Gem Security provides the world's first holistic approach for Cloud TDIR, bridging the gap between cloud complexity and security operations.

**TEL AVIV, Israel****,** **Feb. 1, 2023** **/PRNewswire/ —** Gem Security today emerged from stealth, launching its Cloud TDIR (Threat Detection, Investigation and Response) platform and announcing $11 million in Seed funding led by Team8.

The adoption of cloud infrastructure is increasing and diversifying the attack surface for organizations. 90% of all organizations use more than one cloud provider\[1\]. As Gartner notes\[2\], the expansion in attack surface is rarely paralleled with coverage by detection and response initiatives, leaving organizations unaware of a variety of threat vectors. 79% of companies have experienced at least one cloud data breach in the last 18 months, with 43% of companies reporting ten or more\[3\].

While there is no lack of solutions for detection and response, legacy approaches fall short of providing a solution for the cloud era. The proliferation of cloud services across infrastructure, platforms, and software has fragmented the security landscape. Collecting and correlating the explosion of associated telemetry is both challenging and inadequate.

Gem Security goes beyond this, helping organizations act on Gartner's recommendation to implement a continuous, risk-based program to manage their threat exposure. Gem Security offers a platform that leverages existing infrastructure and solutions while offering unique automated detection, investigation and response capabilities purposely-built for cloud environments.

Gem Security supports all major infrastructure platforms - AWS, Azure, Google Cloud and Kubernetes. Furthermore, Gem's platform integrates with leading platforms like identity providers, source code repositories and secrets managers, leveraging the additional data for context analysis. Gem Security is already working with companies ranging from mid-market to Fortune 500.

"Most cloud security solutions focus on building a wall that is as tall as possible to make sure the bad guys stay out. That sounds good in theory. In practice, however, no wall is ever going to be tall enough. We offer a more realistic approach, starting from the fact that cloud environments are and will remain imperfect. If it's perfect, it's only for five minutes, and then it's going to be imperfect again.

Minimizing the potential for intrusion is only half the story. When someone jumps over the wall, we don't just raise an alarm. Gem's platform will empower your team to find and stop the intruder, automating your incident response and ensuring there is no escalation. Where others end, we begin", said Gem Security Co-Founder & CEO Arie Zilberstein.

Zilberstein co-founded Gem Security with CTO Ron Konigsberg and VP Product Ofir Brukner. Gem's founders are all security industry veterans, having spent years in the trenches responding to large-scale breaches in the cloud. They previously held key roles in elite Israeli Intelligence Corps Unit 8200 as well as Sygnia, an Incident Response and cybersecurity company working with global top tier organizations.

Gem Security's holistic approach for Cloud TDIR bridges the gap between security operations and cloud complexity. Lessons learned from years of experience working in some of the most demanding cloud environments in the world have been leveraged in building Gem's comprehensive platform, enabling organizations to:

*   **Prepare**. Optimizing coverage via a continuous Cloud Incident Readiness dashboard
*   **Detect**. Combining real-time cloud-native threat detection based on TTPs (Tactics, Techniques & Procedures) and behavioral analytics
*   **Investigate**. Enriching context across the entirety of cloud infrastructure for instant root cause analysis
*   **Respond**. Isolating risks swiftly using cloud-native entity quarantine capabilities

"Gem is redefining the cloud security operations game", said ADM Michael S. Rogers, Former Director of the NSA. "Security organizations today struggle to find cloud experts, and the complexity of cloud environments is leaving teams blind to emerging attacks. Gem empowers security operations with a simple, automated, and efficient approach that allows organizations to respond faster and minimize the impact of attacks in the cloud".

"Cloud migration brings new opportunities to enterprises, but also entails quite a few challenges and risk, including the need to adapt existing solutions to the new cloud infrastructure" said Nadav Zafrir, Managing Partner at Team8 Group and former head of Israel's elite technology Unit 8200. "We are thrilled to team up with Gem's talented founders, who have gained years of experience in incident response at Sygnia, our portfolio company, and to support their mission to build the next generation of cloud security. Gem's unique platform offers a first-of-its-kind solution to deal with the inevitable attacks on cloud environments, and is based on an intuitive, automatic, and efficient approach that allows organizations to identify cloud security events in real-time; investigate them based on behavior analysis and threat intelligence; respond quickly, and enable isolation of the threat. All this - to minimize the impact of cloud attacks."

**About Gem Security**

Gem Security is a rapidly growing Cloud TDIR platform provider that bridges the gap between security operations and cloud complexity. Headquartered in New York and Israel, Gem Security is funded by global investors, led by Team8. For more information, visit gem.security.

**About Team8**

Team8 is a venture group that builds and backs the most innovative technology companies in the fields of fintech, cyber, data, and digital health. We leverage deep domain expertise, cutting-edge technology, and first-hand company-building experience to partner with entrepreneurs in founding globally-successful companies, while also investing in early-stage companies that are active in the group's fields of interest. For more information, visit www.team8.vc.

Gem Security Emerges From Stealth With $11M, Unveils Cloud TDIR Platform for Faster Response to Cloud Threats

Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment.

A security vulnerability has been found in Cisco gear used in data centers, large enterprises, industrial factories, power plants, manufacturing centers, and smart city power grids that could allow cyberattackers unfettered access to these devices and broader networks.

In a report published on Feb. 1, researchers from Trellix revealed the bug, one of two vulnerabilities discovered that affect the following Cisco networking devices:

*   Cisco ISR 4431 routers
*   800 Series Industrial ISRs
*   CGR1000 Compute Modules
*   IC3000 Industrial Compute Gateways
*   IOS XE-based devices configured with IOx
*   IR510 WPAN Industrial Routers
*   Cisco Catalyst Access points

One bug — CSCwc67015 — was spotted in yet-to-be-released code. It could have allowed hackers to remotely execute their own code, and potentially overwrite most of the files on the device.

The second, arguably nastier, bug — CVE-2023-20076 — found in production equipment, is a command-injection flaw that could open the door to unauthorized root-level access and remote code execution (RCE). This would have entailed not just total control over a device's operating system but also persistence through any upgrades or reboots, despite Cisco's guardrails against such a scenario.

Given that Cisco networking equipment is used worldwide in data centers, enterprises, and government organizations, and it's the most common footprint at industrial sites, the impact of the flaws could be notable, according to Trellix.

“In the world of routers, switches, and networking, Cisco is the current king of the market," Sam Quinn, senior security researcher with the Trellix Advanced Research Center, tells Dark Reading. "We would say that thousands of businesses could potentially be impacted.”

**Inside the Latest Cisco Security Bugs**

The two vulnerabilities are a byproduct of a shift in the nature of routing technologies, according to Trellix. Network administrators today have the ability to deploy application containers or even entire virtual machines on these miniature-server-routers. With this greater complexity comes both greater functionality, and a wider attack surface.

"Modern routers now function like high-powered servers," the authors of the report explained, "with many Ethernet ports running not only routing software but, in some cases, even multiple containers."

Both CSCwc67015 and CVE-2023-20076 arise from the router's advanced application hosting environment.

CSCwc67015 reflects how, in the hosting environment, "a maliciously packed application could bypass a vital security check while uncompressing the uploaded application." The check attempted to secure the system against a 15-year-old path traversal vulnerability in a Python module that Trellix itself had identified last September, CVE-2007-4559. With a "moderate" CVSS v3 score of 5.5, it allowed malicious actors to overwrite arbitrary files.

Meanwhile, the bug tracked as CVE-2023-20076 similarly takes advantage of the ability to deploy application containers and virtual machines to Cisco routers. In this case, it has to do with how admins pass commands to run their applications.

"The 'DHCP Client ID' option within the Interface Settings was not correctly being sanitized," the researchers discovered, which allowed them root-level access to the device, connoting "the ability to inject any OS command of our choosing."

A hacker who abused this power "could have a significant impact on the device's functionality and the overall security of the network," Quinn explains, including "modifying or disabling security features, exfiltrating data, disrupting network traffic, spreading malware, and running rogue processes."

The bad news doesn’t end there, though. The authors of the report highlighted how "Cisco heavily prioritizes security in a way that attempts to prevent an attack from remaining a problem through reboots and system resets." However, in a proof-of-concept video, they demonstrated how exploitation of the command-injection bug could lead to completely unfettered access, allowing a malicious container to persist through device reboots or firmware upgrades. This leaves only two possible solutions for removal: a full-on factory reset or manually identifying and removing the malicious code.

**Cisco Industrial Gear: Potential Supply Chain Risk**

If there's a silver lining to these bugs, it's that exploiting either would require admin-level access over a relevant Cisco device. A hurdle, granted, but hackers obtain administrative privileges all the time from their victims, through regular social engineering and escalation. The researchers also noted how, often, users don't bother to change the default username and password, leaving no protection whatsoever for this most sensitive account.

One must also consider the supply chain risk. The authors highlighted how many organizations purchase networking devices from third-party sellers, or use third-party service providers for their device configuration and network design. A malicious vendor could utilize a vulnerability like CVE-2023-20076 to do some very easy, subtle, and powerful tampering.

The sheer degree of access this hole provides "could allow for backdoors to be installed and hidden, making the tampering entirely transparent for the end user," the authors explained. Of course, the overwhelming majority of third-party service providers are perfectly honest businesses. But those businesses may themselves be compromised, making it a moot point.

In concluding their report, the Trellix researchers urged organizations to check for any abnormal containers installed on relevant Cisco devices, and recommended that organizations that don't run containers disable the IOx container framework entirely. Most important of all, they emphasized, was that "organizations with affected devices should update to the latest firmware immediately."

To protect themselves, users should apply the patch as soon as possible.

Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover

The Security Innovation Alliance (SIA) empowers customers to create holistic security programs by leveraging robust end-to-end integration partnerships.

**Los Altos, CA — February 1, 2023** — Contrast Security (Contrast), the code security platform built for developers and trusted by security,today announced the launch of its new partner program, theSecurity Innovation Alliance (SIA), which is a global ecosystem of system integrators (SIs), cloud, channel and technology alliances.

The goal of SIA is to provide customers with unmatched, fully integrated application security solutions from Contrast and its strategic alliance partners, which include leading multinationals like GitLab Inc., Amazon/Amazon Web Services (AWS), Microsoft, VMware, PagerDuty, Armor Code, Zimperium, Anchore, Neosec, Wallarm, Ermetic, Cloudwize, Noname Security, BLST Security, ProtectOnce, Scribe Security, Wiz, Wib and Legit Security. Additionally, the team will focus on building expanded partnerships with SIs, technology providers and independent software vendors (ISVs).

“We recognize that organizations cannot rely on a single security solution to fully protect customers from rising cyber threats. That is why it is critical to have strong, technical integrations between the tools that developers, operations and security teams use,” said Ben Goodman, Senior Vice President of Corporate Development and Strategic Alliances at Contrast Security. “Contrast has made significant investments in building an ecosystem, an engineering team, interfaces and tooling in order to launch SIA. I believe that technical partnerships start with technical integrations, and this new partner program will revolutionize the way customers scale their security solutions.”

SIA and the strong strategic partner integrations driven by Contrast will not only allow partners to easily integrate with the Contrast Secure Code Platform, but enable customers to achieve the following benefits:

*   Confidently use Contrast offerings as part of a larger application security (AppSec) program.
*   Enhanced security predictability and reduced risk of implementing new code and AppSec technologies.
*   Strengthened trust and confidence in the technologies that have already been deployed.

“When security solutions easily complement your DevSecOps toolchain, software engineers can deliver production grade software faster and more reliably,” said Nima Badiey, Global VP of Alliances at GitLab Inc. “As a launching member of Contrast’s new SIA ecosystem, we are helping customers discover and adopt more robust security practices. This enables companies to continually invest and innovate in modern and secure software supply chains.”

SIA is designed to improve its partners’ business capabilities to meet the needs of customers in AppSec. Contrast works with each partner to provide a custom experience that best fits their interests and business needs including a simple onboarding process, integration support, joint marketing campaigns and access to the company’s impressive install base.

“IDC has long recognized the importance of a robust ecosystem in AppSec. Customers can benefit when strategic partners work together for more holistic and integrated solutions for security. The Security Innovation Alliance enhances Contrast's portfolio by expanding its capabilities for customers and partners," said Jim Mercer, Research Vice President DevOps and DevSecOps at IDC.

SIA is led by Goodman, a successful Alliance professional, and other industry leaders, including Tracey Mead, Vice President, Strategic Alliances, System Integrators; Rachael Mott, Senior Director, Strategic Alliances, Technology Partners; Frank Gasparovic, Director, Ecosystem Engineering; Callie McCormick, Global Director of Channel Sales; and Ram Yonish, VP of EMEA Alliances.

To join the growing ecosystem of partners or to find out more about SIA, please visit our website, read our blog and listen to Goodman’s interview on Contrast’s Code Patrol podcast.

**About Contrast Security (Contrast):**

A world leading code security platform company purposely built for developers to get secure code moving swiftly and trusted by security teams to protect business applications. Developers, security and operations teams quickly secure code across the complete software development life cycle (SDLC) with Contrast to protect against today’s targeted application security (AppSec) attacks. Contrast also makes security testing available to all developers for free with CodeSec.

Founded in 2014 by cybersecurity industry veterans, Contrast was established to replace legacy AppSec solutions that cannot protect modern enterprises. With today’s pressures to develop business applications at increasingly rapid paces, the Contrast Secure Code Platform defends and protects against full classes of common vulnerabilities and exposures (CVEs). This allows security teams to avoid spending time on focusing false positives and remediate true vulnerabilities faster. Contrast’s platform solutions for code assessment, testing, protection, serverless, supply chain, APIs and languages help enterprises achieve true DevSecOps transformation and compliance.

Contrast protects against major cybersecurity attacks for its customer base which represents some of the largest brand-name companies in the world, including BMW, AXA, Zurich, NTT, SOMPO Japan and American Red Cross, as well as numerous other leading global Fortune 500 enterprises. Contrast partners with global organizations such as AWS, Microsoft, IBM Cloud, Guidepoint, Trace3, Deloitte and Carahsoft, to seamlessly integrate and achieve the highest level of security for customers.

The growing demand for the world’s only platform for code security has landed the company on some of the most prestigious lists including the Inc. 5000 List of America’s Fastest Growing Companies and has designated Contrast as one of the fastest growing companies on the Deloitte Technology Fast 500 List.

Contrast Security Launches Alliance Program to Change the Way Customers Scale Their Security Solutions

Findings underscore security awareness training that leverages practical, hands-on exercises is essential to creating a security-aware culture.

**LAVAL, QC****,** **Feb. 1, 2023** **/PRNewswire/ —** The new Phishing Benchmark Global Report, based on the 2022 Gone Phishing TournamentTM hosted by Fortra's Terranova Security, reveals that large organizations of 10,000 employees or more are most susceptible to phishing attacks promising a gift, despite potentially having access to more cyber security resources than smaller businesses.

Co-sponsored by Microsoft, the annual tournament measures and evaluates how employees respond to one of the most common types of cyber threats – phishing attacks. The 2022 Phishing Benchmark Global Report results emphasize the growing need for all organizations to implement engaging and informative security awareness training programs. Ideally, those programs would leverage real-world phishing simulations to ensure employees are aware of the latest phishing tactics, can detect and report cyber threats and, in time, change unsafe online behaviors.

According to the report, many employees are still prone to answering requests for sensitive information – even when they come from unknown or suspicious email senders. This level of trust leaves an organization's confidential data vulnerable to hackers.

"Cyber threats continue to grab headlines worldwide, so it's encouraging to see improvement from last year's phishing simulation. However, let's not forget how, based on their context, each phishing scenario may convince a different set of users to click. There's definitely still work to do with regards to helping organizations build and grow security-aware cultures," **says Theo Zafirakos, CISO at Terranova Security.** "As the Phishing Benchmark Global Report also shows, it's difficult for some organizations, especially with a significant employee base, to educate employees and reinforce cyber security best practices. This is most true in a remote-first environment."

**2022 Phishing Benchmark Global Report: Key Results**

7 percent of all end users who participated in the 2022 phishing simulation clicked on the link in the phishing email. In addition, 3 percent of all end users failed to recognize the warning signs of the simulation's webpage and proceeded to enter their credentials on the malicious webpage.

Despite the seemingly low totals, this year's form completion rate poses a cause for concern. Globally, 44 percent of those who clicked on the phishing simulation link eventually completed the web form on the subsequent webpage and submitted their login credentials.

"To put these numbers into perspective, if an enterprise-level organization of 10,000 employees had been targeted with a phishing scam like the one depicted in the simulation," **says Zafirakos.** "700 employees would have clicked on the phishing link, and over 300 of those clickers would have entered their password, which can be used to compromise systems and sensitive information. Given our reliance on online systems and data to conduct many business transactions and services, this reality is concerning."

The simulation found that employees from large organizations are most susceptible to phishing attacks. According to participant data, organizations with 10,000 employees or more rarely missed security awareness training, indicating a potential lack of effectiveness.

Other key data highlights from the fourth edition of this event include:

*   For click rates by industry, nonprofit, education, manufacturing, and food and agriculture exhibited the highest totals, all scoring over 6 percent. Meanwhile, participants from the public sector, energy, and finance industries kept their click rates under 3.5 percent.
*   The consumer products space had the highest form completion rate across all industries, with 40 percent of those who clicked on the initial phishing link eventually entering their credentials on the malicious webpage.
*   Europe was the top performer of the five regions represented, claiming the lowest email link click and form completion rates. North America, the top-performing region in 2021, slotted into second place.

"The results from this year's Gone Phishing Tournament underscore the importance of taking a human-centric approach to security awareness training and content," says Brand Koeller, Principal Product Manager, Microsoft Defender. "Technical safeguards alone can't guarantee information security. Addressing the human risk factor should be a top priority for all organizations."

**2022 Phishing Benchmark Global Report:**

 **Methodology**

The 2022 Gone Phishing Tournament took place in October to coincide with Cybersecurity Awareness Month. With over 250 participating organizations and over 1.2 million phishing emails sent out during this year's event, it was one of the largest phishing simulations of its kind. The increase in the participation rate shows phishing is a major concern for many organizations considering the ever-evolving complex nature of real-world cyber threats.

Microsoft supplied this year's email and webpage templates designed to imitate a real-world scenario that many employees experience: a gift card scam. The scenario, selected by the Terranova Security leadership team, measured several end-user behaviors, such as clicking on a link in the body of a phishing email and entering credentials into a form on a phishing webpage.

If users clicked on the link in the phishing simulation's email, they were redirected to a landing page, which prompted them to enter credentials that, had the simulation been an actual attack, would have been compromised. If users completed this second step, they were brought to a phishing simulation feedback page highlighting the warning signs they missed and the best practices they should follow.

Though the 2022 Gone Phishing Tournament simulation was deemed easier than in previous years, the click rate and web form submission rate should still be considered high as a result.

Download the 2022 Phishing Benchmark Global Report to get all the results and facts from the latest edition of the Gone Phishing Tournament.

**About Fortra's Terranova Security**   
Fortra's Terranova Security is the global security awareness training partner of choice that has been transforming the world's end users into cyber heroes for more than 20 years. Using a proven pedagogical framework, Fortra's Terranova Security training solutions empower organizations worldwide to implement programs that change user behaviors, reduce human risk, and effectively counter cyber threats. As a result, any employee can better understand phishing, social engineering, data privacy, compliance, and other critical best practices. With the addition of new features like its Content Center and Cyber Hero Score, Fortra's Terranova Security consistently innovates to support all organizations' cyber security objectives. These industry-leading solution additions also strengthen long-term information security for all professionals, regardless of region or sector, in an era where remote work and borderless productivity are standard. Learn more at terranovasecurity.com.

Fortra's Terranova Security 2022 Gone Phishing Tournament Results Reveal Large Organizations at Highest Risk of Compromising Data

Companies need to keep security priorities top of mind during economic downturns so all-important revenue generation doesn't come with a heaping side order of security problems.

In today's digital world, there's no question that security must be a constant priority for companies — whether it's protecting internal corporate information or their products and solutions.

However, when recessionary forces are lurking, security for products and solutions that are offered or sold to end users, such as Web or mobile applications, needs to become an even greater focus. While it might seem counterintuitive in a climate of cost-cutting to spend on security — essentially looked at as a checklist item — the alternative is a world of pain and more costs.

According to Accenture, cyberattacks grew by 31% between 2020 and 2021. This was right as the US was grappling with the COVID-19 pandemic and the negative impact it had on the nation's economy. Now, signs may be pointing to another downturn in the economy this year, something reflected by recent layoffs in the industry.

As a result of these economic factors, the reduction in staff and budgets can create the perfect window for cybercriminals to take advantage while companies focus on continuing to operate and sustain themselves.

**A Window of Opportunity for Cybercriminals**

During down economic periods, companies place a greater focus on generating top-line revenue and allot more staff and resources to accomplish it. This means that, in 2023, companies will prioritize the enhancement of applications by creating new features and functionalities that can drive sales.

Unfortunately, with the majority of staff and resources allocated to application enhancement, security can often fall by the wayside. Particularly, keeping everything updated with the latest security practices.

This deprioritization creates a window of opportunity for cybercriminals to take advantage of flaws or bugs in applications. For example, the Synopsys Cybersecurity Research Center (CyRC) recently highlighted a number of vulnerabilities in a few applications available through various app stores. The CyRC stated that it "uncovered weak or missing authentication mechanisms, missing authorization, and insecure communication vulnerabilities" in the apps Lazy Mouse, Telepad, and PC Keyboard. These vulnerabilities could lead to the gathering of sensitive information, such as login credentials, through the exploitation of keystrokes.

Although we don't know the full impact of these vulnerabilities, these are great examples of the types of flaws or bugs that could fall off the list of priorities for many companies.

**Application Security Is Nonnegotiable**

With any scenario in which an application can be compromised by cybercriminals, there's enormous potential for reputational damage and revenue generation. That's why it's nonnegotiable.

Regardless of whether we're in a recessionary period or not, companies must continue prioritizing all application security activities on the same level as revenue. These activities include:

*   **Vulnerability and penetration testing:** Some of the first security activities that are often deprioritized in times of economic downturn are vulnerability and penetration testing. While a company may conduct this testing every few months during a normal economic period, it may decrease that rate to focus IT and engineering staff efforts on building new features and functionalities. This means there's opportunity for cybercriminals to attack an application that's not kept up to date to determine where its security vulnerabilities lie. It's critical for companies to maintain or increase their testing windows during down economic periods as cyber activities tend to trend up.

*   **Risk assessments:** When developing or enhancing applications, there are often company-created custom features and functionalities as well as those they integrated through a third party. Features and functionalities like this can include payments (Apple Pay, Google Pay, Stripe, PayPal, etc.), access (Facebook or Google login, etc.), biometrics, and more. As with vulnerability and penetration testing, companies must conduct regular risk assessments that include any third-party additions with which they work or integrate. The vulnerabilities inherent to these third parties have the potential to become issues for their business, too.

*   **Privacy protection:** Applications, especially those that are geared toward consumers as the end users, are particularly vulnerable to cyberattacks. Companies must continue to implement the processes and protocols that ensure the safety and encryption of user information.

*   **Bug bounty programs:** Historically, many technology companies or companies that offer applications and software host bug bounty programs that help to identify bugs or flaws. It's important for companies to continue investing in these types of programs that offer compensation to developers for their detections because, as mentioned earlier, flaws and bugs open a window for cybercriminals to exploit applications.

**Keep Priorities in Sight**

As companies look ahead and the economy continues to change, it's important they don't lose sight of their priorities. Yes, it's important to continue to find new revenue streams through applications to keep companies profitable. However, that doesn't have to come at the expense of application security.

Application Security Must Be Nonnegotiable

KnowBe4 partners with the Center for Cyber Safety and Education to support Black Americans in recognition of Black History Month to help further education.

**TAMPA BAY, Fla., Feb. 1, 2023 /PRNewswire-PRWeb/ —** KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced it has partnered with the Center for Cyber Safety and Education yo launch the KnowBe4 Scholarship for Black Americans for the fourth consecutive year.

The recipient of this award will receive a $10,000 scholarship on behalf of KnowBe4. This is a one-time award and students may reapply each year in the future to be considered for another scholarship. Applicants will be scored in three categories: passion, merit and financial need. The application period is now open and will close on April 17, 2023 at 11:59 p.m. EST.

"KnowBe4 is honored to commemorate the beginning of Black History Month with the launch of the 2023 Black Americans in Cybersecurity Scholarship," said Kelly Barrena, VP of global talent brand and outreach, KnowBe4. "We are passionate in our efforts to diversify the cybersecurity industry and to provide this opportunity to a student who is equally as passionate about the field. KnowBe4 looks forward to learning more about the applicants and selecting a deserving recipient."

For more information on and to apply for the KnowBe4 Scholarship for Black Americans administered by the Center for Cyber Safety and Education, visit https://www.iamcybersafe.org/s/knowbe4-black-americans-scholarship.

**About KnowBe4**

KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, is used by more than 56,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud, and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist, and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.

**About the Center for Cyber Safety and Education**

The Center for Cyber Safety and Education (Center) is a non-profit charitable trust of (ISC)2 committed to making the cyber world a safer place for everyone. The Center works to ensure that people worldwide have a positive and safe experience online through award-winning educational programs, scholarships, and research. Visit http://www.IAmCyberSafe.org to learn more.

KnowBe4 to Offer $10,000 to Black Americans in Cybersecurity Scholarship

Study also reveals enterprises rely on multiple tools to ensure cloud security.

**DEL VALLE, Texas — (****BUSINESS WIRE****) —** ManageEngine, the enterprise IT management division of Zoho Corporation, today announced results from its new study, Cloud Security Outlook 2023. The study found that enterprises have a limited number of analysts running their security operations centers (SOCs) and are deploying multiple tools in an attempt to address their cloud security challenges.

According to Gartner, 85% of organizations will embrace cloud-first strategies by 2025. ManageEngine’s study has also revealed a surge in cloud adoption, with 72% of respondents using multi-cloud applications and another 5% using hybrid cloud systems. The adoption rate will further increase in 2023 and 2024 because 23% of respondents are planning to move to the cloud in the next 24 months.

Amid this situation, enterprises are forced to tackle numerous cloud security threats, including compromised accounts. Enterprises are hampered by short-staffed SOCs, which has led to concerns about their cloud security resiliency. As many as 77% of respondents stated that they only have three to five security analysts running their SOCs.

The ManageEngine study further revealed that enterprises are finding it increasingly difficult to gain visibility into cloud activities and comply with various stringent regulations. Nearly half (48%) of respondents find compliance with cybersecurity laws, especially those related to the cloud, to be highly challenging.

These factors are driving enterprises to adopt a consolidated security architecture that facilitates streamlined, efficient security operations. An overwhelming 97% of respondents will be evaluating a solution that provides all security functions in a single console in 2023.

“The adoption of CASBs and SIEM platforms helps enterprises ensure security and integrity. However, having different tool sets leads to a visibility gap and complicates cloud security management amid unpredictable threats," said Manikandan Thangaraj, vice president of ManageEngine. "Cyber resilience refers to the ability of an organization to ensure business continuity in the event of a cyberattack with the help of business processes and tools. Cloud security resilience, therefore, requires enterprises to have visibility, enhanced policy enforcement, infection isolation and impact neutralization from a unified security architecture."

The findings of the survey indicate that:

*   **A lack of staffing and orchestration makes the security process complicated.**
    *   Most respondents (84%) stated they either have fewer than five security analysts or don't have dedicated analysts at all to run their SOCs.
    *   94% of respondents use different security tools to protect data, monitor user access, adhere to compliance mandates and gain visibility into cloud platforms.

*   **The three most common and impactful cloud security threats are identity-based.**
    *   The IT professionals surveyed stated that cloud account compromise is the most common and impactful cloud security threat (35%), followed by external cloud account exploits (23%) and unauthorized access and account compromise by insiders (14%).

*   **Compliance proves to be challenging for enterprises.**
    *   About half (48%) of those who monitor their cloud access or have hybrid cloud systems deployed said that the process of ensuring compliance is highly challenging. Another 37% acknowledged that it is tough, but manageable.
    *   Only 16% of respondents said that they are all sorted when it comes to compliance with cybersecurity laws, especially those related to the cloud.

Visit ManageEngine's website to access the entire _Cloud Security Outlook 2023_ report at https://mnge.it/T8E.

**Survey Methodology**  

ManageEngine commissioned Censuswide, an independent market research agency, to study the cloud landscape and the market demand for cloud security tools. Around 500 IT professionals in the US were surveyed, spanning various industries, including healthcare, financial services, manufacturing and government.

**About ManageEngine**  

ManageEngine is the enterprise IT management division of Zoho Corporation. Established and emerging enterprises—including 9 of every 10 Fortune 100 organizations—rely on ManageEngine's real-time IT management tools to ensure optimal performance of their IT infrastructure, including networks, servers, applications, endpoints and more. ManageEngine has offices worldwide, including the United States, the United Arab Emirates, the Netherlands, India, Colombia, Mexico, Brazil, Singapore, Japan, China and Australia, as well as 200+ global partners to help organizations tightly align their business and IT. For more information, please visit manageengine.com, follow the company blog and get connected on LinkedIn, Facebook and Twitter.

ManageEngine Study Finds United States Enterprises Hit by Short-Staffed Security Operations Centers

Google Fi mobile customers have been alerted that their SIM card serial numbers, phone numbers, and other data were exposed in T-Mobile hack.

Google Fi has sent an email to customers to disclose that their account data was included in the more than 37 million customer records stolen from T-Mobile in November 2022.

Google Fi is a wireless plan that runs much of its service over T-Mobile networks.

Details on Google Fi customers, including phone number, SIM serial card number, and service plan details were among the stolen T-Mobile data. 

Google added in its email that the compromised information didn't contain "your name, date of birth, email address, payment card information, Social Security or tax IDs, driver's license or other form of government ID, or financial account information, passwords or PINs that you may use for Google Fi or the contents of any SMS messages or calls."

However, Lior Yaari, CEO and co-founder of Grip Security, noted that potential cyberattackers can still do a lot of damage via SIM-swapping, by having access to the users’ phone numbers and SIM serial card numbers.

"At minimum, affected customers should consider changing out their SIM card to protect themselves," he said via email. "Once the hackers take over your phone number, they can use it for illicit purposes, or even bypass two-factor authentication that uses SMS."

Google Fi has not noted how many customers are affected. 

"Given the serious nature and impact of the breach, it’s surprising that Google has not disclosed the number of customers impacted, like what we have seen in other major breaches," Yaari said. Google did not immediately return a request for comment.

The latest T-Mobile data breach marks the second in two years for the mobile carrier.

Google Fi Users Caught Up in T-Mobile Breach

The new API incorporates threat intelligence research and employs machine learning to identify threats in the supply chain.

Software supply chain attacks where attack groups are tricking software developers in to integrating malicious open source components into their applications are on the rise. To help developers identify malicious packages, Checkmarx has launched Supply Chain Threat Intelligence, an API which delivers detailed threat intelligence on hundreds of thousands of malicious packages, contributor reputation, and malicious behavior.

Checkmarx says it identifies malicious packages by attack type, such as dependency confusion, typosquatting, and chainjacking. And contributor reputation is calculated by analyzing anomalous activity within packages.

Supply Chain Threat Intelligence is based on threat intelligence research by Checkmarx Labs, and includes the 150,878 malicious packages the group discovered in 2022, the company says. Checkmarx then employs machine learning, retro hunting, and cross-language hunting to identify emerging threats. The company also uses static and dynamic analysis to understand how the code in the package runs.

Security works best when it is part of the developer workflow. Checkmarx says Supply Chain Threat Intelligence integrates with widely use developer tools and environments. The developer obtains a unique token from Checkmarx, sends in a package name and its version number, and receives threat intelligence on the desired package. The developer then has information on what the package does, whether the package is considered malicious, and the reputation of the developer associated with the package.

Reporting packages don't stop attack groups, as they create new sock-puppet accounts and continue publishing them, Checkmarx says. The company maintains a data lake of all the packages scanned so that the team can continue analyzing them even after they have been deleted from package managers, the company says. This can help link multiple packages to the same threat actor, or uncover patterns over time.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Checkmarx Launches Threat Intelligence for Open Source Packages

Malware eventually has to exfiltrate the data it accessed. By watching DNS traffic for suspicious activity, organizations can halt the damage.

**Question: How does a threat actor utilize DNS communications in malware attacks?**

**Dave Mitchell, CTO, Hyas:** The idea that you can protect yourself from all malware is unrealistic, especially considering malware is an umbrella term that does not refer to any specific exploit, vector, goal, or methodology. Because the range of cyber threats is so wide and varied, there is no magic bullet that will repel every attack. So it's really only a matter of time before your network environment is compromised, forcing you to make some very hard decisions.

For instance, in the medical field, successful cyber attacks don't just affect an organization's ability to function; they also have major legal and reputational repercussions. Because of these circumstances, medical industry victims end up paying out ransomware demands at a higher rate than any other industry. If they were able to detect indicators of problems before they become full-blown attacks, healthcare organizations could save an average of $10.1 million per incident averted.

Most security solutions address a specific subsection of malware and/or infiltration vectors, but none of them can stop all threats at the gate. Even if they could, sometimes the gate is bypassed altogether. As we saw with the Log4J exploit and the recent compromise of the popular Ctx Python package, "trusted" resource libraries hosted on places like GitHub can be compromised by outside entities and used to deliver payloads of malware to thousands of endpoints without immediately triggering a red flag.

Not all threats lurk solely in cyberspace. Returning to the healthcare industry as an example highlights another attack vector that can get around all of your perimeter security — physical access. Most hospitals, physician's offices, pharmacies, and other medical facilities rely on networked terminals and devices located (or accidently left) in places where they can be accessed by patients, visitors, or other unauthorized users. In situations like these, it doesn't matter how well-defended your network is from outside attacks because the bad actor can simply insert a USB stick or use a logged-in device to access malware, compromising the network from within.

This may seem like an unwinnable situation, but thankfully there is one feature that ties the overwhelming majority of malware together — a shared Achilles' heel called the Domain Name System (DNS). More than 91% of malware utilizes DNS communication at some point during its attack lifecycle, making DNS an invaluable choke point in the fight against cyber threats.

When a piece of malware first finds its way onto your network, it tries to avoid detection. It uses this time as a reconnaissance phase during which it attempts to spread to more devices in the network environment, locate critical resources, and compromise backup storage.

It is also during this time that the malware needs to communicate back to the hackers' command and control (C2) infrastructure to receive instructions and report the information it has uncovered about the network. Like any traffic on the Internet, to communicate back out into the world, it needs to make a request to a domain name server. By employing a protective DNS solution, network administrators can monitor DNS traffic for indicators of malicious activity and then take action by blocking, quarantining, or otherwise disrupting it.

Unfortunately, with new threats being developed all the time and the ever-present risk of a physically initiated attack, companies must prepare for the inevitable successful breach of their network. However, once malware has gotten inside your network, it is almost certain to employ DNS communication at some point. A protective DNS solution can detect these abnormal requests and block them entirely, rendering the malware inert and letting you quickly begin the process of cleaning your systems and shoring up your defenses for next time.

Source

DARKReading