One of the announcements out of the National Cyber Workforce and Education Summit on July 19 was the 120-day Cybersecurity Apprenticeship Sprint.

Despite all the ways people enter the cybersecurity industry -- obtaining industry certifications, going through a bootcamp program, taking courses at a school as part of a degree (or certificate) program, shifting over from related technical fields, or self-study to learn the necessary skills -- hiring managers say they are having difficulty filling open cybersecurity roles.

"With approximately 700,000 cybersecurity positions open, America faces a national security challenge that must be tackled aggressively," the White House said in a **press release** on Monday, announcing Tuesday's National Cyber Workforce and Education Summit.

Led by National Cyber Director Chris Inglis, the July 19 summit brought together government officials and private-sector executives to brainstorm solutions and educational initiatives to fill open cybersecurity positions across the country.

Will apprenticeships help make a dent in the problem? One of the announcements that came out of the July 19 summit was the **Cybersecurity Apprenticeship Sprint**. The departments of Labor and Commerce unveiled the 120-day sprint to promote the Registered Apprenticeship model to help develop and train the cybersecurity workforce.

The Registered Apprenticeship model is "an industry-driven, high-quality career pathway where employers can develop and prepare their future workforce, and individuals can obtain paid work experience with a mentor, classroom instruction and a portable, nationally recognized credential," according to a **Department of Labor press release**. These apprenticeship programs are registered at a state or federal level.

There are currently 714 registered apprenticeship programs and 42,260 apprentices in cybersecurity-related occupations, according to the Labor Department. The goal of this sprint is to recruit employers, industry associations, labor unions, educational providers, community-based organizations, and others to establish more.

**Developing the Workforce**

Apprenticeships fill a real gap in hiring, says Will Carlson, director of content for Cybrary. People have the opportunity to gain firsthand experience in the field, find mentors, land a job, and validate whether this is the career for them. Employers get a talent pool where they can learn more about the candidate over a period of time before extending any longer-term offers.

"People often mention, 'I can't get an entry-level job to get the experience for an entry-level job.' \[Apprenticeships\] help remove a significant blocker to growing the capacity and capability gaps in the market," Carson says.

Historically, many professions have relied on apprentices to teach the necessary skills of the trade and develop a workforce. Something similar can work for cybersecurity, says Larry Whiteside, Jr, co-founder and president of Cyversity. Current programs train people on specific tools and skills and then send them out to apply for jobs, hoping the training and skills align to the needs of the hiring organization. The apprenticeship, on the other hand, provides on-the-job training.

"The training and skills that the person acquires directly relates to the organization that needs the skills," Whiteside says.

It’s important to note that apprenticeships are different from internships, as apprenticeships take a more direct approach to skills development, Whiteside says.

"Over the years, internships have gotten a negative connotation due to organizations' lack of programmatic ways to train and utilize cyber interns," he says. Interns have historically been treated as a person who can be assigned to work on tasks that the rest of the team didn’t have time to do.

The apprenticeship model is a "far more well-established, entry-level mechanism that has years of proven teaching and training mechanisms applied to it," Whiteside says.

**Key Elements for a Successful Program**

An apprenticeship is not a complicated program; all it needs to include is training, mentorship, and a paid job, says Tony Bryan, executive director at CyberUp, noting that training should include both on-the-job and any other related instruction. The point is to create a standard process with clear expectations so that both the apprentice and the manager have "guardrails" on what the first six to 12 months should look like.

Employers should get meaningful tasks accomplished while providing beneficial experience to interns, Carlson says. Instead of increasing the organization’s risk by placing someone new to the field in a high-risk role, the program should be structured so that the apprentices get real-world experience in lower-risk roles.

A program should provide employers with a "step-by-step, competency-based plan to onboard new cyber talent," says Dan Weeks, director of employer partnerships at Fullstack Academy. Many organizations are unclear on what a reasonable timeline is for new hires to take on key cyber tasks. A program like this makes it easier to measure the candidate’s progression in gaining those skills and identifying areas that need extra help.

**Setting Up the Program**

However, setting up a good apprenticeship program requires planning. Employers need to determine what skills they expect the apprentice to end up with at the end of their apprenticeship period in order to create "a pathway for success," Whiteside says. Organizations should have a defined goal or identify specific skills to develop and align the apprenticeship program accordingly.

The hardest part is creating the organizational culture to enable this process, finding the candidates, and funding the initiative, Whiteside says.

Costs for starting up an apprenticeship can range from $25,000 to $250,000, taking into account multiple factors, such as the size of the organization, the number of staff required to support the program, how training is delivered, and whether there are any existing processes that can be used, says Bryan.

Many organizations partner with third-party intermediaries such as CyberUp to register the program, establish requirements for hiring, bring in candidates to interview, and manage the program. Having a partner can also help shorten hiring cycles because they are proactively recommending future apprentices.

"When constructed well, \[apprenticeships\] allow organizations the chance to address the broader skill gap in our market by providing skills and opportunities for those wanting to enter the space," says Carlson. "Getting more people in the field to address the capacity and capability needs of the space is a win for all involved."

Tackling the Cybersecurity Workforce Challenge With Apprentices

More than 311 local eateries have been breached through online ordering platforms MenuDrive, Harbortouch, and InTouchPOS, impacting 50K records — and counting.

A massive Magecart e-skimmer campaign has siphoned off the payment records of hundreds of restaurants by attacking their online payment platforms. Targets include MenuDrive, Harbortouch, and InTouchPOS, according to a new advisory.

So far, researchers at Insikt Group, Recorded Future's threat research division, Magecart attackers have posted more than 50,000 stolen order payment records from at least 311 restaurants — and they're offering them for sale on the underground Web. Researchers warn they expect that number to rise.

The report added that the compromised records include payment card data, as well as billing and contact details.

The three platforms in question are a departure from Magecart's usual target, the Magento e-commerce platform. During the pandemic, many local restaurants rushed to implement online ordering and payment, and they may not be paying attention to patching vulnerabilities or shoring up security in general for their new lines of business.

"Cybercriminals often seek the highest payout for the least amount of work," the Tuesday Magecart campaign report said. "This has led them to target restaurants' online ordering platforms; when even a single platform is attacked, dozens or even hundreds of restaurants can have their transactions compromised, which allows cybercriminals to steal vast amounts of customer payment card data disproportionate to the number of systems they actually hack."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Ongoing Magecart Campaign Targets Online Ordering at Local Restaurants

The gang's members have moved into different criminal activities, and could regroup once law-enforcement attention has simmered down a bit, researchers say.

Two months after the infamous Conti ransomware gang ceased operations, several of its members remain as active as ever either as part of other ransomware groups or as independent contractors focused on data theft, initial network access, and other criminal endeavors.

Separately, they remain as dangerous to organizations as they used to be as members of a single gang, according to Intel 471. Its researchers have been tracking Conti actors as they have moved in different directions since the group dissolved in May. 

The cessation of operations appears to be a bid by the group's operators to distance themselves from the brand more than anything else. In a new report, the threat intelligence firm speculates that once law-enforcement attention around the Conti group wanes, it's likely that its now-scattered members will regroup and form another criminal organization similar in structure to the original.

"In order to defend their enterprises, security practitioners need to understand how cybercriminals organize their operations," says Brad Crompton, director of intelligence for Intel 471's shared services group. "Even though Conti is defunct, former operators are still using similar \[tactics, techniques, and procedures\], which means security teams can still use their prior strategies in stopping similar attacks rather than ignoring them altogether in light of Conti's demise."

**Most-Destructive Ransomware Group**

The Conti group is widely regarded within the security industry as one of the most destructive ransomware operations of all time. The predominantly Russia-based group first surfaced in 2020, and has used a variety of tactics to break into victim networks — including via spear-phishing campaigns, stolen Remote Desktop Protocol credentials, software vulnerabilities, and poisoned software.

The FBI estimated that by January, the gang had collected some $150 million in ransom payouts from more than 1,000 victims worldwide—including more than 400 in the US. The scale of its destruction prompted the US State Department in May to announce a $10 million reward for information leading to the identification and/or location of key individuals of the gang. The State Department offered another $5 million for information leading to the arrest and conviction of individuals participating in attacks involving Conti ransomware incidents.

**Leaking a Window into Conti's Operations**

In May, a Ukrainian member of the gang publicly released a big trove of Conti's internal conversations after the Conti team officially announced its support for the Russian government's invasion of Ukraine. Information from that leak, and another previous leak in September 2021 showed the Conti ransomware operation was structured along the lines of a formal business complete with a physical office, scheduled working hours, managers at various tiers and separate departments for HR, coding, training, testing, intelligence gathering, and other functions. 

The FBI, the National Security Agency (NSA), and the US Cybersecurity and Infrastructure Security Agency (CISA) earlier assessed that Conti's developers used a ransomware-as-a-service model to distribute their malware. But instead of taking a cut of the ransom from affiliates — as is usually the case with ransomware-as-a-service — Conti's developers paid attackers a flat fee for deploying their malware on victims' networks.

Significantly, the leaks also appeared to confirm widely held suspicions about a link between Conti's developers and Russia's Federal Security Service (FSB).

**Rebrand & Regroup?**

In mid-May, Conti's developers seemingly abruptly began shutting down infrastructure — such as admin panels, servers, proxy hosts, chatrooms, and a negotiations service site — likely in response to the high level of attention it had managed to attract from law enforcement and media. A few weeks later, it also shut down a site it had used to name-and-shame victims that refused to pay a ransom. 

One analysis by AdvIntel at the time concluded that the group's main actors had already put in place plans to continue the operation under various guises a few months before its official shutdown.

The Black Basta ransomware gang, which started operations in April, or one month before Conti's official exit from the ransomware scene appears to be one such operation. Intel 471 said its analysis of the group's activities show that Black Basta's infrastructure — such as its payment and data leak sites, its payment site, recovery portals, and communication and negotiation methods — have overlaps with Conti's operations.

Intel 471 also  has identified two other ransomware operations — BlackByte and Karakurt — that have similar, significant overlaps with Conti and in fact may simply be rebranded Conti operations. In addition, some Conti affiliates and managers have forged alliances with other ransomware teams, including Ryuk, Maze, LockBit 2.0, BlackCat, Hive, and HelloKitty. According to Intel 471, it is possible also that other actors could use leaked Conti source code to developer their own ransomware and decryption tools.

Post-Breakup, Conti Ransomware Members Remain Dangerous

With security experts warning against attacks on machine learning models and data, startup HiddenLayer aims to protect the neural networks powering AI-augmented products.

As companies increasingly add artificial intelligence (AI) capabilities to their product portfolios, cybersecurity experts warn that the machine learning (ML) components are vulnerable to new types of attacks and need to be protected.

Startup HiddenLayer, which launched on July 19, aims to help companies better protect their sensitive machine-learning models and the data used to train those models. The company has released its first products aimed at the ML detection and response segment, aiming to harden models against attack as well as protect the data used to train those models.

The risks are not theoretical: The company's founders worked at Cylance when researchers found ways to bypass the company's AI engine for detecting malware, says Christopher Sestito, CEO of HiddenLayer.

"They attacked the model through the product itself and interacted with the model enough to ... determine where the model was weakest," he says.

Sestito expects attacks against AI/ML systems to grow as more companies incorporate the features into their products.

"AI and ML are the fastest growing technologies we have ever seen, so we expect them to be the fastest growing attack vectors that we have ever seen as well," he says.

**Flaws in the Machine Learning Model**

ML has become a must-have for many companies' next generation of products, but businesses typically add AI-based features without considering the security implications. Among the threats are model evasion, such as the research conducted against Cylance, and functional extraction, where attackers can query a model and construct a functional equivalent system based on the outputs.

Two years ago, Microsoft, MITRE, and other companies created the Adversarial Machine Learning Threat Matrix to catalog the potential threats against AI-based systems. Now rebranded as the Adversarial Threat Landscape for Artificial Intelligence Systems (ATLAS), the dictionary of possible attacks highlights that innovative technologies will attract innovative attacks.

"Unlike traditional cybersecurity vulnerabilities that are tied to specific software and hardware systems, adversarial ML vulnerabilities are enabled by inherent limitations underlying ML algorithms," according to the ATLAS project page on GitHub. "Data can be weaponized in new ways which requires an extension of how we model cyber adversary behavior, to reflect emerging threat vectors and the rapidly evolving adversarial machine learning attack lifecycle."

The practical threat is well known to the three founders of HiddenLayer — Sestito, Tanner Burns, and James Ballard — who worked together at Cylance. Back then, researchers at Skylight Cyber appended known good code — actually, a list of strings from the game Rocket League's executable — to fool Cylance's technology into believing that 84% of malware was actually benign.

"We led the relief effort after our machine learning model was attacked directly through our product and realized this would be an enormous problem for any organization deploying ML models in their products," Sestito said in a statement announcing HiddenLayer's launch.

**Looking for Adversaries in Real Time**

HiddenLayer aims to create a system that can monitor the operation of ML systems and, without needing access to the data or calculations, determine whether the software is being attacked using one of the known adversarial methods.

"We are looking at the behavioral interactions with the models — it could be an IP address or endpoint," Sestito says. "We are analyzing whether the model is being used as it is intended to be used or if the inputs and outputs are being leveraged or is the requester making very high entropy decisions."

The ability to do behavioral analysis in real time sets the company's ML detection and response apart from other approaches, he says. In addition, the technology does not require access to the specific model or the training data, further insulating intellectual property, HiddenLayer says.

The approach also means that the overhead from the security agent is small, on the order of 1 or 2 milliseconds, says Sestito.

"We are looking at the inputs after the raw data has been vectorized, so there is very little performance hit," he says.

Startup Aims to Secure AI, Machine Learning Development

Researchers say Okta could allow attackers to easily exfiltrate passwords, impersonate other users, and alter logs to cover their tracks.

Identity services provider Okta is facing serious security flaws, researchers contend, that could easily let an attacker gain remote access to the platform, extract plaintext passwords, impersonate users of downstream applications, and alter logs to hide any evidence they were ever there.

That's according to researchers from Authomize. However, Okta said in a blog that the issues are features, not bugs — and that the app works according to design.

Last January, threat group Lapsus$ claimed to have breached Okta with "superuser" account credentials, posting screenshots they claimed to have grabbed from internal systems. It was determined 366 Okta customers were potentially impacted in that incident, though Okta later said it determined only two actual breaches.

"Following the news of the Okta breach earlier this year, we focused our efforts on understanding what sorts of actions a malicious actor could do if they achieved even a minimal level of access within the Okta platform," Authomize CTO Gal Diskin said in the team's security analysis this week.

Diskin explained Okta's architecture for password synching allows potential malicious actors to access passwords in plaintext, including admin credentials, even over encrypted channels. To do so, the attacker would need to be signed into the system as an app admin of a downstream app (examples include customer service agents or financial operations teams) — from there, the person could reconfigure the System for Cross-domain Identity Management (SCIM) to nab passwords for any Okta user in the organization.

"All that is needed for extracting the clear text passwords is for an actor to gain app admin privileges," according to the report. Given the constantly expanding number of users within organizations of all sizes, especially in enterprises, Diskin said that the probability of an app admin being compromised is statistically quite high, with the Verizon Data Breach Investigations Report for 2022 finding that 82% of breaches involved human elements like stolen credentials and phishing. More concerningly, these app admins are generally not treated as privileged identities.

For Okta's part, the passwords are in clear text because there is no standard reliable protocol for syncing hashes, researchers noted. However, Authomize noted that Okta did pledge to have its product team take a closer look at the password-leak risks.

Okta Exposes Passwords in Clear Text for Possible Theft

Multiple cyber-insurance carriers have adopted act-of-war exclusions due to global political instability and are seeking to stretch the definition of war to deny coverage.

With the surge in cybercrime continuing to advance, companies are scrambling to protect themselves. What's more, the attacks are increasingly politically motivated, and government-related industries are finding themselves targeted among heightened global tensions. Geopolitical conflicts are expanding into the digital realm, and threats are coming from all angles.

Given the ubiquitous risks, the cyber-insurance industry is booming. Corporations are increasingly transferring the risk of cybercrime to the insurance industry. So, if a cyberattack does occur, a company won't have to cover the expenses out of pocket — be they in ransom form or through damages and losses.

And yet, despite the market growth, multiple cyber-insurance carriers have moved to adopt act-of-war exclusions due to global political instability. This means that your carrier could deny you coverage if your cybersecurity breach has international political implications. You might pay a ransom to restore your systems, but your cyber insurance won't necessarily have to cover it.

So, how will shifting global conflicts shape the future of the cyber-insurance industry, and how can you protect your organization?

**Impact of the Russian-Ukrainian Conflict**

Let's start with the elephant in the room: the Russian-Ukrainian conflict. While the political ramifications of the conflict don't need repeating here, there are a multitude of uncertainties regarding its impact on the cyber-insurance sector.  

While act-of-war exclusions in insurance policies have been common since the Spanish Civil War, the language wasn't explicit regarding cyberattacks, which of course arose much later.

But now cyberattacks by state and non-state actors are causing hand-wringing across the insurance industry, which is seeking to protect itself from frequent, high cost payouts. Insurance companies are largely moving to rewrite your existing act-of-war clauses to make the language crystal clear that international cyber warfare is not covered.

But what exactly constitutes an act of war? Theoretically, to deny coverage, the cyberattack would have to be launched by official state actors. However, that can be very difficult to determine when you're talking about countries where the line between state and non-state actors is fuzzy at best. Non-state actors may be unofficially acting in collusion with government forces.

So, if Russian cybercriminals, harbored by the government, launch a cyberattack against your organization, are you covered? This is largely a gray area, but insurance companies are increasingly seeking to stretch the definition of war here to deny you coverage.

**How to Secure Adequate Coverage**

Due to the changing market and geopolitical situation, you need to be keenly aware of the exact kind of cyber-insurance coverage your organization requires. Your decisions should be dictated by the industry you're working in, the security risk, and how much you stand to lose in the event of an attack.

It's important to note that insurance providers are also being more stringent in their requirements for companies to even obtain cyber coverage in the first place. Carriers are increasingly requiring companies to practice good cyber hygiene and have rigid cybersecurity protocols in place before even offering a quote.

Once you have proper cybersecurity protocols in place, you should better qualify for adequate plans. However, remember that no two plans are alike or equally inclusive. When choosing a plan, be sure to look for any fine print regarding act-of-war and terrorism exclusions or those for other "hostile acts." Even when you've done everything right, your carrier can still attempt to deny you coverage under these loopholes.

For instance, after the pharmaceutical corporation Merck suffered millions in losses from Russian hackers, the company was denied payout by an arsenal of cyber-insurance providers. They collectively cited act-of-war exclusions. However, a judge ended up ruling in favor of the corporation, saying the clause only applied to armed conflict, and that insurers needed to expand the language to cover cyber warfare. So, know your plan and be prepared to advocate for yourself when making a claim.

**The Future of Cyber Insurance**

The insurance industry is learning from its past mistakes and getting a better handle on pricing cyber risk. As risk increases, you can expect that your premiums will also spike, all while your actual coverage decreases. In essence, corporations are paying more while getting less.

Again, it's not clear what constitutes an act of war today, but you can be sure that the definition will be ever expanding as insurance providers scramble to reduce their risk exposure.

The providers are paying attention — and you should be too.

Will Your Cyber-Insurance Premiums Protect You in Times of War?

The Curricula platform uses behavioral science with a simplified approach to train and educate users — and marks another step forward in Huntress’ mission to secure the 99%.

ELLICOTT CITY, Md., July 19, 2022 (GLOBE NEWSWIRE) -- Huntress, the managed security platform for small and mid-market businesses (SMBs), today announced it has acquired Curricula, a fun, story-based security awareness training platform that empowers employees to better defend themselves against hackers.

As cybercriminals continue to prey on individuals with little or no security training, the acquisition adds another critical layer to Huntress’ growing Managed Security Platform — delivered through an interactive eLearning experience that empowers employees to become their own line of defense in the fight against attackers.

“Delivering education and rallying the community have always been a core part of our mission,” said Kyle Hanslovan, Huntress CEO and Co-Founder. “Employees today need relatable and effective learning — not just more uninspired content that punishes learners and sets SMBs up for failure.Our team had already seen Curricula’s results internally, so it seemed criminal to not bring it to our partner ecosystem. Together, we're combining Curricula's creativity with Huntress' offensive expertise to address the demand for memorable and actionable threat training.”

In addition to its core platform, Curricula offers a number of additional features to help businesses build a positively focused security culture — including a gamified phishing simulator, story-based training episodes, custom content creation tools, compliance reporting and more.

“Curricula is already embraced by thousands of organizations across the globe simply because our training content is second to none,” said Curricula CEO Nick Santora. “Our animation studio creates security awareness content that is fun, memorable, and, most importantly, effective. Now under Huntress, we’re able to scale our global reach to resellers and service providers, setting the tone for what a remarkable security awareness program should be for every organization.”

More information can be found about Curricula’s training at www.curricula.com/cyber-security-awareness-training.

Today, Huntress partners with more than 3,000 service providers that in turn protect more than 1.2 million endpoints across more than 68,000 businesses.

**About Huntress**  
Hackers are constantly evolving, exploiting new vulnerabilities and dwelling in IT environments,—,until they meet Huntress.

Huntress protects small and mid-market businesses from modern cyberattackers. Founded by former NSA Cyber Operators—and backed by a team of 24/7 threat hunters — our managed security platform defends businesses from persistent footholds, ransomware and other attacks.

We're on a mission to secure the 99%. Learn more at www.huntress.com and follow us on social @HuntressLabs.

**About Curricula**  
Founded in 2015, Curricula is a fun security awareness training platform that uses story-based learning to communicate cyber risk to employees. Curricula’s mission is to fix boring security awareness programs by empowering employees to defend themselves against hackers. For more information visit: www.Curricula.com.

Huntress Acquires Curricula for $22M to Disrupt Security Training Market, Elevate Cyber Readiness for SMB Employees

A GPS device from MiCODUS has six security bugs that could allow attackers to monitor 1.5 million vehicles that use the tracker, or even remotely disable vehicles.

Six vulnerabilities have been found in a GPS tracking device used by businesses to monitor vehicle fleets, and by consumers as an anti-theft device. If exploited, they could allow attackers to widely disrupt fleet operations and track individual vehicles.

That's according to cybersecurity firm BitSight, which stated in a Tuesday advisory that the device, the MiCODUS MV720, has vulnerabilities in both the device and the back-end service. These pave the way for man-in-the-middle (MitM) attacks, authentication bypasses, and location tracking. The vulnerabilities include a hard-coded device password that allows access via SMS requests, and a default password on the API server, BitSight found.

"The exploitation of these vulnerabilities could have disastrous and even life-threatening implications," BitSight states in the report. "For example, an attacker could exploit some of the vulnerabilities to cut fuel to an entire fleet of commercial or emergency vehicles. Or, the attacker could leverage GPS information to monitor and abruptly stop vehicles on dangerous highways."

The vulnerabilities include a hard-coded password that could allow commands to be sent to devices, the ability to use administrator privileges for commands, and a default password of 123456. Flaws of lesser severity include a reflected cross-site scripting (XSS) issue and the ability to directly access parts of the application. Five of the vulnerabilities have been assigned identifiers under the Common Vulnerabilities and Exposures (CVE) program: CVE-2022-2107, CVE-2022-2141, CVE-2022-2199, CVE-2022-34150, and CVE-2022-33944. The default password security weakness was not considered a vulnerability, and so did not get a CVE identifier.

**GPS Bugs Remain Unpatched**

While the company has not observed any signs that the vulnerabilities have been exploited, the Chinese firm that manufacturers the device, MiCODUS, has not responded to attempts at discussing the issues, says Stephen Boyer, co-founder and CTO for BitSight.

BitSight originally contacted MiCODUS about the problems in September 2021, and after an initial request for more information, the company refused subsequent attempts to communicate, according to the firm. MiCODUS did not immediately respond to a request for comment from Dark Reading.

"Unfortunately, the hard-coded password means that the only real remediation strategy is to remove the MV720 device or remove the SIM card from the device," he says. The firm shared the bug information with the Department of Homeland Security, he added, in hopes that it could develop an appropriate remediation strategy.

"IoT devices are full of vulnerabilities, and this will not change going into the future no matter how many of these stories come out," Roger Grimes, data-driven defense evangelist at KnowBe4, said via email. "IoT devices are particularly hard to patch. They should all be auto-patching, but most aren't. Most require end-user interaction, and many times a physical connection."

He added, "If you think it's hard to patch regular software, it's ten times as hard to patch IoT devices. I'm purely guessing here, but I'd speculate that 90% of vulnerable GPS tracking devices will remain vulnerable and exploitable if and when the vendor actually decides to fix them. Hackers love those odds."

**IoT: Still No Security by Design, Widespread Threat**

The vulnerabilities underscore the risks posed by Internet of Things (IoT) devices that have not benefited from adequate attention to security design and audits. Connected devices typically have less security, but are distributed throughout many companies' infrastructure and handle physical processes — such as entry access and power control — unlike traditional information technology. 

Concerned with the lack of security, the US government has established requirements for IoT device security.

    

MiCODUS GPS trackers are used by businesses and individuals in 169 countries. Source: BitSight

IoT devices often are also far more widespread than most business users recognize. As shown by the BitSight research, for example, GPS devices in general are used in vehicles belonging to at least five Fortune 50 companies, as well as energy utilities and governments in the Middle East, Europe, and North America.  

BitSight could not determine the prevalence of the MiCODUS MV720 specifically, but noted that MiCODUS claims that 1.5 million devices are used globally. In addition, BitSight saw nearly 2.4 million connections to the MiCODUS API server from 169 countries worldwide. The MiCODUS MV720 is a basic model sold for $20 online, but other models could account for some, or even most, of the IoT manufacturer's installed base.  

The BitSight report notes that two broad use cases exist for the devices. In some countries, data suggests that the devices are used to manage fleets of vehicles. However, in other countries, the large number of individual connections per capita suggests that individuals are using the devices for anti-theft applications.

"Indonesia has many unique IP addresses communicating with the MiCODUS server, but mostly in the GPS tracker port," BitSight states in the advisory. "This may suggest there are a small number of users with a high number of devices, which is typical in a fleet-management scenario. By comparison, Mexico has a very high number of connections to the web and mobile ports, which could indicate individuals are using the GPS tracker as an anti-theft device."

Mexico, Russia, and Uzbekistan are the countries with the most individual users, the company estimates. Russia, Morocco, and Chile appear to have the greatest number of actual devices.

Unpatched GPS Tracker Security Bugs Threaten 1.5M Vehicles With Disruption

New CAPE platform delivers patented intelligent automation and enforcement of consumer data privacy mandates at lowest total cost of ownership.

SAN JOSE, CA – (July 19, 2022) – GhangorCloud, a leading provider of intelligent information security and data privacy compliance enforcement solutions, today announced its patented Compliance and Privacy Enforcement (CAPE) product offering. The CAPE platform automates tasks associated with data discovery, data classification, data mapping and consumer privacy compliance enforcement in real time across all regulatory compliance mandates including GDPR, CCPA, HIPPA, PCI, PDPB, PDPL and other data privacy laws across the globe.

One of the biggest challenges that global organizations face is the pervasive risk of serious fines as mandated by consumer data privacy regulations. The EU General Data Protection Regulation (GDPR) is among the toughest data protection laws. Under the GDPR, the EU's data protection authorities can impose fines of up to €20 million (roughly $20,372,000), or 4% of worldwide turnover for the preceding financial year – whichever is higher. Companies that fail to comply with data privacy mandates risk not only financial exposure, but also operational and reputational losses.

GhangorCloud’s CAPE solution delivers a highly scalable architecture and can be quickly deployed across an enterprise as well as multi-cloud environments. Its’ AI powered eDiscovery Engine identifies and classifies content automatically, generates privacy enforcement policies without requiring tedious manual intervention, and provides real-time enforcement of privacy mandates to minimize risk and exposure while significantly reducing total cost of ownership.

“Data compliance and privacy enforcement is a daunting task that involves multiple, complex processes and requires the ability to sieve through large volumes of data corpuses at a very high rate both on-premises and across multi-cloud environments,” said Tarique Mustafa, CEO/CTO, GhangorCloud. “Leveraging our patented Intelligent Automation Engine, the CAPE platform addresses these issues with a modern-day data compliance and privacy system for expeditious and error-free performance of complex tasks, while significantly minimizing the cost of enforcement of regulatory compliance and privacy mandates.”

Compliance and Privacy Enforcement (CAPETM) Solution Features Include:  
AI Powered Data eDiscovery:  
GhangorCloud’s AI powered Data Discovery Engine was architected from the ground up to address the deficiencies and constraints of previous generation data discovery solutions.  
• Complex Data Object Definition: CAPE embodies unique AI based patented technologies that greatly facilitate the definition and discovery process for complex data/information objects that can represent any type of concrete and abstract data or information objects of interest. Virtually any kind of data/information such as structured, unstructured, semi-structured, ordered/unordered sets of data and data sequences can all be modelled and automatically identified and classified.  
• Auto Identification: Incorporates sophisticated patented technology for auto-identification of high granularity canonical as well as complex data objects that involve components with cross modality, cross type, composite structured and unstructured, embedded, or independent canonical data types.  
• Auto Classification: CAPE incorporates a unique Auto-Classification Engine that works with sophisticated data object ontologies to auto-classify sensitive information. The Auto-Classification engine examines every data/information object in the corpuses and using GhangorCloud’s patented algorithms automatically classifies it into one of the classification types defined in the data object ontology. It can classify sensitive information as granular as specific words and phrases. The Auto-Classification Engine completely replaces the requirement for manual tagging or fingerprinting of sensitive information. It can readily work out-of- the-box and does not require any pre-processing of data or a laborious training / learning process.

Data Mapping  
CAPE incorporates a sophisticated Data Mapping Engine that automatically creates a persistent Universal Data Map (UDM) for the data/information objects that exist in the enterprise corpuses. This is a crucial capability that greatly facilitates efficient navigation through large storage systems and corpuses following the lineage of any given data/information object of interest. The UDM created by the Data Mapping Engine is used effectively by the CAPE’s Privacy Enforcement Workflow Engine to automatically generate the Data Subject Request (DSR) and Data Subject Access Request (DSAR) service workflow.

Privacy Request Enforcement  
The Privacy Request Enforcement Engine utilizes its Universal Data Map (UDM) and Actor Repository Map (ARM) to correlate Actors (i.e., custodians of data repositories), specific set of repositories over which a given Actor has jurisdiction/authorization and the corresponding operations that they are authorized to perform on the specific data repositories. Using patented AI Algorithms, the engine can automatically discretize the incoming DSAR or DSR jobs into corresponding sets of ‘primitive’ (or atomic) tasks. The ‘primitive’ tasks are then automatically ‘serialized’ into a task sequence using the logical and precedence dependencies between these tasks. The Workflow Engine is equipped with a built-in mechanism to monitor and report the status of the DSAR or DSR fulfillment process, and raise alerts, alarms, or other notifications as appropriate during the fulfillment process.

GhangorCloud’s Compliance and Privacy Enforcement solution is available now. For more information and pricing details, email \[email protected\].

About GhangorCloud  
Headquartered in Silicon Valley, GhangorCloud is a leading provider of intelligent information security and data privacy compliance enforcement solutions. GhangorCloud's Information Security and Consumer Compliance solutions protect data based on its contextual and conceptual significance, using a powerful policy engine and security algorithms to identify, classify, and protect large volumes of information in real-time with unprecedented accuracy. The company is founded by Silicon Valley security veteran Tarique Mustafa and Bhanu Panda, and is backed by a team, board and advisors that include leading authorities from companies like Symantec, McAfee, Trend Micro, Cisco, Juniper, Alteon and Array Networks. For more information, see http://www.ghangorcloud.com/.

GhangorCloud Announces CAPE, a Next Generation Unified Compliance and Data Privacy Enforcement Solution

Builds personalization, posture scoring and enhanced market intelligence into interactive map of the application security ecosystem.

TEL AVIV, Israel, July 19, 2022 (GLOBE NEWSWIRE) -- Enso Security, developers of the first Application Security Posture Management (ASPM) solution, today launched the next iteration of the AppSec Map, its interactive map of the AppSec ecosystem. Embraced by the community for its ability to intuitively segment and visualize the AppSec tech stack, the Map now enables users to create custom maps and generate security posture ratings. By providing a community-driven framework to assess and improve their application security posture, Enso Security is empowering AppSec practitioners to think strategically about their programs and bolster their ability to navigate the fast-moving landscape.

“As a CISO, I always struggled to stay current with which vendors did what and could only have dreamed of a resource like this. I applaud Enso for rallying the community to provide it,” said Ryan Gurney, CISO-in-Residence, YL Ventures. “The AppSec Map is a simple yet powerful tool that makes it easy for practitioners to understand the current AppSec landscape and maintain control over the trajectory of their programs.”

**Enhanced AppSec Map functionality moves the industry forward**  
First launched in July 2021, the AppSec Map defines and classifies the many solutions and services that populate the AppSec landscape. The Map is open to all AppSec vendors. To add a product or a service please click here and once approved, Enso Security will publish it within 3-5 days.

It offers practitioners a holistic view of the AppSec stack and makes it easy for them to research the options available to them. The new iteration enables users to build a custom map and generate a security posture badge based on the code, tools and services their organization uses, offering AppSec practitioners a much deeper understanding of the state and maturity of their programs.

To create a personalized map, users follow a very simple wizard that prompts them to enter the full set of AppSec tools, code and services used by the organization. In a matter of seconds, the Map generates a visual representation of their organization’s AppSec program.

It also generates a Posture Badge -- a graphic that consists of a set of color coded, concentric circles that reflects the health of the user’s AppSec program. The Posture Badge considers the organization's full asset inventory and the effectiveness of the AppSec practices associated with activities on each asset and type of activity (such as Pen-Testing, Static Code Analysis, etc.). Posture Badges place the maps in context, providing a baseline that makes it easier for AppSec teams to identify gaps, analyze how resources are allocated and optimize their programs.

“We initially built the AppSec Map because, despite being seasoned practitioners, our experience navigating the AppSec landscape was pure chaos,” said Chen Gour Arie, chief architect and co-founder of Enso Security. “Given the growing set of buzzwords, acronyms and culture shifts AppSec professionals contend with, we’re excited to release new functionality that makes it even easier to separate the wheat from the chaff. We’re blown away by how well the Map has been received and hope we can continue to be of service to the community as they navigate the ever-shifting pool of AppSec resources at their disposal.”

The AppSec Map includes commercial services and solutions as well as open-source tools and projects for any AppSec-related activity, from security training to pen-testing to runtime detection and protection.

Because the Map is community driven, as services and toolsets mature and evolve, so does the Map. The AppSec community and vendors are encouraged to share their ideas and thoughts on how to improve this map, and to submit their solutions so that the community can easily discover the value it adds to their AppSec program. The AppSec Map can be found at https://appsecmap.com.

**About Enso Security**  
Enso Security is transforming application security by empowering organizations to build, manage and scale their AppSec programs. Its Application Security Posture Management (ASPM) platform easily deploys into an organization’s environment to create an actionable, unified inventory of all application assets, their owners, security posture and associated risk. With Enso Security, AppSec teams gain the capacity to manage the tools, people and processes involved in application security, enabling them to build a simplified, agile and scalable application security program without interfering with development. Enso has been recognized with numerous awards including the 2022 Excellence Awards, Globee Awards, and Forbes Top 20 Cybersecurity Startups to Watch.

Source

DARKReading