fruitful collaboration that drives innovation and success.” 

About Zenity  Zenity, the world’s first agent-less application security platform for enterprise Copilots and Low-Code development, protects organizations from security threats, helps meet compliance, and enables business continuity. Established in 2021, many of the world’s leading organizations trust Zenity to help configure security guardrails, generate prioritized lists of vulnerabilities, and accurately pinpoint and remediate vulnerabilities by continuously scanning business-led development platforms and providing centralized visibility, risk assessment, and governance. Visit us at https://www.zenity.io for more.

Source

DARKReading