Threat groups created a fake security company, "High Sierra," with faux exploits and fake profiles for security researchers on GitHub and elsewhere, aiming to get targets to install their malware.

During the month of May, an unknown threat group created a malicious GitHub repository that claimed to contain a zero-day exploit for a vulnerability in the Signal messaging app. The attackers supported the credibility of the exploit by creating a fake security company — High Sierra Cyber Security — linked to a number of made-up profiles of security researchers.

That's according to research conducted by threat intelligence firm VulnCheck, which found that the level of effort that the attacker put into create a social presence around the fake security company and the fake exploits is on a whole other level compared to what researchers have seen in the past.

"They put in a decent amount of effort into building personas, if you will, for each of these characters — these actors that who would advertise the GitHub repositories with the actual malware," VulnCheck security researcher William Vu tells Dark Reading. "So they put a lot of time and effort into building, really, a fake security company, and that, to me, is kind of new."

Targeting security researchers is rare, but has a long history. In 2021, for example, Google's Threat Analysis Group (TAG) warned that North Korea-backed hackers had created a faux research blog and multiple fake Twitter profiles. Researchers would then be asked to collaborate on vulnerability research, and those who agreed would be sent a Visual Studio project file that would run custom malware to infect the target's system, according to Google TAG's analysis. Three months later, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about the campaign.

A similar attack — also by North Korea — targeted security researchers by using LinkedIn accounts and acting as recruiters, according to research released in March by Mandiant.

The latest attack also uses social engineering to target the supply chain, says Mike Parkin, a senior technical engineer at Vulcan Cyber, a provider of enterprise cyber-risk remediation services.

"One of the core defenses against malicious packages is for developers to actually vet the package before they download and use it, and part of that vetting process is determining if the package was created by a trustworthy source, whether commercial or otherwise," he says. "If threat actors can do a good job of faking that, they have a better chance of getting a victim to download their package and then not give it as close of an inspection as they should."

**GitHub, WhatsApp, What's Next?**

VulnCheck contacted GitHub about the project hosting the fake exploit, and the page was taken down. A day later, however, the same group created a similar page advertising a WhatsApp zero-day exploit, VulnCheck's researchers stated in the advisory. That pattern continued, and each time the company notified GitHub of a new page, it was removed but a new project page would appear. Pages offering a purported Microsoft Exchange remote code execution (RCE) bug, a Discord zero-day RCE, and others continued the cat-and-mouse game, the company stated.

In each case, instead of an exploit, a Python file in the repository would — if run by the target — download an operating-system-specific binary. While most antivirus programs detected the Windows malware that the Python script loaded, only three of the 62 Linux host-based scanners detected that binary, VulnCheck stated.

The threat actor used a variety of social media profiles to push out links to the pages. While the technique has been used as a way to convince software developers to download vulnerable or malicious components as a way of infecting the supply chain, this attack seems more likely to gain access to security professionals' own research, Vu says.

"Security researchers and testers usually have their own research, and if I were going after security researchers this way, I would be looking to obtain their cache of real zero-day exploits, and any kind of corporate IP that they might have access to," he says.

**Not the Sharpest Tool in the Toolbox**

While companies should always educate their developers about the risks that come with online code and how to best vet projects and unknown developers to determine if they are legitimate, researchers need to learn to be wary too, says Erich Kron, security awareness advocate at KnowBe4.

"Running code that others have written, especially when available in free and open websites such as GitHub, always carries some risk," he said. "In this case, researchers looking at the code may even assume that the malicious parts are simply a piece of these zero days being disclosed, when in fact it's designed to infect their own systems."

For most security researchers, a little due diligence will go a long way. A little research would likely discover that the company behind the "security research" has no track record, and that the researchers have no history in the industry, says Vulcan Cyber's Parkin.

"If a package just appeared out of nowhere, and the developers all seem to be new on the scene? Red flags," he says. "The sad thing is that this will have some negative impact on newly active researchers who may not have any history yet, but it's also easy to tell the difference between someone who doesn't have a history because they're just getting started and someone who has no history because they don't exist."

Attackers Create Synthetic Security Researchers to Steal IP

Organizations need to prepare for security threats as summer holidays approach.

Summer is just around the corner, and every cybersecurity professional I know is braced for cybercriminals to take action. The Cybersecurity ad Infrastructure Security Agency (CISA), part of the Department of Homeland Security, warns that holidays are a period of heightened threat. That can be extrapolated to any time cybercriminals think IT security teams might be lean or preoccupied, such as the summer season, when workers typically take more time off and stay out of the office for longer.

Here are four top considerations to help IT security staff manage risks — even when they're short staffed with holidays and vacation schedules.

**1\. Beware of Taking Work and Hardware on Vacation**

From the malicious intentions of a thief to a well-intentioned passerby going through a device to reach its owner and seeing sensitive information, lost hardware can evolve from an inconvenience to a corporate reputation and compliance nightmare.

To avoid the risk of lost hardware, it's best practice for employees to leave company devices at home unless they need to work while traveling — especially when it comes to international travel. As a precaution in the event devices are lost or stolen, employees should keep any devices with company information locked. IT departments should mandate phishing-resistant multifactor authentication, require employees to change passwords at least every six months, implement stringent password requirements, or explore passwordless validation options.

**2\. Avoid Open Wi-fi and Public USB Ports**

While many employees are aware of the risks associated with using public Wi-Fi and charging ports, the convenience of sending a quick email from the airport or using public power outlets may be difficult to resist. It's essential to remain vigilant, because of the dangers of sneaky threat actors tapping into shared networks and infiltrating personal devices or corporate systems.

According to one survey, 40% of respondents had their information compromised while using public Wi-Fi. The Federal Communications Commission warns about "juice jacking," in which bad actors target travelers running low on battery power and load malware onto public USB charging stations to hack into electronic devices.

Work travel and quick check-ins while in transit make it difficult to completely avoid working in public. To avoid the security, compliance, and reputation risk of a hack, instruct employees on secure mobile working practices. Employees should use known, secure hotspots instead of connecting to public Wi-Fi. If Wi-Fi can't be avoided, they should use a virtual private network (VPN). Employees looking for a charge while on the go should only plug their chargers into AC power outlets, rather than public USB ports. This goes for company devices and personal devices that have access to company email or messaging applications, even if their primary use isn't for work.

**3\. Focus Security Training and Messaging About Holiday Cyber-Risks**

Many cyberattacks like ransomware happen on Friday afternoons, and if it's a holiday weekend, the risk is high. Threat actors rightly calculate that a distracted employee trying to wrap up their work week might inadvertently click a phishing link or a security team might be running with a skeleton crew because of vacation schedules. Due to this, organizations must especially fortify their defense posture and check crisis management/business continuity plans as we approach holiday weekends.

Companies should closely monitor networks and systems for suspicious activity by combining employee and AI-led strategies in order to maximize time and cost efficiency, allowing AI monitoring and data protection to fill in the gaps when IT teams are spread thin.

Security departments should also schedule security refresh trainings ahead of summer vacation season. Schedule thoughtfully to ensure employees have dedicated time to review security practices and absorb the information.

**4\. Now Is the Time for IT Security Teams to Mobilize**

It's necessary to develop plans to accomplish the preceding three steps and also ensure business can continue when an attack inevitably does occur. A business continuity plan will help you react appropriately and expeditiously in the event of an attack, thereby limiting the effects and scope of the crisis. Plans should include:

*   An outline of who needs to be involved and their responsibilities, with contingencies in place that account for staff vacation plans
*   Detection and initial analysis of the attack
*   Defining the scope of the attack
*   Determining the origination of the attack (who/what/where/when)
*   Determining if the attack has concluded or is ongoing
*   Determining how the attack occurred
*   Containing the impact and propagation of the attack
*   Eradicating the malware and vulnerabilities that may have permitted its ingress and propagation
*   Recovering data from hardened backups
*   Responding to regulatory and/or contractual obligations as a result of the breach

**Bad Actors Come Prepared, but So Can Companies**

Good security people prepare well. Relationships, training, awareness, technologies and incident response playbooks all help to manage and reduce risk. While long weekends and other time off are rarely true holidays for security professionals, there are steps we can take to prepare and protect our organizations, so employees can remain vigilant while also enjoying well-deserved time off.

Cybercrime Doesn't Take a Vacation

The new privileged access management and secrets management capabilities tackles access issues and secret sprawl across the cloud environment.

Hashi Corp expanded its identity-based security portfolio with new products for privileged access management and secrets management.

With organizations shifting more of their workloads to the cloud, they need to change how they handle privileged access management. Instead of relying on SSH keys and IP address-based security, HashiCorp Boundary enables secure user access across the cloud, the company said. A self-managed commercial offering of HashiCorp Boundary for secure remote user access, HashiCorp Boundary Enterprise relies on just-in-time credentials to provide lead-privileged access to users with single sign-on access to cloud infrastructure. The session recording capability provides an auditable record of all user and application actions so that security teams know what is happening within the environment.

Organizations are struggling with secret sprawl across different systems, tools, and environments. HashiCorp Cloud Platform (HCP) Vault Secrets provides simplified secrets management as a software-as-a-service offering. The new SaaS offering is designed for organizations that want to manage secrets with minimal overhead and cost, the company said. HCP Vault Secrets and secret syncing allow organizations to centrally manage secrets while allowing developers to use their existing cloud-native development workflows.

HCP Vault Secrets is currently in beta. There is a separate capability – Vault Secrets Operator for Kubernets – to synchronize Vault secrets to Kubernetes secrets and automatically rotate secrets without disrupting service. Vault Secrets Operator for Kubernetes is generally available for HCP Vault and Vault Enterprise.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

HashiCorp Expands PAM, Secrets Management Capabilities

A few lines of code can help you prevent accidental exposure, manage sensitive information, and maintain different configurations for various environments.

**Question: How do I keep my API keys from becoming part of someone else's GitHub search?**

**Answer:** Storing API keys directly in your code is generally not recommended due to the potential security risks. If your code is ever shared or becomes publicly accessible, anyone who sees the API key can use it, potentially leading to abuse or a security breach.

Here are several ways to store API keys securely:

*   **Environment variables:** You can store API keys in environment variables on your machine and then access these variables from your code. This method has the advantage of keeping the keys out of your code. (They are in the environment where the code runs.) It also means that the keys can be different for different environments, such as your local machine, a development server, a production server, etc.
*   **Configuration files:** You can also store API keys in a separate configuration file that is not included in your code repository. This file should be added to your _.gitignore_ file to prevent it from being committed to your repository. Be sure to add appropriate file-level permissions to this configuration file to prevent unauthorized access. In your code, you would read the API keys from this file.
*   **Secrets management systems:** For larger applications or more sensitive data, you might consider using a secrets management system. These are specialized tools, such as AWS Secrets Manager, HashiCorp's Vault, and Google's Secret Manager, that help manage access to secrets like API keys.
*   **Environment-specific configuration services:** Platforms like Heroku and Netlify have specific features or services for setting environment variables, which can be used to store API keys.
*   **Encrypted storage:** If you need to store the API keys in a database or other storage system, you should encrypt them. This way, even if someone gains access to the storage system, they won't be able to use the keys without the encryption key.

Let's take a look at how to implement the first two, the lowest-overhead of these solutions, in secure coding. I've used Python as the example language for this, though any language will have similar concepts. The advantage of Python is its simplicity and ease of use, which together with its formidable data-handling capabilities make it ideal for most uses.

**To Use Environment Variables for Storing API Keys**

Environment variables allow you to store sensitive information, such as API keys, outside of your source code. They are accessible to the application during runtime and can be easily configured on different environments (e.g., development, staging, and production).

First, set the environment variable in your system or the platform where your application is running. In a Unix-based system, you can set an environment variable using the _export_ command:

% export API\_KEY=<your\_api\_key>

Next, access the environment variable in your application's code. For example, in Python, you can access the value of an environment variable using the _os_ module:

% python import os api\_key = os.environ\['API\_KEY'\]

**To Use External Configuration Files for Storing API Keys**

Another way for the beginning developer or data scientist to store API keys is via external configuration files. These can be very useful; however, you should exclude them from the repository using _.gitignore_ or the equivalent.

First, create a configuration file, such as _config.json_, and store the API key in it:

json { "api\_key": "<your\_api\_key>" }

Next, add the configuration file to your project's _.gitignore_ (or equivalent) to ensure it's not tracked by your version control system.

Finally, load the configuration file in your application's code to access the API key. For example, in Python, you can load a JSON configuration file and access the API key like this:

import json with open('config.json') as f

config = load(f) api\_key = config\['api\_key'\]

**Lock Up Your APIs**

By using either environment variables or external configuration files, you can better protect your API keys from accidental exposure, simplify management of sensitive information, and make it easier to maintain different configurations for various environments. You should enforce proper access controls on the environment variables and configuration files to prevent unauthorized access.

As your project grows in complexity (and importance), it may be advisable to move to platforms with innate capability, such as secrets management systems or environment-specific configuration services, for storing sensitive items. However, these quick solutions help you start off on a more secure footing.

How Do I Protect My API Keys From Appearing in Search Results?

Coalition ESS uses AI to generate dynamic risk scores to help organizations mitigate their most critical risks faster.

**SAN FRANCISCO** **— June 15, 2023** **—** Coalition, the world's first Active Insurance provider designed to prevent digital risk before it strikes, today announced the Coalition Exploit Scoring System (Coalition ESS), a unique vulnerability scoring system that helps risk managers mitigate potential cyber threats. Developed by Coalition Security Labs, the company's research and innovation center, Coalition ESS is a security risk prioritization scoring system that leverages real-time monitoring and dynamic scoring to enable businesses of all sizes to efficiently understand which vulnerabilities to patch first. 

"In cybersecurity, timing is everything. Thousands of new vulnerabilities are published monthly, and it’s nearly impossible for IT and security teams to quickly understand and address them all. Defenders need a more efficient way to sift through the noise and prioritize which vulnerabilities to remediate," said Tiago Henriques, Coalition's Head of Security Research. "With Coalition ESS, they have an early source of truth to evaluate which risks to prioritize mitigating _before_ an incident occurs."

Coalition ESS leverages artificial intelligence and large language modeling to scan the descriptions used within newly released CVEs (Common Vulnerabilities and Exposures) and compares them to previously published vulnerabilities to predict the likelihood of exploitability. The result is two probability scores: the Exploit Availability Probability, or the likelihood that code for an exploit will be publicly available, and the Exploit Usage Probability, or the likelihood that threat actors will use an exploit to execute an attack. These scores combined give security managers and IT professionals a prioritization list outlining which vulnerabilities pose the greatest threat, saving time and resources in an otherwise arduous decision-making process. 

Coalition ESS scores are dynamic, responding to changes in available exploit information, unlike the scores derived from the Common Vulnerability Scoring System (CVSS). Coalition ESS scores are available up to one week from the initial vulnerability announcement, unlike other systems where scoring a vulnerability can take anywhere from one week up to one month.

"We created Coalition ESS to prioritize our own vulnerability management efforts as we are often the first line of defense for hundreds of thousands of assets of our customers at scale. We use ESS to evaluate and notify our policyholders about which vulnerabilities have the highest potential to negatively affect them and, today, are releasing it to the broader community," continued Henriques. 

Coalition ESS is available today for public use at: ess.coalitioninc.com. To learn more about Coalition’s cybersecurity research and innovation center, Security Labs, visit: www.coalitioninc.com/security-labs.

Coalition Releases Security Vulnerability Exploit Scoring System

**BOSTON****,** **June 15, 2023** **/PRNewswire/ --** The vulnerability of subdomain takeover in Microsoft Azure continues to pose a threat, with researchers at Keytos discovering approximately 15,000 vulnerable subdomains each month using cryptographic certificates. This relatively common exploit allows cybercriminals to impersonate organizations, launch attacks, and display spam content through legitimate sites. Despite continuous attempts to contact and notify over 1,000 organizations about their domain issues, only 2% have taken action to address the problem.

Subdomain takeover occurs when a domain is left open after deleting an Azure website, providing cybercriminals with a backdoor to create fraudulent sites. These sites appear legitimate since they are hosted on forgotten domains, putting users at risk of credential theft through simple deception. To take preventative measures, Keytos has developed an automated tool called EZMonitor which scans and identifies vulnerable subdomains using certificate transparency logs and checking the availability of Azure-hosted websites. In its first month, EZMonitor identified over 30,000 vulnerable domains, most of which are relatively high-profile organizations that many would think have sophisticated cybersecurity teams within their organizations.

Hardly anyone is aware of the scale and magnitude of this vulnerability. 85% of Fortune 500 companies are currently utilizing Microsoft Azure and are objectively at risk. Microsoft's attempts to address the issue, their solutions like Defender for App Service Dangling DNS detection have not fully resolved the problem, leaving many organizations unknowing vulnerable. Unfortunately, most organizations have not taken the threat seriously, ignoring warnings or only removing the DNS entry without addressing the underlying vulnerability.

These takeovers have severe implications and potential consequences, including the theft of login credentials, legitimizing false information, and distributing malware. End-Users are mostly helpless against these attacks, but they can encourage their organizations to take the issue seriously. Site owners, on the other hand, can take measures to protect themselves. These include implementing certificate transparency monitoring, removing dangling DNS entries, and using Certificate Authority Authorization (CAA) records.

Urgent action is needed to address this critical issue and safeguard domains and users. Keytos' automated scanning tool, EZMonitor, provides an effective means of identifying vulnerable subdomains. It is crucial for organizations to prioritize security and take proactive measures to mitigate this threat.

Want to see if your sites are secure? Keytos offers a free domain scanning tool to examine your organizations' certificates https://portal.ezmonitor.io/

SOURCE Keytos LLC

Keytos Uncovers 15,000 Vulnerable Subdomains per Month in Azure Using Cryptographic Certificates

The company aims to empower enterprises to securely manage their endpoints and remediate vulnerabilities from the cloud, enabling a work-from-anywhere environment with confidence.

**Houston, Texas, June 15, 2023 —** Action1 Corporation, a provider of the #1 risk-based patch management platform designed for work-from-anywhere enterprises, announced today its plans to invest $20 million in its solution. The investment aims to close the gap for easy-to-use secure cloud solutions for continuous remediation of security vulnerabilities on endpoints within distributed networks. The company plans to allocate funds for R&D, focusing specifically on implementing a zero-knowledge architecture into its platform.

Unpatched vulnerabilities accounted for 82% of cyberattacks in H1 2022, making them a leading contributor to breaches. Patching is overlooked due to two main reasons: the complexity of modern IT environments and the lack of automation. Specifically, 73% of enterprises don't automate third-party patching despite having an average of 67 applications per device. Additionally, patching remote endpoints takes 2.5 longer. While cloud-based solutions can address these issues, enterprises are concerned about security risks following software supply chain attacks like SolarWinds and Kaseya, which compromised multiple entities through a single-entry point. 

"The unprecedented growth of online threats in parallel to the growth of distributed workforces is forcing organizations to seek alternatives to legacy endpoint management tools, which not only struggle with scalability, but also hinder their ability to maintain flexibility, cybersecurity, and resilience," said Ken Buckler, Research Director at Enterprise Management Associates®.

The Action1 cloud-native platform empowers enterprises to remediate security vulnerabilities by streamlining the deployment of OS and third-party updates or implementing compensating controls. Unlike many other patch management market players that rely on third-party technologies, Action1 uses its own patching engine, ensuring a 99% patch success rate. Through the integration of zero-knowledge architecture, Action1 eliminates the risk of successful supply chain attacks targeting both the platform and its customers, enabling organizations to secure their endpoints with confidence. 

"Action1 provides us with complete visibility into the patching status across our endpoints, enabling us to develop policies for OS and third-party updates to automatically remediate security vulnerabilities; when combined with the upcoming zero-knowledge feature, it will bring our resilience level at the cutting edge of industry trends," said Matt Lutjen, system administrator at CARR Auto Group.

The zero-knowledge architecture utilizes encryption and digital signatures, ensuring that transactions within the system are proven and verified without revealing any underlying information. This additional layer of defense makes it nearly impossible for attackers to establish persistence within the software supply chain in the event of a compromise.

Key elements of the zero-knowledge architecture:

*   **End-to-end encryption:** Transactions within the system are encrypted, and decryption and execution are only possible with signature keys known only to the system's administrator.
*   **Verification without data revelation:** All commands must be verified for identity before execution, but no entity, including the vendor, has a sensitive level of access to the customer's environment.

"Action1, through its commitment to setting a new standard in patch management, provides enterprises with easy-to-use and powerful solutions for continuous patch compliance, all fortified by advanced security measures. These measures ensure the highest level of protection for the product and its underlying infrastructure, effectively addressing the evolving needs of modern distributed enterprises in mitigating the threat of supply chain attacks," said Mike Walters, President and co-founder of Action1.

Zero-knowledge architecture update to the platform coming H1 2024.

**About Action1 Corporation** 

Action1 is the #1 risk-based patch management platform for distributed networks trusted by thousands of global enterprises. Action1 helps to discover, prioritize, and remediate vulnerabilities in a single solution to prevent security breaches and ransomware attacks. It automates patching of third-party software and operating systems, ensuring continuous patch compliance and remediation of security vulnerabilities.

The company was founded by cybersecurity veterans Alex Vovk and Mike Walters, who previously founded Netwrix, which was acquired by TA Associates.

Learn more at: www.action1.com.

Action1 Announces $20M Investment in Its Patch Management Platform

A third perp has been fingered, but CISA warns that LockBit variants continue to be a major threat on a global scale.

The US Department of Justice has arrested and charged a Russian national, Ruslan Magomedovich Astamirov, for his role as an affiliate for the LockBit ransomware.

Specifically, Astamirov is accused of directly executing at least five attacks between August 2020 and last March, against victim computer systems in the United States and abroad.

"Astamirov is the third defendant charged by this office in the LockBit global ransomware campaign, and the second defendant to be apprehended," US Attorney Philip R. Sellinger, District of New Jersey, said in a DoJ statement. "The LockBit conspirators and any other ransomware perpetrators cannot hide behind imagined online anonymity."

Astamirov is charged with conspiring to commit wire fraud and conspiring to intentionally damage protected computers and to transmit ransom demands. If convicted, he faces a maximum penalty of 25 years in prison, along with a maximum fine of either $250,000 or twice the gain or loss from the offense, whichever is greatest. The latter number may be larger; CISA and other global cybersecurity authorities this week warned that affiliates using LockBit ransomware variants have collectively extorted around $91 million across 1,700 cyberattacks against US organizations since 2020.

Multiple criminal affiliates use LockBit ransomware, which functions as a ransomware-as-a-service (RaaS) model, so the different attacks vary in how they operate and in their tactics, techniques, and procedures (TTPs), making it more difficult for organizations to protect themselves. Even so, they're finding it increasingly difficult to evade law enforcement scrutiny. 

The latest DoJ announcement follows LockBit-related charges in two other cases from the District of New Jersey. In November, the department announced LockBit-related criminal charges against Mikhail Vasiliev, who is in custody in Canada awaiting extradition to the United States. In May, the department announced the indictment of Mikhail Pavlovich Matveev, for his alleged participation in separate conspiracies to deploy LockBit, Babuk, and Hive ransomware — he remains at large.

**More Recent LockBit Ransomware Activity**

Meanwhile, LockBit attacks continue. The most recent LockBit ransomware activity was observed this year in New Zealand in February, Australia in April, and the United States on May 25.

CISA and fellow authors in the advisory recommended that organizations apply mitigations such as sandboxing browsers, installing Web application firewalls, requiring phishing-resistant multifactor authentication (MFA), and installing up-to-date antivirus software, to prevent against ransomware attacks.

LockBit Affiliate Arrested, as Extortion Totals Reach $91M Since 2020

**MELBOURNE, Australia & PARIS — (****BUSINESS WIRE****) —** Tesserent Limited (ASX: TNT) and Thales (Euronext Paris: HO) are pleased to announce that they have entered into a binding Scheme Implementation Deed (SID) under which it is proposed that Thales will acquire 100% of the shares in Tesserent by way of a Scheme of Arrangement for A$0.13 per ordinary share in cash valuing Tesserent’s equity at A$176m (circa €107 million).

The combination of Thales and Tesserent will create an experienced provider of much needed cybersecurity services in Australia and New Zealand at a time when the market is expecting double-digit growth through to 2026.

The Tesserent business will continue to be known as Tesserent, and its visual identity will incorporate the "Cyber Solutions by Thales" tagline. It will become the lead Cybersecurity offering of Thales Australia and New Zealand. It will accelerate the growth of cyber solutions operations for Thales customers in Australia and New Zealand, supported by the scale, balance sheet and know-how of the global Thales business.

As a global leader in cybersecurity, Thales is involved at every level of the cyber value chain, offering solutions ranging from risk assessment to protection of critical infrastructure, supported by comprehensive threat detection and response capabilities. Its offer is built around **three families of cybersecurity products and services**, which generated sales of €1.5bn in 2022:

1.  Global security products around the CipherTrust Data Security Platform the SafeNet Trusted Access Identity & Access Management as a service solution, and the broader cloud protection & licensing offerings
2.  Sovereign protection products including encryptors and sensors to protect critical information systems
3.  Cybels solutions portfolio, a complete suite of cybersecurity services including risk assessment, training and simulation, and cyberattack detection and response

**Kurt Hansen, CEO of Tesserent,** said: “_I am thrilled that, through the proposed transaction, Tesserent teams would be joining Thales, a global leader in cybersecurity. Together we will address the growing Cyber needs in our country, including those of the Australian Government and Defence sectors. I am convinced this transaction would represent a great opportunity to further grow Tesserent’s business and its people.”_

**Jeff Connolly, CEO of Thales Australia**, said: “_With the acquisition of Tesserent and its highly skilled team of cyber experts, and combined with our own system engineering experts, Thales Australia will establish an Australian/New Zealand leader in Cyber Defence able to best protect the country and its national infrastructure from cyber threats._

_The Tesserent team will have access to global expertise and a strong balance sheet to provide local Australian and New Zealand businesses both a sophisticated and wide cybersecurity offering in a fragmented market._

_After the acquisition of S21sec, Excellium and OneWelcome in Europe in 2022, we continue to accelerate our global cybersecurity strategy and consolidate our leadership in cybersecurity, both for critical infrastructure as well as multinational companies.”_

Recommended by all members of the Tesserent Board2, the implementation of the Scheme is subject to Tesserent shareholders’ and court approval. In addition, the transaction is subject to regulatory approvals and other customary closing conditions. It is expected to be completed during the second half of 2023.

More details on the proposed transaction, including key terms of the Scheme Implementation Deed and indicative timetable, can be found here: https://investors.tesserent.com/site/investor-information/investor-welcome

Thales Proposes to Acquire Tesserent, Expanding its Global Cybersecurity Leadership

Vulcan Connector for Wiz enables mutual customers to reduce cloud risk at scale.

**TEL AVIV - June 13, 2023  —** Vulcan Cyber, developers of the cyber risk management platform for all attack surfaces, today announced the launch of the Vulcan Connector for Wiz and a partnership with leading cloud security provider Wiz as the company unveils Wiz Integrations (WIN). Vulcan Cyber, hand selected as a launch partner, brings the power of the Vulcan Cyber risk management platform to WIN, to help customers seamlessly integrate Wiz into existing vulnerability and asset risk mitigation workflows.

WIN enables Wiz and Vulcan Cyber to share prioritized security risk insights with context including inventory, vulnerabilities, issues, and configuration findings. Mutual customers receive the following benefits: 

*   Risk data aggregation, correlation and deduplication for cloud-native infrastructure, application environments and traditional networks
*   Security risk prioritized with organizational relevance and asset-based context
*   Orchestrated and automated vulnerability risk mitigation campaigns

The combined value of these two offerings will streamline security for organizations that are on a cloud journey, regardless of where they may be on that journey.

The Vulcan Connector for Wiz was one of the first solutions to be built using the new Vulcan Connector engine for efficient, consistent and scalable integration of enterprise volumes of security data. The Vulcan Connector for Wiz aggregates and correlates Wiz cloud vulnerability risk data with associated asset and threat data for contextualized vulnerability risk prioritization. Together, Vulcan Cyber and Wiz help security and cloud operations teams focus on the cyber risk that poses the biggest threat to customers’ organizations, orchestrate mitigating actions, and measure the efficacy of cloud vulnerability remediation efforts.

“The rapid adoption of cloud services has introduced a great deal of unmanaged risk to large organizations. Vulcan Cyber and Wiz are tackling this challenge head on with an integrated cloud risk management solution that provides holistic cyber risk visibility and mitigation across every cloud environment and for all cyber attack surfaces,” said Yaniv Bar-Dayan, CEO and co-founder of Vulcan Cyber. “The overwhelming challenge of cloud security at scale is now manageable with this combined solution providing contextualized cloud vulnerability risk prioritization and mitigation.”

The Vulcan Cyber integration with Wiz provides cloud security teams with visibility into cloud infrastructure security posture while concurrently delivering the same visibility into other IT and application attack surfaces. Customers use Vulcan Cyber to identify critical risk and attack paths by interpreting volumes of risk and asset data, measuring and prioritizing risk with essential business context, and efficiently orchestrating the work of cloud risk mitigation and remediation validation.

"A best-in-class cloud operating model reduces risk, improves ROI, and drives efficiency," said Oron Noah, Director of Product Management, Wiz. "That value proposition is what lies at the heart of WIN, and what partners like Vulcan Cyber are helping to make a reality. This collaborative philosophy brings real customer benefits and we are so thankful to have Vulcan Cyber on board for this launch.”

WIN is designed to enable a cloud security operating model where security and cloud teams work collaboratively to understand and control risk across their CI/CD pipeline.

The Vulcan Connector for Wiz was built using the new Vulcan Connector engine which facilitates the integration of security data at scale to help large cyber security organizations aggregate, correlate, and de-duplicate data to accurately measure cyber risk and generate meaningful security posture insights. 

Vulnerability risk mitigation is only as impactful as the data used to prioritize remediation actions and to set the right risk mitigation campaigns in motion. The Vulcan Connector engine goes beyond any comparable tool to collect, contextualize and enrich vulnerability scan and asset data, unique asset relationships, and threat intelligence data. The Vulcan Connector engine also allows companies to integrate any unsupported tool into the Vulcan platform within minutes, allowing companies to gain a holistic view of their risk posture.

Learn more about the Vulcan Connector for Wiz here.

**Manage Your Cyber Risk Now**

To experience Vulcan Cyber vulnerability and asset risk management for yourself request a demo or get access to Vulcan Free.

**About Vulcan Cyber**

Vulcan Cyber has developed the industry's first cyber risk management platform, built to help businesses reduce vulnerability and asset risk through measurable and efficient attack surface security. Vulcan Cyber orchestrates and tracks the vulnerability remediation lifecycle from scan to fix by aggregating risk and asset data, prioritizing vulnerabilities using business context, curating and delivering the best remedies, and automating mitigation processes through the last mile of remediation. Vulcan Cyber is proud to offer Vulcan Free, VulnRX and MITRE Mapper as freemium SaaS solutions for IT security teams at businesses of all sizes. The unique capability of the Vulcan Cyber platform has garnered Vulcan Cyber recognition as a 2019 Gartner Cool Vendor and as a 2020 RSA Conference Innovation Sandbox finalist. https://vulcan.io

Source

DARKReading