It is imperative for executives and board members to know who their top allies are, and how to best leverage them to successfully navigate a crisis and minimize the harm caused by a breach.

Chris Crummey, Director, Executive & Board Cyber Services, Sygnia

September 27, 2024

5 Min Read

Source: Artur Marciniec via Alamy Stock Photo

COMMENTARY

Many organizations have gone to great lengths in preparing for a cyberattack, leveraging both services and solutions to limit risk and exposure. Despite these efforts, breaches persist, ransomware payouts have grown, and leaders continue to make mistakes during cyber crises that impact organizations and customers both short and long term.

Most of these mistakes happen when the stakeholders do not know their roles, responsibilities, and what they are authorized to do in a crisis. This lack of clarity causes friction when leaders are required to make several highly impactful decisions during a cyber incident with little time and often limited verified information.

The biggest challenge facing crisis response teams is the fact there simply is never enough time to gather, verify, and analyze the necessary information to make the best possible decision. Under the pressure of a compressed timeline and increasingly concerned stakeholders, executives and board members tend to fixate on finding ways to shorten the time to remediation.

They should also prioritize reducing present and future risks for the company and ensure their teams do the same, but that often gets overlooked. As everyone within the organization turns to leadership for guidance and direction, it's important for those in charge to understand who their greatest allies are during a crisis and how they can leverage them to minimize the business and reputational impact of a breach.

**Open and Ongoing Communications**

During the crisis, leadership must rely on its guiding principles to define their communication strategy and provide employees with a North Star that explains what they need to do forthwith. This starts with establishing a secure and classified crisis war room to collaborate and communicate under privilege, categorizing the event and defining what can and cannot be shared, and clearly defining roles and responsibilities for each stakeholder. This creates a leadership filter that determines who is authorized to make decisions and sets a timeline in motion for when information should be disseminated internally and externally, which systems need to be taken offline or brought back on, and if or when authorities and regulators should be contacted. 

Organizations must maintain constant communication with each line of business throughout the crisis because it empowers employees to make the micro-decisions necessary to limit the ongoing business and reputational harm. There is no better example of this than former Maersk CEO Soren Skou, whose tip-of-the-spear leadership helped the company navigate the unprecedented 2017 NotPetya malware attack. Skou participated in all crisis calls and meetings, focused on internal and external communication, and instructed all frontline staff across the 130 countries Maersk operates in to "do what you think is right to serve the customer — don't wait for the HQ, we'll accept the cost." In doing so, Maersk quickly mobilized to identify and remove the malware from its systems to restore operations, provided real-time feedback to its stakeholders about the situation, and resumed online books just eight days after the attack.

**Built-in Alternatives**

Each decision made during a crisis can set off a chain reaction that can compound damage. Business and security leaders often experience a rush of cortisol during the first few hours of a crisis that induces the "fog of war" feeling, clouding judgment and causing mistakes. It is important to understand during these moments that each choice has multiple options, leaders must ask the right information-gathering questions to support a full business response, and there is no perfect answer or solution. 

Redundancy is a key strategy to save time during a crisis, and the most mature organizations have created a collaborative response plan based on the PACE model. For instance, if an organization suffers a ransomware attack and its communications platforms are potentially compromised, moving to an alternate platform quickly removes a significant amount of risk. Teams should be aligned on how much risk they are willing to take with each decision and create a coordinated understanding of their options. By working through the pros and cons associated with these choices, executives and board members can determine which decisions their organizations should make to get operations back up and running as quickly and efficiently as possible.

**Driving a Culture of Preparedness**

Organizations that have dedicated the necessary time to preparing their teams for a crisis have confidence in their employees to successfully execute the incident response plan and limit the amount of damage inflicted by a threat actor. Testing each level of these plans, especially the "small details," is critical for successful execution of the organization's strategy. It allows leadership to adapt their playbooks and runbooks to various situations and circumstances, and evolve their pre-crisis plans to account for emerging threats and their effects on the business.

Conducting tabletop exercises, creating and testing playbooks and runbooks, and putting employees through real-life simulations during war games fosters a well-coordinated response and puts teams in the best position for when (not if) a situation arises. These operations can reveal potential gaps and answer questions that include: How is the company communicating to its employees when the email platform is compromised? Who is managing that list of employees and their corresponding contact information? Where is that document stored and when was it last updated? The responses to these questions are a direct correlation to a company's maturity and preparation.

When a corporation finds itself in the middle of a cyber crisis, the key stakeholders will shift their focus to the executive leadership team to determine how well they are responding. During these times, it is imperative for executives and board members to understand who their top allies are, and how to best leverage them to successfully navigate the situation and minimize the financial and reputational harm caused by the breach.

**About the Author**

Director, Executive & Board Cyber Services, Sygnia

Chris Crummey is the Director for Executive and Board Cyber Services globally at Sygnia. For the past eight years, Chris has prepared and advised thousands of companies, SOCs, executives and Boards of Directors on cybersecurity best practices before, during and after a cybersecurity crisis. These best practices focus on the intersection of cybersecurity, risk-based decision making, crisis communications, leadership under pressure and the role human beings play in cybersecurity. As a keynote speaker on these topics, Chris is also a cybersecurity faculty member of “Competent Boards,” which is the original and premier creator of online of ESG training programs for board directors and senior business professionals. Prior to this role, Chris was the Executive Director for the IBM’s X-Force Command Centers globally and specialized in tabletop exercises and cyber wargames.

Top Allies Executives &amp; Boards Should Leverage During a Cyber Crisis

As Superman has kryptonite, software has weaknesses — with misconfigurations leading the pack.

Mark Troester, Vice President of Strategy, Progress

September 27, 2024

4 Min Read

Source: Borka Kiss via Alamy Stock Photo

COMMENTARY

The convergence of rising cyber threats, advanced artificial intelligence (AI), remote work, and hybrid infrastructures presents significant cybersecurity challenges in today's IT landscape. As a result, it's necessary to make your endpoints, cloud infrastructure, and remote access channels more secure. As cyber adversaries adopt new tactics, organizations worldwide respond by expanding the use of continuous threat exposure management (CTEM) systems, investing in robust security solutions, and leveraging cross-functional collaboration to mitigate risks and safeguard digital assets effectively.

But like Superman has kryptonite, even the best software has weaknesses, with misconfigurations leading the pack.

Consider this: Microsoft research indicates that a staggering 80% of ransomware attacks can be attributed to common configuration errors in software and devices. 

Misconfigurations now hold an unenviable fifth place on the Open Worldwide Application Security Project Top 10 — a crucial vulnerability reference for the cybersecurity community. OWASP found 208,000 occurrences of common weakness enumeration (CWE) within 90% of applications tested for misconfiguration, highlighting the widespread nature of this vulnerability.

OWASP says, "Without a concerted, repeatable application security configuration process, systems are at a higher risk."

With this evidence, it's no wonder that organizations are paying more attention to "misconfigurations."

**Picture This ... **

You're sitting down with your morning cuppa and stories of a data leak hit the headlines. The company affected is a leading insurance firm, and the personal information of thousands of customers has been made available on the Internet for months. With a little research, you learn that the firm left several customer records unprotected on one of its clouds, making it easy for anyone to access this information through a simple SQL command. While digging through the tabloids you stumble upon the cause of such a tremendously ironic turn of events. Turns out, it was a simple misconfiguration error: The system administrator left the cloud open to the public since they missed updating the privacy settings and permissions for the cloud storage in question.

We learn that human errors, despite stringent protocols, are difficult to control and, consequentially, remove. The increasing complexity of distributed and component-based systems and common misunderstandings of system requirements and design will likely lead to more problems. While humans play a critical role in decision-making and monitoring systems, manual updates are no longer viable.

**So, What Can You Do About It?**

With all that's happening in cybersecurity, can you confidently say you have all your endpoints covered? And by all, I mean all — including the data on third-party systems. If your answer to this is yes, congratulations! You're doing better than most organizations in the world! But if your answer is no, I would like you to consider the following measures to improve the security of your systems: 

1.  Employ automation that extends DevOps from application delivery to IT operations to DevSecOps. Automation is the remedy that will help organizations avoid manual errors. It will allow employees to use their precious time for more important tasks while confirming that initial and ongoing configurations are error-free. By automating audits on configurations, you can create a repeatable system hardening process that will potentially save you a lot of time and money in the future. Automation will enable you to reduce human error, improve reliability, maintain consistency, and support collaboration across teams. It will also give all stakeholders visibility over the security posture of your IT estate.
    
2.  Use a policy-as-code approach to help frame your security and compliance policies or rules. Organizations can configure systems by encoding security rules in human-readable and machine-enforceable policies and continuously checking for and remediating drift. In fact, policy-as-code brings both configuration and compliance management into a single step. This removes the security silo and brings all stakeholders into a shared pipeline and framework, enabling collaboration among team members and allowing for security to be shifted left in the development process. The policy-as-code approach can help detect misconfigurations, increase efficiency and speed, and reduce the risk of production errors.
    

While there is a technical aspect to DevSecOps, there is also a human aspect that involves collaboration and planning. A multiprong approach that starts with collaboration across IT operations and security and compliance teams, while discussing the appropriate external and internal compliance requirements, is a critical starting point.

After understanding the configuration and policies, you can start with pre-packaged policies that align with standards such as the Center for Internet Security (CIS) Benchmarks and the Department of Defense Systems Agency-Security Technical Implementation Guides (DISA-STIG). Consider using an automated system to verify if your configurations are continuously accurate. This, in turn, will allow your organization to address complex and heterogeneous environments, including cloud-native public cloud services, Kubernetes configurations, and any on-premises or hybrid cloud workload.

**About the Author**

Vice President of Strategy, Progress

Mark Troester is the vice president of strategy at Progress. He helped guide the strategic go-to-market efforts for Progress before transitioning into a leadership role for the Progress Infrastructure Management division, which includes DevOps/DevSecOps, network management, network detection and response, and application delivery control offerings. Previously, he worked with both upstarts and stalwarts like Sonatype, SAS, and Progress DataDirect. Before these positions, Mark worked as a developer and developer manager for startups and enterprises alike. Mark has extensive speaking experience on topics at the intersection of business and technology, including industry events hosted by Gartner, Forrester, TDWI, and more.

Could Security Misconfigurations Become No. 1 in OWASP Top 10?

The number of memory bugs in Android declined sharply after Google began transitioning to Rust for new features in its mobile OS.

Source: quietbits via Shutterstock

The number of memory-related vulnerabilities in Android has dropped sharply over the past five years, thanks to Google's use of a secure-by-design approach that emphasizes the use of memory-safe languages like Rust for most new code.

Memory safety issues like buffer overflows and use-after-free bugs now account for just 24% of all Android vulnerabilities, compared to 76% in 2019. Numbers so far this year suggest a total of 36 Android memory-related vulnerabilities for all of 2024, or roughly half the number as last year and a far cry from 223 flaws in 2019.

**Secure-by Design Approach Pays Off**

In a Sept. 25 blog post, researchers from Google's Android and security teams credited the progress to Safe Coding, a secure-by-design approach at the company that prioritizes memory-safe languages like Rust for new code development. "Based on what we've learned, it's become clear that we do not need to throw away or rewrite all our existing memory-unsafe code," the researchers wrote. "Instead, Android is focusing on making interoperability safe and convenient as a primary capability in our memory safety journey."

Memory safety vulnerabilities have traditionally accounted for, and continue to account for, more than 60% of all application software vulnerabilities. They have also been disproportionately severe when compared to other flaws. For instance, in 2022, memory-related bugs made up only 36% of all identified Android vulnerabilities but accounted for 86% of the most severe flaws in the operating system and 78% of confirmed exploited Android bugs.

Much of this has to do with how widely used programming languages such as C and C++ allow software developers to directly manipulate memory, leaving the door open for errors to creep in. In contrast, memory-safe languages like Rust, Go, and C# feature automatic memory management and built-in safety checks against common memory-related bugs. Numerous security stakeholders including the US Cybersecurity and Infrastructure Security Agency (CISA) and even the White House have raised concerns over heightened security exposure associated with using memory-unsafe languages and the substantial costs involved in addressing them. While the shift to memory-safe languages has been slowly gaining momentum, many expect it will take years and possibly decades to move existing code bases entirely to memory-safe code.

**A Gradual Transition**

Google's approach to the problem has been to use memory-safe languages like Rust for new Android features while leaving existing code largely untouched except to make bug fixes. The result is that over the past few years there has been a gradual slowdown in new development activity involving memory-unsafe languages matched by an increase in memory-safe development activity, the two Google researchers said.

Google began the transition with support for Rust in Android 12 and has been gradually increasing use of the programming language within the Android Open Source Project. Android 13 marked the first time that most of the new code in the operating system was in a memory-safe language. At the time, Google emphasized that its goal was not to convert all C and C++ code to Rust, but instead to gradually transition to the new programming language over time.

In a blog post earlier this year, members of Google's security engineering team noted that they saw "no realistic path for an evolution of C++ into a language with rigorous memory safety guarantees." But rather than walking away from it all at once, Google will continue to invest in tools to improve memory safety in C and C++ to support the company's existing codebases written in these languages.

Significantly, Google found that memory-related bugs as a percentage of all Android vulnerabilities declined not just because of the company's growing use of a memory-safe language like Rust but also because older vulnerabilities decayed with time. The researchers found that the number of vulnerabilities in a given amount of code — often referred to as vulnerability density — was lower in five-year-old Android code compared to brand new code.

"The problem is overwhelmingly with new code, necessitating a fundamental change in how we develop code," the researchers said.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Memory-Safe Code Adoption Has Made Android Safer

PRESS RELEASE

San Jose, CA - October 1, 2024 — Stellar Cyber, the world’s most open AI-driven security operations platform powered by Open XDR technology, announced that it secured National “Don’t Click It” Day on October 16, 2024, coinciding with National Cybersecurity Awareness Month. This initiative aims to educate and raise awareness for people of all ages on the dangers of hackers and cyber threats. “Don’t Click It, Pitch It,” the program that has inspired their National Day, helps to teach people what to do when they receive a suspicious email or text message and how to ensure that their sensitive information is not compromised in a scam.  
“In the end, it is not about how much technology we can throw at cybercrime; a very big part of the issue is changing human habits, and we want to start with our youth,” said Steve Garrison, Senior Vice President of Marketing at Stellar Cyber and Founder of Don’t Click It, Pitch It. “Most cyber attacks happen because someone somewhere opened an email or clicked on a link they should not have.  Don’t Click It hones in on this habit and teaches children of all ages that if they do not know where something is from, throw it away. Curiosity killed the cat, but in this case, we hope to put a halt to curiosity and stop cybercrime from happening.”

Millions of phishing emails and fake alerts are sent out every day by hackers and criminals trying to gain access to bank accounts, financial records, and all other types of data. These methods can be extremely convincing to kids and young adults who have not been educated on the inherent risks of cyber attacks. Stellar Cyber has partnered with Minor League Baseball organizations, including the Ogden Raptors (Ogden, UT), the Oakland Ballers (Oakland, CA), and the Lake County Corn Dogs (Crown Point, IN), to help educate kids and teens about how to stay safe online.  

Through “Don’t Click It, Pitch It,” Stellar Cyber has also brought its curriculum to thousands of  students in Massachusetts and California, equipping these young people with the knowledge needed to identify and respond to phishing emails that contain bad links and attachments.  If we can change human habits, we can help end cybercrime.

Stellar Cyber encourages people to celebrate National “Don’t Click It” Day by posting examples of scam texts and emails that they have received to help spread awareness of the various methods that hackers and criminals employ to attempt to access our data and infiltrate our lives. The more we expose the common tactics that these hackers use and educate the public on the ways to identify a potential threat, the safer our online community will be and the more secure our sensitive information will become. 

What are our partners saying about Don’t Click It:

Judy Security CEO Raffaele Mautone said, “When we heard about the “Don’t Click it, Pitch It” campaign, we were all in.  Stellar Cyber is doing a great thing to help educate our children about being careful not to click on something from someone they do not know.”  
Blackswan Cybersecurity’s CEO Mike Saylor, Ph.D. said, ”Stellar Cyber understands the need to educate people of any age about being safe online, but starting with our children is brilliant.  Blackswan stands behind “Don’t Click It” and is thrilled to see the nonprofit have a national day to bring even  more awareness to the cause.”

CyFlare CEO Joe Morin said, “Business email compromise and phishing are the second largest attack vectors crippling organizations and dramatically impacting individuals, yet 100% of these attacks can be prevented if users are educated not to click. Teaching children cybersecurity awareness takes only a small amount of time but creates a lasting, impactful defense for the future.”

About Stellar Cyber

Stellar Cyber’s Automation-driven Security Operations Platform, including NG-SIEM and NDR and powered by Open XDR, delivers comprehensive, unified cybersecurity without complexity. It empowers lean security teams of any skill level to successfully secure their environments. As part of this unified platform, Stellar Cyber’s Multi-Layer AI™ enables enterprises, MSSPs, and MSPs to reduce risk with early and precise threat identification and remediation while slashing costs, retaining investments in existing tools, and improving analyst productivity. This results in a 20X improvement in MTTD and an 8X improvement in MTTR. The company is based in Silicon Valley. For more information, visit https://stellarcyber.ai  

About Don’t Click It, Pitch It!

Don’t Click It, Pitch It! aims to educate young adults and teens on cybersecurity, focusing on identifying and preventing cyberattacks like phishing and identity theft. By 2030, it seeks to teach over five million young people how to protect their personal information. The organization emphasizes safety, privacy, and confidence in digital interactions through educational programs and activities run by volunteers, with proceeds supporting its mission. For more information, visit Don’t Click It, Pitch It

Stellar Cyber Secures National 'Don't Click It' Day

PRESS RELEASE

DOWNERS GROVE, Ill., Sept. 24, 2024 – Cybersecurity is the top technology priority for the vast majority of organizations, but moving from aspiration to reality requires a top-to-bottom commitment that many companies have yet to make, according to new research released today by CompTIA, the nonprofit association for the technology industry and workforce.

CompTIA’s “State of Cybersecurity 2025” report reveals that cybersecurity is a primary or secondary priority for 98% of organizations. Yet only 25% of survey respondents feel that the overall direction of cybersecurity is improving dramatically, and only 22% characterize their organization’s cybersecurity efforts as completely satisfactory. Nearly 1,200 business and IT professionals across seven global regions were surveyed.

“Something is missing, either in the approach organizations are taking or in their expectations around what ideal cybersecurity would look like,” said Seth Robinson, vice president, industry research, CompTIA.

Cybersecurity’s unique status as a business imperative at all organizational levels – staff, management, executives and governing bodies – may be the reason of the disconnect.

“Gone are the days when achieving cybersecurity improvement was a simple matter of purchasing updated technology,” Robinson explained. “Businesses must have ongoing discussions around their cybersecurity technology stack, processes that ensure protection of assets and an organizational structure that provides cutting-edge expertise.”

Cybersecurity expertise needed

The report identifies a growing need to build multiple layers of cybersecurity expertise. Among North American companies, 53% are considering new hiring as an option. An even greater percentage (56%) plan to pursue training for their current cybersecurity workforce, and 42% plan to offer cybersecurity certifications as a way of establishing core concepts within the team and extending skillsets into emerging focus areas.

Hiring and training require a financial commitment, though, and that remains a challenge for some. While a significant majority of respondents state that cybersecurity is a high priority at their firm, only 49% feel that it is relatively easy to procure funds for cybersecurity activities or that budgets are increasing.

“Developing skills is the most significant action companies may take in improving efficiency, but there are other options as well,” Robinson noted. “Increasing visibility and awareness among senior executives, establishing organizational imperatives and metrics and building policies that drive employee behavior will create a culture of cybersecurity.”

AI and cybersecurity

Artificial intelligence (AI) has the potential to accelerate, automate and complicate cybersecurity efforts. North American companies are evenly split between an emphasis on using AI internally to improve their defense and on learning about new forms of AI-enabled attacks. Current AI-enabled use cases include monitoring network traffic, generating defense tests and predicting future breaches.

CompTIA’s “State of Cybersecurity 2025” report is available at https://www.comptia.org/content/research/cybersecurity-trends-research.

About CompTIA 

The Computing Technology Industry Association (CompTIA) is the world’s leading information technology (IT) certification and training body. CompTIA is a mission-driven organization committed to unlocking the potential of every student, career changer or professional seeking to begin or advance in a technology career. Millions of current and aspiring technology workers around the world rely on CompTIA for the training, education and professional certifications that give them the confidence and skills to work in tech. https://www.comptia.org/

Cybersecurity Success Hinges on Full Organizational Support, New CompTIA Report Asserts

PRESS RELEASE

ATLANTA, Sept. 24, 2024 /PRNewswire/ -- OneTrust, the market-defining platform helping organizations use data and AI responsibly, today announced new capabilities to help organizations enhance resilience across the financial sector and operationalize compliance with the EU's Digital Operational Resilience Act (DORA). Building upon its comprehensive OneTrust Third-Party Management solution, OneTrust will now offer first-to-market capabilities such as automated DORA "register of information" report creation and out-of-the-box depth of screening and compliance data.

"An organization's supply chain can be one of its biggest assets for efficiency and innovation, as well as its most significant obstacle to cyber resiliency. Amid growing global mandates for cyber resiliency like DORA, teams need a deep understanding of their extended enterprise and tools for managing risk at scale. By expanding on our robust Third-Party Management capabilities with game-changing, new capabilities, teams can gain much-needed visibility, automate risk and compliance management, and strengthen resilience," said Shiven Patel, Director of Third-Party Management at OneTrust.

With OneTrust, teams can gain much-needed visibility, automate risk and compliance management, and strengthen resilience

Introducing new capabilities to enhance resilience and operationalize DORA compliance

To further help organizations efficiently manage information and communication technology (ICT) and digital supply chain resilience and operationalize DORA compliance, OneTrust is delivering several new, standout capabilities:  

*   4th- and nth-party risk management: Now, teams can automatically identify, link, and assess fourth and even nth parties to efficiently monitor concentration risk and demonstrate proportionality. 
    
*   Two-click register of information reporting: Quickly generate a complete "register of information" in relation to all contractual arrangements on the use of ICT services provided by ICT Third-Party Service Providers (ICT TPPs) and ICT service supply chains.
    
*   Enhanced risk and compliance data feeds: Meet due diligence requirements and screen ICT service providers against out-of-the-box risk and compliance datasets from Dow Jones Risk & Compliance, HackNotice, ISS-Corporate, RapidRatings, RiskRecon, Security Scorecard, and Supply Wisdom.
    

How Third-Party Management already helps organizations comply with DORA

Today, Third-Party Management empowers organizations to centralize the end-to-end risk management lifecycle. For ICT and supply chain risks and more, the solution allows teams to implement a data-centric and risk-based approach to identifying and mitigating risk, while continuously monitoring for changes to risk posture. Thanks to OneTrust's cross-domain insights, organizations can align internal teams and guide risk-aware decision-making to create a more resilient, secure, and scalable third-party ecosystem. Ahead of DORA taking effect in January 2025, Third-Party Management helps organizations meet the Act's third-party ICT requirements pertaining to:

*   Pre-Contract ICT Assessment
    
*   Inventory, Link, and Report on the ICT supply chain 
    

Third-Party Management also integrates seamlessly with different solutions across the OneTrust Platform, including the newly introduced Compliance Automation. Compliance Automation and Third-Party Management work together to operationalize an actionable breakdown of the DORA regulatory requirements into measurable capabilities and build a fully compliant ICT risk management program.

Additional resources

*   Stop by booth 412 at the Gartner Security & Risk Management Summit, September 23-25 in London to learn more
    

About OneTrust

OneTrust unlocks the full potential of data and AI, responsibly. Our platform enforces the secure handling of company data, empowering organizations to drive innovation responsibly while mitigating risks. With a comprehensive suite of solutions spanning data and AI security, privacy, governance, risk, ethics, and compliance, OneTrust enables seamless collaboration between data teams and risk teams to enable rapid and trusted innovation. Recognized as the market leader in trust, OneTrust boasts over 300 patents and serves more than 14,000 customers globally, ranging from industry giants to small businesses. For more information, visit www.onetrust.com. 

© 2024 OneTrust LLC. All rights reserved. OneTrust and the OneTrust logo are trademarks or registered trademarks of OneTrust LLC in the United States and other jurisdictions. All other brand and product names are trademarks or registered trademarks of their respective holders.

OneTrust Automates DORA ICT Risk Management and Compliance

The vendor says there are no reports of the flaws being exploited in the wild nor any public exploit codes currently available.

Source: JHVEPhoto via Alamy Stock Photo

HPE Aruba Networking fixed three critical vulnerabilities found in its systems that could allow unauthenticated attackers remote code execution on compromised devices.

The vulnerabilities, tracked as CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507, lie in the command line interface (CLI) service of Aruba access points (APs) and can be exploited by sending packets to Aruba's AP management protocol UDP port to gain privileged access and execute arbitrary code.

The security bugs affect Aruba APs running Instant AOS-8 and AOS-10, according to the Hewlett Packard Enterprise subsidiary.

The impacted software includes AOS-10.6.x.x: 10.6.0.2 and below, AOS-10.4.x.x: 10.4.1.3 and below, Instant AOS-8.12.x.x: 8.12.0.1 and below, and Instant AOS-8.10.x.x: 8.10.0.13 and below.

While there are workarounds for devices running Instant AOS-8.x code and AOS-10, it's recommended that administrators install the latest updates HPE provided on its networking support portal to prevent attacks from malicious actors.

Other Aruba products such as Networking Mobility Conductors, Mobility Controllers, and SD-WAN Gateways have not been impacted.

There are no reports of the flaws being exploited in the wild and no public exploit codes currently available, according to the HPE Security Response Team.

**About the Author**

Security Upgrades Available for 3 HPE Aruba Networking Bugs

Companies in this industry vertical tend toward large financial transactions with partners, suppliers, and customers.

Source: devilmaya via Alamy Stock Photo

A small group of transportation and logistics companies in North America has been targeted in cunning business email compromise (BEC) attacks.

Since May, an unknown threat actor has weaponized at least 15 email accounts associated with its targeted companies. In a blog published on Sept. 24, Proofpoint researchers could not say how the threat actor first obtained access to these accounts. What is known is that the attacker is using the accounts to bury initial access malware inside of existing email chains, betting that recipients will have their guards down so deep into ongoing conversations with colleagues.

"Thread hijacking is obviously very effective," says Daniel Blackford, director of threat research for Proofpoint. "Once an account takeover has happened, this increased legitimacy makes it much harder for anyone but those who are the most vigilant" to spot it.

**Bespoke Phishing Attacks**

From May to July, the threat actor primarily hid payloads inside of Google Drive files leading to Internet shortcut (URL) files. When executed, the attack chain uses server message block (SMB) to retrieve an executable file from a remote share, which installs one of a number of different, known malware tools. Among them: Lumma, the most common infostealer in the world today; StealC; and the legitimate tool NetSupport.

In August, the attacker shifted to using the "ClickFix" technique for tricking victims into downloading its malware. With ClickFix, a malicious webpage presents the victim with a fake pop-up error message. Through a series of dialogue boxes, the victim is instructed to copy and paste a supposed fix for the issue into a PowerShell terminal or Windows Run. In fact, the so-called fix is a script, which downloads and runs an executable. In these recent phishing attempts, the executables for download included DanaBot and Arechclient2 (aka SectopRAT).

Why ClickFix works at all — despite asking for much more active engagement and technical monkeying from the victim — can seem confounding.

"The human psychology behind why really convoluted attack chains work continues to astonish me on a yearly basis," Blackford admits. He does, though, have a theory. "Something that I've heard is that it can be annoying to deal with IT, so if the 'solution' is right in front of you, and you don't have to communicate with a help desk and have people remote into your to your system to fix them, then maybe it's actually less trouble to just try to execute it yourself."

**Why Transport and Logistics Make Attractive Targets**

Various threat actors have disguised ClickFix behind fake Windows and Chrome updates. In this case, the attacker impersonated Samsara, AMB Logistics, and Astra TMS, platforms highly specialized for fleet and freight management, demonstrating the highly targeted nature of the campaign.

As Blackford notes, transport and logistics companies can make attractive targets for financially motivated cyberattacks. "They do business with lots of entities — suppliers for a lot of industrial manufacturers, for example," he says. "They're going to be corresponding with a lot of different companies. There's going to be a lot of moving parts — a lot of things in and out, constantly moving — so a lot of opportunities to find connected, future victims from just one company."

With fertile ground to sneak in amongst the many moving players and deals, he notes, "There are requests for quotes and invoices that are of a fairly large magnitude — that are, in terms of the finances involved, maybe an order of magnitude higher than in some other industries."

He adds that, while rare, "There also is some evidence recently of threat actors trying to redirect legitimate shipments to locations that are under their control."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Transport, Logistics Orgs Hit by Stealthy Phishing Gambit

PRESS RELEASE

NEW YORK, September 24, 2024 –Torq, the AI-first security hyperautomation leader, today announced the closing of its $70M Series C funding round, led by Evolution Equity Partners, with Bessemer Venture Partners, Notable Capital, Greenfield Partners, and Strait Capital participating. Combined with Torq’s expanded Series B in January, Torq has raised a total of $112m in 2024, bringing the company’s funding since its 2020 inception to $192M. It also has also established an aggressive 2026 ARR target of $100M. Torq will use the new round to increase expansion across EMEA and APAC, hire additional world class engineering, R&D, and sales talent, and double down on devoting more resources to deliver cutting-edge generative AI enhancements.

In addition, Torq announced that it more than tripled its revenue and customer growth for the second year in a row. Torq’s momentum reflects the elevating enterprise adoption of the recently-announced Torq HyperSOC, a purpose-built solution that harnesses the power of the AI-driven Torq Hyperautomation Platform to automate, manage, and monitor critical SOC responses at machine speed. It uses Natural Language Processing (NLP) to initiate and accelerate security event investigation, triage, and remediation at scale, deliver comprehensive case management capabilities with unprecedented ease, and automate complex processes. Torq HyperSOC saves analysts from alert fatigue and job burnout so they can focus on strategic security initiatives and innovation. 

**Rapid Global Enterprise Adoption**

Torq’s customer base includes major multinational enterprise customers, including Abnormal Security, Armis, Blackstone, Carvana, Check Point Security, Chipotle, Deepwatch, Lemonade, Lennar, Nubank, Rivian, SentinelOne, Telefonica, Wiz, and ZoomInfo, as well as Fortune 100 consumer packaged goods, fashion, financial, hospitality, and sports apparel companies.

“Our Series C round underlines the fact that Torq customers, partners, and employees have combined into one of the most powerful, influential, and fastest-growing ecosystems in all of cybersecurity,” said Ofer Smadari, CEO and co-founder, Torq. “We’ve rewritten the rules of the industry with Torq Hyperautomation and Torq HyperSOC, and our momentum reflects that shift. Torq has blown past all the frustrating, manual limitations of legacy SOAR that leave significant holes in the security perimeter. Torq plugs all those holes by delivering a new layer of AI-driven protection, all while making all of security operations more productive than ever.”

“Today, Torq HyperSOC investigates, triages, and remediates many of Check Point’s internal security alerts without any human intervention,” said Jonathan Fischbein CISO, Check Point. “If an alert meets certain parameters based on organizational security policies, the platform takes relevant predefined steps, such as initiating an MFA challenge or locking out a suspicious user. We can react automatically to problems before they become security incidents.”

“The incredible growth, customer traction, and industry momentum Torq Hyperautomation and Torq HyperSOC are experiencing showcases how Torq is dramatically transforming cybersecurity for the better,” said Richard Seewald, Founder and Managing Partner, Evolution Equity Partners. “Evolution is incredibly proud to back Torq as it continues to deliver such deep value for security operations teams worldwide. It’s now no longer a question of if, but when every enterprise will adopt AI-driven hyperautomation.”

Torq’s customer base also continues to rapidly grow due to the success of the Torq Partner Acceleration Program, which includes many of the world’s leading channel and security vendors. Torq tech alliance partners include Abnormal Security, Check Point, CrowdStrike, SentinelOne, Snyk, and Wiz. Its reseller and VAR ecosystem includes GuidePoint Security, Optiv, Stratascale, and Trace3.

“Torq is a rising star in cybersecurity,” said Oren Yunger, Managing Partner, Notable Capital. “Torq HyperSOC’s advanced AI capabilities are having a dramatic, positive impact on security operations teams worldwide by making them vastly more efficient and resilient than ever. Torq represents the next-generation of security operations and Notable Capital is certain the future is phenomenally bright for the company.”

**Key Analysts Unanimously Validate Torq Hyperautomation**

Analysts including Gartner, Forrester, IDC, and GigaOm all covered Torq Hyperautomation during 2024, with unanimous perspectives on the positive impact it’s making for customers.

“Every day, IDC is engaged with SOC professionals who communicate the existential challenges they’re facing, both in terms of keeping up with ever-escalating threat complexity and volume, and the incredible burden that places on the shoulders of their teams,” said Chris Kissel, Vice President, Security & Trust Products, IDC Research. “Torq is the first solution we’ve seen that effectively enables SOC professionals to mitigate issues including alert fatigue, false positives, staff burnout, and attrition. We are also impressed by how its AI augmentation capabilities empower these staff members to be much more proactive about fortifying the security perimeter.”

“Torq offers an extensive feature set, as reflected in its high scores across most of the key criteria, including case management, and collaboration, automated alert prioritization, triage and curation, autonomous operations, and validation and red teaming, and has acquired an impressive portfolio of customers,” said GigaOm in a 2024 Radar Report.

Learn more about Torq at Torq.io.

**About Torq**

Torq is transforming cybersecurity with its AI-first  enterprise-grade hyperautomation platform. By connecting the entire security infrastructure stack, Torq empowers organizations to instantly and precisely remediate security events, and orchestrate complex security processes at scale. Fortune 500 enterprises, including the world’s biggest financial, technology, consumer packaged goods, fashion, hospitality, and sports apparel companies are experiencing extraordinary outcomes with Torq.

Torq Announces $70M Series C Bringing Total 2024 Funding to $112M

PRESS RELEASE

JASPER, Ind., Sept. 23, 2024 /PRNewswire-PRWeb/ -- As National Cybersecurity Awareness Month approaches this October, PIER Group is drawing attention to the unique cybersecurity challenges faced by research-focused universities and institutions nationwide. With the rise of cloud computing and data sharing, safeguarding the sensitive research data, intellectual property, and high-value projects emerging from these academic hubs is more critical than ever. PIER Group, a leader in providing IT solutions and cybersecurity services to R1 and R2 universities, is at the forefront of helping these institutions navigate this complex cybersecurity landscape.

"R1 and R2 universities are some of the most targeted institutions by cybercriminals due to the immense value of the research they conduct and their large attack surface. Their networks handle hundreds of thousands of devices and connect to other universities all over the world," said Chad Williams, president of PIER Group. "At PIER Group, we see it as our responsibility to ensure that these institutions not only stay at the forefront of global research, but do so securely. We're building the infrastructures that allow them to innovate without fear of compromise."

During National Cybersecurity Awareness Month, universities have the opportunity to assess their cybersecurity strategies and adopt solutions that will protect their campuses, students, and research for years to come. Williams and his colleagues at PIER Group have identified five strategies that top universities should be implementing now or planning for:

1\. Adopt AI for Cybersecurity. For managing networks at the scale of major research universities, with thousands of devices connected to campus networks, AI is essential for detecting threats and responding quickly. AI-driven tools can analyze vast amounts of data to detect anomalies and provide automated threat responses.   
● What Universities Should Do: Adopt AI-enhanced cybersecurity tools that provide proactive monitoring and fast response to cyber threats.

2\. Implement Network Access Control (NAC) Systems. Modern access control solutions, often enhanced with AI, make it much easier for university staff to segment the university population so only authorized users can access sensitive information, applications and data.   
● What Universities Should Do: Implement sophisticated NAC systems that use AI for smarter, more effective user management.

3\. Combat Social Media Attacks. Cyber criminals are using social media apps like LinkedIn and Instagram to launch attacks on individuals, with an overarching goal of breaching a university network.   
● What Universities Should Do: Universities should always follow the 3-2-1-1 rule - three copies of data at two different locations, one offsite and one immutable. They should also educate campus communities on social media risks and employ cybersecurity solutions that monitor and mitigate these threats.

4\. Leave Legacy Equipment Behind. Most universities have older equipment, but even equipment that is just a few years old can leave universities vulnerable to cyberattacks. Transitioning networks and storage to the cloud is proving to be the most economical and flexible solution, adding greater security while allowing universities to quickly scale up or down.   
● What Universities Should Do: Focus on phasing out older equipment as soon as possible and migrate those computing needs to the cloud.

5\. Collaborate Securely with the Broader Research Ecosystem. Universities' openness for collaboration complicates security. Real-time partnerships with research centers and external partners demand secure data-sharing, supported by networks like The Quilt. Strong security measures are crucial to protect sensitive research and intellectual property. Secure collaboration fuels innovation in medicine and technology while safeguarding valuable data.   
● What Universities Should Do: Universities should ensure their networks are built to handle secure, high-speed collaboration with both internal and external research partners. PIER Group's support and partnership with R1 and R2 research organizations help facilitate university-wide collaboration, enabling discussions on the best procedures and solutions to secure student, institutional, and research data necessary for innovation.

As cyber threats become more sophisticated, universities must implement strategies to protect their students, staff, and the integrity of their research. By doing so, they contribute to a safer global research ecosystem. For more information on how R1 and R2 universities can achieve technology leadership, visit http://www.piergroup.com.

About PIER Group   
PIER Group is a leading IT and cybersecurity solutions provider with decades of experience specializing in research universities and large academic institutions. They excel in securing and optimizing campus and research networks, demonstrated by their work with top national R1 and R2 universities from coast to coast including Indiana University, University of South Carolina and the University of Maryland. PIER Group's expertise includes implementing robust security measures, such as Aruba ClearPass, to protect sensitive data and support national research networks like The Quilt. Their commitment helps universities navigate complex cybersecurity challenges and makes high-speed, high-stakes collaborations possible. For more information, visit piergroup.com.

Source

DARKReading