**AUSTIN, Texas****,** **Jan. 10, 2023** **/PRNewswire/ --** Bay Bridge Administrators, LLC, ("BBA"), an Austin, Texas based full-service third-party administrator of insurance products that works with many major insurance carriers and employers, has learned of a data security incident that involved the personal information of individuals enrolled in some employment insurance benefits administered by BBA for calendar year 2022.   

On September 5, 2022, BBA experienced a network disruption. BBA immediately took steps to secure the network environment and engaged a cybersecurity firm to conduct an investigation. The investigation determined that an unknown actor gained access to the BBA network on or prior to August 25, 2022 and obtained certain data from the BBA network on or about September 3, 2022.  After a thorough investigation, on December 5, 2022, BBA determined that certain personal information was involved in the incident and worked diligently to identify and notify these individuals.

The following personal and protected health information may have been involved in the incident: name, address, Social Security number, driver's license or state identification card number, medical information, health insurance information, and/or date of birth. The personal and protected health information involved was shared with BBA either by the individual, the individual's employer, and/or the individual's insurance carrier(s), in connection with enrollment in an employment insurance benefit plan for calendar year 2022.

To date, BBA is not aware of any evidence of the misuse of any personal and protected health information involved in this incident.  However, on December 29, 2022, BBA mailed notice of this incident to potentially impacted individuals for which BBA had identifiable address information. In this notification letter, BBA provided information about the incident and about steps that potentially affected individuals can take to protect their information. BBA also offered these individuals access to 24 months of complimentary credit monitoring and identity protection services through IDX, a national leader in identity protection services. 

BBA has established a toll-free call center to answer questions about the incident and to address related concerns. IDX call center representatives are available Monday through Friday from 8:00 a.m. – 8:00 p.m. Central Time and can be reached at 1-833-896-5300. Individuals who have not received a notification letter but are potentially impacted can obtain verification of eligibility through the IDX call center to enroll in services.

The privacy and protection of personal information is a top priority for BBA, which deeply regrets any inconvenience or concern this incident may cause.

SOURCE Bay Bridge Administrators, LLC

Bay Bridge Administrators, LLC Notifies Individuals of Data Breach

Supreme Court rules WhatsApp can sue NSO Group for damages caused by unauthorized Pegasus spyware installations.

The US Supreme Court has denied a petition to block WhatsApp from suing NSO Group for damages caused by malicious Pegasus spyware installations.

WhatsApp claims the Israel-based NSO Group targeted 1,400 WhatsApp users in April and May of 2019 with Pegasus spyware, committing fraud against the company and bogging down the platform's servers.

The Supreme Court ruling means WhatsApp can proceed with its litigation.

"NSO's spyware has enabled cyberattacks targeting human rights activists, journalists, and government officials," Meta said in a statement following the ruling. "We firmly believe that their operations violate US law and they must be held to account for their unlawful operations."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

SCOTUS OKs WhatsApp Suit Against NSO Group

Vice Society is boasting that it compromised the San Francisco transportation system, while BART maintains operations and mounts an investigation.

The San Francisco Bay Area Rapid Transit System (BART) was listed this week by ransomware group Vice Society as being among its latest victims.

Brett Callow, threat analyst with Emsisoft, flagged the Vice Society BART brag on Jan. 6. However, BART's spokesperson Alicia Trost told Dark Reading there haven't been any service disruptions as a result of a cyberattack and that an investigation is ongoing.

"We are investigating the data that has been posted," Trost told Dark Reading by email. "To be clear, no BART services or internal business systems have been impacted. As with other government agencies, we are taking all necessary precautions to respond."

Vice Society was also behind a recent spate of school breaches in the US and beyond, most recently releasing the personal information stolen from a group of 14 schools in the UK.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

San Fran's BART Investigates Vice Society Data Breach Claims

US cybersecurity services firm continues expansion into Latin America.

**Scottsdale, Ariz., Jan. 10, 2023 --** Cerberus Sentinel (NASDAQ: CISO), an industry leader as a managed cybersecurity and compliance provider, based in Scottsdale, Ariz., announced that it has signed a definitive agreement for the acquisition of RAN Security, a cybersecurity company with headquarters in Buenos Aires, Argentina, and offices in Chile, Peru, Bolivia, and Paraguay. Under the terms of the agreement, RAN Security will become a wholly owned subsidiary of Cerberus Sentinel. The transaction is expected to close later in the year, subject to the satisfaction of customary closing conditions, including applicable regulatory approvals.

RAN Security provides a broad range of secured managed services to organizations across South America. Roberto Tursi, CEO, will continue to manage the company's team of professionals and will work closely with the leadership team in Latin America. 

“RAN Security expands our growth strategy in Latin America and adds to our SOC/managed detection and response services,” said David Jemmett, CEO and founder of Cerberus Sentinel. “Cybersecurity requires global capabilities to properly address the security demands of businesses and organizations. RAN Security is an excellent cultural fit with the Cerberus Sentinel family of companies.”

“We are excited to join forces with Cerberus Sentinel and lead the future revolution of new security services,” said Roberto Tursi, RAN Security founder and CEO. “We believe joining the Cerberus Sentinel family of companies will result in our ability to deliver a more trusted security experience. Innovation, quality of services, and knowledge are values that we share with Cerberus Sentinel.”

RAN Security will continue to be based in Argentina. It is part of a growing network of companies acquired by Cerberus Sentinel in Latin America, including Arkavia, CUATROi, and NLT, to meet the cybersecurity needs of organizations across the continent.

Cerberus Sentinel announced plans on Dec. 22 for a corporate rebrand and launch. At the heart of the rebranding is a change of the company name to CISO Global, Inc., website, and an update to its corporate logo. The new brand identity marks another major milestone in the evolution of Cerberus Sentinel, embodies the enthusiasm of its employees, and it is indicative of a company on the move.

Reflecting its growth since 2019 on three continents, including North America, South America, and Europe, Cerberus Sentinel leaders believe that creating a strong parent brand in the marketplace is essential while ensuring the new identity matches the global enterprise the company is actively becoming.

**About Cerberus Sentinel**

Cerberus Sentinel is an industry leader as a managed cybersecurity and compliance provider. The company is rapidly expanding by acquiring world-class cybersecurity, secured managed services, and compliance companies with top-tier talent that utilize the latest technology to create innovative solutions to protect the most demanding businesses and government organizations against continuing and emerging security threats and compliance obligations.

**Safe Harbor Statement**

This news release contains certain statements that may be deemed to be forward-looking statements under federal securities laws, and we intend that such forward-looking statements be subject to the safe-harbor created thereby. Such forward-looking statements include, among others, our expectation regarding the closing of the RAN Security acquisition; our expectation that the CEO of RAN Security will continue to manage the company’s team of professionals and will work closely with the leadership team in Latin America; our belief that RAN Security expands our growth strategy in Latin America and adds to our SOC/managed detection and response services; our belief that cybersecurity requires global capabilities to properly address the security demands of businesses and organizations; our belief that RAN Security is an excellent cultural fit with the Cerberus Sentinel family of companies; our belief that we will lead the future revolution of new security services; the belief that RAN Security joining the Cerberus Sentinel family of companies will result in the ability to deliver a more trusted security experience; our plans for a corporate rebranding and launch; and our belief that creating a strong parent brand in the marketplace is essential while ensuring the new identity matches the global enterprise the company is actively becoming.  These statements are often, but not always, made through the use of words or phrases such as "believes," "expects," "anticipates," "intends," "estimates," “predict,” "plan," “project,” “continuing,” “ongoing,” “potential,” “opportunity,” "will," "may," "look forward," "intend," "guidance," "future" or similar words or phrases. These statements reflect our current views, expectations, and beliefs concerning future events and are subject to substantial risks, uncertainties, and other factors that could cause actual results to differ materially from those reflected by such forward-looking statements. Such factors include, among others, risks related to our ability to raise capital; our ability to increase revenue and cash flow and become profitable; our ability to recruit and retain key talent; our ability to identify and consummate acquisitions; our ability to acquire, attract, and retain clients; and other risks detailed from time to time in the reports filed with the Securities and Exchange Commission, including the Annual Report on Form 10-K for the fiscal year ended December 31, 2021 and the Quarterly Report on Form 10-Q for the quarter ended June 30, 2022. You should not place undue reliance on any forward-looking statements, which speak only as of the date they are made. Except as required by law, we assume no obligation and do not intend to update any forward-looking statements, whether as a result of new information, future developments, or otherwise.

Cerberus Sentinel to Acquire RAN Security

A paper by two dozen Chinese researchers maintains that near-future quantum computers could crack RSA-2048 encryption, but experts call the claims misleading.

A research paper that claimed a quantum breakthrough that could "challenge RSA-2048" encryption received significant attention in the past week, followed by significant criticism as experts weighed in.

The paper, titled "Factoring integers with sublinear resources on a superconducting quantum processor," proposes a general-purpose quantum algorithm combining two methods of optimization to speed up the process of discovering the prime factors of a given number — an operation that is central to traditional public-key encryption. 

The combination of a classical approach along with a quantum approach could allow RSA 2,048-bit public-key encryption to be decrypted much faster and would only require a 372-physical-qubit computer, according to the paper.

While the paper frames the research as a significant breakthrough — computer scientists love algorithms that reduce problems to sublinear time — quantum-computing experts began casting doubts on the two-dozen authors' claims in the past week. Scott Aaronson, the director of the University of Texas at Austin's Quantum Information Center, summarizes his opinion with three words: "No. Just No."

"The paper claims … well, it’s hard to pin down what it claims, but it’s certainly given many people the impression that there’s been a decisive advance on how to factor huge integers, and thereby break the RSA cryptosystem, using a near-term quantum computer," he says.

Quantum computers take advantage of the unique physics of quantum systems to probabilistically solve problems that would take exponential time and effort on the classical digital computers that the industry uses today. For information security professionals, quantum computers threaten to unravel the complex mathematics on which relies some widely used encryption, such as public key crypto-systems and elliptic curve cryptography.

To address the future threat of quantum computers, the National Institute of Standards and Technology (NIST) has developed post-quantum encryption algorithms that are just as difficult for quantum systems to decrypt.

**A Quantum Leap?**

With private industry investing significantly in various promising technologies, quantum computers have become much more capable. In November, for example, IBM announced the largest quantum computer to date at 433 qubits, a trebling of capability in a year.

The threat, however, remains some ways off, experts say.

"The theoretical ability of a quantum computer to perform ultrafast factorization of giant integers and thus match keys for a number of asymmetric crypto-algorithms — including RSA encryption — has long been known," cybersecurity firm Kaspersky said in a blog post this week. "So far, all experts have agreed that a quantum computer large enough to crack RSA would probably be built no sooner than in around a few dozen decades."

Given those expectations, the claims of the researchers from various academic institutions in China, if proved out, would have been a breakthrough. The researchers showed that their approach worked on a smaller problem on a 10-qubit computer, but Aaronson and others point out that the optimization techniques — known as Schnorr's algorithm and the Quantum Approximate Optimization Algorithm (QAOA) — on which the researchers relied remain unproven.

The researchers should demonstrate their technique by finding some of the larger primes in the RSA Factoring Challenge, a contest created in the early 1990s as a way to test new decryption algorithm, well-known cryptographer Bruce Schneier, now chief of security architecture at decentralized data security firm Inrupt, wrote in a blog poston the paper .

"Several times a year, the cryptography community received 'breakthroughs' from people outside the community," Schneier wrote. "In general, the smart bet is on the new techniques not working. But someday, that bet will be wrong. Is it today? Probably not."

**Paper Treated "Surprisingly Seriously"**

The paper claims that its approach is the least resource-intensive for the specific tasks involving factorization and that a physical 372-qubit computer could "challenge" RSA-2048. The researchers applied the technique to factoring 11-bit, 26-bit, and 48-bit integers.

Yet they concluded the paper on a tentative note.

"It should be pointed out that the quantum speedup of the algorithm is unclear due to the ambiguous convergence of QAOA," the authors stated in their conclusion.

Other quantum experts accused the researchers of burying the lead, producing "one of the most actively misleading quantum computing papers (in 25 years)," according to UT Austin's Aaronson.

"It seems to me that a miracle would be required for the approach here to yield any benefit at all, compared to just running the classical Schnorr's algorithm on your laptop," Aaronson says. "And if the latter were able to break RSA, it would’ve already done so."

Yet information security professionals should still expect a future where quantum computers pose a significant threat for pre-quantum encryption. While the Chinese research may not threaten information security at present, it will likely only be a matter of time before reasonable resources could yield encryption keys, as sustained and intensive research into breaking RSA or ECC continues, Michele Mosca, co-founder and CEO of evolutionQ, stated in an analysis of the paper.

"\[W\]e shouldn't procrastinate in moving along the complex migration to quantum-safe cryptography, including replacing RSA and ECC with standardized post-quantum algorithms," he said. "Further, new methods might also lead to advances in breaking the post-quantum algorithms, so we must also be ready to respond to this in a pragmatic way."

Quantum Decryption Breakthrough? Not So Fast

The cryptomining malware, which typically targets Linux, is exploiting weaknesses in an open source container tool for initial access to cloud environments.

A malware that typically targets Linux environments for cryptocurrency mining has found a new target: vulnerable images and weakly configured PostgreSQL containers in Kubernetes that can be exploited for initial access, Microsoft has found.

Kinsing is a Golang-based malware best known for its targeting of Linux environments, but Microsoft researchers recently observed the Kinsing malware evolving its tactics, Microsoft security researcher Sunders Bruskin divulged in a recently published report. 

Kubernetes, meanwhile, has become the standard open source tool for managing enterprise application deployment mainly because it's cost-effective, offers autoscaling, and can run on any infrastructure. Indeed, 85% of IT leaders consider Kubernetes "extremely important" to cloud-native strategies.

That Kinsing would begin to find new ways to exploit Kubernetes clusters is on brand for the malware, especially because Kubernetes, like the cloud itself, is notoriously difficult to secure. Attackers have found multiple holes in Kubernetes — including the discovery of more than 380,000 open Kubernetes API servers exposed on the Internet — that have made it open season on cloud environments that use the management platform. Threat actors are even using compromised Kubernetes clusters to launch further malicious attacks.

"Exposing the cluster to the Internet without proper security measures can leave it open to attack from external sources," Bruskin acknowledged in the post.

**Targeting Vulnerable Container Images**

One of the new ways Kinsing is targeting Kubernetes environments is by targeting images that are vulnerable to remote code execution (RCE), the researchers found. This allows attackers with network access to exploit the container and run their malicious payload, they said.

In their observations, Microsoft researchers observed several application images frequently infected with Kinsing malware, including PHPUnit, Liferay, Oracle WebLogic, and WordPress, Bruskin wrote.

A series of high-severity vulnerabilities in WebLogic that Oracle revealed in 2020 — CVE-2020-14882, CVE-2020-14750, and CVE-2020-14883 — have become particular targets of attackers wielding the Kinsing malware, which goes after unpatched WebLogic server images, researchers said.

Attacks begin with scanning of a wide range of IP addresses, looking for an open port that matches the WebLogic default port (7001), Bruskin revealed.

"If vulnerable, attackers can use one of the exploits to run their malicious payload (Kinsing, in this case)," he wrote, using a malicious command.

**PostgreSQL in the Crosshairs**

Microsoft researchers also recently observed a significant amount of Kubernetes clusters running PostgreSQL containers that were infected with Kinsing. They attributed the infections to attackers targeting several common misconfigurations that expose these servers, they said.

One is to use the "trust authentication" setting to configure these containers, which means PostgreSQL will assume that anyone who can connect to the server is authorized to access the database with whatever database user name they specify.  
"However, in some cases, this range is wider than it should be or even accepts connections from any IP address (i.e. 0.0.0.0/0)," Bruskin explained in the post. "In such configurations, attackers can freely connect to the PostgreSQL servers without authentication, which may lead to code execution."

Some network configurations in Kubernetes also are prone to Address Resolution Protocol (ARP) poisoning, which allows attackers to impersonate applications in the cluster. This means that even specifying a private IP address in the "trust" configuration may pose a security risk, the researchers said. ARP is the process of connecting a dynamic IP address to a physical machine's MAC address.

Indeed, as a general rule, configuring a PostgreSQL container to allow access to a broad range of IP addresses is exposing it to a potential threat, Bruskin warned.

Even if administrators don't configure it using an unsecured "trust authentication" method, attackers can brute-force PostgreSQL accounts, use denial-of-service (DoS) or distributed DoS (DDoS) attackers on the container's availability, or exploit the container and the database itself to compromise Kubernetes clusters, he wrote.

**Protecting the Enterprise Cloud**

Researchers offered both general rules of thumb for enterprises implementing Kubernetes environments and specific mitigations to avoid exposing them to attacks that target vulnerable images and common PostgreSQL misconfigurations.

In general, security teams must remain aware of exposed containers and vulnerable images and try to mitigate the risk before they are breached, Bruskin advised.

"Regularly updating images and secure configurations can be a game changer for a company when trying to be as protected as possible from security breaches and risky exposure," he wrote.

To mitigate the risk of implementing containers with vulnerable images, organizations can take several steps when deploying an image to the container, the researchers said. The first is to ensure that the image is from a known registry and that it's been patched and updated to the latest version, they said.

Organizations should also scan all images for vulnerabilities, identifying which ones are vulnerable and what those vulnerabilities are, especially the ones that are used in exposed containers. Finally, the researchers said, minimizing access to the container by assigning access to specific IPs and applying the "least privileges" rule to the user can also prevent attackers from exploiting vulnerable images in Kubernetes environments.

Microsoft: Kinsing Targets Kubernetes via Containers, PostgreSQL

nVisium's cloud and application security experts join NetSPI to support, scale, and deliver the most comprehensive suite of offensive security solutions.

**MINNEAPOLIS****,** **Jan. 10, 2023** **/PRNewswire/ --** NetSPI, the leader in enterprise penetration testing and attack surface management, today announced the acquisition of nVisium to further scale its offensive security solutions and address heightened demand for human-delivered penetration testing. nVisium will support NetSPI's continued efforts to deliver strategic security testing solutions to enterprises.

nVisium is an authority in security testing, with an impressive track record of delivering cloud and application pentesting to Fortune 500 companies and well-known brands such as Carfax, 1Password, Bluescape, Deltek, EAB, and Trimble.

With the acquisition, NetSPI now has over 450 offensive security experts globally who can support and scale to meet the needs of current and future clients.

"Our decision to acquire nVisium comes down to one core factor: acquiring amazing talent," said Aaron Shilts, CEO at NetSPI. "We're bringing two brilliant, culturally-aligned, and complementary offensive security teams together who are committed to delivering the highest standard of penetration testing on the market today. I'm excited to see what nVisium and NetSPI can accomplish together."

NetSPI welcomes Jack Mannino, CEO and founder of nVisium, to its senior leadership team. He founded nVisium in 2009 on the foundation of inventing new and more efficient ways of protecting software and scaling secure development in the software development lifecycle (SDLC).

"NetSPI's market leadership and people-first culture are a natural complement to what we've built at nVisium. We're all-in on the mission to help organizations keep pace with their ever-evolving attack surface," added Jack. "By joining forces with NetSPI, we have a massive opportunity to expand the breadth and depth of solutions we deliver, improve the client experience, and introduce new growth opportunities to our employees."

This acquisition follows NetSPI's $410 million growth investment from KKR and the December 2020 acquisition of Silent Break Security. Visit www.netspi.com or contact us to learn more.

**About NetSPI:** 

NetSPI is the leader in enterprise penetration testing and attack surface management. Today, NetSPI offers the most comprehensive suite of offensive security solutions – penetration testing as a service, attack surface management, and breach and attack simulation. Through a combination of technology innovation and human ingenuity NetSPI helps organizations discover, prioritize, and remediate security vulnerabilities. For over 20 years, its global cybersecurity experts have been committed to securing the world's most prominent organizations, including nine of the top 10 U.S. banks, four of the top five global cloud providers, four of the five largest healthcare companies, three FAANG companies, seven of the top 10 U.S. retailers & e-commerce companies, and 50 percent of the Fortune® 50. NetSPI is headquartered in Minneapolis, MN, with global offices across the U.S., Canada, the UK, and India. Follow NetSPI on Facebook, Twitter, and LinkedIn. 

**About nVisium:**

nVisium empowers organizations to eliminate security vulnerabilities through proven in-depth assessments, remediation, and training programs. Our experienced team of security-savvy engineers help organizations establish best practices with high ROI for their engineering and development lifecycles. Through services, software solutions, and R&D, nVisium provides security support for applications, operating systems, networks, mobile, cloud, and IoT unique to business operations, compliance initiatives, and more. Additionally, nVisium offers instructor-led and online security training. Privately owned and founded in 2009, nVisium is headquartered in Falls Church, VA, and names Fortune 500 companies and household brands as customers.

NetSPI Acquires nVisium

New Add-On Empowers SOCs and MSPs to Automate & Orchestrate Incident Response for Microsoft 365.

**SAN FRANCISCO****,** **Jan. 10, 2023** **/PRNewswire/ --** Vade, the global leader in threat detection and response with 1.4 billion mailboxes protected, today announced the availability of Threat Intel & Investigation. An add-on for Vade's flagship product, Vade for M365, Threat Intel & Investigation provides the integrations, intel, and tools for SOCs and MSPs to investigate and respond to email-borne threats transiting through networks.

According to a 2021 report, breaches caused by phishing emails take an average of 213 days to be identified and another 80 days to be contained. This lag time gives cybercriminals the runway they need to conduct additional attacks on an organization, causing even more damage than the initial attack.

"Email is the #1 vector for cyberattacks," said Adrien Gendre, Chief Technology & Product Officer and cofounder at Vade. "Unfortunately, SOCs and MSPs don't always have visibility into how or when an email threat infiltrated their organization or how far it has spread throughout the network. The speed at which today's cybercriminals are working means that organizations cannot afford to lose precious time on incident response."

Vade for M365 is an AI-based email security solution for Microsoft 365 that catches the advanced phishing, spear phishing and malware threats that bypass Microsoft's native security. The Threat Intel & Investigation add-on for Vade for M365 features five core capabilities designed to empower SOCs and MSPs to automate investigations, orchestrate responses and move swiftly and with precision to live threats:

*   **File Inspector:** Deconstructs files and attachments directly in the Vade for M365 interface—without exposing administrators to risk. File Inspector reveals critical details about files and attachments, providing admins with the data required to make faster decisions, cross-check threats across networks and accelerate incident response across affected endpoints and users.
*   **Log Export:** Injects live email and event logs into any security management system, a powerful two-way integration powered by the Vade for M365 API. Connect Vade's email threat intelligence into your organizations' SIEM or SOAR to trigger automation playbooks and enhance your disaster recovery program.
*   **Reported emails:** Automates collection of user-reported emails and clusters similar, unreported emails in one dashboard, speeding user-based incident response and eliminating time-consuming, manual investigations. Receive alerts when users report emails via Outlook and quickly triage and remediate reported emails, similar emails, and forwarded emails with one click.
*   **Download emails/attachments:** Provides access to raw email intelligence for objective evaluation by threat analysts, saving precious time and resources that are typically wasted on searching for and analyzing raw email data.
*   **Add-on for Splunk:** Integrates Vade for M365 with Splunk without the need for custom software development. Combine Vade's threat intelligence with Splunk's SIEM and SOAR capabilities to have better visibility into the threat landscape and actionable insights with which to orchestrate rapid responses.

Vade partners and customers are already experiencing the benefits of Threat Intel & investigation, including Huntington Technology, a US-based MSP offering comprehensive managed services and managed security services:

"One of my helpdesk technicians excitedly came into my office last week. He asked if I had seen the new 'Reported emails' function within Vade," said William Bluford, Vice President, Huntington Technology. "He explained that we can now see which emails are reported as malicious. Not only can we see those emails, but we can see how many users are affected, and we can then remediate and remove those emails from all user mailboxes. This saves time for my helpdesk team and keeps our clients protected."

"Our customers have made clear that they need better visibility into their cybersecurity landscape," Gendre said. "They're challenged to monitor and manage threats from an array of end points, and IT is overburdened by too many complex tools. Threat Intel & Investigation was designed to give our customers the tools they need to thoroughly investigate threats, cross check those threats across their networks, and develop incident response processes—without the burden of complexity."

Threat Intel & Investigation on brings all these capabilities to Vade for M365. Vade's latest innovation will reduce incident response time, eliminate the need for additional security investments, and free up critical IT resources. Threat Intel & Investigation is available today in Vade for M365. To learn more, visit Threat Intel & Investigation.

**About Vade**

Vade is a global cybersecurity company specializing in the development of threat detection and response technology with artificial intelligence. Vade's products and solutions protect consumers, businesses, and organizations from email-borne cyberattacks, including malware/ransomware, spear phishing/business email compromise, and phishing.

Founded in 2009, Vade protects more than 1.4 billion corporate and consumer mailboxes and serves the ISP, SMB, and MSP markets with award-winning products and solutions that help increase cybersecurity and maximize IT efficiency.

To learn more, please visit www.vadesecure.com and follow us on Twitter @vadesecure or LinkedIn https://www.linkedin.com/company/vade-secure/.

SOURCE Vade

Vade Releases Advanced Threat Intel & Investigation Capabilities

2023 Security Service Edge (SSE) Adoption Report finds that SSE technology addresses key pain points including much-needed solution consolidation, transition to hybrid work and need for hardened security.

**PLANO, Texas****,** **Jan. 10, 2023** **/PRNewswire/ --** Axis, in partnership with Cybersecurity Insiders, released industry-first data with its 2023 Security Service Edge (SSE) Adoption Report. This report distills insights from 355 cybersecurity professionals on the migration from legacy access solutions such as Virtual Private Networks (VPNs) in light of the new hybrid workplace and the rapidly growing SSE market.

With 88% of organizations supporting a hybrid or remote work model, it's clear that the way people work has changed, thus organizations are realizing that the means in which secure access is achieved must also adapt.

**SSE is crowned queen when it comes to securing the modern workplace**

In just under two years since the term was first introduced, SSE has become immensely popular, with nearly three out of four cybersecurity professionals (71%) now familiar with the category. The study found that SSE now ranks as more critical than SSO, MFA, endpoint security, and SIEM when it comes to zero trust. Furthermore, 65% of organizations plan to adopt an SSE platform in the next 24 months, with 43% planning on implementing it before the end of 2023.

This year the industry will see SSE quickly become a top strategic initiative for organizations as it plays a major role in Secure Access Service Edge (SASE) adoption, and successful Zero Trust implementation. 67% state that they will start their SASE strategy with an SSE platform, compared to 33% with SD-WAN. One bonus statistic that was uncovered was regards to single-vendor SASE vs. multi-vendor SASE preference. The audience was split (~50% for each).

**The benefits of SSE for cost reduction and productivity are clear drivers of business adoption**

The impact of remote and hybrid work has led to the proliferation of security solutions for organizations. The research found that 63% of enterprises have 3 or more security solutions in use to enable access, while nearly a quarter leverage 6 or more. This contributes to an increase in costs to the business, and complexity in management. Respondents stated that complexity in access management ranked second, right behind the fact legacy access solutions grant too much inherent trust to users – when it came to top challenges.

SSE services provide a means of reducing costs and reliance on the internal appliance stack and external appliance stack in a new macroeconomic climate. The top two legacy solutions that enterprise security teams will look to replace with SSE will be VPN Concentrators (63%) for VPN, SSL inspection services (50%) and DDoS (44%) with data loss prevention services (42%) being a very close fourth place.

Cost reduction, high availability, and reliability, have long been benefits of cloud services. Hence, it was not surprising that 60% of respondents said that they prefer SSE services built on a public cloud backbone. In addition, there was overwhelming agreement that including Digital Experience Monitoring (DEM) is important for any SSE platform (90%). As teams evaluate SSE, they are prioritizing platforms with DEM capabilities.

As teams contemplate where they should begin utilizing SSE for their business, nearly 50% of organizations have decided to start by securing access for their remote and hybrid employees. And, given the mass adoption of hybrid work, this a logical starting point for the businesses.

"Uncovering this data shines light on the truth about SSE adoption in the context of SASE, the criticality of SSE compared to other zero trust ecosystem technologies, and the positive impact SSE has on business as they transform" said Dor Knafo, Co-founder and CEO of Axis. "We are even more excited to continue to build on our Atmos SSE platform for our customers, and deliver on the promise of SSE and SASE, as we continue our mission of harmonizing secure access for the modern workplace."

Read the full 2023 Security Service Edge Adoption report here

**About Axis Security**

Axis' vision is to bring harmony to workplace connectivity and that the sooner IT adopts zero trust, the sooner we can witness a world where the exchange of information is always fast, seamless, and secure. With 350 Axis cloud service edges across the world, Axis helps IT leaders enable their employees, partners, and customers to securely access business data without the pitfalls of network-centric solutions or application limitations that every other zero trust service faces. Through its world-class research and development and founding team which hails from Israel's acclaimed Unit 8200, Axis aims to accelerate the world's transition to a modern workplace where hybrid work is made simple, digital experience becomes a competitive advantage and business data remains protected from cyber threats even as it moves to the cloud. For more information, visit www.axissecurity.com. Follow us on Twitter and on LinkedIn.

SOURCE Axis Security

65% of Organizations Plan to Adopt a Security Service Edge Platform in Next 2 Years: Axis Security

401 distinct cloud apps shown to deliver malware; Microsoft OneDrive delivered 30% of all cloud malware downloads.

**SANTA CLARA, Calif.****,** **Jan. 10, 2023** **/PRNewswire/ --** Netskope, a leader in Secure Access Service Edge (SASE), today unveiled new research showing that over 400 distinct cloud applications delivered malware in 2022, nearly triple the amount seen in the prior year. Netskope researchers also found that 30% of all cloud malware downloads in 2022 originated from Microsoft OneDrive.

Cloud apps are widely used by businesses, a fact not lost on attackers, which view these apps as an ideal home for hosting malware and causing harm. The Cloud & Threat Report from Netskope Threat Labs examines how these cloud security trends are shifting and advises organizations on how to improve their security posture based on those shifts.

"Attackers are increasingly abusing business-critical cloud apps to deliver malware by bypassing inadequate security controls," said Ray Canzanese, Threat Research Director, Netskope Threat Labs. "That is why it is imperative that more organizations inspect all HTTP and HTTPS traffic, including traffic for popular cloud apps, both company and personal instances, for malicious content."

**Rise in Uploads to Cloud Apps Means Rise in Malware-Delivered Downloads** 

The most significant change in cloud application use in 2022, compared to 2021, was the marked increase in the percentage of users uploading content to the cloud. According to Netskope data, over 25% of users worldwide uploaded documents daily to Microsoft OneDrive, while 7% did so for Google Gmail and 5% for Microsoft Sharepoint. The drastic increase in active cloud users across a record number of cloud applications led to a sizable increase in cloud malware downloads in 2022 from 2021, after remaining close to flat in 2021 compared to 2020.

The correlation between uploads and downloads among the most popular apps is no coincidence. Nearly a third of all cloud malware downloads originated from Microsoft OneDrive, with Weebly and GitHub coming in the next closest among cloud apps at 8.6% and 7.6%, respectively. 

**Cloud-Delivered Malware Is Increasingly More Prevalent Than Web-Delivered Malware**

Industries have increased their reliance on cloud applications and cloud infrastructure to support business operations over the last several years—a trend further accelerated by the COVID-19 pandemic and a worldwide shift toward hybrid work. As a result, cloud-delivered malware is now responsible for a much higher percentage of all malware delivery than ever before, especially in certain geographic regions and industries.

In 2022, several geographic regions saw significant increases in the overall percentage of cloud vs. web-delivered malware compared to 2021, including:

*   Australia (50% in 2022 compared to 40% in 2021)
*   Europe (42% in 2022 compared to 31% in 2021)
*   Africa (42% in 2022 compared to 35% in 2021)
*   Asia (45% in 2022 compared to 39% in 2021)

In certain industries, cloud-delivered malware also became more predominant globally, especially:

*   Telecom (81% in 2022 compared to 59% in 2021)
*   Manufacturing (36% in 2022 compared to 17% in 2021)
*   Retail (57% in 2022 compared to 47% in 2021)
*   Healthcare (54% in 2022 compared to 39% in 2021)

**Cyber Preparedness: The Remote Workforce is Here to Stay**

Companies have made considerable adjustments to enable remote and hybrid workplaces to flourish. While some industries sought to bring employees back to the office on a more frequent basis in 2022, remote work options appear to remain largely in place. According to Netskope data, user dispersion—the ratio of the number of users on the Netskope platform to the number of network locations from which those users' traffic originates—is 66%, the same percentage it was at the start of the pandemic over two years ago.

Remote and hybrid work dynamics continue to pose multiple cybersecurity challenges, including how to securely provide users access to the company resources they need to do their jobs and how to scalably and securely provide users access to the internet.

Netskope recommends organizations take the following actions to avoid increased risk of security incidents stemming from cloud- and web-delivered malware:

*   Enforce granular policy controls to limit data flow, including flow to and from apps, between company and personal instances, among users, to and from the web, adapting the policies based on device, location, and risk.
*   Deploy multi-layered, inline threat protection for all cloud and web traffic to block inbound malware and outbound malware communications.
*   Enable multi-factor authentication for unmanaged enterprise apps.

Get the full Netskope Cloud and Threat Report: 2022 Year in Review here.

For more information on cloud-enabled threats and our latest findings from Netskope Threat Labs, visit Netskope's Threat Research Hub.

**About Netskope**

Netskope, a global SASE leader, is redefining cloud, data, and network security to help organizations apply zero trust principles to protect data. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements. Learn how Netskope helps customers be ready for anything on their SASE journey, visit netskope.com.

Source

DARKReading