Netwrix study reveals that manufacturing organizations experienced these types of attacks more often than any other industry surveyed.

**IRVINE, Calif., Aug. 2,** **2022 —** Netwrix, a cybersecurity vendor that makes data security easy, today announced additional findings for the manufacturing sector from its global 2022 Cloud Security Report.

According to the survey, half (51%) of manufacturing companies experienced an attack on their cloud infrastructure within the last 12 months. The most common type of attack was phishing, reported by 73% of respondents.

Compared with other industries, the manufacturing sector turned out to be more prone to account compromise and supply chain attacks within the last year. Some 38% of respondents in this sector had to deal with account compromise at least once, while the average for all other industries was 31%. Similarly, 19% of manufacturing organizations experienced supply chain compromise, but only 15% of respondents from other verticals reported this type of attack.

"The most common reason for cloud adoption in the manufacturing sector (cited by 57% of respondents) is supporting remote workers. Business pressure to grant remote access quickly to many workers leads to a wider attack surface and might be the root cause for the increased number of account compromise attacks," comments Dirk Schrader, VP of security research at Netwrix. "To mitigate this risk, manufacturing organizations should pay closer attention to identity management, especially for privileged accounts. A zero-standing privilege approach is particularly effective in this situation, since it creates accounts only on request and deletes them once the specified task is completed."

The survey also shows that cloud adoption in the manufacturing sector is progressing slower than in other markets. Indeed, while on average 41% of workloads are already in the cloud, manufacturing organizations have moved only 35% of their operations there. Lack of budget is the main factor slowing cloud adoption; 45% of respondents in this industry highlighted this reason, compared with 35% overall.

Another difference is that manufacturing organizations are more concerned about the cyber-risks associated with their own employees; 48% of respondents consider their staff to be one of the biggest risks to data security in the cloud, which is 11% more than average. This affects cybersecurity decisions: In the manufacturing sector, 75% have implemented multifactor authentication and 70% audit user activity, compared with 69% and 58%, respectively, in the other industries. Moreover, 41% of manufacturing companies plan to start performing regular review of access rights.

"Cloud adoption is accelerating in the manufacturing sector: These organizations report that they expect 52% of their workloads to be in the cloud by the end of 2023, up from the current 35%. Fast implementation of cloud computing could cause security gaps. Paying close attention to securing all three attack vectors — data, identities, and infrastructure — will reduce the risk of infiltration and its consequences," adds Schrader.

**About Netwrix**

Netwrix makes data security easy, thereby simplifying how professionals can control sensitive, regulated and business-critical data, regardless of where it resides. More than 11,500 organizations worldwide rely on Netwrix solutions to secure sensitive data, realize the full business value of enterprise content, pass compliance audits with less effort and expense, and increase the productivity of IT teams and knowledge workers.

Founded in 2006, Netwrix has earned more than 150 industry awards and been named to both the Inc. 5000 and Deloitte Technology Fast 500 lists of the fastest-growing companies in the U.S.

For more information, visit www.netwrix.com.

Manufacturing Sector in 2022 Is More Vulnerable to Account Compromise and Supply Chain Attacks in the Cloud than Other Verticals

Launches industry’s first ZTNA migration tool and ZTNA buyback program, setting the stage for migration away from ZTNA 1.0.

**SAN MATEO, CA, August 2, 2022** – Axis has announced a host of new enhancements to one of its four key Security Service Edge (SSE) modules – the Atmos ZTNA solution, which secures access between authorized users and specific internal applications. The company also announced a slew of new tools to help companies easily migrate away from cumbersome ZTNA 1.0 solutions.

When remote work became the new normal in early 2020, Zero Trust Network Access (ZTNA) emerged as the premier solution for remote access, and the first step in the zero-trust journey for most organizations. According to Gartner, ZTNA captured a 60% YoY growth rate (Source: Forecast: Enterprise Network Equipment by Market Segment, Worldwide, 2019-2025, 4Q21 update). Despite this, the constant challenge has been that many of the first ZTNA solutions, ZTNA 1.0, were rushed to market to meet the work-from-home moment. They lacked support for many legacy protocols (VOIP, ICMP, AS400, etc.), it was extremely difficult to set up policies, and many did not even inspect traffic. This left companies longing for more simplicity and stronger security controls.

"Cybersecurity has never been more important, so it's no surprise that zero trust, and ZTNA solutions, have become a critical focus area for enterprises. What is surprising is how clunky, complex, and underwhelming most of the ZTNA 1.0 solutions are. With help from 50+ CISOs, we designed Atmos ZTNA to be a Modern Day ZTNA service that is smart, yet incredibly simple — so that on day one, IT security leaders can embrace true zero trust, without the headache," said Dor Knafo, Axis co-founder and CEO.

**New Atmos ZTNA Features**

· **Free ZTNA 1.0 Migration Tool + ZTNA BuyBack Program —** To make it easy for enterprise teams to migrate from ZTNA 1.0 to the Atmos ZTNA service, Axis launched the **industry's first ZTNA migration tool**. The migration tool takes application segments developed in Zscaler Private Access (ZPA) and converts them to Atmos ZTNA applications. The customer then uses the service's simple policy system to define policy — all within just a few minutes. In conjunction with the migration tool, Axis has also launched the **industry's first ZTNA buyout program** where ZTNA 1.0 customers receive up to 6 months of free service when they replace their ZTNA service and agree to a three-year Atmos Core Edition subscription. Any enterprise that signs up will also receive the Atmos Web Gateway module, as well.

· **Hyper-intelligence for adaptive access —** A new multicloud PoP resolution capability allows Atmos to automatically select the most optimal connectivity path, and auto-select the AWS, Google, or Oracle PoP for brokering — by using latency telemetry. So if AWS goes down, either of the other two cloud providers can be used to broker connectivity — or vice versa. Axis also added in auto-session termination, where Atmos uses its continuous monitoring capability to terminate live sessions if identity, or user group, changes take place. Lastly, the company added enhanced telemetry to its Atmos Agent. Within the unified Atmos Dashboard, IT admins can now view a "Live" device posture status, as well as auto-detect jailbroken end-user devices. Each of these are critical in the world of work-from-anywhere, and are industry firsts.

· **Protective surface discovery & security —** Axis added a new Additional Domain Discovery tool that auto-discovers all unknown related domains when onboarding internal applications, like Outlook, and allows IT to easily add to the application's policy. Axis also added an industry-first User group pairing capability, which allows IT to easily define the IP ranges and destinations specific user groups have access to in a way that overrides all previous access policies — for simplified least-privilege access.

· **"Edgier" —** The Atmos platform is designed to artfully extend secure connectivity out to the user's location through 350 Atmos edge locations running on the global backbone of AWS Global Accelerator, Google Cloud Platform, and Oracle Cloud. Axis announced that it added new PoPs in San Jose, Phoenix, North Virginia, London, Frankfurt, Jerusalem, Hong Kong, and Sydney, based on increased customer demand. Axis also launched its "PoP Desert Initiative." The company works with prospects/customers, as design partners, to discover geographic areas where latency exists and works with them to deploy new Atmos PoPs, which can be done in under one hour, with no hardware required. The goal is to constantly deliver the industry's fastest user-connectivity experience.

**Availability**

All of these Atmos ZTNA capabilities and announcements are generally available today.

**Atmos SSE Platform**

Short for "Atmosphere," Atmos is the modern alternative to legacy hub-and-spoke network architectures, and Security Service Edge (SSE) platforms that have data center-based architectures. Atmos helps IT avoid the need to connect users to the corporate network, drastically reduce exposure to ransomware threats, and spend less time on costly, and complex, firewall-based network segmentation. Atmos artfully integrates the four key SSE modules — Zero Trust Network Access, Secure Web Gateway, Cloud Access Security Broker, and Digital Experience monitoring — into one platform with one pane of glass.

**About Axis Security**

Axis' vision is to bring harmony to workplace connectivity and that the sooner IT adopts zero trust, the sooner we can witness a world where the exchange of information is always fast, seamless, and secure. With 350 Axis cloud service edges across the world, Axis helps IT leaders enable their employees, partners, and customers to securely access business data without the pitfalls of network-centric solutions or application limitations that every other zero trust service faces. Through its world-class research and development and founding team, which hails from Israel’s acclaimed Unit 8200, Axis aims to accelerate the world's transition to a modern workplace where hybrid work is made simple, digital experience becomes a competitive advantage, and business data remains protected from cyber threats even as it moves to the cloud. For more information, visit www.axissecurity.com. Follow us on Twitter and on Linkedin.

Axis Raises the Bar With Modern-Day ZTNA Service that Boasts Hyper-Intelligence, Simplicity, and 350 Global Edges

Now-convicted phone dealer reset locked and blocked phones on various mobile networks.

A Burbank, Calif., man was convicted on several counts related to a mobile phone scheme that made more than $25 million, according to the Department of Justice. 

Law enforcement said Argishti Khudaverdyan owned a phone retailer and over the course of several years used stolen employee credentials of more than 50 different T-Mobile employees to "unlock" hundreds of thousands of phones on the networks of AT&T, Sprint, and T-Mobile. 

"Removing the unlock allowed the phones to be sold on the black market and enabled T-Mobile customers to stop using T-Mobile’s services and thereby deprive T-Mobile of revenue generated from customers' service contracts and equipment installment plans," a statement on the insider attack conviction from the Department of Justice said. 

The DoJ added Khudaverdyan used the more than $25 million he made from the illicit scheme to buy real estate, among other things. 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

T-Mobile Store Owner Made $25M Using Stolen Employee Credentials

Microsoft says the new tools will give security teams an attacker's-eye view of their systems and supercharge their investigation and remediation efforts.

Microsoft announced two new capabilities to its Defender security tools — threat intelligence and external attack surface management.

With Microsoft Defender Threat Intelligence, security teams will have additional context, insights, and data to find attacker infrastructure and move to investigate and remediate faster, the company said in an announcement. Security teams will have access to real-time data from both Microsoft Defender and Microsoft Sentinel to proactively hunt for threats.

"Microsoft Defender Threat Intelligence maps the internet every day, providing security teams with the necessary information to understand adversaries, and their attack techniques," the company said in its announcement of the new security solutions. "Customers can access a library of raw threat intelligence detailing adversaries by name, correlating their tools, tactics, procedures (TTPs), and can see active updates within the portal as new information is distilled from Microsoft's security signals and experts."

Microsoft's Defender External Attack Surface Management helps defenders find previously invisible and unmanaged resources that can be seen and attacked from the Internet. The system scans the Internet daily to create a catalog of the environment and uncover unmanaged resources that could be potential entry points for an attacker.

"Continuous monitoring, without the need for agents or credentials, prioritizes new vulnerabilities," the company explained in a post on the Microsoft Threat Intelligence blog. "With a complete view of the organization, customers can take recommended steps to mitigate risk by bringing these unknown resources, endpoints, and assets under secure management within their SIEM and XDR tools."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Microsoft Intros New Attack Surface Management, Threat Intel Tools

To protect against similar attacks, organizations should focus on bringing cloud entitlements and configurations under control.

The recent conviction of a Seattle tech worker accused of carrying out a cyberattack against Capital One is not the end of the story. The trial showed how one person could perpetrate a massive data breach by exploiting misconfigurations and excessive privileges common in many cloud environments.

In the wake of the attack — and the resulting data breach — Capital One was fined $80 million by the federal government and settled customer lawsuits for $190 million. This should give organizations an incentive to put measures into place to avoid the same mistakes.

The attacker, who was an employee of Amazon Web Services, built a tool that allowed her to scan the AWS platform for misconfigured accounts. She used anonymizing services such as the Tor Network and IPredator VPN to hide her IP address.

The attacker carried out a server-side request forgery (SSRF) attack that enabled her to trick a server into making calls crafted on a misconfigured Web application firewall (WAF). This allowed the Capital One attacker to easily extract and exploit the machine's credentials and gain access to sensitive customer data such as names, addresses, and Social Security numbers.

**Lateral Moves and Least Privilege**

This case illustrates just how vulnerable cloud systems are to entitlements and misconfigurations. The hacker was able not only to exploit a misconfiguration in the WAF to access the system, but also to then obtain privileged credentials, move around to uncover data buckets, and then exfiltrate that data.

An MIT Sloan case study on the breach concluded that "it is very likely that Capital One had insufficient Identity and Access Management (IAM) controls for the environment that was hacked.” The study also noted that the incident could have been prevented by periodic reviews of user configurations to ensure that access controls were using the principle of least privilege correctly.

Least privilege, as the name implies, dictates that users and service identities can access only the resources and applications they need to do their jobs and no more. This lets organizations operate with agility while capping risk to the company and its customers. In the case of Capital One, the IAM role of the compromised WAF machine had access privileges beyond what was necessary for its functions.

This case is a good example of how easy it can be to find vulnerabilities and exploit them to open a backdoor into a company — even one that seems well-protected. Workloads can be compromised in so many ways that it's impossible to make them hacker-proof. Even the best efforts to patch and update software, secure network access, and implement other security best practices can leave gaps that a hacker can exploit.

Once inside, an attacker's ability to move laterally, undetected, defines the "blast radius" or extent of the damage. The best way to mitigate lateral attacks is to control access by rightsizing the permissions granted to human and machine (service) accounts. In the Capital One case, the hacker was able to use an identity with access permissions to sensitive user records the role clearly didn’t need.

The complexity of cloud environments makes applying least privilege policy challenging. Native tools do not provide the required visibility into permissions for proactive risk mitigation. In addition, the much-discussed cybersecurity talent gap means most organizations are understaffed and lack cloud expertise.

As a result, permissions management doesn’t get the attention it deserves. In fact, nearly 60% of CISOs and other security decision makers say lack of visibility, as well as inadequate identity and access management, are major threats to their cloud infrastructure. In a recent survey by IDC, respondents cited access risk and infrastructure security among their top cloud security priorities for the next 18 months.

Rightsizing permissions is doable if an organization's security and development teams can identify excessive entitlements and know how to create a least-privilege policy that will allow workloads to effectively function. This can be accomplished using the right blend of technology, processes, and procedures. Consider the following best practices to bring cloud entitlements and configurations under control:

*   **People:** Give someone in the organization responsibility for implementing a least-privilege architecture.

*   **Process:** Establish a regular cadence for reviewing and remediating entitlement risk in your organization, including access reviews for human users and remediation of unused privileges for services.

*   **Technology:** Deploy technology that can continuously monitor entitlement risk, automatically remediate problems, and identify anomalies at cloud scale.

Organizations can learn valuable lessons from this case and the financial consequences of not minding their cloud Ps and Cs — namely, permissions and configurations.

Capital One Breach Conviction Exposes Scale of Cloud Entitlement Risk

Attackers are turning to stolen credentials and posing as trusted applications to socially engineer victims, according to Google study of malware submitted to VirusTotal.

A study of malware submitted to VirusTotal shows cybercriminals and other threat actors are deploying a variety of abuse-of-trust approaches to spread malware and to dodge traditional defenses, often exploiting the implicit trust between a reputable software supplier and the user.

Google Cloud's VirusTotal research team uncovered popular methods including the use of legitimate distribution channels to distribute malware and mimicking legitimate applications. By distributing malware through legitimate domains, malware can often slip through traditional perimeter defenses, including domain or IP-based firewalls — the report says that 10% of the top 1,000 Alexa domains have distributed suspicious samples.

In total, Google found more than 2 million suspicious files downloaded from legitimate Alexa domains, including domains regularly used for file distribution. Another attack vector is the theft of legitimate signing certificates from legitimate software makers, which are then used to sign the malware. Since 2021, more than 1 million signed samples were considered as suspicious, according to a new report from the Google team.

Even when multiple samples used invalid or revoked certificates, victims often failed to confirm the validity of the certificates. Nearly 13% of the samples didn't have a valid signature when they were uploaded for the first time to VirusTotal, and more than 99% of them were Windows Portable Executable or DLL files, according to the report.

"We were surprised at how many signed malware samples we found, many of them appearing as valid at the time of the analysis," says Vicente Diaz, a VirusTotal security engineer. "Unfortunately, the process of checking if a signed file is valid is not trivial and can be abused by malware to avoid different security measures or, once again, abuse the victim's trust."

This is especially worrisome in the case of attackers stealing legitimate certificates, which potentially creates a perfect scenario for supply chain attacks. Attackers are increasingly deploying malware disguised as legitimate software, a basic social engineering success gaining traction. When using this method, the application's icon, recognized and accepted by the victim, is used to convince them the app is legitimate.

"Most of the time, we saw this technique being abused by attackers in relatively simple attacks, with legitimate software being a decoy for the victim," Diaz says. "In other words, this means installing both the malware and the software that the victim thought they were legitimately installing."

He explains that despite its simplicity, this technique can still be effective and avoid raising the alarm for the victim. "We also believe this might be a growing trend as some channels seem to be gaining popularity as malware distribution vectors, including distribution of cracked software and similar — which makes a perfect scenario for these kinds of attacks," Diaz says.

The popular VoIP platform Skype, Adobe Acrobat, and media player VLC comprised the top three most mirrored app icons, according to the report. "Adobe Acrobat, Skype and 7zip are very popular and have the highest infection ratio, which probably makes them the top three applications and icons to be aware of from a social engineering perspective," the report notes.

Diaz says it's unclear why attackers are choosing that software — other than its popularity. "That could also be circumstantial based on specific campaigns leveraging these applications," he says. "Our belief is that attackers regularly rotate mirrored software based on popularity, campaigns, or other circumstances — and we will be monitoring its future evolution."

The VirusTotal team conducted a similar analysis on URLs using website icon similarity, finding WhatsApp, Facebook, Instagram, and iCloud to be the top four most abused websites by several different URLs suspected of being malicious. Considering the growing trend of visually mimicking legitimate apps, the research team says it plans continued analysis of the most frequently targeted apps.

**Bypassing Security Awareness **

Diaz explains the abuse of these legitimate resources seems to be an effort by attackers to override what has been taught to users — such as checking that a linked domain is legitimate, making sure what you are installing has the expected icon and that the executable is signed.

"This seems like a natural trend to bypass some basic precautions from the user and some simple security measures, such as blocking some domains," he says. "I don’t necessarily think that attackers will be changing their tactics a lot — they are simply adjusting their defenses and distribution channels accordingly."

He adds that it is interesting to note the increase of attackers abusing legitimate distribution channels and top domains using either encrypted content or multicomponent artifacts that are hard to identify as malicious on their own.

VirusTotal: Threat Actors Mimic Legitimate Apps, Use Stolen Certs to Spread Malware

With over 323 million users of dating apps worldwide, study finds location spoofing is a threat to user trust and safety.

**Palo Alto, CA -- August 2, 2022 --** Mobile identity pioneer Incognia today announced the publication of the results of its first Location Spoofing Mobile App study: Dating Edition. The study was conducted to test how susceptible mobile dating apps are to location spoofing. The report studied 24 leading dating mobile apps worldwide, including: Tinder, Hinge, eHarmony, Match, OkCupid, Grindr, and more.

Within the United States, the Federal Trade Commission has reported $549 million lost in romance scams within 2021, which is up 80% from the prior year. Using fake personas and identity fraud to "catfish" unsuspecting users, fraudsters are targeting dating apps for financial gain. The latest Incognia Location Spoofing Mobile App study of dating apps analyzes how dating apps make use of user location to provide potential suitors and how these apps are susceptible to location spoofing. The lack of location-spoofing detection capabilities is an issue because it enables scammers to target users in any location, putting 323 million users worldwide at risk.

There are five main methods fraudsters use to spoof location: VPNs and Proxy servers, GPS spoofing apps, emulators, instrumentation tools, and app tampering. The Incognia Mobile App study found that 80% of tested dating apps request users to share location, and 37% of the apps that requested location were easily GPS spoofed. The study found that 50% of dating apps in North America and APAC could be spoofed using GPS-spoofing apps. Notably, none of the dating apps tested from EMEA could be GPS spoofed.

"With 3 out of 10 U.S. adults using a dating app, ensuring the safety and trust of users is critical, given catfishing and fraud attempts are on the rise," said André Ferraz, founder and CEO of Incognia. "Dating and social apps are vulnerable to fraudsters faking their location to target a broader set of users. These apps are exposed to fraudsters' location-spoofing attempts that can result in financial theft and trust and safety issues."

To conduct this study, Incognia first downloaded each app on an Android device and created a new user account, then observed if the app requested the user to share their location and also if the app displayed the user location. Next, a GPS-spoofing app was used to spoof the user location and it was observed if the app detected the spoofed location or real user location. More sophisticated methods such as app tampering were not tested for this report.

Key data points from the report include:

*   80% of the tested apps requested the user to share location. None of the apps provided messaging that the user location was being used for fraud prevention.
*   37% of the apps that requested location could be easily GPS spoofed.
*   50% of the apps in North America and APAC could be GPS spoofed.
*   None of the tested apps from EMEA could be GPS spoofed.

To read the full report and analysis, please download the Incognia Mobile App Location Spoofing Report.

In support of trust and safety, Incognia is offering a complimentary location spoofing audit to any company offering location-based services via a mobile app. Sign up for a complimentary Location Spoofing Audit to get an assessment of how much location spoofing is happening in your app.

**About Incognia**

Incognia is a privacy-first location identity company that provides frictionless mobile identity and authentication solutions for fraud prevention and trust and safety. Deployed in over 200 million devices, Incognia delivers a highly precise risk signal with extremely low false-positive rates to banks, fintech social, gaming, and mCommerce companies, for lower fraud losses, increased mobile revenue, and to support trust and safety for users. Incognia's award-winning technology uses location signals and motion sensors to silently recognize trusted users based on their unique behavior patterns and is a key enabler for zero-factor authentication.

Incognia is privately held and headquartered in Palo Alto, California, with teams in New York and Brazil.

Stay connected and follow Incognia on _Twitter_ and _LinkedIn_.

Incognia Mobile App Study Reveals Low Detection of Location Spoofing in Dating Apps

Series C investment from BuildGroup and Gula Tech Adventures, along with appointment of Kevin Mandia to the board of directors, will propel a new chapter of company growth.

COLLEGE PARK, Md., Aug. 2, 2022 /PRNewswire/ — Cybrary, the leading training platform for cybersecurity professionals, today announced it has secured $25 million in a Series C funding round led by current investors, BuildGroup and Gula Tech Adventures.

This latest investment brings Cybrary's total funding to date to $48 million, following its $15 million Series B round announced in November 2019, and will be used to support additional company growth by bolstering research and development (R&D) across its engineering, product, and marketing teams as well as continuing to grow the new CybraryThreat Intelligence Group (CTIG).

"Our continued investment in Cybrary is a testament to our belief in the important work they're doing to address the current cyber skills gap and how they plan to evolve their training programs in the future," said Jim Curry, Co-Founder and Managing Partner at BuildGroup. "We can't wait to see what this next chapter holds for Cybrary and fully support Kevin and his team every step along the way."

Additionally, Cybrary has officially announced that Kevin Mandia, CEO at Mandiant, has now joined its board of directors following Mandiant's announcement in March that it entered into a definitive agreement to be acquired by Google for $5.4B. He joins current members Jim Curry, Ron Gula, Ryan Kruizenga, as well as Cybrary co-founder Ryan Corey and current CEO Kevin Hanes, on the company board.

"I am excited to be joining Cybrary's board of directors during this exciting chapter of growth and momentum for the company," said Mandia. "Its mission to elevate the workforce and narrow the cybersecurity skills gap is inspirational. I am looking forward to helping Cybrary have an even greater impact to elevate the workforce to better defend the cyber domain."

With more than three million cybersecurity professionals using their training courses and certifications to up-skill themselves within the industry and helping to bridge the persistent cyberskills gap, Cybrary has been on a strong growth trajectory since its inception in 2015. This funding news also comes on the heels of the company's appointment of CEO Kevin Hanes in June 2021, recruitment of four new executive leaders in March 2022, and the recent additions of David Maynor and Chloé Messdaghi as the Head of CTIG and Chief Impact Officer, respectively, in May 2022.

"We can't thank BuildGroup and Gula Tech Adventures enough for their continued belief and contributions towards our mission to provide individuals, cybersecurity teams, and organizations with the knowledge, skills, and resources they need to grow careers and defend against the latest cyber threats," said Hanes. "I'm here because we have a tremendous opportunity to make an impact on a problem that matters to millions of people and these added resources will help us accelerate innovation that is centered around our core mission."

To learn more about the latest investment, as well as the company's plans for the rest of this year and beyond, stop by Cybrary's booth (#1381) at Black Hat in Las Vegas, Nevada, from August 10-11. 2022.

**About Cybrary  
**Cybrary is the industry-leading training platform that provides the right training at the right time to fully equip cybersecurity professionals at every stage in their careers. Cybrary offers threat-informed training and certification preparation to help industry professionals build the skills and knowledge to confidently mitigate the threats their organizations face and bridge the persistent cybersecurity skills gap. Cybrary enables more than 3 million learners, from service providers and government agencies to Fortune 1000 organizations and individuals alike, to be armed and ready to respond in the fight against constantly evolving cybersecurity threats. For more information on Cybrary and our offerings, visit www.cybrary.it.

**About BuildGroup  
**BuildGroup is a company that selectively invests in leadership teams with staying power. We back founders who are ambitious enough to want to make a dent in the universe and humble enough to realize they can't do it alone. By providing permanent capital from aligned investors and avoiding forced exits, BuildGroup frees entrepreneurs to focus on serving customers instead of raising the next round. We believe that great businesses are built, not bought, and that's why our team works side-by-side with founders to create conditions for long-term growth. BuildGroup was founded in Austin, Texas, by a team of proven builders who love nothing more than helping build and grow extraordinary companies.

**About Gula Tech Adventures  
**Gula Tech Adventures, a cybersecurity and technology-focused venture capital firm, was founded by cyber industrialists Ron and Cyndi Gula. Gula Tech Adventures seeks to increase the pervasiveness of cybersecurity in critical infrastructure and industries, improve awareness of cybersecurity risks, and provide opportunities for recruitment and training of the cybersecurity workforce. For more information about Gula Tech Adventures, please visit https://Gula.Tech.

Source: Cybrary

Cybrary Lands $25 Million in New Funding Round

In conjunction with Black Hat 2022, pioneer of digital executive protection also announces new security innovations and SOC 2 Type II certification.

In conjunction with Black Hat 2022, pioneer of digital executive protection also announces new security innovations and SOC 2 Type II certification.

ORLANDO, Fla., Aug. 2, 2022 /PRNewswire-PRWeb/ -- BlackCloak, the leading provider of digital executive protection for corporate executives, board members, and high-access employees and their families, today announced the addition of three new mobile device security features to its award-winning Concierge Cybersecurity & Privacy Platform (TM).

Post-pandemic, the attack surface has greatly expanded; and the personal digital lives of company leaders have become the soft underbelly of enterprise security. Attacking executives as a conduit to breach the company has evolved from an occasional nuisance into a mainstream threat. BlackCloak's SaaS-based Platform helps reduce risk to both individuals and their organization by protecting the digital privacy, personal devices, and home networks of key company personnel.

New digital executive protection features unveiled at Black Hat 2022:

— QR Code Scanner - An additional layer of malware protection on personal devices, BlackCloak's QR Code Scanner will automatically validate the legitimacy of a QR codes' underlying URL, and proactively alert members to navigate away from websites determined to be malicious.  
— Malicious Calendar Detection - Using proprietary anti-malware technology, the BlackCloak mobile app will automatically determine the legitimacy of invitations or newly added calendars, giving members the opportunity to delete potentially malicious events before malicious code can be injected.  
— VPN - To reduce the risk of both network and endpoint-driven threats, BlackCloak's enterprise-grade VPN will provide members with the opportunity to establish a secure internet connection from within the app when and where connectivity is suspect or compromised.

The QR Code Scanner, Malicious Calendar Detection feature, and VPN will be available in Q3 on the BlackCloak Platform. Book a meeting with BlackCloak executives at Innovation City Booth 52. 

"Today's announcement reinforces BlackCloak's core value of innovating with speed, passion, and curiosity," said Chris Pierson, BlackCloak founder and CEO. "We have an extensive pipeline of product updates and continue to solicit our clients for additional innovation ideas as well as research and development for new threats. Cyber and Privacy threats are always-evolving, and we will continue to keep pace to help our members beyond expectations — protecting them and their companies — both now and in the future."

BlackCloak also announced today that it successfully completed its System and Organization Controls (SOC) 2 Type II audit for the second year in a row. This distinction ensures that the organization is in compliance with the leading industry standards for managing enterprise data, reports on security controls across key areas relevant to the safe handling of customer data.

Meet BlackCloak at Black Hat 2022. BlackCloak will be exhibiting at Black Hat's Innovation City Booth 52. Schedule a one-on-one meeting or drop by to:

— Learn about the use cases and benefits for digital executive protection  
— See a demo of the platform in action  
— Flop a winning poker hand in a raffle for cash prizes and swag

Learn more at BlackCloak.io and follow the brand on social media @BlackCloakCyber.

About BlackCloak  
BlackCloak protects corporate executives, high-access employees, and high-net-worth individuals and families from targeted cyberattacks, online fraud, and other risks to them and their companies through their personal digital lives. Used by Fortune 1000s and mid-market organizations across all industries, BlackCloak's SaaS-based digital executive protection solution protects the digital privacy, personal devices, and home networks of people with little time and a lot to lose. Executives and high-profile individuals get peace of mind knowing that their family, wealth, reputation, and finances are secured.

Corporate security teams rest easy knowing that their organization is protected from threats to IP, finances, physical security, data and other digital assets that originate in their executives' personal digital lives.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

More Insights

Webinars

*   Understanding Machine Learning, Artificial Intelligence, & Deep Learning, and When to Use Them
*   Malicious Bots: What Enterprises Need to Know

Reports

*   Breaches Prompt Changes to Enterprise IR Plans and Processes
*   Implementing Zero Trust In Your Enterprise: How to Get Started

Editors' Choice

Robert Lemos, Contributing Writer, Dark Reading

Jai Vijayan, Contributing Writer, Dark Reading

Ericka Chickowski, Contributing Writer, Dark Reading

Joshua Goldfarb, Fraud Solutions Architect - EMEA and APCJ, F5

Webinars

*   Understanding Machine Learning, Artificial Intelligence, & Deep Learning, and When to Use Them
*   Malicious Bots: What Enterprises Need to Know
*   How Supply Chain Attacks Work - And What You Can Do to Stop Them
*   Ransomware Resilience and Response: The Next Generation
*   Assessing Cyber Risk

White Papers

*   Breaches Prompt Changes to Enterprise IR Plans and Processes
*   Five Best Practices for AWS Security Monitoring
*   Gartner, Quick Answer: How Can Organizations Use DNS to Improve Their Security Posture?
*   Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal
*   AppSec Considerations For Modern Application Development

Events

*   SecTor - Canada's IT Security Conference Oct 1-6 - Learn More
*   Black Hat USA - August 6-11 - Learn More
*   \[FREE Virtual Event\] The Identity Crisis

More Insights

Webinars

*   Understanding Machine Learning, Artificial Intelligence, & Deep Learning, and When to Use Them
*   Malicious Bots: What Enterprises Need to Know

Reports

*   Breaches Prompt Changes to Enterprise IR Plans and Processes
*   Implementing Zero Trust In Your Enterprise: How to Get Started

BlackCloak Bolsters Malware Protection With QR Code Scanner and Malicious Calendar Detection Features

From adopting zero-trust security models to dynamic environments to operating under an "assumed breach" mentality, here are ways IT departments can reduce vulnerabilities as they move deliberately to become more secure.

Over the last few years, the modern office has evolved rapidly, with workforces becoming more mobile and geographically distributed than ever before. Even before COVID-19, modern enterprises were embracing the remote work model, and the average Fortune 500 company had more than 300 global office locations. Over the last few years — to attract and retain top talent who often list hybrid work as a priority — innovative companies have added even more emphasis on flexible workplaces. As we move past the worst of COVID-19, it doesn't seem we'll ever see a return to the pre-pandemic office. In fact, it's been estimated that by 2025, 70% of the workforce will work remotely at least five days a month.

To remain productive while working remotely, employees utilize many different cloud-based apps, such as Microsoft Teams and Monday.com. Though these apps are a boon for employee efficiency, their use has created challenges for IT departments and has opened new security vulnerabilities. To improve understanding of what's happening in their networks, IT professionals often rely on an increasing number of monitoring and management tools. Simultaneously, they must defend against hackers who relentlessly pursue new and dangerous attacks.

Even before the swift global adoption of remote work, enterprises faced rapidly rising cyber threats, including professionalization of hacking groups and increased ransomware and phishing attacks. Today, dispersed workforces have expanded threat surfaces, with highly sophisticated threat actors constantly exploiting challenges posed by remote work for financial gain, such as stealing intellectual property, carrying out supply chain attacks, and more.

**Five Ways to Reduce Vulnerabilities**

At SolarWinds, we've seen firsthand how the threat landscape has evolved. Below are just five steps we've taken as an organization we hope can help other IT departments reduce vulnerabilities and become secure by design:

**1\. Limit Shadow IT**

Having control over and visibility into all parts of a network is critical. It means understanding what employees do and what data and resources they access. Unfortunately, dispersed modern workforces make this a particular challenge due to "shadow IT." Shadow IT essentially entails employees who use technologies or services — such as Dropbox or Google Workspace — the company IT department hasn't approved. Though using productivity apps like these may seem like a harmless practice on the surface, shadow IT inherently prevents teams from having control and visibility into their systems, which can result in loss of data and increased apps and services for attackers to target.

**2\. Adopt Zero Trust**

As businesses embrace long-term hybrid and remote work policies, it's critical to monitor and secure not only a company's workforce but its resources and data. At its core, the zero-trust security model closely guards company resources while operating under the "assumed breach" mentality. This means every request to access company information or services is verified to prevent any unauthorized network access. Through policy management, multifactor authentication, and consistent network monitoring, enterprises can leverage zero-trust principles to prevent or flag unusual or unauthorized access to company resources based on user identity, location, and other key criteria. At a time when more employees are accessing more information in more geographies than ever, zero trust is a powerful tool to help improve visibility, effectively identify threats, and mitigate vulnerabilities.

**3\. Strengthen Software Development Processes**

Though the majority of cyberattacks are aimed at stealing data, money, or intellectual property, software development companies must also defend against another unique threat: supply chain attacks. These attacks occur when hackers access and manipulate code capable of impacting users of the affected software. To help prevent and ensure resilience against attacks, the integrity of the software build process and environment must be of the utmost importance for software development companies.

At SolarWinds, we prioritized upgrading and strengthening our own software build process. One thing we learned and we believe other enterprises should adopt involves developing portions of software in multiple separate environments, each of which requires different security credentials to access. Creating code in these parallel, secure environments makes it more difficult for threat actors to obtain or corrupt a complete product. Companies can further strengthen their software development process by implementing dynamic environments, which are build locations automatically destroyed once their use is complete. These dynamic environments are key, as they eliminate the opportunity for attackers to infiltrate and remain inside a network.

**4\. Leverage Red Teams**

Identifying vulnerabilities and assessing threats doesn't need to be a burdensome practice. One strategy enterprises can adopt to reduce the need for IT departments to identify each and every threat is employing the use of red teams, which hunt for vulnerabilities in a network and simulate attacks in real time. Some of these simulations include phishing campaigns or brute-force attacks. These red teams help keep IT employees' skills sharp, ensuring they're ready to adapt, stay a step ahead of bad actors, and thwart breach attempts. In addition to attempting intrusions, red teams also document each step of their process to break down attack methods and implement prevention techniques.

**5\. Make Your People Part of Your Defense**

There's no doubt the technology and automated processes an enterprise employs are a huge part of remaining secure and preventing hacks and breaches. The many proven solutions security experts have developed to stop hackers are nothing short of extraordinary, but regardless of the technology available, a large amount of risk is still produced by humans and our behavior. To create a truly secure network environment, enterprises must treat every employee as though they're part of the security team. Companies should hold regular training sessions to ensure employees practice good cyber hygiene and keep up to date on the latest hacking methods.

Becoming "secure by design" is now a C-level priority and is no longer only a responsibility of the IT department. With the threat landscape rapidly evolving and the new reality that any business — large or small — can and will face new and sophisticated threats, community vigilance across the entire organization and industry at large is required to defend against these challenges.

Source

DARKReading