The new software-led solution enables organizations to defend against cybersecurity threats in their operational technology (OT) environments.

**ATLANTA, May 23, 2023 –** Honeywell (**Nasdaq: HON**) today announced the release of its operational technology (OT) cybersecurity solution, Honeywell Forge Cybersecurity+| Cyber Insights, to assist customers in improving the availability, reliability and safety of their industrial control systems and operations.

Cyber Insights is designed to integrate information from multiple OT data sources in order to provide a customer with actionable insights into their facility’s cybersecurity vulnerabilities and threats, allowing the customer to manage their compliance strategy, thereby helping reduce their overall cybersecurity risks.

Companies with OT systems face challenges in obtaining the necessary information to reduce the likelihood and impact of cyberattacks and to stay compliant with standards and regulations that may be applicable to them. These challenges are compounded by the shortage of available cybersecurity skills in operational technology, with a cyber security workforce gap of more than 3.4 million people.\[1\]Despite attempts to implement various solutions, success is difficult to achieve due to the complexity of the tools, the overwhelming volume of security data generated, and the lack of solutions specifically designed for OT.

“Organizations should leverage technology to address worker shortages, while at the same time gaining clear visibility into their OT facilities’ cybersecurity posture to help them make faster decisions and reduce cyber risk,” said Michael Ruiz, vice president and general manager, Honeywell OT Cybersecurity Innovation. “Cyber Insights is a tool designed to provide customers with detection and insights so that cybersecurity leaders can better understand and monitor their then current security profile, while also being able to detect and mitigate the latest threats.”

Cyber Insights brings a tailored approach by providing a purpose-built cybersecurity solution for OT environments and users. It is designed to offer a site-level view of a facility’s cybersecurity posture and provide insights into security events, vulnerabilities, active threats and to manage compliance. Cyber Insights is designed to help organizations strengthen their cyber resilience and to respond faster to incidents through access to critical information at the right time.

Cyber Insights is pre-configured for OT use, with already available customization options designed to address certain needs specific to different industrial environments, while being vendor agnostic so that it can be deployed on Honeywell control systems as well as many other systems. It is also deployed, supported and maintained by Honeywell Cyber Care services during the applicable subscription license term, to help customers maintain continuous tuning and optimization as required for any system to run in peak form.

“Honeywell has successfully positioned itself as a ‘one-stop shop’ system integrator and solution provider across different spectrums of operational technology (OT) cybersecurity for over 20 years,” said Avimanyu Basu, senior lead analyst at ISG. “Being vendor-agnostic, Honeywell is well-equipped to work on almost any device and provide the necessary services for assessment and remediation.”

To learn more about Honeywell OT Cybersecurity solutions, visit us at www.becybersecure.com.

**About Honeywell**

Honeywell (www.honeywell.com) delivers industry-specific solutions that include aerospace products and services; control technologies for buildings and industry; and performance materials globally. Our technologies help aircraft, buildings, manufacturing plants, supply chains, and workers become more connected to make our world smarter, safer, and more sustainable.

Honeywell Forge is intelligent operations software that connects assets, people, and processes, enabling operational performance, sustainability, and quality improvement.

For more news and information on Honeywell, please visit www.honeywell.com/newsroom.

_This document may contain statements including future product direction and does not create any binding obligations on us to develop or sell any product, service or offering. Any descriptions of future product direction, intended updates or new or improved features or functions are intended for informational purposes only and are not binding commitments on us and the sale, development, release, locations of availability, or timing of any such products, updates, features or functions is at our sole discretion._

Honeywell Releases Cyber Insights to Better Identify Cybersecurity Threats and Vulnerabilities

**CANTON, Mass.****,** **May 23, 2023** **/PRNewswire/ --** On April 17, 2023, Point32Health, the parent organization of Harvard Pilgrim Health Care ("Harvard Pilgrim") and Tufts Health Plan, identified a cybersecurity ransomware incident on its computer systems and is working with third-party cybersecurity experts to conduct a thorough investigation into this incident and remediate the situation. 

Unfortunately, the investigation identified signs that data was copied and taken from Harvard Pilgrim systems between March 28, 2023, and April 17, 2023. Harvard Pilgrim is taking this incident extremely seriously and deeply regrets any inconvenience this incident may cause. 

Harvard Pilgrim determined that the files at issue may contain personal information and/or protected health information belonging to current and former subscribers and dependents, and current contracted providers. The investigation revealed that the following information could potentially be in the files at issue: names, physical addresses, phone numbers, dates of birth, health insurance account information, Social Security numbers, provider taxpayer identification numbers, and clinical information (e.g., medical history, diagnoses, treatment, dates of service, and provider names). At this point, Harvard Pilgrim is not aware of any misuse of personal information and protected health information as a result of this incident, but nonetheless has begun notifying potentially affected individuals to provide them with more information and resources.  

The notice includes information on steps individuals can take to protect themselves against potential fraud or identity theft. Harvard Pilgrim is also offering complimentary identity protection and access to two (2) years of credit monitoring services for potentially affected individuals. Harvard Pilgrim recommends that individuals regularly monitor their credit reports, account statements and benefit statements and promptly report any suspicious or fraudulent activity to the entity with which the account is maintained and the proper law enforcement authorities, including the police and their state attorney general.  

In response to this incident, Harvard Pilgrim is taking steps to implement additional data security enhancements and safeguards to better protect against similar events in the future. Harvard Pilgrim is, and has always been, committed to prioritizing the security of the data entrusted to it.  

Harvard Pilgrim has established a dedicated call center for individuals to contact with questions. The call center can be reached at (888) 220-5517 (toll free), Monday through Friday from 9:00 a.m. to 9:00 p.m. ET, excluding U.S. holidays. Additional information is also posted on Harvard Pilgrim's website at https://www.harvardpilgrim.org/. 

SOURCE Harvard Pilgrim Health Care

Harvard Pilgrim Health Care Notifies Individuals of Privacy Incident

DryRun security seeks to bridge the gap between developers and security professionals by automating security analysis in code reviews before deployment.

**Austin Texas, May 23, 2023 –** DryRun Security emerged from stealth with the mission to fix the disconnect between security and developers, with the premise being that all developers fundamentally care about security. The company, founded by technology veterans James Wickett and Ken Johnson, is creating a new security analysis tool  to find potential bugs sooner than any other security solution on the market while being better aligned to how developers actually work. 

Co-founders James Wickett and Ken Johnson created DryRun Security after observing that in the past 20 years software security has become misaligned with the way developers build.  The arc of the industry has created silos where legacy security solutions have  been geared towards security professionals rather than those who write the software.   

This leads to three significant gaps.  The first is testing for security issues after it’s been deployed leads to wasted developer and security team cycles when problems are discovered. The second is many of the bugs being identified are not even relevant,  resulting in false-positives. Finally, the third is application security teams lack an accurate picture of which code reviews require their expertise. This is further exacerbated by the sheer velocity and number of daily and weekly code updates. All of these problems lead to inaccurate, delayed, and often incorrectly prioritized security testing and ultimately , an overall less-secure codebase.   

DryRun Security fixes the disconnect between security and developers by performing Contextual Security Analysis which runs where developers work. As a developer writes code, they dry-run security testing and analysis  and get results back in near real time, which is where the name “DryRun” comes from.  This type of testing builds the security context of the code and provides feedback to developers whenever they make changes or write new code.

“The disconnect between engineers and security testers is due to a lack of security context making it back to developers” said James Wickett, CEO and Co-Founder of DryRun Security, “DryRun Security was created to address this fundamental disconnect under the assumption that developers truly care about the security of the products they are building. With that assumption, we believe that security should be an integral part of the software development process.  That’s why it’s our mission to provide engineers with a tool that makes it easy to identify and fix potential security bugs while the developer is working on that section of code.”

“At DryRun Security, we understand that once a developer can see the security context of their changes, they can make better decisions and create more secure applications. This is different from  the way that testing has been happening over the past two decades which has made fixing bugs inefficient, driving up costs and creating unnecessary hurdles for developers and security professionals.” Said Ken Johnson, Co-Founder and CTO of DryRun Security. “I experienced these headaches firsthand, which is why I started DryRun Security with James. Our belief is that the solution we provide will give developers the ability to integrate contextual security analysis into their development workflow and fix issues before they become bigger problems.”

DryRun Security is currently running a private beta for their product, and they are accepting signups to the list. Please visit https://dryrun.security to signup and join the early access list. 

**About DryRun Security**

DryRun Security is a software security company that provides automated security reviews for developers as they write code. Founded by James Wickett and Ken Johnson, the company takes a unique approach using Contextual Security Analysis, which is a proprietary approach they’ve developed by training over 10,000 developers on security testing and code reviews. Using this approach, developers and security teams are able to bridge the gaps of mainstream security testing approaches and fix potential bugs before deployment. For more information, please visit https://dryrun.security.

Technology Veterans James Wickett and Ken Johnson Launch DryRun Security to Bring Security to Developers

New capability streamlines automated testing of cybersecurity and anti-fraud features in android and iOS apps in virtual and cloud testing suites.

**REDWOOD CITY, Calif.****,** **May 23, 2023** **/PRNewswire/ --** Appdome, the mobile app economy's one and only Cyber Defense Automation platform, today announced Build-to-Test which enables mobile developers to streamline the testing of cybersecurity features in mobile apps.

The new capability allows Appdome-protected mobile apps to recognize when automated mobile app testing suites are in use and securely completed without interruption by a vendor, logging all security events for the developer to track and monitor. The Build-to-Test service is part of Appdome's Dev2Cyber initiative and will accelerate the delivery of secure mobile apps globally.

In continuous integration, continuous delivery (CI/CD) pipelines, mobile app quality assurance is done via automated testing services so the functionality of the mobile app can be validated across hundreds of real-world mobile devices and OS versions. However, automated testing services can also leverage methods and tools that violate cybersecurity policies or that cybersecurity professionals find problematic and dangerous such as emulators, virtualization, resigning, debugging, dual spaces, Magisk and more. Once protections are added to a mobile app, security features detect these methods and tools, and the resulting cyber defense may prevent testers from using parts of these testing services.

The new Build-to-Test option on Appdome extends Appdome's support for automated mobile app testing services and allows Appdome-protected mobile applications to recognize the testing vendor and securely complete testing runs without interruption.

"We've always supported automated testing," said Chris Roeckl, Chief Product Officer at Appdome. "Build-to-Test solves one of the last operational challenges of testing mobile applications at scale and maintains end-to-end security in the mobile DevSecOps pipeline."

Appdome-protected mobile apps have always been testable on devices made available through automated mobile application testing vendors. Advantages of the new Build-to-Test feature include:

*   Fully automated testing for Appdome-protected mobile apps;
*   Fully automated mobile app testing services to validate cyber defenses in Appdome protected mobile apps;
*   Reduced complexity when testing protected mobile apps in automated environments;
*   Eliminate the need to test protected and unprotected builds separately; and
*   Protect test builds with Appdome defenses to ensure improved DevSecOps compliance.

"Mobile developers want to test complete Android and iOS builds that include cyber and anti-fraud defenses," said Jamie Bertasi, Chief Customer Officer at Appdome. "Our goal is to remove every ounce of friction that stands in the way of protecting the mobile app economy."

Appdome's Built-to-Test option is available with Appdome-DEV and Appdome-SRM licenses and compatible with all major mobile app testing services including Microsoft App Center, Sauce Labs, BitBar, LambdaTest and BrowserStack to reduce time to market, improve app quality and increase pipeline efficiency.

For more information on how to use Appdome Build-to-Test, please see this knowledge base article.

**About Appdome** 

Appdome's mission is to protect every mobile app in the world and the people who use mobile apps in their lives and at work. Appdome provides the mobile industry's only mobile application Cyber Defense Automation platform, powered by a patented artiﬁcial-intelligence based coding engine, Threat-Events™ Threat-Aware UX/UI Control and ThreatScope™ Mobile XDR. Using Appdome, mobile brands eliminate complexity, save money, and deliver 300+ Certified Secure™ mobile app security, anti-malware, anti-fraud, mobile anti-bot, anti-cheat, MiTM attack prevention, code obfuscation and other protections in Android and iOS apps with ease, inside the mobile DevOps and CI/CD pipeline. Leading ﬁnancial, healthcare, government and m-commerce brands use Appdome to protect Android and iOS apps, mobile customers and mobile businesses globally. Appdome holds several patents including U.S. Patents 9,934,017 B2, 10,310,870 B2, 10,606,582 B2, 11,243,748 B2 and 11,294,663 B2. Additional patents pending.

Learn more at www.appdome.com.

SOURCE Appdome

Appdome Launches Build-to-Test, Automated Testing Option for Protected Mobile Apps

Attackers primarily target on-premises IT infrastructures.

**FRISCO, Texas****,** **May 23, 2023** **/PRNewswire/ --** Netwrix, a cybersecurity vendor that makes data security easy, today announced additional findings for the enterprise sector (organizations with more than 1,000 employees) from its annual global 2023 Hybrid Security Trends Report.

According to the survey, 65% of organizations in the enterprise sector suffered a cyberattack within the last 12 months, which is similar to the results among companies of all sizes (68%). The most common security incidents are also the same: phishing, ransomware and user account compromise.

However, larger organizations are a more frequent target for ransomware or other malware attacks: 48% of enterprises experienced this type of security incident on premises, compared to 37% among organizations of all sizes. Malware attacks are less common in the cloud: just 21% of respondents in the enterprise sector experienced one within the last 12 months.

"It is no surprise that the enterprise sector suffers malware attacks at a higher rate than smaller organizations. After all, ransomware operators want to maximize their profits, so they consider which organizations are most able to pay a ransom to reduce business downtime — and the larger an organization is, the costlier an operational disruption will be," says Dmitry Sotnikov, VP of Product Management at Netwrix. "On the other hand, larger organizations have more tools to spot the attack that might stay unnoticed for SMBs. In addition, enterprises have bigger infrastructure with more endpoints that statistically increases the chance of the security incident."

The enterprise sector also reports larger expenses as a result of cyberattacks than their smaller counterparts. Indeed, 28% of enterprises estimated their financial damage from cyberthreats to be $50,000 and higher, compared to just 16% among organizations overall.

"Smaller companies often underestimate their risk of attack, reasoning that cybercriminals tend to target enterprises because they store more intellectual property (IP) and other sensitive data. But our survey shows that organizations suffer cyberattacks with a similar frequency regardless of their size," says Dirk Schrader, VP of Security Research at Netwrix. "Every organization has valuable data, such as customer and employee information, and is therefore a target for attackers. What's more, SMBs are not only a target on their own but as a way into the larger enterprises that consume their services."

To learn more about how enterprises can overcome the ransomware challenge, visit the Netwrix ransomware protection page.

**About Netwrix**  

Netwrix makes data security easy. Since 2006, Netwrix solutions have been simplifying the lives of security professionals by enabling them to identify and protect sensitive data to reduce the risk of a breach, and to detect, respond to and recover from attacks, limiting their impact. More than 13,000 organizations worldwide rely on Netwrix solutions to strengthen their security and compliance posture across all three primary attack vectors: data, identity and infrastructure.  

For more information, visit www.netwrix.com.

Netwrix Report: Enterprises Suffer More Ransomware and Other Malware Attacks Than Smaller Organizations

The company's ESG appliances were breached, but their other services remain unaffected by the compromise.

Email and network security solutions company Barracuda Networks is warning customers that threat actors have targeted its email security gateway (ESG) appliances for compromise, by way of an email attachment scanning module.

The issue, discovered on May 19, has since been addressed through two security patches applied worldwide on May 20 and 21, though Barracuda still warned its customers on May 23 that some of the ESG appliances remain compromised. In its investigation, the company found that the vulnerability "resulted in unauthorized access to a subset of email gateway appliances," though its other products, such as the software-as-a-service (SaaS) email security services, were not affected.

Because the investigation was limited specifically to the ESG, the company encourages those that have been affected to assess their network environments to ensure that their other devices on the network have not also been compromised.

Barracuda continues to monitor the situation and users who have been impacted have been notified through ESG appliances of what their next steps should be.

"If a customer has not received notice from us via the ESG user interface," the company said, "we have no reason to believe their environment has been impacted at this time and there are no actions for the customer to take."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Threat Actors Compromise Barracuda Email Security Appliances

Security professionals warn that Google's new top-level domains, .zip and .mov, pose social engineering risks while providing little reason for their existence.

Two new top-level domain names — .zip and .mov — have caused concern among security researchers, who say they allow for the construction of malicious URLs that even tech-savvy users are likely to miss.

Google announced the domains in early May, kicking off a slow buildup of criticism from the security community as people became aware of the issues. In a widely circulated post on Medium, security researcher Bobby Rauch pointed to two seemingly identical URLs that appear to go to the same place — downloading a zip file from a GitHub repository — but by using unicode slashes, an "@" sign, and the .zip domain, a potentially malicious URL could instead redirect users to an attacker's website.

While a top-level domain (TLD) that mimics a file extension is only one component in the lookalike attack, the overall combination is much more effective with the .zip or .mov extension, says Tim Helming, security evangelist at DomainTools, a provider of domain-related threat intelligence.

"There's no question that phishing links that involve these TLDs can be used to lure unsuspecting users into accidentally downloading malware," he says. "Unlike other kinds of phishing URLs that are intended to lure the user to enter credentials into a phony login page, the lures with the .zip or .mov domains are more suited to drive-by download types of attacks."

In the three weeks since Google announced the new domains — along with .dad, .phd, and .foo — security researchers have pointed out the dangers of TLDs that match file extensions. On Tuesday, for example, Trend Micro became the latest security firm to warn users to fine-tune their ability to spot malicious links. In the advisory, the company pointed out that the Vidar info-stealer uses fake URLs to download a "Zoom.zip" file to the victim's computer — and that the .zip domain will make the attack much more effective.

Google did not answer questions about the tradeoffs between risk and utility for the new TLDs but did send a statement to Dark Reading, pointing to other confusing domains, such as 3M's command.com domain as a way of arguing that the issue is not novel.

"The risk of confusion between domain names and file names is not a new one," the company stated. "Applications have mitigations for this — such as Google Safe Browsing — and these mitigations will hold true for TLDs such as .zip. At the same time, new namespaces provide expanded opportunities for naming such as community.zip and url.zip."

Whether the new domains will make phishing better is still a question for some, but the risk of making more effective links seems to outweigh any benefit of the domains, says Erich Kron, security awareness advocate at phishing and security education firm KnowBe4.

"It's the 'why are we doing this?' that kind of gets me, and frankly, it's just a bad idea, right?" he says. "Bad actors have been using .zip files and compressed files to get people to download malware for eons, and then to make a top-level domain that the general public is going to associate with \[legitimate files\] ... we are really opening the doors to some some very easy trickery here."

**No Active Phishing Attacks so Far**

The domain names have already led to some mistakes, and not just on the part of humans. Some tools, such as Google's own malware identification service VirusTotal, are confusing filenames with the .zip extension with URLs with the .zip TLD, according to Johannes Ullrich, dean of research for education organization SANS Technology Institute. Ullrich is in the process of surveying existing .zip domains to see which are malicious.

He has found that evidence of in-the-wild campaigns is scant so far. "This opens up new avenues for more convincing phishing attacks," Ullrich said, with a caveat: "However, there are already many ways to create convincing phishing attacks, so the risk is more incremental."

The good news is that attackers have not yet picked up the technique en masse for real-world attacks, Trend Micro stated in its advisory.

"As of today, Trend Micro has not yet received URLs related to these new TLDs from internal and customer cases," the company stated. "However, we will continue to monitor any related URLs we come across and block them as needed in preparation for potential phishing campaigns."

At this point, the biggest "attack" so far involves "rickrolling" and parked domains, Ullrich says: At least 48 domains have been registered by people who then posted a video of singer Rick Astley and his song, "Never Gonna Give You Up."

**Awareness, Best Security Practices Remain Top Advice**

The creation of file-extension-lookalike domain names will likely lead Google and other browser makers to adopt warnings in their software, alerting users when a domain uses special unicode characters — such as two characters that appear to be slashes (/) — and which could be confused for legitimate URLs.

However, much will still rely on users, who should be careful about checking links, and companies, which can restrict new domain names until cybersecurity providers can assign them a reputation, DomainTools' Helming says.

"There are ways for very savvy users to spot these file paths visually," he adds, "but the most effective defenses are going to be a combination of efforts that include security control detections for things like those characters, risk scoring for newly created domains — in any TLD — and updated user awareness training."

_With reporting by Jaikumar Vijayan_

Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool

A cybersecurity vulnerability found in an implementation of the social login functionality opens the door to account takeovers and more.

A vulnerability in the implementation of the Open Authorization (OAuth) standard that websites and applications use to connect to Facebook, Google, Apple, Twitter, and more could allow attackers to take over user accounts, access and/or leak sensitive information, and even commit financial fraud.

OAuth comes into play when a user logs in to a website and clicks on a link to log in with another social media account, such as "Log in with Facebook" or "Log in with Google" — a feature that many sites use to allow cross-platform authentication. A team from API security firm Salt Security's Salt Labs discovered the flaw, tracked as CVE-2023-28131, in the OAuth implementation in Expo, an open source framework for developing native mobile apps for iOS, Android, and other Web platforms using a single codebase.

Specifically, the flaw potentially could affect any users that use various and social media accounts to log into an online service that uses the framework, the researchers revealed in a blog post published May 24.

The vulnerability is the second — and more impactful — one that Salt researchers have found in an online platform's implementation of OAuth, which is proving to be a tricky standard to implement securely. In March, Salt discovered a flaw in Booking.com's implementation of OAuth that could have allowed attackers to take over user accounts and gain full visibility into their personal or payment-card data, as well as log in to accounts on the website's sister platform, Kayak.com.

**Third-Party Risk With OAuth Implementation**

The flaw in Expo could have had a much wider impact than the Booking.com flaw, because of Expo's wide install base, Aviad Carmel, Salt security researcher, tells Dark Reading.

"Because this second OAuth vulnerability was discovered in a third-party framework used by hundreds of companies, the potential exposure was far greater," he says. "It could have impacted the OAuth implementations of hundreds of websites and apps."

Moreover, OAuth is becoming a de facto authentication standard in modern service-based architectures, as well as in emerging artificial intelligence (AI)-based platforms. This inherently means any vulnerabilities in OAuth implementations have a broad reach. In fact, in other research unveiled May 24, software-as-a-service (SaaS) security firm DoControl revealed that 24 percent of third-party AI apps require risky OAuth permissions.

Expo patched CVE-2023-28131 within hours after Salt researchers flagged the issue, and developers maintaining the platform recommended in a blog post detailing the flaw that customers update their Expo deployments to fully mitigate the risk.

However, the mounting list of OAuth vulnerabilities and the overall complexity of correctly configuring the standard that they highlight suggest that more websites and apps could have undiscovered flaws lurking beneath their surface.

The findings also demonstrate how enterprises are adversely and broadly affected when third-party frameworks introduce API vulnerabilities into their environment, often without them knowing. This puts customers at risk for credential leaks or account takeover, and gives threat actors a platform from which to launch further attacks, the researchers said.

**Exploiting the Expo Flaw**

When a user clicks on an OAuth-enabled link to log in to Site A with a social media account, Site A will then open a new window to Facebook, Google, or whatever trusted account is being used. If it's the user's first time visiting Site A, the social media page will ask for permission to share details with Site A. If the user has gone through the process before, the social media site will automatically authenticate the user to Site A.

Salt Labs researchers discovered CVE-2023-28131 in Codeacademy.com, an online platform that offers free coding classes across a dozen programming languages. Companies including Google, LinkedIn, Amazon, Spotify, and others use the site to help train employees, and the site has around 100 million users. The researchers ultimately exploited the flaw to gain complete control of Codeacademy.com accounts, they said.

The vulnerability in the OAuth implementation within Expo relates to the social sign-in process, Carmel tells Dark Reading. "When users sign in using their Facebook or Google credentials, Expo acts as an intermediary and transfers the user's credentials to the target website," he says.

Attackers could have exploited CVE-2023-28131 by intercepting this flow and manipulating Expo to send the user credentials to a malicious domain instead of the intended destination, Carmel explains.

This exploitation could have led to leaks of personal data or even financial fraud if attackers used credentials to log into users' financial accounts. Threat actors also could potentially have performed actions on behalf of users on their social media accounts, Carmel says.

**Why OAuth Is Tricky**

OAuth's popularity stems from how it can provide a much more seamless user experience for people when interacting with frequently used websites. However, it has a complex, technical back-end that can lead to implementation mistakes, creating security gaps that are ripe for exploitation, the researchers said.

To secure an OAuth implementation, then, an organization must understand how OAuth functions and which endpoints can receive user inputs, Carmel says.

"Attackers may attempt to manipulate these inputs, so validating each one is essential," he advises. "This can be achieved by maintaining a whitelist of predetermined values or implementing other strict validation methods."

Because of how complex OAuth implementations are proving to be, Salt Security plans to release a best-practice guide in the future to help enterprises security their OAuth implementations effectively, Carmel adds.

OAuth Flaw in Expo Platform Affects Hundreds of Third-Party Sites, Apps

It's time to invest in initiatives that engage young women in cybersecurity early and often.

The United States faces a tremendous shortage of cybersecurity professionals, with more than 750,000 open cybersecurity roles nationwide. According to an (ISC)2 report, women made up only about 24% of the global cybersecurity workforce in 2018.

If the cybersecurity sector doesn't start attracting more female professionals, it will never have the strength or numbers to counter the growing threats facing America. Cyberattacks are more prevalent and dangerous than ever before, posing threats like identity theft, financial fraud, corporate espionage, and state-sponsored cyberattacks, which will continue to increase in severity in the absence of a skilled cybersecurity workforce. While the Biden administration's National Cybersecurity Strategy provides a road map for addressing the gender gap and workforce shortage in science, technology, engineering, and math (STEM), as well as cybersecurity, there is more to be done. That's where universities come in.

Educational institutions have a crucial role to play in building the next generation of female cybersecurity talent and bolstering the workforce. There are several strategies universities can deploy to support women interested in entering one of the world's most important professions.

**Empower Girls to Pursue Cybersecurity as Early as Middle School**

For starters, universities can start appealing to female students earlier in their academic lives — as early as middle school — to pursue degrees and careers in cybersecurity. Historically, as girls enter middle school, their interest in STEM begins to decline, and most girls have already decided by the time they reach high school if a career in STEM is right for them. There also needs to be a shift in emphasis from "Do you like math and science?" to "Do you like technology, are you curious, and do you want a high-paying job?" in helping students explore new interests.

Framing those conversations in a more friendly way can help students who may not have considered a career in cybersecurity — or even know what it is — to see themselves in the industry.

**Foster Peer Mentorship Programs**

Universities can create mentorship programs, pairing the next generation of cyber leaders pursuing higher education and careers in the field with local middle and high school students. The peer mentorship model has been incredibly successful in inspiring and motivating young women and girls, increasing their confidence in their ability to pursue careers in the industry.

For example, IF/ THEN, a nonprofit focused on advancing women in STEM, has tapped high-profile STEM professionals across fields to serve as peer mentors to young women, initiating a cultural change in the industry.

Near-peer mentoring is a very effective strategy for supporting young women and other underrepresented groups in cybersecurity. Students can build meaningful relationships with individuals who are only a few years older and are achieving success in the field. If she can see it, she can be it.

**Leverage Experiential Learning**

Cybersecurity educators across the country also need to change their approach to promoting the field if they want students to develop an interest at younger ages. Experiential learning is critical to helping girls and other underrepresented groups understand the field and, more importantly, that they can contribute to it as a professional. A class on the merits of dual-factor authentication might put middle schoolers to sleep, but a class on cracking passwords would show them why it matters and how it applies to the real world.

Palo Alto Networks, a leading cybersecurity company, recently partnered with the Girl Scouts of the USA (GSUSA) to launch the first-ever national security badge program, which provides elementary, middle school, and high school girls with STEM activities to increase their cybersecurity skills and encourage them to pursue careers in the field.

Another national initiative that has been successful in increasing cybersecurity interest among K–12 students is GenCyber, which provides free summer cybersecurity camps for students and professional development opportunities for teachers nationwide. Funded by the National Security Agency (NSA) and National Science Foundation (NSF), these camps offer activities and competitions in everything from cryptography to network security to help all ages improve their cybersecurity fundamentals.

By prioritizing diversity and inclusion and supporting outreach programs, universities can build a pipeline of talent that will provide the professionals needed for an adaptive and responsive cybersecurity workforce. If Americans want to get serious about protecting ourselves, businesses, organizations, and our government, it's time to invest in initiatives that engage our young women in cybersecurity early and often.

How Universities Can Bridge Cybersecurity's Gender Gap

Researchers say the Iranian nation-state actor known as Tortoiseshell could be behind the attacks.

At least eight Israeli websites have been targeted in a watering hole campaign that researchers say could be the work of an Iranian nation-state threat group.

The attack campaign, discovered by ClearSky Cyber Security, focuses on shipping and logistics companies. Once a site is infected, a malicious script collects preliminary user information.

ClearSky said it has "a low confidence specific attribution" to the Tortoiseshell group out of Iran. The targeting of shipping and logistics companies aligns with Iran's history of cyberattacks against that sector over the past three years.

"Previous Tortoiseshell attacks have been observed using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appeared to be supply chain attacks with the end goal of compromising the IT providers' customers," the company claims. "The threat actor has been active since at least July 2018."

ClearSky tied the C&C server used in the attacks to Tortoiseshell.

Watering hole attacks have been part of the initial access vector used most overall by Iranian threat actors since at least 2017. ClearSky researchers observed four domains impersonating jQuery, and domain names impersonating jQuery were deployed in a previous Iranian campaign from 2017 using a watering hole attack.

Iranian threat actors traditionally have targeted Israeli websites in an attempt to collect data on logistics companies associated with shipping and healthcare. This latest website attack spotted by ClearSky is similar to an effort observed last year where an Iranian threat actor named UNC3890 was targeting shipping companies in Israel via a similar of type of attack.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Source

DARKReading