A new supply chain risk management office aims to help public and private sectors implement recent CISA policies and guidance.

The US Cybersecurity and Infrastructure Security Agency (CISA) plans to open an office focused on helping the public and private sectors protect their software and IT supply chains.

The new office will help organizations implement recently issued CISA policies and guidance related to managing cybersecurity supply chain risk, including issues stemming from malicious functionality, counterfeit components, or open source software (OSS) vulnerabilities, and more.

Former General Services Administration official Shon Lyublanovits will lead the new supply chain management risk division, Federal News Network (FNN) reported.

"We've got to get to a point where we move out of this idea of just thinking broadly about C-SCRM \[cybersecurity supply chain risk management\] and really figuring out what chunks I want to start to tackle first, creating that road map so that we can actually move this forward," Lyublanovits said at a recent event, as reported by FNN.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

CISA to Open Supply Chain Risk Management Office

Noting 13% year-over-year growth in fraudulent instruction as a cause of loss, report predicts organizations must get smarter about educating employees to spot fraudulent tactics.

**London, February 1, 2023 —** From tactics to implications, cybersecurity will see a subtle but important evolution in 2023 according to Beazley’s new _Cyber Services Snapshot_ report, which was released today. The report reveals that the cyber threat landscape will be influenced by greater incident complexity, the way threat actors use stolen data, and a rise in US class actions in 2023.

The report presents global data on incidents handled by Beazley Cyber Services including cause of loss by industry, ransomware vectors, business email compromise, and data exfiltration. These data points provide a real-time view into incidents reported to Beazley, revealing an ongoing picture of emerging cyber risk. In addition, all Beazley Cyber Services Snapshots feature insights from professionals on the front line of Beazley’s incident response teams around the world.

As a category, fraudulent instruction experienced big growth as a cause of loss in 2022, up 13% year-over-year. This trend continues to be quite high, especially when it comes to small organizations.

To combat this vulnerability, the report suggests, organizations must get smarter about educating employees to spot fraudulent instruction tactics like spoofed emails or domain names. Organizations are cautioned to watch for social engineering and spear phishing, bypassing of Multi-Factor Authentication, targeting of Managed Service Providers, and compromising of cloud environments as areas of vulnerability.

“At first glance, things hardly seem particularly new as we enter 2023: threat actors are still using the same kinds of ransomware vectors to attack, and we’re still talking about the same need for education and controls,”said Russ Cohen, Beazley’s Head of US Cyber Services.“But look beneath the surface, and it quickly becomes evident that targeted organizations are facing greater incident complexity than ever before. As threat actors bring new sophistication to their techniques and adapt to improved cybersecurity efforts, more and more companies will realize they can no longer count on the default configuration of off-the-shelf IT solutions and tools.”

Beazley provides best-in-class support, services, and tools to help insureds mitigate risk and recover quickly in the event of a breach.

Greater Incident Complexity, Shift in How Threat Actors Use Stolen Data, Will Drive the Cyber Threat Landscape in 2023, Says Beazley Report

Move will strengthen position as a leader in the identity governance and analytics market.

**NOVATO, Calif. — (****BUSINESS WIRE****) —** Radiant Logic, the Identity Data Fabric company, announced today that it has entered into a definitive agreement to acquire Brainwave GRC, a leader in Identity Governance and Analytics (IGA) headquartered in France. Together, Radiant Logic and Brainwave GRC address a broad set of identity use cases, and the acquisition accelerates the companies’ shared vision of an Identity Data Fabric that uses the science of data to ensure the right information is in place to make the right policy decisions.

“Demand is increasing for cyber security, governance and compliance solutions that help companies address the continually evolving security threats, especially as regulatory environments and fines become more prevalent,” said Joe Sander, CEO of Radiant Logic. “By joining forces with Brainwave we will be able to unlock tremendous value for current and future customers by unleashing the power of identity data to help truly transform an organization’s IT landscape. Our combined platform will allow organizations to add unprecedented agility and flexibility in their infrastructure and business processes, while improving business continuity and security posture and reducing the total cost of ongoing regulatory compliance and IAM or IGA programs.”

Cyril Gollain, CEO and co-founder of Brainwave GRC, stated: “Merging with Radiant Logic is the natural next step for Brainwave GRC, providing transformative value for both our customers and employees alike. Together, this combined platform offers exceptional new insight into the role of identity data in the enterprise, and accelerates innovations in the area of analytics and IGA. We are delighted to benefit from Radiant Logic’s proven success, and when combined with our experience and reach in EMEA, it will allow us both to further expand and flourish.”

The acquisition will strengthen both Radiant Logic and Brainwave GRC’s respective market positions as identity, analytics and intelligence experts by offering a new lightweight data-centric governance capability and a market-defining identity data intelligence platform. By combining their unique capabilities into a single platform, customers can speed time-to-value by eliminating burdensome IGA deployments and focusing on what really matters to audit and compliance teams—getting the right data, which can be trusted, in a timely manner.

The identity analytics and intelligence insights resulting from Radiant Logic + Brainwave’s data-driven approach will give unprecedented insight into near real-time user behavior within an enterprise environment, transforming how organizations detect cyberattacks, fraudulent activity, lateral movement from insider threats, and more. Radiant + Brainwave is a winning combination that will provide an unmatched Zero Trust and Identity-First Security foundation for enhanced data security, reduced audit and compliance costs, and improved understanding and visibility of malicious activity.

Established in 2010 in France, Brainwave GRC has a strong reputation in helping companies across EMEA ensure compliance and protect their assets from fraud and cyber threats. Brainwave GRC provides essential Access Governance reports that include access risks, accounts, attestations, and out-of-the-box reports for major compliance frameworks—a common requirement in highly regulated markets. Their light IGA capabilities complements Radiant Logic’s identity data management expertise, and is in-line with its strategic direction to expand its offerings in the IGA market segment.

“We have strived to provide the absolute best value to our customers and truly believe this future product integration will not only streamline IAM and IGA infrastructure, but bring the value of data science and advanced analytics to the identity space,” said John Pritchard, Chief Product Officer, Radiant Logic. “The Brainwave platform will be a core component in driving RadiantOne’s new identity intelligence capabilities, realizing the vision of an Identity Data Fabric.”

“The winning combination of Radiant Logic and Brainwave will provide unmatched capabilities for an identity-first approach to security,” says Sebastien Faivre, CTO and Brainwave co-founder. “We believe that by combining our background in identity analytics with Radiant’s identity data management expertise, we can deliver innovative new solutions utilizing artificial intelligence and machine learning capabilities which can only be enhanced by ingesting the clean data from the RadiantOne platform.”

Brainwave will maintain independent operations for the near-time, while both platforms continue to be supported, invested in, and integrated over time. The transaction is subject to customary closing conditions. Terms of the acquisition were not disclosed.

**About Radiant Logic**

Radiant Logic, the enterprise Identity Data Fabric company, provides the cornerstone of complex identity architectures in today’s digital world. With Radiant, it’s fast and easy to put identity data to work, connecting many disparate data sources across legacy and cloud infrastructures in real-time, without disruption. Our solution creates a solid identity foundation that speeds the success of initiatives, including single sign-on, M&A integrations, identity governance and administration, cloud directory deployments, hybrid and multi-cloud environments, customer identity and access management, and more. From the Fortune 1000 to government agencies, organizations across the globe rely on Radiant to deliver meaningfully faster time-to-value and unprecedented IT agility, while building a secure, future-proof identity infrastructure that meets real-world business demands. Learn more at www.radiantlogic.com

**About Brainwave GRC**

Brainwave GRC is a pioneer in the identity analytics market. Named Cool Vendor by Gartner, Brainwave GRC solutions help solidify and reinforce IAM risk and compliance postures. Brainwave GRC derives intelligence through multicriteria analyses for data visualization, anomaly detection, smart access reviews and compliance controls specifically for identity and access events. It enables organizations to combat cyber risks, detect internal threats, remediate noncompliance access risks and perform fraud alert notifications with innovative solutions. Brainwave GRC strengthens your cybersecurity with preventive and predictive analytics.

Radiant Logic Signs Definitive Agreement to Acquire Brainwave GRC

**TAMPA BAY, Fla. — February 1, 2023 —** KnowBe4, Inc. (“KnowBe4”), the provider of the world’s largest security awareness training and simulated phishing platform, today announced the completion of its acquisition byVista Equity Partners (“Vista”), a leading global investment firm focused exclusively on enterprise software, data and technology-enabled businesses, for $24.90 per share in cash. 

“Today’s acquisition is a significant milestone for the entire KnowBe4 team. It’s representative of our achievements to date, as well as our potential for continued long-term growth,” said Stu Sjouwerman, founder, Chairman and Chief Executive Officer of KnowBe4. “Vista provides the resources and operational expertise to enhance customer value. We’re thrilled to embark on this next chapter and realize our goals for addressing cybersecurity’s weakest link.”

“The human element remains one of the most important yet neglected aspects of cybersecurity,” said Michael Fosnaugh, Co-Head of Vista’s Flagship Fund and Senior Managing Director. “The opportunity to scale a business that is truly mission-critical to enterprises around the world is core to Vista’s investment approach and value creation efforts. This, combined with Stu’s track record as a visionary founder and KnowBe4’s demonstrated product leadership, makes partnering with the Company very exciting.”

With the completion of the transaction, KnowBe4 shares have ceased trading and are no longer listed on the Nasdaq Global Select Market.

Morgan Stanley & Co. LLC served as financial advisor and Potter Anderson & Corroon served as legal counsel to KnowBe4’s Special Committee. Wilson Sonsini Goodrich & Rosati, Professional Corporation served as legal advisor to KnowBe4.

Guggenheim Securities, LLC served as financial advisor and Kirkland & Ellis LLP served as legal counsel for Vista.

**About KnowBe4**

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 56,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.

**About Vista Equity Partners**

Vista is a leading global investment firm with more than $95 billion in assets under management as of September 30, 2022. The firm exclusively invests in enterprise software, data and technology-enabled organizations across private equity, permanent capital, credit and public equity strategies, bringing an approach that prioritizes creating enduring market value for the benefit of its global ecosystem of investors, companies, customers and employees. Vista's investments are anchored by a sizable long-term capital base, experience in structuring technology-oriented transactions and proven, flexible management techniques that drive sustainable growth. Vista believes the transformative power of technology is the key to an even better future – a healthier planet, a smarter economy, a diverse and inclusive community and a broader path to prosperity. Further information is available at vistaequitypartners.com. Follow Vista on LinkedIn, @Vista Equity Partners, and on Twitter, @Vista\_Equity.

Vista Equity Partners Completes Acquisition of KnowBe4

Killnet is building its profile, inspiring jewelry sales and rap anthems. But the impact of its DDoS attacks, like the ones that targeted 14 major US hospitals this week, remain largely questionable.

Pro-Russian hacktivist group Killnet this week launched distributed denial-of-service (DDoS) attacks on networks belonging to 14 major US hospitals in its continuing retaliation campaign against entities in countries the threat actor perceives as hostile to Russian interests in Ukraine.

The attacks — like most Killnet attacks since Russia's invasion last February — appear to have done little to seriously disrupt network operations at any of the targeted organizations, which included Stanford Health, Michigan Medicine, Duke Health, and Cedars-Sinai.

**Designed to Garner More Support**

That said, they are likely going to garner Killnet more support from other like-minded hacktivists in Russia and elsewhere, and possibly even fuel investments into its operations from others, making them more dangerous in the process, security experts said this week.

"Killnet has been actively attacking anyone who supports Ukraine or goes against Russia for almost 12 months now," says Pascal Geenens, director of threat intelligence at Radware. "They have been dedicated to their cause and have had the time to build experience and increase their circle of influence across affiliate pro-Russian hacktivist groups."

Killnet surfaced last year, soon after Russia invaded Ukraine in February. Since then, the group has carried out a series of often high-profile DDoS attacks on organizations in critical infrastructure sectors in the US and multiple other countries. Their victims have included airports, banks, defense contractors, hospitals, Internet service providers, and the White House.

Killnet's latest DDoS campaign this week against hospitals in the US and medical institutions in multiple other countries, including Germany, Poland, and the UK, were likely motivated by the recent US-led decision by NATO countries to send battle tanks to Ukraine. However, the impact of these attacks remains questionable.

**Killnet's Questionable DDoS Impact**

Mary Masson, director of public relations at Michigan Medicine, for instance, says Killnet's DDoS attacks hit multiple of its websites on Jan. 30, including uofmhealth.org and mottchildren.org. Masson describes the attacks as causing "intermittent problems" for some of Michigan Medicine's public-facing websites hosted by a third-party service provider. 

"None of the sites impacted contain patient information, and all patient information is safe," she notes. "Patients were always still able to access the patient portal via myuofmhealth.org." The websites were all back to almost normal operations a day later, on Jan. 31.

Sally Stewart, associate director of media relations at Cedars-Sinai, describes Killnet's DDoS attack as having a similarly low impact on the hospital's operations: "The Cedars-Sinai website experienced a brief service interruption early Monday morning that has resolved. The website remains fully functional," Stewart said in an emailed statement to Dark Reading.

Stanford Healthcare and Duke Health did not immediately respond to Dark Reading's request for comment.

"They are not as disruptive as they claim to be," Geenens says, adding that Killnet’s main objective is attracting attention and getting their pro-Russian message heard. "They go after targets that are visible to the larger public, such as public websites of institutions, governments, and organizations." Often the resources the group has targeted are not business-critical. 

**A Mistake to Underestimate**

That does not mean the group can be ignored, however. In an advisory following the recent DDoS attacks, the American Hospital Association described Killnet as an active threat to the healthcare industry. 

"While KillNet’s DDoS attacks usually do not cause major damage, they can cause service outages lasting several hours or even days," the AHA warned. Killnet's links to Russia's Foreign Intelligence Service remain unconfirmed, AHA noted, "\[but\] the group should be considered a threat to government and critical infrastructure organizations, including healthcare."

Importantly, Killnet's pro-Russian DDoS crusade has also begun attracting many more followers and fans. Daniel Smith, head of cyber-threat intelligence at Radware, says the number of subscribers for @Killnet\_reserve on Telegram grew from about 34,000 subscribers to 85,000 subscribers in June 2022. "Just for comparison, IT Army of Ukraine has over 200,000 subscribers, but has been losing subscribers since March 2022," he says.

The group has focused quite a bit on publicity via its Telegram channel, which it also uses to encourage followers to conduct DDoS attacks of their own.

**Jewelry and Rap Anthems: Growing Killnet Support**

Radware's Geenens points to affiliate Russian groups such as NoName and the Passion Group offering their DDoS botnets to Killnet for carrying out attacks as one indication of the growing support it has begun attracting within Russia. 

Other signs of the support that Killnet has mobilized in recent months include a song in the gang's honor, titled “KillnetFlow (Anonymous diss)” by a Russian rapper, and the sale of Killnet-related jewelry by a Moscow-based jewelry maker called HooliganZ. Killnet has also received some $44,000 worth of financial support from a Dark Web marketplace called Solaris, according to Radware. 

"Killnet’s influence, reach, and skills are growing, and they are not showing signs of slowing down or retiring soon," Geenens warns.

It's unclear how, if at all, Killnet will leverage its growing support, or whether it will pivot to other, more dangerous forms of attack. Aleksandr Yamploskiy, co-founder and CEO at SecurityScorecard, notes how Killnet began as a financially motivated operation offering a botnet for hire. But it has since become more of a hacktivist collective, conducting a series of relatively low-sophistication DDoS attacks against targets it perceives to oppose the Russian invasion of Ukraine. "Killnet has historically made use of open proxy IP addresses and publicly available scripts in its attacks," he says.

What makes the group now potentially more dangerous are its growing reach and skills, Radware's Smith adds. A few months ago, Radware's assessment of the risk posed by a pro-Russian hacktivist group such as Killnet would have been low, he explains. "But after 12 months of building their experience," he says, "advancing their tools and growing their social network, I’m more likely to increase that risk to moderate."

While there's no reason for panic, it is better to err on the side of caution and be prepared. "Everyone in the security community knows it does not take extremely skilled or sophisticated actors to disrupt or cause impact to an organization or infrastructure," Smith adds.

Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows

Companies need to be aware of the work culture they foster. Diversity and inclusion aren't just buzzwords. Increasing female visibility and improving female mentoring to help women enter and advance within the cybersecurity industry are key steps forward.

Globally, about a quarter of cybersecurity jobs belong to women, which unfortunately doesn't quite correlate with the worldwide female population of 49.58%. We're not saying that every industry needs to have a perfect 50/50 split, but with cybersecurity being a male-dominated industry, it's time companies addressed the challenges women face when joining the cybersecurity workforce by striving for a more diverse workplace.

While progress has been made over the last decade (women occupied only 10% of cybersecurity jobs in 2013), more headway needs to be made. From a lack of industry role models to poor media representation and an absence of mentoring, women face a plethora of challenges in cybersecurity.

So, what are the top three obstacles women face?

**Underrepresentation in the Media**

The media plays a crucial role in creating and maintaining stereotypes. TV shows and films often push concepts and cliches that are then subconsciously accepted as fact by viewers.

Children are easily influenced by media stereotypes and, therefore, can be led into gendered thinking, particularly regarding jobs. This reasoning can then heavily influence a person's perception of the real world, including their life aspirations and career choices. For example, Navy recruitment went up 500% following the release of _Top Gun_, starring Tom Cruise.

In the 1990s, one show was proven particularly effective in persuading women to enter STEM occupations — _The X-Files_, with Gillian Anderson playing Dr. Dana Scully. A recent report looking into the "Scully effect" showed that as the only female STEM character on prime-time TV in the '90s, she had a significant impact on the female viewer base. The report revealed that 63% (PDF) of the women studied said Dana Scully increased their belief in the importance of STEM subjects.

These examples indicate how important representation is in the media and display how a lack of visibility can distort a viewer's perception of what they can achieve. It's time for the media to understand and recognize their influence and the stereotypes they enforce.

**Male-Dominated Workplaces Can Come With Several Issues**

With cybersecurity being made up of only about 25% women, this officially classes the industry as male dominated. Ask any woman; the thought of entering a workplace full of men isn't an enticing one. This is likely one of the reasons why, in 2021, only 6.5% (PDF) of US women worked in a male-dominated occupation.

With issues regarding the gender pay gap, sexual harassment, underrepresentation, lack of mentoring, and negative stereotyping, it's no wonder that women aren't running to join male-dominated workplaces en masse. For these points to be tackled, they need to be addressed from the top down. Cybersecurity leaders must be aware of the work culture they're fostering and be open to discussing and tackling any issues they find, however uncomfortable that may be.

A 2017 survey by the Pew Research Center found that women in male-dominated industries were more likely to be harassed than women working in female-dominated sectors. Therefore, businesses must create a safe space for employees, particularly women, to report any harassment and unwanted behavior at work. Another initiative for cybersecurity companies to establish is female mentor programs, which help to support their female workers, aid in their professional growth, and close the gender gap in cybersecurity.

**Lack of Industry Role Models**

While kids these days may not be hanging posters of their favorite celebrities in their bedrooms or lockers anymore, role models are still crucial. The importance of role models is often underplayed. Having a visible representation of what is possible encourages people to push boundaries, strive to be better, and be more ambitious.

Crest's report — "Exploring the Gender Gap in Cybersecurity" — found that 59% of women polled had a "mixed" experience within the cybersecurity industry as they received some support but also faced many challenges. The report identified two key areas for improvement: increasing female visibility and improving female mentoring to help women enter and advance within the industry.

The problem with a lack of role models is its knock-on effect. With fewer women in the industry to look up to, this can discourage women from entering and perpetuates disparity. It's time to disrupt this cycle.

Diversity and inclusion lead to a more rounded perspective, with various team members bringing different points of view, allowing them to solve new problems. While women's current obstacles in cybersecurity won't disappear overnight, identifying the issues and raising awareness welcomes opportunities for change and improvement. Cybersecurity is ready for a female revolution.

Beating the Odds: 3 Challenges Women Face in the Cybersecurity Industry

Gem Security provides the world's first holistic approach for Cloud TDIR, bridging the gap between cloud complexity and security operations.

**TEL AVIV, Israel****,** **Feb. 1, 2023** **/PRNewswire/ —** Gem Security today emerged from stealth, launching its Cloud TDIR (Threat Detection, Investigation and Response) platform and announcing $11 million in Seed funding led by Team8.

The adoption of cloud infrastructure is increasing and diversifying the attack surface for organizations. 90% of all organizations use more than one cloud provider\[1\]. As Gartner notes\[2\], the expansion in attack surface is rarely paralleled with coverage by detection and response initiatives, leaving organizations unaware of a variety of threat vectors. 79% of companies have experienced at least one cloud data breach in the last 18 months, with 43% of companies reporting ten or more\[3\].

While there is no lack of solutions for detection and response, legacy approaches fall short of providing a solution for the cloud era. The proliferation of cloud services across infrastructure, platforms, and software has fragmented the security landscape. Collecting and correlating the explosion of associated telemetry is both challenging and inadequate.

Gem Security goes beyond this, helping organizations act on Gartner's recommendation to implement a continuous, risk-based program to manage their threat exposure. Gem Security offers a platform that leverages existing infrastructure and solutions while offering unique automated detection, investigation and response capabilities purposely-built for cloud environments.

Gem Security supports all major infrastructure platforms - AWS, Azure, Google Cloud and Kubernetes. Furthermore, Gem's platform integrates with leading platforms like identity providers, source code repositories and secrets managers, leveraging the additional data for context analysis. Gem Security is already working with companies ranging from mid-market to Fortune 500.

"Most cloud security solutions focus on building a wall that is as tall as possible to make sure the bad guys stay out. That sounds good in theory. In practice, however, no wall is ever going to be tall enough. We offer a more realistic approach, starting from the fact that cloud environments are and will remain imperfect. If it's perfect, it's only for five minutes, and then it's going to be imperfect again.

Minimizing the potential for intrusion is only half the story. When someone jumps over the wall, we don't just raise an alarm. Gem's platform will empower your team to find and stop the intruder, automating your incident response and ensuring there is no escalation. Where others end, we begin", said Gem Security Co-Founder & CEO Arie Zilberstein.

Zilberstein co-founded Gem Security with CTO Ron Konigsberg and VP Product Ofir Brukner. Gem's founders are all security industry veterans, having spent years in the trenches responding to large-scale breaches in the cloud. They previously held key roles in elite Israeli Intelligence Corps Unit 8200 as well as Sygnia, an Incident Response and cybersecurity company working with global top tier organizations.

Gem Security's holistic approach for Cloud TDIR bridges the gap between security operations and cloud complexity. Lessons learned from years of experience working in some of the most demanding cloud environments in the world have been leveraged in building Gem's comprehensive platform, enabling organizations to:

*   **Prepare**. Optimizing coverage via a continuous Cloud Incident Readiness dashboard
*   **Detect**. Combining real-time cloud-native threat detection based on TTPs (Tactics, Techniques & Procedures) and behavioral analytics
*   **Investigate**. Enriching context across the entirety of cloud infrastructure for instant root cause analysis
*   **Respond**. Isolating risks swiftly using cloud-native entity quarantine capabilities

"Gem is redefining the cloud security operations game", said ADM Michael S. Rogers, Former Director of the NSA. "Security organizations today struggle to find cloud experts, and the complexity of cloud environments is leaving teams blind to emerging attacks. Gem empowers security operations with a simple, automated, and efficient approach that allows organizations to respond faster and minimize the impact of attacks in the cloud".

"Cloud migration brings new opportunities to enterprises, but also entails quite a few challenges and risk, including the need to adapt existing solutions to the new cloud infrastructure" said Nadav Zafrir, Managing Partner at Team8 Group and former head of Israel's elite technology Unit 8200. "We are thrilled to team up with Gem's talented founders, who have gained years of experience in incident response at Sygnia, our portfolio company, and to support their mission to build the next generation of cloud security. Gem's unique platform offers a first-of-its-kind solution to deal with the inevitable attacks on cloud environments, and is based on an intuitive, automatic, and efficient approach that allows organizations to identify cloud security events in real-time; investigate them based on behavior analysis and threat intelligence; respond quickly, and enable isolation of the threat. All this - to minimize the impact of cloud attacks."

**About Gem Security**

Gem Security is a rapidly growing Cloud TDIR platform provider that bridges the gap between security operations and cloud complexity. Headquartered in New York and Israel, Gem Security is funded by global investors, led by Team8. For more information, visit gem.security.

**About Team8**

Team8 is a venture group that builds and backs the most innovative technology companies in the fields of fintech, cyber, data, and digital health. We leverage deep domain expertise, cutting-edge technology, and first-hand company-building experience to partner with entrepreneurs in founding globally-successful companies, while also investing in early-stage companies that are active in the group's fields of interest. For more information, visit www.team8.vc.

Gem Security Emerges From Stealth With $11M, Unveils Cloud TDIR Platform for Faster Response to Cloud Threats

Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment.

A security vulnerability has been found in Cisco gear used in data centers, large enterprises, industrial factories, power plants, manufacturing centers, and smart city power grids that could allow cyberattackers unfettered access to these devices and broader networks.

In a report published on Feb. 1, researchers from Trellix revealed the bug, one of two vulnerabilities discovered that affect the following Cisco networking devices:

*   Cisco ISR 4431 routers
*   800 Series Industrial ISRs
*   CGR1000 Compute Modules
*   IC3000 Industrial Compute Gateways
*   IOS XE-based devices configured with IOx
*   IR510 WPAN Industrial Routers
*   Cisco Catalyst Access points

One bug — CSCwc67015 — was spotted in yet-to-be-released code. It could have allowed hackers to remotely execute their own code, and potentially overwrite most of the files on the device.

The second, arguably nastier, bug — CVE-2023-20076 — found in production equipment, is a command-injection flaw that could open the door to unauthorized root-level access and remote code execution (RCE). This would have entailed not just total control over a device's operating system but also persistence through any upgrades or reboots, despite Cisco's guardrails against such a scenario.

Given that Cisco networking equipment is used worldwide in data centers, enterprises, and government organizations, and it's the most common footprint at industrial sites, the impact of the flaws could be notable, according to Trellix.

“In the world of routers, switches, and networking, Cisco is the current king of the market," Sam Quinn, senior security researcher with the Trellix Advanced Research Center, tells Dark Reading. "We would say that thousands of businesses could potentially be impacted.”

**Inside the Latest Cisco Security Bugs**

The two vulnerabilities are a byproduct of a shift in the nature of routing technologies, according to Trellix. Network administrators today have the ability to deploy application containers or even entire virtual machines on these miniature-server-routers. With this greater complexity comes both greater functionality, and a wider attack surface.

"Modern routers now function like high-powered servers," the authors of the report explained, "with many Ethernet ports running not only routing software but, in some cases, even multiple containers."

Both CSCwc67015 and CVE-2023-20076 arise from the router's advanced application hosting environment.

CSCwc67015 reflects how, in the hosting environment, "a maliciously packed application could bypass a vital security check while uncompressing the uploaded application." The check attempted to secure the system against a 15-year-old path traversal vulnerability in a Python module that Trellix itself had identified last September, CVE-2007-4559. With a "moderate" CVSS v3 score of 5.5, it allowed malicious actors to overwrite arbitrary files.

Meanwhile, the bug tracked as CVE-2023-20076 similarly takes advantage of the ability to deploy application containers and virtual machines to Cisco routers. In this case, it has to do with how admins pass commands to run their applications.

"The 'DHCP Client ID' option within the Interface Settings was not correctly being sanitized," the researchers discovered, which allowed them root-level access to the device, connoting "the ability to inject any OS command of our choosing."

A hacker who abused this power "could have a significant impact on the device's functionality and the overall security of the network," Quinn explains, including "modifying or disabling security features, exfiltrating data, disrupting network traffic, spreading malware, and running rogue processes."

The bad news doesn’t end there, though. The authors of the report highlighted how "Cisco heavily prioritizes security in a way that attempts to prevent an attack from remaining a problem through reboots and system resets." However, in a proof-of-concept video, they demonstrated how exploitation of the command-injection bug could lead to completely unfettered access, allowing a malicious container to persist through device reboots or firmware upgrades. This leaves only two possible solutions for removal: a full-on factory reset or manually identifying and removing the malicious code.

**Cisco Industrial Gear: Potential Supply Chain Risk**

If there's a silver lining to these bugs, it's that exploiting either would require admin-level access over a relevant Cisco device. A hurdle, granted, but hackers obtain administrative privileges all the time from their victims, through regular social engineering and escalation. The researchers also noted how, often, users don't bother to change the default username and password, leaving no protection whatsoever for this most sensitive account.

One must also consider the supply chain risk. The authors highlighted how many organizations purchase networking devices from third-party sellers, or use third-party service providers for their device configuration and network design. A malicious vendor could utilize a vulnerability like CVE-2023-20076 to do some very easy, subtle, and powerful tampering.

The sheer degree of access this hole provides "could allow for backdoors to be installed and hidden, making the tampering entirely transparent for the end user," the authors explained. Of course, the overwhelming majority of third-party service providers are perfectly honest businesses. But those businesses may themselves be compromised, making it a moot point.

In concluding their report, the Trellix researchers urged organizations to check for any abnormal containers installed on relevant Cisco devices, and recommended that organizations that don't run containers disable the IOx container framework entirely. Most important of all, they emphasized, was that "organizations with affected devices should update to the latest firmware immediately."

To protect themselves, users should apply the patch as soon as possible.

Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover

The Security Innovation Alliance (SIA) empowers customers to create holistic security programs by leveraging robust end-to-end integration partnerships.

**Los Altos, CA — February 1, 2023** — Contrast Security (Contrast), the code security platform built for developers and trusted by security,today announced the launch of its new partner program, theSecurity Innovation Alliance (SIA), which is a global ecosystem of system integrators (SIs), cloud, channel and technology alliances.

The goal of SIA is to provide customers with unmatched, fully integrated application security solutions from Contrast and its strategic alliance partners, which include leading multinationals like GitLab Inc., Amazon/Amazon Web Services (AWS), Microsoft, VMware, PagerDuty, Armor Code, Zimperium, Anchore, Neosec, Wallarm, Ermetic, Cloudwize, Noname Security, BLST Security, ProtectOnce, Scribe Security, Wiz, Wib and Legit Security. Additionally, the team will focus on building expanded partnerships with SIs, technology providers and independent software vendors (ISVs).

“We recognize that organizations cannot rely on a single security solution to fully protect customers from rising cyber threats. That is why it is critical to have strong, technical integrations between the tools that developers, operations and security teams use,” said Ben Goodman, Senior Vice President of Corporate Development and Strategic Alliances at Contrast Security. “Contrast has made significant investments in building an ecosystem, an engineering team, interfaces and tooling in order to launch SIA. I believe that technical partnerships start with technical integrations, and this new partner program will revolutionize the way customers scale their security solutions.”

SIA and the strong strategic partner integrations driven by Contrast will not only allow partners to easily integrate with the Contrast Secure Code Platform, but enable customers to achieve the following benefits:

*   Confidently use Contrast offerings as part of a larger application security (AppSec) program.
*   Enhanced security predictability and reduced risk of implementing new code and AppSec technologies.
*   Strengthened trust and confidence in the technologies that have already been deployed.

“When security solutions easily complement your DevSecOps toolchain, software engineers can deliver production grade software faster and more reliably,” said Nima Badiey, Global VP of Alliances at GitLab Inc. “As a launching member of Contrast’s new SIA ecosystem, we are helping customers discover and adopt more robust security practices. This enables companies to continually invest and innovate in modern and secure software supply chains.”

SIA is designed to improve its partners’ business capabilities to meet the needs of customers in AppSec. Contrast works with each partner to provide a custom experience that best fits their interests and business needs including a simple onboarding process, integration support, joint marketing campaigns and access to the company’s impressive install base.

“IDC has long recognized the importance of a robust ecosystem in AppSec. Customers can benefit when strategic partners work together for more holistic and integrated solutions for security. The Security Innovation Alliance enhances Contrast's portfolio by expanding its capabilities for customers and partners," said Jim Mercer, Research Vice President DevOps and DevSecOps at IDC.

SIA is led by Goodman, a successful Alliance professional, and other industry leaders, including Tracey Mead, Vice President, Strategic Alliances, System Integrators; Rachael Mott, Senior Director, Strategic Alliances, Technology Partners; Frank Gasparovic, Director, Ecosystem Engineering; Callie McCormick, Global Director of Channel Sales; and Ram Yonish, VP of EMEA Alliances.

To join the growing ecosystem of partners or to find out more about SIA, please visit our website, read our blog and listen to Goodman’s interview on Contrast’s Code Patrol podcast.

**About Contrast Security (Contrast):**

A world leading code security platform company purposely built for developers to get secure code moving swiftly and trusted by security teams to protect business applications. Developers, security and operations teams quickly secure code across the complete software development life cycle (SDLC) with Contrast to protect against today’s targeted application security (AppSec) attacks. Contrast also makes security testing available to all developers for free with CodeSec.

Founded in 2014 by cybersecurity industry veterans, Contrast was established to replace legacy AppSec solutions that cannot protect modern enterprises. With today’s pressures to develop business applications at increasingly rapid paces, the Contrast Secure Code Platform defends and protects against full classes of common vulnerabilities and exposures (CVEs). This allows security teams to avoid spending time on focusing false positives and remediate true vulnerabilities faster. Contrast’s platform solutions for code assessment, testing, protection, serverless, supply chain, APIs and languages help enterprises achieve true DevSecOps transformation and compliance.

Contrast protects against major cybersecurity attacks for its customer base which represents some of the largest brand-name companies in the world, including BMW, AXA, Zurich, NTT, SOMPO Japan and American Red Cross, as well as numerous other leading global Fortune 500 enterprises. Contrast partners with global organizations such as AWS, Microsoft, IBM Cloud, Guidepoint, Trace3, Deloitte and Carahsoft, to seamlessly integrate and achieve the highest level of security for customers.

The growing demand for the world’s only platform for code security has landed the company on some of the most prestigious lists including the Inc. 5000 List of America’s Fastest Growing Companies and has designated Contrast as one of the fastest growing companies on the Deloitte Technology Fast 500 List.

Contrast Security Launches Alliance Program to Change the Way Customers Scale Their Security Solutions

Findings underscore security awareness training that leverages practical, hands-on exercises is essential to creating a security-aware culture.

**LAVAL, QC****,** **Feb. 1, 2023** **/PRNewswire/ —** The new Phishing Benchmark Global Report, based on the 2022 Gone Phishing TournamentTM hosted by Fortra's Terranova Security, reveals that large organizations of 10,000 employees or more are most susceptible to phishing attacks promising a gift, despite potentially having access to more cyber security resources than smaller businesses.

Co-sponsored by Microsoft, the annual tournament measures and evaluates how employees respond to one of the most common types of cyber threats – phishing attacks. The 2022 Phishing Benchmark Global Report results emphasize the growing need for all organizations to implement engaging and informative security awareness training programs. Ideally, those programs would leverage real-world phishing simulations to ensure employees are aware of the latest phishing tactics, can detect and report cyber threats and, in time, change unsafe online behaviors.

According to the report, many employees are still prone to answering requests for sensitive information – even when they come from unknown or suspicious email senders. This level of trust leaves an organization's confidential data vulnerable to hackers.

"Cyber threats continue to grab headlines worldwide, so it's encouraging to see improvement from last year's phishing simulation. However, let's not forget how, based on their context, each phishing scenario may convince a different set of users to click. There's definitely still work to do with regards to helping organizations build and grow security-aware cultures," **says Theo Zafirakos, CISO at Terranova Security.** "As the Phishing Benchmark Global Report also shows, it's difficult for some organizations, especially with a significant employee base, to educate employees and reinforce cyber security best practices. This is most true in a remote-first environment."

**2022 Phishing Benchmark Global Report: Key Results**

7 percent of all end users who participated in the 2022 phishing simulation clicked on the link in the phishing email. In addition, 3 percent of all end users failed to recognize the warning signs of the simulation's webpage and proceeded to enter their credentials on the malicious webpage.

Despite the seemingly low totals, this year's form completion rate poses a cause for concern. Globally, 44 percent of those who clicked on the phishing simulation link eventually completed the web form on the subsequent webpage and submitted their login credentials.

"To put these numbers into perspective, if an enterprise-level organization of 10,000 employees had been targeted with a phishing scam like the one depicted in the simulation," **says Zafirakos.** "700 employees would have clicked on the phishing link, and over 300 of those clickers would have entered their password, which can be used to compromise systems and sensitive information. Given our reliance on online systems and data to conduct many business transactions and services, this reality is concerning."

The simulation found that employees from large organizations are most susceptible to phishing attacks. According to participant data, organizations with 10,000 employees or more rarely missed security awareness training, indicating a potential lack of effectiveness.

Other key data highlights from the fourth edition of this event include:

*   For click rates by industry, nonprofit, education, manufacturing, and food and agriculture exhibited the highest totals, all scoring over 6 percent. Meanwhile, participants from the public sector, energy, and finance industries kept their click rates under 3.5 percent.
*   The consumer products space had the highest form completion rate across all industries, with 40 percent of those who clicked on the initial phishing link eventually entering their credentials on the malicious webpage.
*   Europe was the top performer of the five regions represented, claiming the lowest email link click and form completion rates. North America, the top-performing region in 2021, slotted into second place.

"The results from this year's Gone Phishing Tournament underscore the importance of taking a human-centric approach to security awareness training and content," says Brand Koeller, Principal Product Manager, Microsoft Defender. "Technical safeguards alone can't guarantee information security. Addressing the human risk factor should be a top priority for all organizations."

**2022 Phishing Benchmark Global Report:**

 **Methodology**

The 2022 Gone Phishing Tournament took place in October to coincide with Cybersecurity Awareness Month. With over 250 participating organizations and over 1.2 million phishing emails sent out during this year's event, it was one of the largest phishing simulations of its kind. The increase in the participation rate shows phishing is a major concern for many organizations considering the ever-evolving complex nature of real-world cyber threats.

Microsoft supplied this year's email and webpage templates designed to imitate a real-world scenario that many employees experience: a gift card scam. The scenario, selected by the Terranova Security leadership team, measured several end-user behaviors, such as clicking on a link in the body of a phishing email and entering credentials into a form on a phishing webpage.

If users clicked on the link in the phishing simulation's email, they were redirected to a landing page, which prompted them to enter credentials that, had the simulation been an actual attack, would have been compromised. If users completed this second step, they were brought to a phishing simulation feedback page highlighting the warning signs they missed and the best practices they should follow.

Though the 2022 Gone Phishing Tournament simulation was deemed easier than in previous years, the click rate and web form submission rate should still be considered high as a result.

Download the 2022 Phishing Benchmark Global Report to get all the results and facts from the latest edition of the Gone Phishing Tournament.

**About Fortra's Terranova Security**   
Fortra's Terranova Security is the global security awareness training partner of choice that has been transforming the world's end users into cyber heroes for more than 20 years. Using a proven pedagogical framework, Fortra's Terranova Security training solutions empower organizations worldwide to implement programs that change user behaviors, reduce human risk, and effectively counter cyber threats. As a result, any employee can better understand phishing, social engineering, data privacy, compliance, and other critical best practices. With the addition of new features like its Content Center and Cyber Hero Score, Fortra's Terranova Security consistently innovates to support all organizations' cyber security objectives. These industry-leading solution additions also strengthen long-term information security for all professionals, regardless of region or sector, in an era where remote work and borderless productivity are standard. Learn more at terranovasecurity.com.

Source

DARKReading