The FIDO Alliance said it's working to make passkeys and other credentials more easier to export across different providers and improve credential provider interoperability, as more than 12 billion online accounts become accessible with the passwordless sign-in method.
To that end, the alliance said it has published a draft for a new set of specifications for secure credential exchange,

Data Privacy / Passwordless

The FIDO Alliance said it's working to make passkeys and other credentials more easier to export across different providers and improve credential provider interoperability, as more than 12 billion online accounts become accessible with the passwordless sign-in method.

To that end, the alliance said it has published a draft for a new set of specifications for secure credential exchange, following commitments among members of its Credential Provider Special Interest Group (SIG).

This includes 1Password, Apple, Bitwarden, Dashlane, Enpass, Google, Microsoft, NordPass, Okta, Samsung, and SK Telecom.

"Secure credential exchange is a focus for the FIDO Alliance because it can help further accelerate passkey adoption and enhance user experience," the FIDO Alliance said in a statement.

"Sign-ins with passkeys reduce phishing and eliminate credential reuse while making sign-ins up to 75% faster, and 20% more successful than passwords or passwords plus a second factor like SMS OTP."

While passkeys have the advantage of being secure and phishing-resistant, they are essentially locked in to the operating system or the password manager service, making it impossible to transfer them when switching platforms and, therefore, requiring users to create new passkeys per device.

The new specification proposed by the FIDO Alliance aims to address this gap with the Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF).

They "define a standard format for transferring credentials in a credential manager including passwords, passkeys, and more to another provider in a manner that ensures transfer are not made in the clear and are secure by default," it said.

The development comes as Amazon revealed that more than 175 million customers have enabled passkeys on their accounts, nearly one year after the initial rollout.

"Passkeys fundamentally shift the way we sign in to our online accounts for the better — and seeing Amazon roll out passkeys is evidence of its commitment to its customers' time, experiences, and security across Amazon web and mobile shopping experiences," said Andrew Shikiar, chief executive officer of FIDO Alliance.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

FIDO Alliance Drafts New Protocol to Simplify Passkey Transfers Across Different Platforms

Organizations should be on high alert until next month's US presidential election to ensure the integrity of the voting process, researchers warn.

Source: Jon Helgason via Alamy Stock Photo

Cyber-threat actors have ramped up their targeting of the 2024 US elections with a flood of malicious activity expected to peak over the next month, aimed at causing disruption to voters and the election process and requiring increased vigilance on the part of stakeholders.

Specifically, attackers have bolstered election-related threat activity since the beginning of the year with an increase in the sale of phishing kits targeting US voters and campaign donors; the registration of more than 1,000 domains aimed at exploiting election-related content for malicious purposes; and increased ransomware activity targeting government entities, according to research from FortiGuard Labs Threat Research released today.

Since the inception of Internet-related threats, cyber-threat actors have typically increased malicious activity ahead of elections, notes Derek Manky, chief security strategist and vice president of global threat intelligence at Fortinet. However, they aim to be especially disruptive during the current election cycle, requiring that all stakeholders be prepared to fend off malicious actors in the upcoming weeks to protect election outcomes.

"As the 2024 US presidential election approaches, it's critical to recognize and understand the cyber threats that may impact the integrity and trustworthiness of the election process and the welfare of the participating citizens," he says.

Indeed, separate research has found that adversaries from Russia, China, and Iran in particular have been using cyber operations to stoke discord and influence election outcomes rather than make direct attacks on voting machines or other voter infrastructure. These more insidious tactics require a different type of vigilance on the part of defenders, the researchers noted.

**Specific Threats to Watch For**

FortiGuard Labs' latest election-threat research is the result of analysis of threats gathered from January 2024 to August 2024 that may affect US-based entities and the electoral process. The researchers discovered several key areas of threat activity that have been on the rise.

One is a significant increase in the availability of affordable phishing kits on the Dark Web designed to target voters and donors by impersonating the presidential candidates and their campaigns. Specifically, the researchers found kits for $1,260 created to impersonate US presidential candidates and to harvest personal information, including names, addresses, and credit card details.

Part of the phishing activity around the current election cycle also includes an increase of highly convincing mobile scams that use phone calls, voicemails, or messaging services that leverage deepfake technology to spread misinformation, which can affect voter outcomes, notes Alex Quilici, CEO at YouMail.

"AI can now create highly convincing voice attacks that make it sound like a trusted figure, such as a candidate, urging you not to vote or spreading false information," he says. "This kind of deception can seriously undermine public trust and disrupt the electoral process."

Attackers also have registered more than 1,000 new potentially malicious domains since the beginning of 2024 that incorporate election-related content and candidates to lure unsuspecting targets and potentially conduct nefarious activities, the researchers noted. The two most-used hosting providers for these election-themed websites are AMAZON-02 and CLOUDFLARENET, demonstrating that attackers are leveraging known, reputable services to bolster the legitimacy of malicious domains.

Another way cyberattackers can spread misinformation and disrupt the democratic process is through the use of people's personal information to directly target them, the researchers noted. Fortinet found that there currently is an abundance of this type of material on the Dark Web, with more than 1.3 billion rows of combo lists — which include usernames, email addresses, and passwords — of US citizens for sale for nefarious use.

The availability of this data poses a considerable risk for credential-stuffing attacks that allow cybercriminals to gain unauthorized access to people's accounts. Overall, the availability of so much personal data of various election stakeholders creates potential indirect disruption in the voting process, notes Casey Ellis, founder and chief strategy officer at Bugcrowd.

"While it may be difficult to use these records to commit the kind of fraud or attacks that would directly modify the outcome of an election, it's certainly a cheap and simple exercise to simply highlight the possibility of their use as a way to instill distrust in the democratic process, and to potential affect and manipulate voter turnout," he says.

FortiGuard Labs researchers also noted a 28% increase in ransomware attacks against the US government year-over-year based on observed leak sites. This type of activity also can threaten the integrity of the election process by undermining citizens' trust in the ability of the government to protect the personal data they collect from them.

**Protect Election Integrity**

To ensure the US presidential election process runs smoothly for all that wish to participate, Fortinet offered some recommendations to prevent and mitigate attacks between now and election day. The researchers advised that individuals and organizations alike always remain vigilant for suspicious behavior or activity leading up to major election-related events and prioritize good cyber hygiene in general to reduce potential threats.

Organizations, especially those related to the election or government agencies, should prioritize employee training and awareness about the cyber threats that exist that aim to disrupt the election process. Enforcing multifactor authentication and a strong password policy across both individuals' and organizations' online accounts also can protect against intrusion.

Finally, any organization with a stake in the election also should install endpoint protection solutions, patch operating systems and Web servers, and update software regularly to ensure systems are as secure as possible, Fortinet recommended.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Cyberattackers Unleash Flood of Potentially Disruptive Election-Related Activity

By combining human and nonhuman identity management in one solution, Flock Safety is helping law enforcement solve an impressive number of criminal cases every day.

Source: ArtemisDiana via Alamy Stock Photo

When Jerrid Powell went on a shooting spree in Beverly Hills last year, he had no idea what he was up against. Law enforcement used Flock Safety's evidence-based crime-solving technology to help locate him. Powell was quickly apprehended and is now behind bars.

Flock Safety is a success story. In less than six years, the native-cloud company has become one of the country's largest public safety technology vendors. It plays a part in solving 10% of crimes in the United States, equating to about 2,000 cases per day, according to a report from the company and validated by independent criminology researchers. It does this by analyzing a vehicle's "fingerprint" using object detection and machine learning, focusing on everything from license plates to bumper stickers.

With so many law enforcement agencies relying on its technology, Flock Safety puts security first. That means securing the identity of its user accounts, along with 1,000 employees and a fleet of cameras, video cameras, and audio detection devices.

From the beginning, Flock Safety has been using Okta for human identity management against its corporate systems, like Salesforce, Google, and Amazon Web Services. Using Okta's customer and workforce identity cloud technology, employees, customers, and contractors authenticate themselves by entering their credentials. It also uses Okta subsidiary's Auth0 to authenticate Internet of Things devices, like cameras, to its FlockOS and devices.

"Imagine a network of cameras, drones, and gunshot detection devices across the United States," explains Eric Tan, the company's CIO and chief security officer. "Each one of those devices has a unique ID and secret associated \[with\] the device that's calling home to the mothership to authenticate and pass on images or videos."

Flock Safety's approach is comprehensive. Alfredo Ramirez, a senior director and analyst of security and emerging technology at Gartner, says that while most companies do use some type of modern technology for employee authentication, they are often less successful at handling nonemployee identities or correlating all of them across connected corporate applications.

**Covering All Bases**

While Tan is quite satisfied with the protection Okta and Auth0 are providing, he noticed that as Flock Safety's customer base and reach grew, it needed to expand past authentication into the realm of authorization. Essentially, authentication is the first step in identity management, but higher levels of security require authorization, which moves beyond identity verification to determining users' levels of access and granting access based on those levels.

"When an identity or user account authenticates onto our platform, we know we're covered, but what we don't know is where that identity is going once it's on the platform," Tan explains. "That's what we wanted to address."

With that goal in mind, Tan found Permiso Security, a cloud security company that had recently branched into identity management. With its ability to track both human and nonhuman identities across authentication boundaries, Permiso's Universal Identity Graph seemed like it could bridge the gap between authentication and authorization for Flock Safety.

Tan looks at it this way: "Auth0 and Okta are important preventative solutions, but Permiso is more like a motion detector system in a house. I want to know who or what is coming into all of the different rooms, and if anything looks off, I want it to let me know."

This is the first year where vendors are going to market claiming to be able to discover and secure all nonhuman identity types, but very few claim to be able to handle securing both human and nonhuman identities within the same solution, Gartner's Ramirez says. Most, like Permiso, are using some sort of graph database technology, unlike incumbent identity vendors.

Over the next three to five years, Ramirez expects incumbent identity security vendors to build, buy, or partner for nonhuman identity solutions to complement their human identity solutions. In addition, he expects startups to continue to advance in this area.

**Looking Ahead**

For Flock Safety, the time to get this up and running is now. Through an API, Permiso's solution can see the identities in Auth0 and Okta. Flock Safety also exposes the API to some of its more critical systems, like Google Workspace or GitHub, so it can monitor for suspicious activity.

"If one of our cameras were to call home and eventually grant themselves access to our GitHub source code library, that would be really odd. Permiso would pick that up," Tan explains. "Similarly, if you had an employee who was a field technician, and that person's user account was granted additional permissions or elevated access within our Google Active Directory or Workspace environment, it would alert us and automatically quarantine them."

Tan is considering adding Astrix Security's nonhuman identity security platform for real-time discovery and mitigation of breaches by nonhuman identities. He's currently evaluating the tool.

"For example, if there is a test API account connected to our GitHub instance with elevated privileges that the team isn't tracking, I would have the team either shut it down, reduce the privileges, or make it authenticate through Auth0," Tan says.

While it might seem like Flock Safety is adding a surprising number of identity-related security tools into its stack, it's always better to be as prepared as possible, Tan says.

"The concept of solving for nonhuman identity risks is still in the early innings, similar to LLM risks," he says. "The idea is to pick a handful of early innovators and compare the results. In my experience, they're usually always different, allowing us to think about the various threat vectors."

**About the Author**

Contributing Writer, Dark Reading

Karen D. Schwartz is a technology and business writer with more than 20 years of experience. She has written on a broad range of technology topics for publications including ITProToday, CIO, InformationWeek, GCN, FCW, FedTech, BizTech, eWeek, and Government Executive.

Fighting Crime With Technology: Safety First

The Center for Digital Democracy calls on the FTC, the FCC, and California regulators to look at connected TV practices.

Your television is debuting the latest, most captivating program: You.

In a report titled “How TV Watches Us: Commercial Surveillance in the Streaming Era,” the Center for Digital Democracy (CDD) spotlighted a massive data-driven surveillance apparatus that ensnares the public through modern television sets.

> “The widespread technological and business developments that have taken place during the last five years have created a connected television media and marketing system with unprecedented capabilities for surveillance and manipulation.”

In cooperation with data brokers, streaming video programming networks, Connected Television (CTV) device companies, and smart TV manufacturers are creating detailed digital dossiers about viewers, based on a person’s identity information, viewing choices, purchasing patterns, and thousands of online and offline behaviors.

Because of their findings, the CDD has called on the Federal Trade Commission (FTC), the Federal Communications Commission (FCC), and California Regulators to investigate connected TV practices.

The report provides a detailed overview of all the different ways in which streaming services and streaming hardware target viewers in ways that are severe privacy infringements.

Earlier, we read a paper by researchers of the Cornell University about a tracking approach called Automatic Content Recognition (ACR). ACR is a technology that periodically captures the content displayed on a TV’s screen and matches it against a content library to detect what content is being displayed at any given point in time.

The researchers found that ACR is functional even when the smart TV is used as a “dumb” external display. There are two types of ACR fingerprinting: one to process acoustic (ACR audio) media, and one for video content (ACR Video).

Brands utilize ACR TV for multiple reasons. The most obvious are frequency optimization, unique reach abilities, and improved targeting. With the advent of CTV, more and more people are opting out of cable television, which opens the opportunity of more targeted advertising to reach a specific audience.

Free Advertiser-Supported TV (FAST channels) such as Tubi, Pluto TV, and many others are commonplace, and present advertisers with a key opportunity to monetize viewer data and target them with sophisticated new forms of interactive marketing.

CTV has unleashed a powerful arsenal of interactive advertising techniques, including virtual product placement inserted into programming and altered in real time. CTV companies operate cutting-edge advertising technologies that gather, analyze, and then target consumers with ads, delivering them to households in the blink of an eye. These can be hyper targeted advertisements which are personalized for individual viewers.

The report profiles major players in the connected TV industry, along with the wide range of technologies they use to monitor and target viewers. Some household names you might be interested in include:

*   Disney(+)
*   Netflix
*   Amazon
*   Roku
*   Vizio
*   Comcast (NBCU)
*   LG
*   Samsung
*   Google (YouTube)

> “Many of these entities offer misleading and disingenuous ‘privacy policies’ and self-serving descriptions of their systems that fail to explain the complex processes they use to extract data from consumers, track viewing and other behaviors, and facilitate targeted marketing.”

Combine the data these companies are gathering about us with other information that data brokers possess, and you are way past anything we should find acceptable.

Experian offers “over 240 politically relevant audience” segments for sale, based on a detailed set of criteria, including “audience interactions, preferences, demographics, behaviors, location, income and more.”

The US market, which is one of only two that allow direct-to-consumer advertising of pharmaceutical products, is seeing marketers for pharmaceutical products that are heavily invested in connected TV advertising.

Industry research shows that families with young children tend to watch more streaming TV content. Children and teens play a powerful role in determining the viewing patterns of their families, serving as decision-makers when it comes to streaming content. Disney Advertising even calls the cohorts of children, teens and adults viewing its Disney+ and other content “Generation Stream.”

Report co-author Kathryn C. Montgomery, Ph.D. stated:

> “Policy makers, scholars, and advocates need to pay close attention to the changes taking place in today’s 21st century television industry. In addition to calling for strong consumer and privacy safeguards, we should seize this opportunity to re-envision the power and potential of the television medium and to create a policy framework for connected TV that will enable it to do more than serve the needs of advertisers. Our future television system in the United States should support and sustain a healthy news and information sector, promote civic engagement, and enable a diversity of creative expression to flourish.”

**Personal Data Remover**

It may feel like keeping your sensitive data away from data brokers is a losing fight, but there are ways to stop those data brokers from collecting new information and, where possible, to have it deleted from their rosters. For people in the United States, Malwarebytes Personal Data Remover provides:   

*   Immediate, deep scans across roughly 175 databases to find your personal data. 
*   Personalized, in-depth reports on what data is being sold and who is selling it.  
*   Automatic data removal requests for subscribers, which can save 300+ hours of manual work in wiping sensitive details off the internet, along with free DIY guides to tackle each site individually.  
*   Recurring scans and data removal requests that will make it harder for invasive websites to rebuild their digital portraits of you.

 Modern TVs have &#8220;unprecedented capabilities for surveillance and manipulation,&#8221; group reveals 

Ubuntu Security Notice 7020-4 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7020-4October 11, 2024linux-aws-6.8, linux-oracle-6.8 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-aws-6.8: Linux kernel for Amazon Web Services (AWS) systems- linux-oracle-6.8: Linux kernel for Oracle Cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - GPU drivers;  - Network drivers;  - SCSI drivers;  - F2FS file system;  - BPF subsystem;  - IPv4 networking;(CVE-2024-42228, CVE-2024-42154, CVE-2024-42160, CVE-2024-42159,CVE-2024-41009, CVE-2024-42224)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-6.8.0-1013-oracle   6.8.0-1013.13~22.04.1  linux-image-6.8.0-1013-oracle-64k  6.8.0-1013.13~22.04.1  linux-image-6.8.0-1016-aws      6.8.0-1016.17~22.04.2  linux-image-aws                 6.8.0-1016.17~22.04.2  linux-image-oracle              6.8.0-1013.13~22.04.1  linux-image-oracle-64k          6.8.0-1013.13~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7020-4  https://ubuntu.com/security/notices/USN-7020-3  https://ubuntu.com/security/notices/USN-7020-2  https://ubuntu.com/security/notices/USN-7020-1  CVE-2024-41009, CVE-2024-42154, CVE-2024-42159, CVE-2024-42160,  CVE-2024-42224, CVE-2024-42228Package Information:  https://launchpad.net/ubuntu/+source/linux-aws-6.8/6.8.0-1016.17~22.04.2  https://launchpad.net/ubuntu/+source/linux-oracle-6.8/6.8.0-1013.13~22.04.1

Ubuntu Security Notice USN-7020-4

CISOs in consumer and retail organizations appear to accept greater risks to allow for more innovation, which could be a model for future growth.

Source: FOTOGRIN via Shutterstock

Chief information security officers (CISOs) have long borne the reputation of blocking innovation to keep their organization and all its data safe and sound.

However, those competing priorities appear to be shifting, especially in the retail and consumer sectors. While the majority of CISOs (59%) across all sectors see themselves as "enablers" — as opposed to just managers of cyber-risk — nearly all (97%) CISOs in the retail segment view their role as an enabler, according to a survey of more than 1,000 global CISOs conducted by cybersecurity firm Netskope. As a result, CISOs' acceptance of risk has grown, with the majority of all CISOs ready to take on more risk compared with five years ago. For the retail sector, the share of risk-embracing CISOs is even higher (74%).

The pressure on companies to innovate — and CISOs' understanding of their role in making that happen — are driving CISOs to become risk-takers, Netskope CISO James Robinson says.

"Typically, you had someone who was really, really technical, and they were working through things, but they really didn't have that business side of the brain — knowing the business metrics and data," he says. "CISOs have moved from the need to say no and maybe even taken it a step further — saying the answer is always, "Yes, just how do we get there?'"

From gift-card scams to brand hijacking for phishing attacks to devastating ransomware, retailers are a popular target for cybercriminals and fraudsters. At the same time, the retail sector has had to weather the chaos caused by the pandemic and supply-chain disruptions, which led to demand fluctuations and a loss of brand loyalty. The subsequent spike in inflation over the past two years left many consumers prioritizing price. Most retail executives (67%) expect consumers to purchase fewer products in 2024, and so retailers are increasingly focused on winning loyalty, according to consultancy Deloitte's "2024 US Retail Industry Outlook" report.

**Security in the Era of Amazon and AI**

With all those disruptive forces in the market, retailers have had to transform themselves to compete, morphing from just focused on selling products to becoming data companies. Consequently, CISOs at retail companies can no longer afford to focus solely on putting a wall around their information, says Netskope's Robinson.

Like other members of the C-suite, CISOs have to be thinking about the business more holistically, Robinson says.

"Retailers now have to ask, 'What's the next innovation? What's the next thing we have to do?'" he says. "And all of those decisions are data driven ... they're being led by this wealth of data that they're collecting, so that they can have targeted experiences for their customers."

Artificial intelligence is one obvious way to innovate. A great deal of the pressure to change over the past two years has come from the development of AI capabilities and businesses' fear of missing out on any innovations — and competitive advantages. In-store cameras paired with AI analysis can determine consumer interest in products, ecommerce platforms can better predict inventory, and stores can even use recognition of facial expressions to gauge consumer sentiment.

While most companies have slowly tested the waters of AI, many will be putting their first AI-powered applications into product in the next 12 months, Robinson says.

"This is the first year also that we're really seeing GenAI projects kick off, and in the next year, we'll start to really see kind of the value of some of these projects," he says. "So I think that's probably what's shaping it even more."

**The Business-Focused CISO**

Yet, AI and cybersecurity are two technology areas that are least likely to have positive returns on investments for retailers, according to consultancy KPMG's 2023 "US Consumer and Retail Sector Insights Report." Only 46% of survey respondents noted an increase in profitability or performance due to AI — and 45% from cybersecurity. But the consumer and retail sector fell even short of that threshold, with 38% and 37% of respondents, respectively, in those industries seeing a return on investment from AI or cybersecurity.

"For many consumer and retail organizations, getting data right is still a work in progress," KPMG stated in the report.

Understandably, there are still some risks where CISOs are unwilling to compromise. Sharing information with outside parties or third parties without the proper review and without the proper agreement in place — a threat becoming more common in the era of AI — is just not possible, says Robinson.

"We knew how to data warehouse, and it's got business value — even more now with the development of GenAI," he says. "I think all of those things have kind of started to come together at this point, allowing the retail CISO to really have a leg to stand on. Now they just also have kind of the business knowledge, because they're being brought into more of these conversations at this point."

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Retail CISOs Take on More Risk to Foster Innovation

Boston and London, U.S. and U.K., 10th October 2024, CyberNewsWire

**Boston and London, U.S. and U.K., October 10th, 2024, CyberNewsWire**

The agreement has marked over 600,000 fraudulent domains for takedown in just two months through automated defense and proactive prevention. Abusix and Red Sift to hold exclusive webinar sharing insights on transforming cyber attack mitigation.

Abusix, an organization specializing in internet abuse prevention, and Red Sift, a leader in misconfiguration and exposure management, have announced a new partnership aiming to transform how organizations can navigate from a reactive to a proactive approach for managing security risk.

Cyber threats such as email phishing, business email compromise (BEC), and brand impersonation remain persistent challenges for organizations globally. Addressing these issues requires both visibility and automation to enable faster detection and mitigation of such attacks.

Addressing these challenges head on, Abusix and Red Sift’s partnership aims to offer security teams visibility and action to neutralize risks preemptively. Since the agreement was enabled in August 2024, over 630,000+ domains have been marked for takedown. This outcome is attributed to Abusix’s real-time reporting capabilities for the swift identification of potential threats, and Red Sift’s ability to transform data into actionable defenses and real-time value for its customers. This is enabled through Red Sift leveraging Abusix’s data in both Red Sift OnDMARC and Red Sift Brand Trust. 

> **Rahul Powar, CEO and Co-Founder of Red Sift said:** “We find ourselves in an ever changing landscape where new attacks and methods for cyber abuse are ever prevalent. Working together with Abusix, we are harnessing new innovation and knowledge sharing to offer increased visibility to a wider remit of large enterprises and small businesses that are vulnerable to cyber threat. This in turn allows us to provide real-time solutions to mitigate against costly reputational damage and shift the industry’s approach from reactive to proactive.” 

> **Tobias Knecht, CEO and Founder of Abusix said:** “It’s not just about sharing data—it’s about sharing it with the right organizations. 95% of all attacks on enterprises originate from service provider and hosting provider networks. Enabling rapid takedowns by sharing actionable intelligence with service providers and hosting providers is a crucial step in reducing overall attack volume at its core. Through our partnership with Red Sift and their unique data solutions, we are taking a significant step forward in safeguarding the internet and improving network security overall.”

The newly formed collaboration is a move to raise the effectiveness and application use of email threat data for cybersecurity across the board and to upgrade the industry’s approach to attack mitigation. Together, the two companies are addressing ongoing critical gaps in the cybersecurity landscape by addressing crucial business needs for increased domain security and prevention of brand abuse. 

Those interested can join an exclusive webinar to learn how Abusix and Red Sift are transforming cyber attack mitigation — readers can reserve a spot today and hear about proactive strategies to protect organizations from email phishing, brand impersonation, and other emerging threats.

Readers can also learn more about the partnership’s Success Story here.

****About Abusix****

Abusix transforms vast amounts of real-time data into actionable insights, helping organizations protect against cyber threats. Its unique data ecosystem enables security teams across all sectors to proactively mitigate attacks by pinpointing the origins of cyber abuse. By enabling collaboration between enterprises, security vendors, and service providers, Abusix works to reduce the overall volume of attacks, driving a more secure internet. 

Abusix serves a global client base, including Cloudflare, Amazon Web Services (AWS), Vodafone, Digital Ocean, and multiple government organizations worldwide. Dedicated to enhancing the global security ecosystem, Abusix continues to make threat intelligence accessible and impactful across industries. Readers can learn more at abusix.com

****About Red Sift****

Red Sift aims to enable organizations to anticipate, respond to, and recover from cyber attacks while continuing to operate effectively. The award-winning Red Sift Pulse Platform is an integrated solution that combines four interoperable applications, internet-scale cybersecurity intelligence, and innovative generative AI that intends to put organizations on a path to cyber resilience. 

Red Sift is a global organization supported by a diverse team across 15 countries. It boasts an international client roster that includes Capgemini, Domino’s, ZoomInfo, Athletic Greens, and several leading law firms. Red Sift is the official DMARC provider for Cisco and a trusted partner for Microsoft and Entrust, among others. Readers can learn more at redsift.com

**Contact**

**Head of Marketing**  
**Serena Li**  
**Abusix**  
**\[email protected\]**

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild.
Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild.

Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based Edge browser over the past month.

Five of the vulnerabilities are listed as publicly known at the time of release, with two of them coming under active exploitation as a zero-day -

*   **CVE-2024-43572** (CVSS score: 7.8) - Microsoft Management Console Remote Code Execution Vulnerability (Exploitation detected)
*   **CVE-2024-43573** (CVSS score: 6.5) - Windows MSHTML Platform Spoofing Vulnerability (Exploitation Detected)
*   **CVE-2024-43583** (CVSS score: 7.8) - Winlogon Elevation of Privilege Vulnerability
*   **CVE-2024-20659** (CVSS score: 7.1) - Windows Hyper-V Security Feature Bypass Vulnerability
*   **CVE-2024-6197** (CVSS score: 8.8) - Open Source Curl Remote Code Execution Vulnerability (non-Microsoft CVE)

It's worth noting that CVE-2024-43573 is similar to CVE-2024-38112 and CVE-2024-43461, two other MSHTML spoofing flaws that have been exploited prior to July 2024 by the Void Banshee threat actor to deliver the Atlantida Stealer malware.

Microsoft makes no mention of how the two vulnerabilities are exploited in the wild, and by whom, or how widespread they are. It credited researchers Andres and Shady for reporting CVE-2024-43572, but no acknowledgment has been given for CVE-2024-43573, raising the possibility that it could be a case of patch bypass.

"Since the discovery of CVE-2024-43572, Microsoft now prevents untrusted MSC files from being opened on a system," Satnam Narang, senior staff research engineer at Tenable, said in a statement shared with The Hacker News.

The active exploitation of CVE-2024-43572 and CVE-2024-43573 has also been noted by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which added them to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the fixes by October 29, 2024.

Among all the flaws disclosed by Redmond on Tuesday, the most severe concerns a remote execution flaw in Microsoft Configuration Manager (CVE-2024-43468, CVSS score: 9.8) that could allow unauthenticated actors to run arbitrary commands.

"An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database," it said.

Two other Critical-rated severity flaws also relate to remote code execution in Visual Studio Code extension for Arduino (CVE-2024-43488, CVSS score: 8.8) and Remote Desktop Protocol (RDP) Server (CVE-2024-43582, CVSS score: 8.1).

"Exploitation requires an attacker to send deliberately-malformed packets to a Windows RPC host, and leads to code execution in the context of the RPC service, although what this means in practice may depend on factors including RPC Interface Restriction configuration on the target asset," Adam Barnett, lead software engineer at Rapid7, told about CVE-2024-43582.

"One silver lining: attack complexity is high, since the attacker must win a race condition to access memory improperly."

**Software Patches from Other Vendors**

Outside of Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including —

*   Adobe
*   Amazon Web Services
*   Apache Avro
*   Apple
*   AutomationDirect
*   Bosch
*   Broadcom (including VMware)
*   Cisco (including Splunk)
*   Citrix
*   CODESYS
*   Dell
*   Draytek
*   Drupal
*   F5
*   Fortinet
*   GitLab
*   Google Android
*   Google Chrome
*   Google Cloud
*   Hitachi Energy
*   HP
*   HP Enterprise (including Aruba Networks)
*   IBM
*   Intel
*   Ivanti
*   Jenkins
*   Juniper Networks
*   Lenovo
*   Linux distributions Amazon Linux, Debian, Oracle Linux, Red Hat, Rocky Linux, SUSE, and Ubuntu
*   MediaTek
*   Mitsubishi Electric
*   MongoDB
*   Mozilla Firefox, Firefox ESR, and Thunderbird
*   NVIDIA
*   Okta
*   Palo Alto Networks
*   Progress Software
*   QNAP
*   Qualcomm
*   Rockwell Automation
*   Salesforce Tableau
*   Samsung
*   SAP
*   Schneider Electric
*   Siemens
*   Sophos
*   Synology
*   Trend Micro
*   Veritas
*   Zoom, and
*   Zyxel

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

The annual event reinforces best practices while finding new ways to build a culture where employees understand how their daily decisions affect company security. Find out how AWS, IBM, Intuit, SentinelOne, and Gallo are spreading the word.

Source: Prostock-studio via Alamy Stock Photo

COMMENTARY

Cybersecurity Awareness Month, an annual initiative since 2004, provides organizations each October with valuable opportunities to reinforce security best practices among employees. As we engage in these activities this month, it's also an opportunity to discover ways to build a culture of security where employees understand how their daily decisions and actions can affect an organization's overall security.  

Employees remain every organization's best first line of defense. Making the most secure way of doing things the easiest way helps motivate employees to make security-first decisions. For example, getting employees to use multifactor authentication (MFA) — once again a top recommendation of the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NSA) — is one of the simplest and most effective ways to enhance security. Fifteen years ago, when AWS made MFA publicly available, we knew the criticality of using MFA would only increase as technology rapidly evolved and the cloud ushered in a new era of business transformation.  

At AWS, Cybersecurity Awareness Month is also an opportunity to foster internal cross-team collaboration and learning among employees — whether "security" is officially in their title or not. During Amazon's annual Security Week in October, employees will learn online and physical security best practices, how to easily report a security matter, proper ID badge usage, device protection, and how to opt-in for emergency messaging.  

We're also hosting our fourth annual One Amazon Security Conference, bringing our security teams from across the company together for two days in October to connect, collaborate, and amplify knowledge sharing and skill development. Through a variety of programming, including activities to enhance practical security skills, breakout sessions covering security innovations and best practices, and presentations from experts and Amazon security leaders, employees will learn about our efforts to improve security, both internally and for our customers.  

Mark Hughes, Global Managing Partner Cybersecurity Services, IBM Consulting 

At IBM, we're committed to educating and empowering our teams and clients with the knowledge and tools they need to stay secure. As innovative new solutions help advance today's businesses, we also understand the complexity of addressing new cybersecurity threats and advocate to our clients the importance of proactively embedding security into all aspects of their business. 

Cybersecurity Awareness Month provides an opportunity for IBM to drive awareness, highlight our security expertise, and engage our global community around the important role of cybersecurity. We're kicking October off with our "Cloud Threat Landscape" report that will examine cloud threats and highlight how companies can assess and address their risks in areas such as identity access management and data security. Throughout the month, we'll showcase these findings, alongside key takeaways from our recent "Cost of a Data Breach" report, through a series of digital content, including expert-led discussions and security-themed insights, equipping our consultants with the strategies needed to help clients address emerging cloud threats and effectively adopt automation and generative AI (GenAI) to strengthen their security. 

While IBM educates our employees year-round, Cybersecurity Awareness Month allows us to intensify our focus on security-based skills training for our consultants while empowering them to get security industry certifications to help provide guidance to our clients on architectures and technologies that can help them stay ahead of attacks. 

By creating an organization with a security-first mindset, and leveraging the capabilities of the cloud, automation, and GenAI, IBM educates our employees, informs our clients, and inspires new approaches to cybersecurity — like quantum-safe standards — to reinforce our commitment to a secure digital future. 

Atticus Tysen, Chief Information Security Officer, Intuit  

This year, our theme for Cybersecurity Awareness Month is Cyber Wellness, focusing on the importance of maintaining digital health alongside physical well-being. We're using this theme to highlight that protecting our digital lives is an ongoing responsibility, like looking after our physical health. Through this theme, we aim to foster a culture of continuous cybersecurity awareness, encouraging employees to take proactive steps in safeguarding themselves and Intuit. 

As part of our Cybersecurity Awareness Month program, our chief financial officer (CFO), Sandeep Aujla, and our general counsel, Kerry McLean, will join me in an opening keynote, sharing why cybersecurity is critical to our company's overall success. In addition to general sessions for all employees, we've crafted targeted sessions for groups identified as being more prone to social engineering, based on months of phishing simulation data. This focused approach allows us to directly address the needs of specific groups. 

Josh Blackwelder, Deputy Chief Information Security Officer, SentinelOne  

SentinelOne lives and breathes security, all day, every day. And while our mission — Secure Tomorrow — is most often focused on a promise and dedication to our customers, it extends far beyond the business goals of the company to securing our teammates, communities, and democracy, as whole. We see Cybersecurity Awareness Month as a way to bring our expertise into our communities — helping to create future generations of cyber-aware citizens while expanding the next generation of cyber defenders.  

For Cybersecurity Awareness Month, SentinelOne focuses on its CyberSafe University program, an in-school program that targets kids in grades K-12 and is designed to introduce the concept of cybersecurity in age- and activity-appropriate ways.  

The program provides a range of ways that kids can think about their online activities and privacy. For younger elementary students, we focus on essential skills for safeguarding personal data online. For middle schoolers, we focus on the best practices to retain cybersecurity safety, including the importance of multifactor authentication. For older students, we also include information on how to pursue a career in cybersecurity, what to major in, and leading university programs around the globe.  

Over the past two years, this massive volunteer effort has delivered amazing results — over 100 Global SentinelOne Employee Ambassadors were able to reach more than 12,000 students, in over 40 schools, in eight countries. 

Raul Sanchez, Director of Information Security, Gallo 

Gallo recognizes Cyber Awareness Month with a series of engaging, educational initiatives aimed at enhancing the cyber resilience of its workforce. The highlight is the annual Cybersecurity Awareness Day event, held at corporate headquarters. This event features keynote speakers and representation from our security partners, offering insights into the latest cyber threats and best practices. Designed to be fun and educational, the event provides employees with hands-on experiences and practical knowledge to better protect the organization and its data. Adding a twist, the event also includes a 5 kilometer run/walk, allowing employees to earn points in the company's health and wellness program while promoting physical fitness alongside cyber fitness.  

In addition to the awareness day event, Gallo hosts weekly cybersecurity webinars throughout October. These sessions cover a range of topics, from phishing prevention to secure password management, and are designed to educate employees on how to recognize and respond to potential threats. The webinars are well received, offering employees the flexibility to participate and learn at their own pace.  

To keep cybersecurity top of mind, the information security department also publishes daily security tips for all Gallo employees. These tips provide practical advice and actionable steps employees can take to improve their personal and professional cybersecurity practices. By integrating these daily reminders into the workday, Gallo ensures that cybersecurity remains a priority throughout the month, leading to a more prepared and vigilant workforce.  

About the Contributors

Mark Hughes is the global managing partner of IBM Consulting Cybersecurity Services and leads IBM's team of thousands of experts in helping organizations transform security into a business enabler and establish cyber resiliency. His role spans the sales and services delivery of threat detection and response, data security, cloud security, IAM, infrastructure, risk management and ecosystem partnerships. Mark's cybersecurity career spans across two decades, including recent roles as president of security at DXC Technology, a Fortune 500 global technology services provider, and chief executive at BT Security, a leading global telecommunications provider.  

As senior vice president and chief information security officer (CISO) of Intuit, Atticus Tysen is responsible for information security, fraud prevention, and enterprise information technology. Before assuming this expanded role, Tysen served as chief information officer (CIO) for nearly 10 years. Prior to that, Tysen was vice president of product development for Intuit's Financial Management Solutions group, leading product development efforts for the company's Small Business division. Since joining Intuit in 2002, he has also served as director of new technology and led the company's patent program, building a process to protect the company's intellectual property. Tysen earned a bachelor's degree in computer science from Stanford University. 

Josh Blackwelder has been at the forefront of enhancing security operations at SentinelOne since early 2022. His leadership extends across cloud security engineering, security operations, FedRAMP, security engineering, vendor risk, security architecture, and application security. Before joining SentinelOne, Josh held security leadership positions at Instructer (makers of the learning management software Canvas), as well as Adobe, RBS Markets & International Banking, and Verizon Business. 

Raul Sanchez, director of information security of Gallo, is a seasoned security professional with extensive experience in all facets of IT compliance, privacy, vendor risk management, security design and architecture, regulatory audits, and managing the security of mergers and acquisitions. In recent years, he has focused on implementing modern cybersecurity initiatives and enhancing cyber resilience to better protect against evolving threats. His ability to establish meaningful relationships with business teams enables the effective execution of business initiatives while ensuring the security of customer and corporate data and maintaining the company's positive brand reputation.  

**About the Author**

Chief Information Security Officer, AWS

Chris Betz is the chief information security officer (CISO) at AWS, where he oversees the security teams responsible for protecting AWS infrastructure and cloud services. Betz leads the development and implementation of comprehensive security policies and strategies aimed at effectively managing risk and aligning AWS's security posture with the company's business objectives. Betz is based in northern Virginia, where he resides with his family.

How Major Companies Are Honoring Cybersecurity Awareness Month

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

CISOs and their staff are under more pressure than ever to work their cybersecurity magic. Know the feeling? Send us a cybersecurity-related caption to explain the scene, above, and our favorite will win its creator a $25 Amazon gift card.

Here are four convenient ways to submit your ideas before the October 30, 2024, deadline:

*   Via social media: X, Facebook, and LinkedIn. (If you win, we'll respond to you on the same platform, requesting your email address.)
    

**Last Month's Winner**

Shout out — and a $25 Amazon gift card — to our friend Paul Mauriks, ICT security specialist, technology solutions, at the Department of Justice and Community Safety in Victoria, Australia. Paul's caption for last month's "Bug Off" cartoon captured first place and appears below. A big thank you to all who participated.

**About the Author**

John Klossner has been drawing technology cartoons for more than 15 years. His work regularly appears in Computerworld and Federal Computer Week. His illustrations and cartoons have also been published in The New Yorker, Barron's, and The Wall Street Journal.

Tag

#amazon