If you have an IoT network powered by Pepper, you can now insure it through Embedded Insurance — even if your business is too small to support a SOC.

Consumers and small-to-midsize businesses (SMBs) that use Internet of Things (IoT) devices to manage smart homes and businesses have a new option for obtain cyber insurance — providing their service providers are using the Pepper IoT Platform-as-a-Service (PaaS) back end. The service, announced on June 28, allows users to opt for a minimum of $10,000 per device in coverage from their providers for each device without requiring them to submit cyber insurance applications. The insurance is available either as an add-on at the time of the sale from the service provider, or it can be purchased later.

Pepper CEO Scott Ford says that consumers currently have very few options to obtain comprehensive cyber insurance for their IoT devices. While individuals have some options to reduce their risk and become better candidates for cyber insurance, many do not know how to do so. Offering an actual cyber insurance policy — not just a rider to an existing home policy that might offer nominal coverage — provides real and measurable coverage for common cyber threats, he says.

While the consumer market is the primary target for this partnership, Ford says that SMBs that use surveillance cameras and similar IoT devices also can benefit from this low-cost cyber insurance alternative.

**Consumers Need Simple**

Toby Coleridge, chief product officer at Embedded Insurance (EI), which is Pepper's cyber insurance broker, says the process of obtaining a policy through his company — without the need to fill out long applications that must be processed through underwriting — is easy for the clients to understand. EI's policies are underwritten by Chubb, the top-ranking cyber insurance carrier in 2023.

Coleridge notes that these are real cyber insurance policies that are specifically designed to be simple to purchase. Unlike corporate cyber insurance policies — where rates and terms are based on an organization's existing cybersecurity controls, audits, penetration tests of networks, and negotiations with corporate boards, corporate counsels, and CISOs — these policies are off-the-shelf packages that are preconfigured and priced accordingly, much like purchasing an automobile policy.

"We haven't needed to look at putting in restrictions," he adds. "That's the complexity of SMB insurance versus the residential policy that we're using here. Ultimately, the whole point of this is to keep it as simple as possible."

Among the coverages offered are cyber financial fraud, cyber extortion (including ransomware coverage up to the policy's limits), identity theft, data restoration, device replacement, and cyber bullying. Policies are available starting at $5.28 per month per device. For higher limits, such as coverage up to $100,000 per device, the price could rise to $20 per device per month or more.

Coleridge sees personal cyber insurance as a growing market going forward. As social engineering attacks increase against individuals, the need for personal cyber insurance will increase as well, he says. "It's about protecting you against some of those threats that most consumers are probably naive to today," he adds.

**Security and Insurance Are Natural Partners**

Ford notes that in 2022 State Farm Insurance invested some $1.2 billion into the electronic alarm-monitoring security firm ADT, adding that the insurer could offer better rates to customers who proactively add security controls and thus become lower insurance risks. Similarly, Pepper late last year acquired Comcast business unit Notion, a smart property monitoring sensor system and app that enables home and small-business owners to monitor and reduce loss from costly property damage. In both cases, the acquired firms provide the new parent with on-the-ground intelligence that lowers the user's vulnerability to losses.

The partnership between Pepper and Embedded Insurance is similar to others. For example, earlier this month in the enterprise space, security operations center (SOC) and XDR vendor Arctic Wolf announced a similar program with cyber insurance carrier Cysurance. The Arctic Wolf model is designed for much larger enterprises that can support a SOC, as well as other enterprise-class security controls. As part of the program, Arctic Wolf customers can purchase up to $1 million worth of cyber insurance at an 80% discount from standard market rates.

Pepper and Embedded Insurance Partner on Cyber Insurance for Consumers, SMBs

Though government agencies have hundreds of devices exposed to the open Internet, experts wonder if CISA is moving at the right pace.

Researchers have discovered hundreds of devices running on government networks that expose remote management interfaces on the open Web. Thanks to the Cybersecurity and Infrastructure Security Agency (CISA), that will change quickly — possibly too quickly, according to some experts.

On June 13, CISA released Binding Operational Directive (BOD) 23-02, with the goal of eliminating Internet-exposed management interfaces running on edge devices in Federal Civilian Executive Branch (FCEB) agency networks. The announcement came soon after CISA's advisory about Volt Typhoon, the Chinese state-backed advanced persistent threat (APT) that leveraged Fortinet FortiGuard devices in espionage campaigns against US government entities.

To gauge how significant BOD 23-02 would be, researchers at Censys scanned the Internet for devices exposing management interfaces in federal civilian executive branch (FCEB) agencies. The scans revealed nearly 250 qualifying devices, as well as a number of other network vulnerabilities outside of the scope of BOD 23-02. 

"While this level of exposure probably doesn't warrant an immediate panic, it's still worrisome, because it could be just the tip of the iceberg," says Himaja Motheram, security researcher for Censys. "It suggests that there may be deeper and more critical security issues, if this kind of basic hygiene isn't being met."

**How Exposed FCEB Organizations Are**

Devices qualifying under BOD 23-02 include Internet-exposed routers, switches, firewalls, VPN concentrators, proxies, load balancers, out-of-band server management interfaces, and any others "for which the management interfaces are using network protocols for remote management over public Internet," CISA explained — protocols like HTTP, FTP SMB, and others.

Censys researchers discovered hundreds of such devices, including various Cisco devices exposing Adaptive Security Device Manager interfaces, Cradlepoint router interfaces, and popular firewall products from Fortinet and SonicWall. They also found more than 15 instances of exposed remote access protocols running on FCEB-related hosts.

The search was so bountiful that they even uncovered many federal network vulnerabilities beyond the scope of BOD 23-02, including exposed file transfer tools like GoAnywhere MFT and MoveIt, exposed Barracuda email security gateways, and various instances of defunct software.

Organizations often don't know their level of exposure or don't understand the implications of exposure. Motheram emphasizes that unprotected gear was all quite simple to find. "And what was trivial for us to find is, honestly, probably even more trivial for amateur threat actors out there."

**How Edge Devices Get Exposed**

How is it that so many devices are exposed on otherwise highly scrutinized government networks?

Joe Head, CTO of Intrusion, points to any number of reasons, including "convenience of the administrator, lack of operational security awareness, lack of respect for adversaries, use of default or known passwords, and lack of visibility."

James Cochran, director of endpoint security at Tanium, adds that "staffing shortages can cause overworked IT teams to take shortcuts so they can make the management of the network easier."

Consider, too, the traps unique to the government that can make the problem even worse. "With little oversight and concern about potential threats, devices can get added to the network under the guise of being 'mission critical,' which absolves them from all scrutiny," Cochran laments. Agencies can also merge or expand, with gaps in their network and security integration. “Over time, the overall networks begin to resemble something out of a Mad Max movie, where random things are bolted together and you are not sure why."

**Will BOD 23-02 Turn Things Around?**

In its directive, CISA indicated that it will begin scanning for qualifying devices and informing the culpable agencies. Upon notification, offending agencies will have just 14 days to either disconnect these devices from the Web, or "deploy capabilities, as part of a zero-trust architecture, that enforce access control to the interface through a policy enforcement point separate from the interface itself."

That two-week period will force relevant agencies to act fast to secure their systems. But that could be difficult, Motheram acknowledges. "In theory, removing devices that are exposed from the Internet should be simple, but that's not always the reality. There can be some bureaucracy to deal with when changing access policies that add friction," she explains.

Others believe the burden is undue. "This is not a responsible timeline," Cochran says. "Since the problem is so widespread, I would expect there to be significant impacts to the identified agencies. This is the same as trying to untangle a bunch of wires by sawing through them."

Others applaud CISA's no-nonsense approach. "It is hard to come up with a timeline to stop doing what should have never been done," Head says, arguing that 14 days may be too long to wait. "Five minutes would be more advisable as managers task the corrective network changes. It has been standard practice not to expose management interfaces to the public Internet for years, so making it mandatory is prudent and reasonable."

CISA Wants Exposed Government Devices Remediated in 14 Days

**LONDON****,** **June 29, 2023** **/PRNewswire/ --** IEC standards have long been considered _de facto_ for the European power grid sector. But the cost and complexity inherent in implementing them has inhibited full adoption, until now.

Smart Grid Forums, an independent conference organizer specialized in the European power grid sector has been facilitating meetings on various IEC standards for more than 10 years. Key standards include IEC 61850 for substations, IEC CIM for control centers, and IEC 62443 for OT cybersecurity. The objective of these meetings have been to support grid operators in assessing the business case for the standards, conducting pilot projects to test their technical feasibility, and educating the wider utility workforce, to mobile large-scale deployment in support of the Energy transition.

"This year it has become clear that these standards are inter-dependent" says Mandana White, CEO of Smart Grid Forums. "Whilst utilities have been working with them in focused silos, the reality is that without their effective interworking, grid operations will not be able to run seamlessly and reliably."

As a result, Smart Grid Forums are hosting a joint meeting brining all three utility IEC standardization communities together at one time in one venue. Each group will benefit from a dedicated case-study programme that deep dives into the latest lessons learnt from the implementation of each standard whilst also being able to access information and networking related to the other standards.

The week-long event begins with a choice of 3 Fundamentals Workshops, providing participants with the foundational knowledge they need in IEC 61850, IEC CIM, and IEC 62443. The main 3-day conference opens with a series of high-level plenary sessions on the macro issues facing the standardization community, and then breaks out into three technical tracks focused on utility case-studies. The week wraps up with a Communication briefing designed to help technical teams translate their engineering know-how into organizational priorities using language that will influence the Board and secure long term investment.

70+ SPEAKERS INCLUDING:

·  Christoph Brunner, Convenor, TC57 WG10

·  Gabriel Faifman, Co-Convenor, TC65 WG10

·  Svein Olsen, Lead Member, TC57 WG13,14 & 16

·  Alex Apostolov, Editor-in-Chief, PacWorld

·  Jennifer MacKenzie, Lead Design Engineer, Scottish Power Energy

·  Anders Johnson, Power Systems Specialist, Vattenfall Networks

·  Barry Coatesworth, Cybersecurity Advisor, Scottish Power

·  Philip Westbroek, OT Security Officer, Enexis

·  Damien Ploix Chief of Cybersecurity, Enedis

·  Mohammed Radi, Network Data Modelling Engineer, UK Power Networks

·  Rui Pena, Senior Consultant, E-REDES

·  Anna Elgersma, Data Architect, Alliander

DISCUSSION TOPICS INCLUDE:

·  GLOBAL STANDARDISATION REVIEW - Evaluating the rate of IEC standardization take-up globally and identifying market trends and lessons to be learnt for Europe

·  WORKING GROUP IMPROVEMENTS - Evaluating the benefits of working group participation and identifying how the IEC can better engage utility contribution in the interest of wider market development

·  WORKFORCE ENGAGEMENT - Establishing a training culture that rapidly advances IEC 61850 competence of engineering, operations, and maintenance teams to drive organizational change at pace

·  PROCESS BUS - Leveraging IEC 61850 standardization to drive the cost-efficiency and accessibility of process bus architectures for grid networks

·  VIRTUALISATION - Determining the roadmap from digital to virtual substations and prioritizing the implementation steps to commit to in the next 2-3 years

·  IEC 62443 FOR THE GRID - Determining how IEC 62443 can be leveraged in combination with ISO 27001 to drive end-to-end cybersecurity of the IT-OT integrated digital grid

·  IMPLEMENTATION PLANNING - Creating a IEC 62443 implementation roadmap with clear priorities for utilities, suppliers and system integrators on both a governance and technical level

·  PATCH MANAGEMENT - Ensuring the effective application of IEC 62443 guided patch management regimes to maximize the lifecycle of OT infrastructure

·  CIM FOR A CENTRALISED REPOSITORY - Applying CIM to all grid systems to promote centralization and to build a coordinated set of data models

·  INTERNAL-EXTERNAL DATA EXCHANGE - Reviewing the latest developments with CGMES to support TSO-DSO data exchange and interoperability

TESTIMONIALS FROM PAST EVENTS

"As usual high-quality presentations and relevant topics." 

Anders Johnsson, Power system specialist, Vattenfall Eldistribution AB

"In my opinion this is the best industrial conference about smart grid and IEC 61850." 

Andrea Bonetti, Senior Specialist, Megger Sweden AB

"This was a great opportunity to learn about the IEC 62443 concepts, controls and framework."

Anja Ivanovska, Info Sec Specialist, EVN

"A refreshing insight and different angle on cyberthreats and possible measures for the OT domain."

Bas Mulder, Technologist OT, TenneT

"Great opportunity to meet, exchange, discuss and develop ideas concerning CIM."

Ruben Haasjes, Data Consultant, Alliander

"Bringing utilities from across the world together to digitally transform our energy systems." 

Jakub Sliva, Asset Data Specialist, Stedin

To find more about how you can get involved contact the SGF team directly at:

We are an independent B2B event provider serving the smart grid technical community. We monitor the market, conduct depth interviews, and translate the insights into techno-commercial meetings that empower participants to accelerate their grid modernisation plans, drive renewables integration, and help meet climate goals.

SOURCE Smart Grid Forums

IEC Standardization Leaders Convene in Amsterdam to Review Utility Interworking of Key Standards

New online safety bill could force encrypted messaging apps like iMessage and WhatsApp to scan for child abuse material, but platforms warn about privacy implications.

Apple has joined more than 80 technology experts and organizations in an appeal to UK lawmakers to consider the broader privacy ramifications of pending legislation called the Online Safety Bill.

The legislation, moving its way through Parliament, is intended to force accountability for technology platforms used to distribute child abuse materials.

Platforms like iMessage and WhatsApp use end-to-end encryption (E2EE), which prevents anyone but the sender and recipient from viewing the contents of a message. E2EE also keeps law enforcement from identifying illicit materials.

In its current form, the Online Safety Bill allows, under some circumstances, the UK's communications regulator Ofcom to force platforms to scan messages for prohibited content.

In a statement, Apple said it was willing to work with the British government to purge abusive content on its platform, but adds that breaking end-to-end encryption comes with other privacy risks, according to reports.

"End-to-end encryption is a critical capability that protects the privacy of journalists, human rights activists, and diplomats," Apple said, according to the BBC. "It also helps everyday citizens defend themselves from surveillance, identity theft, fraud, and data breaches."

"Apple urges the government to amend the bill to protect strong end-to-end encryption for the benefit of all," Apple added.

In addition to Apple's objections, an open letter to Technology Minister Chloe Smith from the Open Rights Group (ORG) warned about the security risks associated with this kind of open spying on citizens without their consent. The letter was signed by more than 80 national and international civil society organizations, academics, and cyber experts, the ORG said.

"The inconvenient truth is that it is not possible to scan messages for bad things without infringing on the privacy of lawful messages," the ORG open letter read. "It is not possible to create a backdoor that only works for 'good people' and that cannot be exploited by 'bad people'."

Other encrypted messaging apps like WhatsApp and Signal told the BBC they adamantly refuse to weaken the privacy on their platforms, with Signal putting out a statement in February that if the legislation became law it ... "would absolutely walk," meaning it would halt services to the UK altogether rather than comply with proposed Online Safety Bill requirements.

Apple Objects to UK Bill That Would Break Encrypted Messaging

Patches are available for three bugs, but with technical details and PoCs now available, threat actors can craft targeted attacks.

Organizations running business-critical applications on SAP's Application Server for ABAP platform technology may want to read and heed details of a technical paper presented at Trooper's cybersecurity conference in Germany this week.

The paper, from research firm SEC Consult, provides technical details and proof-of-concept (PoC) code for four critical vulnerabilities in the server-side implementation of the Remote Function Call (RFC) communications interface in all releases and versions of SAP's NetWeaver Application Server ABAP and ABAP platform (AS ABAP).

**ABAP Kernel Affected By At Least One Of the Flaws**

The vulnerabilities give attackers a way to remotely execute arbitrary code on affected systems, access critical data, move laterally to other SAP systems on the same network, and execute other malicious actions. At least one of the flaws exists in the ABAP kernel, meaning a very large number of SAP products are affected.

"Remote unauthenticated attackers may exploit the identified issues to take full control of vulnerable application servers. This could result in a full compromise of confidentiality, integrity, and availability of data," SEC Consult said in a note to customers warning about the issues; it also shared the warning with Dark Reading.

Researchers at SEC Consult discovered and reported the vulnerabilities to SAP over the last two years. They identified the first one at the end of 2020 and the last one earlier this year. SAP issued patches for each of the identified issues soon after SEC Consult reported them to the company. Even so, SEC Consult waited till now to disclose technical details of the flaws to ensure SAP had enough time to properly address the issues.

"The identified vulnerabilities affected many different SAP products as the ABAP kernel was affected," says Johannes Greil, head of the SEC Consult Vulnerability Lab. "Hence profound work needed to be done to mitigate and test/verify the fixes for all of those products."

With technical details and proofs of concept (PoCs) for the flaws now becoming available, threat actors have information to craft targeted attacks, he says. So unpatched systems could pose a risk for organizations. "Our advice is — if it was not already done — to implement the patches and necessary configuration changes immediately as the issues are of critical risk," Greil notes. "Because of the high business risk, we also informed many customers already a few months ago in March 2023 and urged them to patch."

**Details On the Four Bugs**

The four vulnerabilities that SEC Consult discovered and reported to SAP are CVE-2021-27610, CVE-2021-33677, CVE-2021-33684, and CVE-2023-0014.

CVE-2021-27610 is an authentication bypass vulnerability in AS ABAP that allows adversaries to escalate privileges on affected systems. The vulnerability gives attackers a way to establish their own communication with a vulnerable system and reuse leaked credentials to impersonate user accounts and claim a trusted identity. Successful exploitation can lead to full system compromise, SEC Consult said.

SEC Consult described CVE-2021-33677 as an information disclosure vulnerability in the AutoABAP/bgRFC Interface that allows an adversary to remotely enumerate user accounts and get the vulnerable service to execute specific requests to targeted hosts and ports. CVE-2021-33684 is a memory corruption bug that an attacker can exploit to remotely crash processes, gain remote code execution, and corrupt data. CVE-2023-0014, the most recent of the four flaws that SEC Consult reported to SAP, is a design issue that enables lateral movement in SAP system environments.

Greil describes most of the vulnerabilities as critical, especially CVE-2023-0014 and CVE-2021-27610, which, when combined, allow for easy lateral movement. "The current one from 2023 is especially important because it is more effort to patch because of additional necessary configuration changes," Greil says. Some deeper technical SAP understanding would be necessary to perform lateral attacks and exploiting the attack chain because the SAP technology stack and naming conventions differ from the usual IT security protocols, he notes. "The buffer overflow is also of high risk because it is exploitable before authentication. But we did not verify remote code execution," Greil says.

The vulnerabilities exist in a wide range of business-critical SAP products including SAP ERP Central Component (ECC), SAP S/4HANA, SAP Business Warehouse (BW), SAP Solution Manager (SolMan), SAP for Oil & Gas (IS Oil&Gas), SAP for Utilities (IS-U), and SAP Supplier Relationship Management (SRM).

Researchers Detail 4 SAP Bugs, Including Flaw in ABAP Kernel

New program provides organizations a way to show customers and partners their cybersecurity posture meets rigorous standards of CREST accreditation.

**EAST GREENBUSH, N.Y., June 28, 2023 —** The Center for Internet Security, Inc. (CIS®) today announced the launch of a joint initiative with CREST, an international not-for-profit accreditation and certification body, to help advance security and resilience to achieve better global cybersecurity.

As cyber threats continue to escalate to unprecedented levels globally, CIS and CREST are launching the CIS Controls Accreditation program to provide organizations a way to show customers and partners that their cybersecurity posture meets the best practice guidance as set forth in the CIS Critical Security Controls (CIS Controls) underpinned by the rigorous standards of CREST accreditation.

Establishing, maintaining, and proving an organization’s security posture remains a high priority for business, government, and regulatory bodies. CIS Controls Accreditation is an exclusive opportunity for CIS SecureSuite Members (Controls, Consulting & Services, and Product Vendor) and CREST Members to offer consulting services to end user organizations who wish to demonstrate that their implementation of security best practices is guided and externally assessed in accordance with the training and validation defined by two renowned authorities in cybersecurity. 

"The ability to digest all the data and controls from various devices and systems is essential in this massive shift to evidencing security," said Tom Brennan, Executive Director, CREST Americas Region. "Together, CIS Controls and CREST accreditations give our joint members an accelerated path to meet risk and compliance requirements in addition to providing a methodology for continuously monitoring their security posture. By using CREST on top of the CIS Controls, security professionals can monitor security from infrastructure that can be observed, tested, and enhanced."

The CIS Critical Security Controls are a set of globally-recognized and widely-used best practices that provide a prioritized path to improve an enterprise’s cybersecurity posture. This is the first initiative pairing the CIS Controls with a program to deliver accredited consulting.

"CIS is pleased to partner with CREST to provide end user organizations a selection of recognized consultants to advise on the implementation of and assessment against the CIS Controls," said Curtis Dukes, CIS Executive Vice President and General Manager, Security Best Practices. "We see this as a significant step forward in our efforts to secure enterprises and safeguard against current and emerging threats.

The joint CIS and CREST offering is available to members of both organizations here.  

**About CIS**

The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit, responsible for the CIS Critical Security Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. election offices. To learn more, visit 

CISecurity.org or follow us on Twitter: @CISecurity.

**About CREST**

CREST is an international not-for-profit, membership body representing the global cyber security industry with the goal to help create a secure digital world for all. CREST focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration and proving security posture. Through rigorous quality assurance of its members and delivering professional certifications to the cyber security industry. CREST accredits over 350 member companies, operating across dozens of countries, and certifies thousands of professionals worldwide across governments, regulators, academic institutions, training partners, professional bodies and other stakeholders around the world. For more information, please visit us at https://www.crest-approved.org/

Center for Internet Security, CREST Join Forces to Secure Organizations Globally

Stellar leverages cyber physical system detection and response (CPSDR) to prevent unexpected system changes from impacting operational reliability and availability.

**IRVING, Texas & TAIPEI, Taiwan --** (BUSINESS WIRE) — TXOne Networks, a leader in industrial cybersecurity, announced its Stellar solution for defending operational stability. Employing TXOne Networks’ unique approach to security, Cyber-Physical System Detection and Response (CPSDR), Stellar supports the priorities of security and operations without either team having to sacrifice capability or performance. Already protecting customers in semiconductors, manufacturing, oil and gas, automotive, pharmaceuticals and other many other industries, Stellar is the first solution to offer seamless detection and prevention capabilities with complete oversight for legacy and new OT devices. With intuitive management and informed automation, implementation is quick and simple while remaining non-impacting to resource-restricted devices.

The behavioral patterns of the OT devices and cyber-physical systems on plant floors are automatically established and continuously monitored. Even a single abnormal interaction demands scrutiny that common cybersecurity approaches borrowed from information technology (IT) are often not designed to recognize or address. Stellar, however, analyzes the baseline “fingerprints” of each individual device to reveal _any_ unexpected behavior that threatens reliable and stable operations. The TXOne Networks solution then prevents the unexpected change and generates alerts to complete wider analysis. In this way, Stellar is not limited to combatting known threats; rather, by leveraging TXOne Networks’ OT-native CPSDR capabilities, Stellar’s stability-driven approach addresses unexpected system changes before operations can be impacted.

Stellar consists of an agent that works with an organization’s OT devices and a centralized management console that streamlines management and policy control. A comprehensive OT-context-focused database, which TXOne Networks maintains in partnership with leading device original equipment manufacturers (OEMs), informs the accurate identification and preservation of more than 8,000 OT/industrial control system (ICS) applications, certificates and devices.

To balance the priorities of security and operations teams, Stellar delivers complete protection of operational environments and the OT devices that they comprise of, including:

*   Multi-method threat prevention to secure OT/ICS devices from malware and abuse threats

*   Operations behavior anomaly detection to prevent malware-free attacks

*   Operation lockdown to safeguard operational integrity, reduce the chance of downtime and reduce the requirements for outages (especially valuable for “non-patchable” systems)

*   Trusted control of USB devices to protect against their unauthorized access

"An increasing number of organizations today recognize OT operations as pivotal hubs for generating business value," stated Terence Liu, the Chief Executive Officer of TXOne Networks. "Numerous prominent industry leaders across diverse sectors are already entrusting our Stellar Endpoint security solution to safeguard their critical assets. With the introduction of the CPSDR feature in Stellar 3.0, enterprises can uphold operational stability and proactively mitigate unforeseen threats."

Learn more about Stellar. Follow TXOne Networks on Blog, Twitter, and LinkedIn.

**About TXOne Networks**

TXOne Networks offers cybersecurity solutions that ensure the reliability and safety of industrial control systems and operational technology environments. TXOne Networks works together with both leading manufacturers and critical infrastructure operators to develop practical, operations-friendly approaches to cyber defense. TXOne Networks offers both network-based and endpoint-based products to secure the OT network and mission-critical devices using a real-time, defense-in-depth approach. www.txone.com

TXOne Networks' Stellar Solution Safeguards Operational Stability for Organizations in Various Industries

Key findings from the research also show three of the four new malware threats on this quarter's top-ten list originated in China and Russia, living-off-the-land attacks on the rise, and more.

**SEATTLE – June 28, 2023 –** WatchGuard® Technologies, a global leader in unified cybersecurity, today announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analyzed by WatchGuard Threat Lab researchers in Q1 2023. Key findings from the data show phishers leveraging browser-based social engineering strategies, new malware with ties to nation states, high amounts of zero day malware, living-off-the-land attacks on the rise, and more. This edition of the report also features a new, dedicated section for the Threat Lab team’s quarterly ransomware tracking and analysis.

"Organizations need to pay more active, ongoing attention to the existing security solutions and strategies their businesses rely on to stay protected against increasingly sophisticated threats," said Corey Nachreiner, chief security officer at WatchGuard. "The top themes and corresponding best practices our Threat Lab have outlined for this report strongly emphasize layered malware defenses to combat living-off-the-land attacks, which can be done simply and effectively with a platform for unified security run by dedicated managed service providers."

Among its most notable findings, the Q1 2023 Internet Security Report reveals:

*   **New browser-based social engineering trends –** Now that web browsers have more protections preventing pop-up abuse, attackers have pivoted to using the browser notifications features to force similar types of interactions. Also of note from this quarter’s top malicious domains list is a new destination involving SEO-poisoning activity.
*   **Threat actors from China and Russia behind 75% of new threats in the Q1 Top 10 list –** Three of the four new threats that debuted on our top ten malware list this quarter have strong ties to nation states, although this doesn’t necessarily mean those malicious actors are in fact state-_sponsored_. One example from WatchGuard’s latest report is the Zusy malware family, which shows up for the first time in the top 10 malware list this quarter. One Zusy sample the Threat Lab found targets China’s population with adware that installs a compromised browser; the browser is then used to hijack the system’s Windows settings and as the default browser.
*   **Persistence of attacks against Office products, End-of-Life (EOL) Microsoft ISA Firewall –** Threat Lab analysts continue to see document-based threats targeting Office products in the most widespread malware list this quarter. On the network side, the team also noticed exploits against Microsoft’s now-discontinued firewall, the Internet Security and Acceleration (ISA) Server, getting a relatively high number of hits. Considering this product has long been discontinued and without updates, it is surprising to see attackers targeting it.
*   **Living-off-the-land attacks on the rise –** The ViperSoftX malware reviewed in the Q1 DNS analysis is the latest example of malware leveraging the built-in tools that come with operating systems to complete their objectives. The continued appearance of Microsoft Office- and PowerShell-based malware in these reports quarter after quarter underscores the importance of endpoint protection that can differentiate legitimate and malicious use of popular tools like PowerShell.
*   **Malware droppers targeting Linux-based systems –** One of the new top malware detections by volume in Q1 was a malware dropper aimed at Linux-based systems. A stark reminder that just because Windows is king in the enterprise space, this doesn’t mean organizations can afford to turn a blind eye to Linux and macOS. Be sure to include non-Windows machines when rolling out Endpoint Detection and Response (EDR) to maintain full coverage of your environment.
*   **Zero day malware accounting for the majority of detections –** This quarter saw 70% of detections coming from zero day malware over unencrypted web traffic, and a whopping 93% of detections from zero day malware from encrypted web traffic. Zero day malware can infect IoT devices, misconfigured servers, and other devices that don’t use robust host-based defenses like WatchGuard EPDR (Endpoint Protection Detection and Response).  
*   **New insights based on ransomware tracking data –** In Q1 2023, the Threat Lab tallied 852 victims published to extortion sites and discovered 51 new ransomware variants. These ransomware groups continue to publish victims at an alarmingly high rate; some are well-known organizations and companies in the Fortune 500. (Stay tuned for more ransomware tracking trends and analysis as part of WatchGuard’s quarterly Threat Lab research in future reports!)

Consistent with WatchGuard’s Unified Security Platform® approach and the WatchGuard Threat Lab’s previous quarterly research updates, the data analyzed in this quarterly report is based on anonymized, aggregated threat intelligence from active WatchGuard network and endpoint products whose owners have opted to share in direct support of WatchGuard’s research efforts.   
New for this Q1 2023 analysis, the Threat Lab team has updated the methods used to normalize, analyze, and present the report findings. While previous quarterly research results have primarily been presented in the aggregate (as global total volumes), this quarter and going forward the network security results will be presented as “per device” averages for all reporting network appliances. The full report includes additional detail around this evolution and the rationale behind the updated methodology, as well as details on additional malware, network, and ransomware trends from Q1 2023, recommended security strategies, critical defense tips for businesses of all sizes and in any sector, and more.

For a more in-depth view of WatchGuard’s research, read the complete Q1 2023 Internet Security Report here.

**About WatchGuard Technologies, Inc.**

WatchGuard® Technologies, Inc. is a global leader in unified cybersecurity. Our Unified Security Platform® approach is uniquely designed for managed service providers to deliver world-class security that increases their business scale and velocity while also improving operational efficiency. Trusted by more than 17,000 security resellers and service providers to protect more than 250,000 customers, the company’s award-winning products and services span network security and intelligence, advanced endpoint protection, multi-factor authentication, and secure Wi-Fi. Together, they offer five critical elements of a security platform: comprehensive security, shared knowledge, clarity & control, operational alignment, and automation. The company is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.

For additional information, promotions and updates, follow WatchGuard on Twitter (@WatchGuard), on Facebook, or on the LinkedIn Company page. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at www.secplicity.org. Subscribe to The 443 – Security Simplified podcast at Secplicity.org, or wherever you find your favorite podcasts.

_WatchGuard is a registered trademark of WatchGuard Technologies, Inc. All other marks are property of their respective owners._

WatchGuard Threat Lab Report Reveals New Browser-Based Social Engineering Trends

More than 950,000 job postings for tech positions in Q4 2022.

**London, June 28, 2023 –** While Europe continues to deal with regional economic issues including the effects of inflation and the ongoing conflict in Ukraine, businesses in multiple industries still need technology workers, research by CompTIA, the nonprofit association for the technology industry and workforce, finds.

Employer job postings for technology positions in 11 countries totaled more than 950,000 in Q4 2022, the most recent available data, according to CompTIA's latest "European Tech Hiring Trends" report.

“Skilled tech workers are very much in high demand across the continent, creating new employment opportunities for people who are looking to enter the technology workforce for the first time and for those who are seeking new challenges,” said Graham Hunter, executive vice president, global sales, CompTIA. “This report also shows how critical professional certification programs are to the tech industry and companies in a wide variety of industries.”

Tech employment opportunities are available at every career stage. Among all tech job postings, 35% of employers sought candidates with 0 to 2 years of work experience. The search for tech workers in their early career stage was even more pronounced in Romania (57% of all tech job postings) and Ireland (54%). Across all 11 countries employers specified 3 to 10 years of experience for 10% of job postings and 11 or more years for 13% of openings.

Job postings were widely dispersed geographically, with the largest numbers in Germany (411,743), France (217,480) and Poland (60,532).

Companies in the information and communication industry listed the most job postings, but hiring interest was also strong among firms in professional, scientific and technical services, manufacturing, administrative and support services, and financial and insurance sectors.

Positions in software development, programming and web development had the highest volume of job postings in Q4 2022 (353,293). Demand was also strong for systems analysts and cybersecurity professionals (284,215), IT support specialists and technicians (113,427) and network and systems administrators and technicians (113,394).

The report’s breakdown of data by individual countries highlights both the commonalities and uniqueness of tech employment in each market.

Software development and programming topped the list of job role categories in 10 of 11 countries included in the report, with Germany (142,956), France (72,653) and Poland (32,921) taking the top three spots. Italy was the exception, where employers focused their talent search on cybersecurity professionals and systems analysts.

The "European Tech Hiring Trends" report is based on CompTIA's analysis of employer job posting data aggregated by Lightcast from Q4 2022 and some prior periods. The full report is available at https://www.comptia.org/content/research/european-tech-hiring-trends.

**About CompTIA**The Computing Technology Industry Association (CompTIA) is the world’s leading information technology (IT) certification and training body. CompTIA is a mission-driven organization committed to unlocking the potential of every student, career changer or professional seeking to begin or advance in a technology career. Each year CompTIA, directly and through its global network of partners, provides millions of people with training, education and certification. To learn more visit https://www.comptia.org/

Employer Demand for Technology Workers Across Europe Remains on Firm Footing

The new brand is launched alongside new product security platform capabilities such as a vulnerability management (VM) co-pilot and incident response investigation management, providing automation and workflows for the many teams involved in product security.

**TEL AVIV, Israel****,** **June 28, 2023** **/PRNewswire/ --** Cybellum, creator of the award-winning Product Security Platform for device manufacturers, unveiled today a new brand identity and new platform capabilities reinforcing its commitment to the product security community.

The new brand channels the company's focus on the multiple teams involved in today's product security operations.

Now more than ever, product security is a multi-team effort - from vulnerability management to software quality assurance, SBOM management, incident response, and compliance, each part of the workflow is governed by a different team, requiring a specialized, yet unified approach. The new brand, together with the new platform capabilities enables teams across the organization to automate and simplify the many security tasks they have, making the process more efficient and collaborative at the same time.

Some of the new platform capabilities include:

*   A new interface focusing on multi-team collaborative product security - from asset management and software assurance to incident response and cyber-compliance
*   Corporate Management dashboards provide visibility into the organization's product security readiness
*   New SBOM management capabilities including one-click SBOM and VEX report generation for entire products, so you no longer need to manually aggregate information from underlying components
*   The Vulnerability Management (VM) CoPilot focuses your team on the most pressing and relevant vulnerabilities by automating exploit analysis
*   A new Malware detection engine secures device software from malicious code, enhances supply chain cybersecurity, and facilitates compliance
*   A revamped Policy Engine with greater customization flexibility automates requirement validation, accelerating compliance with regulations and your own policies
*   A refined Incident Response module facilitates threat intelligence monitoring, automates relevancy assessment, and streamlines the investigation workflow for rapid remediation of post-market incidents

All of these new capabilities are built into the company's Product Security Platform, a centralized management platform for keeping connected devices cyber secure.

"Product security is still an evolving field, and Cybellum is committed to the success of the teams involved," says Shlomi Ashkenazy, Cybellum's Head of Brand. "Throughout the past year, we learned from our customers what are the main gaps they have in their product security process, and worked to close them."

"To us, working hand in hand with the product security community is the most important aspect of what we do," added Shlomi, "This new chapter in Cybellum's brand story echoes the vision and aspirations of that community, and further aligns the Cybellum story and mission with the challenges and needs of our customers."

**About Cybellum**

Cybellum is where teams do product security.

Device manufacturers such as Jaguar Land Rover, Supermicro, Danaher, and Faurecia use Cybellum's Product Security Platform and services to manage the main aspects of their cybersecurity operations across business units and lifecycle stages. From SBOM to Vulnerability Management, Compliance Validation, and Incident Response, teams ensure their connected products are fundamentally secure and compliant – and stay that way.

To learn more visit www.cybellum.com

Source

DARKReading