Jesper Andersen has decided to retire and will continue to serve on the Board of Directors.

**SANTA CLARA, Calif.****,** **Jan. 11, 2023****/PRNewswire/ --** Infoblox Inc., the leader in cloud-first DNS management and security, today announced that Jesper Andersen has decided to retire as Chief Executive Officer and the Board of Directors has appointed Scott Harrell as the new President and Chief Executive Officer. Andersen will continue to serve on the Board and support Harrell through the transition.

Harrell brings strong executive leadership and portfolio management experience having spent two decades in leadership roles at Cisco Systems and Intel. Prior to joining Infoblox, Harrell was the Senior Vice President and General Manager for Cisco's $20 billion Intent Based Networking business unit where he oversaw the entire portfolio and engineering teams across the enterprise, IoT and data center markets. He has an MBA from UNC-Chapel Hill, Kenan-Flaglar Business School, and a bachelor's in Industrial Engineering from Georgia Institute of Technology.

Vista Equity Partners and Warburg Pincus, Infoblox investors, have thoughtfully selected Harrell as Andersen's successor.

"We are thrilled to welcome Scott to Infoblox. His deep-domain expertise in building leading technology businesses at Fortune 100 companies makes him perfectly suited for Infoblox – as the company continues to invest in next-generation cloud-first DNS management and security solutions. We're confident that he will lead the business to continued growth and adjacent market expansion," said John Stalder, Managing Director, Vista Equity Partners.

Harrell joins Infoblox at a critical time where more and more enterprises are embracing a remote workforce and multi-cloud strategies – both of which drastically increase DNS management complexities and security challenges.

"Infoblox is an innovative company with an incredibly talented team that consistently executes at extremely high levels. I am thankful for all Jesper has done for the company and the incredible culture that has been built under his leadership," said Harrell. "Infoblox's solutions are critical to the ongoing operations, availability, and security of enterprises across the world. I'm thrilled to join a company that embraces an innovation mindset anchored by its technology and its people, and I look forward to further accelerating Infoblox's growth and market leading solutions."

Over the past decade, Infoblox has experienced expansive growth, including growing its customer base by 82%, growing its partner relationships by 43% and more than doubling its employee base, all while taking its technology solutions to innovative new heights. 

"On behalf of the Board, we thank Jesper for his invaluable contributions and tremendous impact to Infoblox – transforming the company into a cloud-first market leader in comprehensive, world-class security and networking solutions. Infoblox's momentum and growth is a testament to Jesper's leadership, passion, and dedication to employees, customers, and partners. While Jesper's retirement has been planned for a long time, we are excited to have him remain on the Board of Directors and continue to be an important strategic asset to the company," said Cary Davisand Parag Gupta, Managing Directors, Warburg Pincus. 

Jesper's continued passion and dedication for employees has fostered a very strong, collaborative culture, and one that continues to attract top talent and executives like Harrell.

"My time at Infoblox will remain the highlight of my career, where we were able to disrupt the industry and offer solutions to our customers unmatched by any competitor," said Jesper Andersen. "Beyond our leading technology, I am proud to have worked alongside Infoblox employees across the globe to create a culture-driven by our core values – to make Infoblox an incredibly positive, innovative, and supportive workplace that I know they will carry forward. I have incredible confidence in Scott and the executive leadership team to continue our mission to drastically simplify networking and security for our customers," added Andersen.

Learn more about Infoblox's networking and security solutions here.

**About Infoblox**

Infoblox is the leader in next generation DNS management and security. More than 13,000 customers, including 75% of the Fortune 500, rely on Infoblox to scale, simplify and secure their hybrid networks to meet the modern challenges of a cloud-first world. Learn more at

 https://www.infoblox.com.

Infoblox Appoints Scott Harrell to CEO

**IRVINE, Calif. – January 11, 2023 –** SecureAuth, a leader in next-generation access management and authentication, today announced that the United States Patent and Trademark Office (USPTO) has granted the company seven groundbreaking methods for authenticating users’ claimed identities for frictionless user access using automated risk-based control and behavioral modeling. Capabilities derived from these patents are included SecureAuth’s ArculixTM product portfolio.

“The innovation in the Arculix platform adds a new dimension in cyber protection by delivering passwordless and continuous authentication to clients who are exhausted by the lack of efficacy in existing binary authentication systems,” said Shahrokh Shahidzadeh, CTO at SecureAuth. “Enterprises that leverage Arculix’s data science approach and end-to-end passwordless continuous authentication experience a trifecta of elevated platform trust, lower friction, and insightful real-time action when detecting anomalies.”

The USPTO issued U.S. Patent No. 11,329,998, entitled “Identification (ID) Proofing and Risk Engine Integration System and Method” on May 10, 2022. Methods disclosed in the patent include performing entity authentication through identification (ID) proofing using bio-behavior-based information which may be continuously monitored.

The USPTO has issued U.S. Patent No. 11,250,530, entitled “Method and System for Consumer Based Access Control for Identity Information” on February 15, 2022. The methods disclosed in this patent involve organizations such as the DMV or the IRS receive an identity request per set policies allowing authorization by the owner.

The USPTO issued U.S. Patent No. 11,349,879, entitled “System and Method for Multi-Transaction Policy Orchestration with First and Second Level Derived Policies for Authentication and Authorization” on May 31, 2022. This highlights authentication policy orchestration between a user device, a client device, and a server.

The USPTO has issued U.S. Patent No. 11,321,712, entitled “System and Method for On-Demand Level of Assurance Depending on a Predetermined Authentication System” on May 3, 2022. This patent involves issuing an authorization token and based on real-time multi-factor authentication (MFA).

The USPTO issued U.S. Patent No. 11,367,323, entitled “System and Method for Secure Pair and Unpair Processing Using a Dynamic Level of Assurance (DLOA) Score” on June 21, 2022. The patented technology delivers Biobehavioralâ identification in which the elements of a system work together to monitor biologic features (e.g., fingerprints, pupils, or the like) and behavior (e.g., wake time, exercise time, and location) of a user.

The USPTO issued U.S. Patent No. 11,455,641, entitled “System and Method to Identify User and Device Behavior Abnormalities to Continuously Measure Transaction Risk” on September 27, 2022. The patent continuously monitors the context and behavioral information restricting improper access to a secure network.

The USPTO issued U.S. Patent No. 11,552,940 entitled “System and Method For Continuous Authentication of User Entity Identity Using Context and Behavior For Real-Time Modeling and Anomaly Detection” on January 10, 2023.  The system allows an identity to be continuously proven due to a user entity’s behavior and their biometrics. A primary ID allows risk-based continuous authentication and step-up post-authorization authentication upon detection of an anomaly.

As a leader in the industry, SecureAuth is a powerful innovator with 53 issued patents across identity and access management, adaptive authentication, passwordless authorization and ID proofing.

**About SecureAuth Corporation**

SecureAuth is a leading next-gen access management and authentication company that enables the most secure and flexible authentication experience for employees, partners, and customers. With the only solution that can be deployed in cloud, hybrid, or on-premises environments, SecureAuth manages and protects access to applications, systems, and data at scale, anywhere in the world. To find out more, please visit www.secureauth.com.

SecureAuth Announces Seven New Patents for Biobehavioral Credentials for Continuous Authentication, and ID Proofing to Secure Digital Identities

Shift your mindset from risk to resilience.

As the lyrics of "Auld Lang Syne" so eloquently say, "Should old acquaintance be forgot and never brought to mind?" As security leaders look forward to what the new year brings, they're taking stock of everything — their teams, their technologies, their budgets — and trying to plan for what looks to be another challenging year.

While I don't have a Magic 8 Ball, 2023 looks like more of the same — the same budget constraints, the same supply chain problems, and the same cybersecurity challenges. There is also a lot of pressure currently on security leaders to do more with less while also facing more scrutiny and more accountability for the effectiveness of their cybersecurity programs. Sophisticated and frequent cyberattacks, shrinking budgets, and a scattered workforce have only exacerbated preexisting security challenges to the point that it's hard to know what to address first. So, if you're a security leader still working on your New Year's resolutions, cyber resilience should be No. 1 on your list.

**Shifting Your Mindset****

Most security leaders today have adopted "it's not if, but when" mindset in relation to cybersecurity incidents. Additionally, risk management — constantly identifying risk and implementing the appropriate mitigating controls — continues to be a key component of overall cybersecurity program management. But what if you're unable to implement the necessary controls or if you fail to identify a critical risk? The real question is, what is your plan for readiness when you're faced with a risk that has been realized due to having no mitigating controls, inadequate mitigating controls, or blind spots?

Recently, I met with a potential customer, and security staffers outlined their current cybersecurity challenges, program/technology wants and needs, and talent shortages. As they described their top cybersecurity concerns, I asked if they were thinking about their problems correctly; instead of focusing on problem X, perhaps they should focus on problem Y instead. But then I realized that the security leader at that company sees the same problems day in and day out, and they're specific to the organization. In contrast, however, being in a role similar to that of a security solutions consultant, I see many different types of problems being approached and solved in multiple ways.

I wondered how much this difference in perspective affects our ability as an industry to align on cybersecurity baselines, metrics, prioritization approaches, etc. It's difficult to solve problems within our cybersecurity programs when the problems, the organizations we protect, and our priorities change every day. If we agree that "it's not if, but when," we also agree that we must accept a degree of uncertainty when managing our security. We cannot, however, allow those blind spots to result in business disruption. Instead, there must be a mindset shift in the way cybersecurity programs are managed, from a traditional risk management model to cyber resilience.

****Understanding the Security Game****

The good news is we're starting to see a shift in organizations prioritizing resilienc and not just risk, even though effective risk management is an important component of cyber resilience. According to a recent Forrester report, there has been a significant increase in chief risk officers (CROs) reporting directly to the CEO. This is one example of a much-needed pivot in the enterprise mindset, with security evolving from a compliance checkbox to an investment in a strategy for cyber resilience. For companies with inadequate protections in place, CISOs will need to focus their budgets on having a resourced team, proper tools, and robust training.

Part of this mindset shift is also understanding the security game you need to play and then being able to explain that strategy to your leadership team and board of directors. When all you think about is the risk — we're risky here, so we'll plug this hole with this solution, then we're risky over here, so we'll plug that hole over there with this other solution — it's like playing a game of whack-a-mole. Try taking that approach to your board as a well-defined strategy.

Instead, the message needs to be something along the lines of: According to industry research in our vertical, here are the top threats that attackers can leverage in our type of environment, and here's how we can improve our environment. Our strategy is to be more resilient.

Now you have something measurable and can build a reasonable cybersecurity program road map.

****Why Cyber Resilience Should Be No. 1 on Your To-Do List****

The CISOs who will be most effective in 2023 will not look to answer the question "Are we safe?" Because the answer is always no — there will always be risk. The right question is "How ready are we?" You want to think about what you learned from that cyber incident — which is more than just reactively identifying the risk, assessing costs, and then implementing controls accordingly. Guess what? Attackers also have those controls. And by the time you go through your procurement process, proof of value, vendor selection, and solution implementation, attackers are several steps ahead of you.

There will always be gaps in what you know about your environment, so focusing on the continuous improvement of your security program through the lens of being ready to anticipate, withstand, recover, and adapt is how you should approach 2023.

Now is the time for security leaders to create a cyber resilience-focused program. Companies can't eliminate all risk, but we will see organizations putting in place full-scale plans and spending where they need to so they are prepared to measure progress and improvement in their cybersecurity program. Those organizations that go with the "good enough" approach will most likely pay the price (and more) later.

**

The Resolution Every CSO/CISO Should Make This Year

**San Francisco, CA, January 11, 2023** **–** Cloudflare, Inc. (NYSE: NET), the security, performance, and reliability company helping to build a better Internet, today announced several new Zero Trust email security solutions, compatible with any email provider, to protect employees from multichannel phishing attacks, prevent sensitive data being exfiltrated via email, and help businesses speed up and simplify deployments. Now, Cloudflare is providing organizations with its simple and robust phishing and malware protection that is deeply integrated with its Zero Trust platform, helping to secure all of an organization’s applications and data.

“You can’t have a complete Zero Trust solution without securing email, given that a huge proportion of all cyber attacks begin with phishing,” said Matthew Prince, co-founder and CEO of Cloudflare. “In 2022, Cloudflare Area 1 identified and kept almost 2.3 billion unwanted messages out of customer inboxes. Today we’re filling a void in the marketplace that has been underinvested in for the last ten years, with the first set of deeply integrated solutions that bring together Cloudflare Area 1 email security and our Zero Trust platform.”

Email is one of the most ubiquitous and also most exploited tools that businesses use every single day. The FBI’s latest Internet Crime Report shows that business email compromise and email account compromise, a subset of malicious phishing campaigns, are the most costly—with U.S. businesses losing nearly $2.4 billion. On top of that, email is also one of the hardest tools for businesses to secure, often resulting in multiple vendors, complex deployments, and a huge drain of resources for IT teams. Now, with Cloudflare’s Zero Trust SASE platform, customers can quickly and easily deploy comprehensive email security and data protection tools that are deeply integrated with their existing security stack and work with any email provider.

Cloudflare One provides a comprehensive Zero Trust SASE platform that is built natively into Cloudflare’s global network, spanning more than 275 cities in over 100 countries. This deeply integrated approach ensures a simple deployment in just a few clicks, without the need to change email providers, and lightning fast performance wherever users are. With Cloudflare Area 1’s new solutions, business will be able to:

*   **Automatically isolate suspicious links or attachments in emails:** With Link Isolation, If an employee clicks a link in an email it will automatically be opened using Cloudflare’s industry leading Remote Browser Isolation technology. Isolating any potentially risky links, downloads, or other zero day attacks from impacting that user’s computer and the wider corporate network.
*   **Identify and stop exfiltration of data:** With the rapid use of cloud-based email services within organizations, the amount of sensitive data that now resides outside a customer's premises has increased dramatically. By combining Cloudflare’s Data Loss Prevention and Area 1, businesses can create specific policies to scan for and block sensitive or protected content before it gets attached and sent.
*   **Onboard new Microsoft 365 domains in minutes:** Now it is as simple as possible to deploy Cloudflare Area 1 for Microsoft 365 domains via the Microsoft API. This means a single IT administrator can have the entire solution fully deployed, and running in minutes not days like legacy providers.

For more information on how to get started with Cloudflare Area 1 Security or Cloudflare One check out the information below:

*   Blog: Email Link Isolation: your safety net for the latest phishing attacks
*   Blog: How Cloudflare Area 1 and DLP work together to protect data in email
*   Landing Page
*   CIO Week

**About Cloudflare** Cloudflare, Inc. (www.cloudflare.com / @cloudflare) is on a mission to help build a better Internet. Cloudflare’s suite of products protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was named to Entrepreneur Magazine’s Top Company Cultures 2018 list, ranked among the World’s Most Innovative Companies by Fast Company in 2019, awarded by Reuters Events for Global Responsible Business in 2020, named to Fast Company's Most Innovative Companies in 2021, and ranked among Newsweek's Top 100 Most Loved Workplaces in 2022.

**Forward-Looking Statements** This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expect,” “explore,” “plan,” “anticipate,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “predict,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern Cloudflare’s expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding the capabilities and effectiveness of the Cloudflare One suite of Zero Trust solutions (including Cloudflare Area 1, Remote Browser Isolation, and Data Loss Prevention), the benefits to Cloudflare’s customers from using the Cloudflare One suite of Zero Trust solutions (including Cloudflare Area 1, Remote Browser Isolation, and Data Loss Prevention) and Cloudflare’s other products and technology, the expected functionality and performance of the Cloudflare One suite of Zero Trust solutions (including Cloudflare Area 1, Remote Browser Isolation, and Data Loss Prevention) and Cloudflare’s other products and technology, the timing of when any new Cloudflare One features (including Cloudflare Area 1, Remote Browser Isolation, and Data Loss Prevention) will be generally available to all current and potential Cloudflare customers, Cloudflare’s technological development, future operations, growth, initiatives, or strategies, and comments made by Cloudflare’s CEO and others. Cloudflare’s actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in its filings with the Securities and Exchange Commission (SEC), including Cloudflare’s Quarterly Report on Form 10-Q filed on November 3, 2022, as well as other filings that we may make from time to time with the SEC.

The forward-looking statements made in this press release relate to events as of the date on which the statements are made. Cloudflare undertakes no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. Cloudflare may not actually achieve the plans, intentions, or expectations disclosed in its forward-looking statements, and you should not place undue reliance on Cloudflare’s forward-looking statements.

Cloudflare Announces Email Security & Data Protection Tools

After a delay of more than a year, Intel's on-chip confidential computing feature is coming to all the major cloud providers, starting with Microsoft's Azure.

Intel launched on Tuesday its newest server chips, code-named Sapphire Rapids, which will form the backbone of server infrastructure in the public and private cloud.

The chips have built-in security features the company says will prevent attackers from stealing high-value data from computer systems, ensure regulatory compliance, and maintain data sovereignty. These 4th Gen Intel Xeon scalable processors will increase the baseline enclave, and Intel SGX will be able to accurately and securely verify application software loaded in that enclave, the chip giant said in a statement. These server chips fit in with Intel's confidential computing portfolio.

Confidential computing refers to a security mechanism where a bubble of protection is added around data as it travels over the network between computing systems. That is done through encryption. The Xeon chips add techniques to verify the integrity of code and authentication measures to ensure the data is accessible only to authorized individuals and systems.

The chips create trusted boundaries — which Intel calls trusted execution environments, or TEEs — in which code can be executed. A feature called Trust Domain Execution (TDX) locks down code in a secure enclave that can only be unlocked by those with the right keys or codes. The process of verifying and unlocking the code is called attestation.

The TDX instructions add a boundary around the virtual machine and everything in it, including the guest OS and apps in it, and removes the cloud service provider or other cloud tenants from a trust boundary, said Anil Rao, vice president and general manager for systems architecture & engineering at Intel's office of the CTO.

TDX leverages a security feature on Xeon chips called Software Guard Extensions (SGX), which is widely used today as a secure enclave to protect data in execution environments. But TDX is much larger in scope and covers a wider range of applications, such as AI in virtualized environments.

**Securing Virtual Machines**

SGX has been a critical element of Microsoft's Azure confidential computing offerings so far, and TDX in the newer Sapphire Rapids chips will strengthen the security in virtual machines, said Mark Russinovich, the chief technology officer at Microsoft's Azure, during the Xeon launch event.

"We look forward to being one of the first cloud providers to offer confidential services based on Intel 4th Gen Xeon scalable processors with Intel TDX later this year, enabling organizations to achieve confidentiality by seamlessly lifting and shifting their workloads without requiring any code changes," Russinovich said.

Confidential computing could be attractive to organizations concerned about high-value data and applications and services that require strong security.

"It strengthens compliance with data privacy and governance regulations and helps create a more private controlled infrastructure, even when using the public cloud," said Lisa Spelman, corporate vice president and general manager for Xeon products at Intel, during a press briefing on the new chips.

TDX will also be relevant to customers that want to activate private or regulated data in a way that doesn't breach confidentiality, Intel's Rao said.

"Think of a way in which customers use this for multiparty collaborations focused on shared analysis with data privacy," Rao said.

**From Edge to Cloud**

Rao provided some examples of sharing sensitive data securely in financial or healthcare organizations, or to share research for fraud detection. He summarized that confidential computing makes it possible to move workloads securely from the private into the public cloud while meeting data residency and compliance requirements.

Intel's 4th Gen Xeon chips will also be tied to a cloud service called Project Amber, which will help verify trust of computing boundaries from edge to cloud. It will start as an independent attestation service for Intel confidential computing technologies, Rao said. Intel plans to offer Project Amber as a pay-as-you-go feature.

The new Xeon chips will also appear in virtual machine instances in cloud services from Google, IBM, and Alibaba, but the chip maker didn't comment on whether the cloud providers would specifically offer TDX instructions.

AWS has its own confidential computing offerings, while Microsoft also has virtual machine instances with AMD’s on-chip cloud computing features.

Intel is a dominant player in the server market, with an x86 server market share of 82.5% during the third quarter of last year; its closest rival, AMD, sported a 17.5% market share, according to Mercury Research.

Intel's New Xeon Chip Pushes Confidential Computing to the Cloud

Are you asking the right questions about potential scenarios when thinking about disaster recovery and business continuity?

I wish I had a dollar for every time we have collectively had a conversation about a zero day — each and every time we've discussed the dangerous nature of the latest vulnerability. I would have a nice tidy sum squirreled away by this point.

As security practitioners, we have developed a finely honed ability to run around in circles with our hair on fire. This may cause some of us to chuckle when we think back to incidents that we’ve had to manage or help bring to a conclusion, but it still stings a little to recall how things were managed in the past.

Far too often we learn our security lessons the hard way. Reactive security was, quite literally, the default setting for the industry for many years. Even now, I have conversations with CISOs who share tales of incident response activities gone horribly awry. We listen in rapt attention, and yet we never seem to learn the lessons that are in plain view.

Rather than approach security from a reactive perspective, we should always be planning for the future by asking the question, _what could go wrong_?

**What's in Your Disaster Recovery Plan?**

For years, companies and countries — governments, rather — have been working hard to move operations to the cloud. This makes perfect sense ... until it doesn't. When I read the disaster recovery and business continuity documents for these organizations over the past couple years, I noticed some pervasive themes.

For example, in the event of network failure, everyone would go to the local electronics shop and purchase replacement laptops.

I'm sure that would scale without issue. _Oops, sarcasm dial set to 11._

Another scenario frequently listed in these documents was that of a meteor hitting the building. At no point did any of the planners take into account the fact that if said disaster had taken place, the local landscape would be desolation as far as the eye could see in any direction.

**When Planning, Ask: What If?**

But what if a country invaded yours? What if there was a completely unprovoked attack? How would you operate if your cloud instance were hosted in the aggressor's country? How would you be sure that your system would have the security resilience to survive such a scenario? Are these questions included in your disaster recovery and business continuity plans?

The war in Ukraine has really served as an exemplar of worst-case scenarios for any country in the world today. There was a great deal of "what if" planning for various wartime situations long before the Russians ever crossed the border into Ukraine. The world needs to take note and start answering these questions.

Perhaps it is time to entertain a retreat from how we have approached globalization. We should look at how we can run our systems reliably if we had to sever connections with the rest of the world.

This line of thinking may seem extreme, but it's far more realistic than preparing for a meteor strike, let alone queuing up at the local electronics shop to buy laptops, along with hundreds of other companies.

If a cloud provider was cut off from the Internet for whatever reason, what would be your contingency plan to weather the storm? We have to be vigilant in the face of threats ranging from pickup trucks hitting power lines to chip fabrication plants needing to move to other countries due to ever-shifting political issues.

Building out our strategies to reduce risk and increase our security resilience will go a long way to help address the clear and present dangers we face in this modern age.

Security Planning: Ask What Could Go Wrong

Microsoft's January 2023 Patch Tuesday security update contains fixes for bugs in multiple products. Here's what you need to patch now.

Microsoft's first security update for 2023 contained patches for a whopping 98 vulnerabilities, including one that attackers are actively exploiting and another that is publicly known but has not been exploited yet.

Microsoft identified 11 of the vulnerabilities it disclosed today as being of "critical" severity, meaning organizations using affected products need to prioritize these flaws before addressing the other ones. It rated the remaining 87 as "Important," which is a rating the company uses to describe vulnerabilities that, if exploited, could compromise the confidentiality, integrity, or availability of user data but are often not remotely executable or requires some level of user interaction.

**Bugs in Frequently Attacked Products**

Several of the vulnerabilities in the January 2023 security update affect products that are favorite attacker targets. Five of them, for instance, impact Microsoft Exchange Server and three — including one of the most severe flaws in this month's update — are in SharePoint.

"The volume is definitely concerning, especially given the Exchange patches and SharePoint updates," says Dustin Childs, communication manager for Trend Micro's Zero Day Initiative (ZDI) which reported 25 of the bugs that Microsoft closed today. "These are common targets — and targets that often don’t get patched," he notes. "There are also updates submitted by the National Security Agency and Canada’s Communications Security Establishment. That may raise an eyebrow or two."

Multiple security researchers identified a Microsoft SharePoint Server security feature bypass vulnerability CVE-2023-21743 as one that organizations need to jump on right away because of the risk it presents. The bug allows an unauthenticated attacker to bypass authentication and make an anonymous connection to an affected SharePoint server. One complicating factor with the vulnerability for enterprise security teams is that patching alone is not sufficient to mitigate the threat it presents. In addition, they also need to trigger a SharePoint upgrade, which Microsoft has included in this month's security update to protect against exploit activity, Microsoft said.

"This is not a 'patch it and move on' sort of bug," Childs says. "To fully address this vulnerability, admins need to take additional steps as outlined in the update documentation."

**Zero-Day Bug in Windows ALPC**

Another high-priority vulnerability in the January 2023 update is CVE-2023-21674, an actively exploited bug in Windows Advanced Local Procedure Call (ALPC) that allows an attacker to elevate privileges on a compromised system. The zero-day vulnerability impacts all Windows OS versions and could allow an attacker to escape a browser sandbox and gain system level privileges, Microsoft said.

Satnam Narang, senior staff research engineer at Tenable, says that while full details of the bug are not available, it's possible that attackers likely chained the vulnerability with a flaw in a Chromium-based browser or Microsoft Edge to break out of a browser sandbox and gain full system access. 

"Because of the improvements made in browser security, traditional browser exploits by themselves are limited by sandbox technology, restricting an attacker's ability to access the underlying operating system," Narang tells Dark Reading. He says it is likely that an advanced persistent threat group discovered and exploited the vulnerability as part of a targeted attack.

Microsoft described one of the bugs it addressed this month as publicly known but not exploited. The vulnerability, tracked as CVE-2023-21549, exists on the Windows SMB Witness Service and allows an attacker to execute remote procedure call functions normally restricted to privileged accounts only. Microsoft has assigned a score of 8.8 to the vulnerability even though it has assessed the bug as less likely to be exploited.

**A Flood of Privilege-Escalation Flaws**

Two of the 25 bugs that ZDI reported — and which Microsoft patched this month — were Exchange Server elevation-of-privilege vulnerabilities (CVE-2023-21763 and CVE-2023-21764) that resulted from a failed patch for a previous elevation of privilege flaw in Exchange tracked as CVE-2022-41123. "Thanks to the use of a hard-coded path, a local attacker could load their own DLL and execute code at the level of SYSTEM," Childs says.

In total, 39 of the bugs that Microsoft addressed in its latest update enable elevation of privileges, a category of flaw that the company often has rated as being less severe than RCE bugs. This, however, does not mean that organizations can put off addressing them. "Despite their lower score, these vulnerabilities are typically seen in the early stages of an attack and blocking attackers from gaining SYSTEM or domain-level access early in the kill chain can slow down attackers," said Kev Breen, director of cyber-threat research at Immersive Labs in a statement.

Several of the elevation of privilege bugs in the January update affect the Windows Kernel. Among them are CVE-2023-21772, CVE-2023-21750, CVE-2023-21675 and CVE-2023-21773. "The potential risk from these vulnerabilities is high since they affect all devices that run any Windows OS, starting from Windows 7," security vendor Action1 said. Seven of the privilege escalation bugs have low complexity and require low privileges and no user interaction, meaning they are easy to attack, Action1 said.

Other bugs that security researchers identified as being of high priority in Microsoft's January 2023 security update include CVE-2023-21762 and CVE-2023-21745, both of which are spoofing vulnerabilities in Microsoft Exchange Server. "Email servers like Exchange are high-value targets for attackers, as they can allow an attacker to gain sensitive information through reading emails, or to facilitate Business Email Compromise style attacks," Breen said. Organizations need to be aware of the risks that such bugs preset and mitigate them, he added.

Microsoft also updated its previous guidance around the recent use of Microsoft-signed drivers in malicious campaigns by cybercriminals. The guidance now includes a block list that blocks attackers from using the compromised certificate in their environment. For their recommended actions, the company said, "Microsoft recommends that all customers install the latest Windows updates and ensure their anti-virus and endpoint detection products are up to date with the latest signatures and are enabled to prevent these attacks."

98 Patches: Microsoft Greets New Year With Zero-Day Security Fixes

**AUSTIN, Texas****,** **Jan. 10, 2023** **/PRNewswire/ --** Bay Bridge Administrators, LLC, ("BBA"), an Austin, Texas based full-service third-party administrator of insurance products that works with many major insurance carriers and employers, has learned of a data security incident that involved the personal information of individuals enrolled in some employment insurance benefits administered by BBA for calendar year 2022.   

On September 5, 2022, BBA experienced a network disruption. BBA immediately took steps to secure the network environment and engaged a cybersecurity firm to conduct an investigation. The investigation determined that an unknown actor gained access to the BBA network on or prior to August 25, 2022 and obtained certain data from the BBA network on or about September 3, 2022.  After a thorough investigation, on December 5, 2022, BBA determined that certain personal information was involved in the incident and worked diligently to identify and notify these individuals.

The following personal and protected health information may have been involved in the incident: name, address, Social Security number, driver's license or state identification card number, medical information, health insurance information, and/or date of birth. The personal and protected health information involved was shared with BBA either by the individual, the individual's employer, and/or the individual's insurance carrier(s), in connection with enrollment in an employment insurance benefit plan for calendar year 2022.

To date, BBA is not aware of any evidence of the misuse of any personal and protected health information involved in this incident.  However, on December 29, 2022, BBA mailed notice of this incident to potentially impacted individuals for which BBA had identifiable address information. In this notification letter, BBA provided information about the incident and about steps that potentially affected individuals can take to protect their information. BBA also offered these individuals access to 24 months of complimentary credit monitoring and identity protection services through IDX, a national leader in identity protection services. 

BBA has established a toll-free call center to answer questions about the incident and to address related concerns. IDX call center representatives are available Monday through Friday from 8:00 a.m. – 8:00 p.m. Central Time and can be reached at 1-833-896-5300. Individuals who have not received a notification letter but are potentially impacted can obtain verification of eligibility through the IDX call center to enroll in services.

The privacy and protection of personal information is a top priority for BBA, which deeply regrets any inconvenience or concern this incident may cause.

SOURCE Bay Bridge Administrators, LLC

Bay Bridge Administrators, LLC Notifies Individuals of Data Breach

Supreme Court rules WhatsApp can sue NSO Group for damages caused by unauthorized Pegasus spyware installations.

The US Supreme Court has denied a petition to block WhatsApp from suing NSO Group for damages caused by malicious Pegasus spyware installations.

WhatsApp claims the Israel-based NSO Group targeted 1,400 WhatsApp users in April and May of 2019 with Pegasus spyware, committing fraud against the company and bogging down the platform's servers.

The Supreme Court ruling means WhatsApp can proceed with its litigation.

"NSO's spyware has enabled cyberattacks targeting human rights activists, journalists, and government officials," Meta said in a statement following the ruling. "We firmly believe that their operations violate US law and they must be held to account for their unlawful operations."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

SCOTUS OKs WhatsApp Suit Against NSO Group

Vice Society is boasting that it compromised the San Francisco transportation system, while BART maintains operations and mounts an investigation.

The San Francisco Bay Area Rapid Transit System (BART) was listed this week by ransomware group Vice Society as being among its latest victims.

Brett Callow, threat analyst with Emsisoft, flagged the Vice Society BART brag on Jan. 6. However, BART's spokesperson Alicia Trost told Dark Reading there haven't been any service disruptions as a result of a cyberattack and that an investigation is ongoing.

"We are investigating the data that has been posted," Trost told Dark Reading by email. "To be clear, no BART services or internal business systems have been impacted. As with other government agencies, we are taking all necessary precautions to respond."

Vice Society was also behind a recent spate of school breaches in the US and beyond, most recently releasing the personal information stolen from a group of 14 schools in the UK.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Source

DARKReading