Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. 
Cisco Talos recently discovered eight vulnerabilities in the Open Automation Software Platform that could allow an adversary to carry out a variety of malicious actions, including improperly authenticating into...


[[ This is only the beginning! Please visit the blog for the complete entry ]]

_Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw._ 

Cisco Talos recently discovered eight vulnerabilities in the Open Automation Software Platform that could allow an adversary to carry out a variety of malicious actions, including improperly authenticating into the targeted device and causing a denial of service. 

The OAS Platform facilitates the simplified data transfer between various proprietary devices and applications, including software and hardware. 

The most serious of these issues is TALOS-2022-1493 (CVE-2022-26082), which an attacker could exploit to gain the ability to execute arbitrary code on the targeted machine. This issue has a severity score of 9.1 out of a possible 10. Another vulnerability, TALOS-2022-1513 (CVE-2022-26833) has a 9.4 severity score and could lead to the unauthenticated use of the REST API. 

There are two other vulnerabilities, TALOS-2022-1494 (CVE-2022-27169) and TALOS-2022-1492 (CVE-2022-26067) could allow an attacker to obtain a directory listing at any location permissible by the underlying user by sending a specific network request. 

Another information disclosure vulnerability TALOS-2022-1490 (CVE-2022-26077) works in the same way, but alternatively provides the attacker with a list of usernames and passwords for the platform that could be used in future attacks. 

TALOS-2022-1491 (CVE-2022-26026) can also be triggered by a specially crafted network request, but instead leads to a denial of service and a loss of communication. 

The other two vulnerabilities could allow an attacker to make external configuration changes, including creating a new security group on the Platform and creating new user accounts arbitrarily: TALOS-2022-1488 (CVE-2022-26303) and TALOS-2022-1489 (CVE-2022-26043). 

Cisco Talos worked with Open Automation Software to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy. Additionally, affected users could mitigate these issues by ensuring that proper network segmentation is in place so adversaries have the lowest possible level of access to the network on which the OAS Platform communicates. 

Users are encouraged to update these affected products as soon as possible: Open Automation Software OAS Platform, version 16.00.0112. Talos tested and confirmed this driver could be exploited by these vulnerabilities. 

The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 59275 – 59279, 59732. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Cisco Secure Firewall Management Center or Snort.org.

Vulnerability Spotlight: Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service 

Researchers found a litany of security flaws that allow simple, quick, and cheap forgeries in Australia.

In late 2019, the government of New South Wales in Australia rolled out digital driver’s licenses. The new licenses allowed people to use their iPhone or Android device to show proof of identity and age during roadside police checks or at bars, stores, hotels, and other venues. ServiceNSW, as the government body is usually referred to, promised it would “provide additional levels of security and protection against identity fraud, compared to the plastic driver's license” citizens had used for decades.

Now, 30 months later, security researchers have shown that it’s trivial for just about anyone to forge fake identities using the digital driver's licenses, or DDLs. The technique allows people under drinking age to change their date of birth and for fraudsters to forge fake identities. The process takes well under an hour, doesn’t require any special hardware or expensive software, and will generate fake IDs that pass inspection by the electronic verification system used by police and participating venues. All of this, despite assurances that security was a key priority for the newly created DDL system.

“To be clear, we do believe that if the Digital Driver's Licence was improved by implementing a more secure design, then the above statement made on behalf of ServiceNSW would indeed be true, and we would agree that the Digital Driver's Licence would provide additional levels of security against fraud compared to the plastic driver's licence,” Noah Farmer, the researcher who identified the flaws, wrote in a post published last week.

A Better Mousetrap Hacked With Minimal Effort

“When an unsuspecting victim scans the fraudster’s QR code, everything will check out, and the victim won't know that the fraudster has combined their own identification photo with someone’s stolen driver's licence details,” he continued. As things have stood for the past 30 months, however, DDLs make it “possible for malicious users to generate \[a\] fraudulent Digital Driver's Licence with minimal effort on both jailbroken and non-jailbroken devices without the need to modify or repackage the mobile application itself.”

DDLs require an iOS or Android app that displays each person’s credentials. The same app allows police and venues to verify that the credentials are authentic. Features designed to confirm the ID is authentic and current include:

*   Animated NSW Government logo.
*   Display of the last refreshed date and time.
*   A QR code expires and reloads.
*   A hologram that moves when the phone is tilted.
*   A watermark that matches the license photo.
*   Address details that don’t require scrolling.

Simple Technique

The technique for overcoming these safeguards is surprisingly simple. The key is the ability to brute-force the PIN that encrypts the data. Since it’s only four digits long, there are only 10,000 possible combinations. Using publicly available scripts and a commodity computer, someone can learn the correct combination in a matter of a few minutes, as demonstrated in this video showing the process on an iPhone.

Once a fraudster gets access to someone’s encrypted DDL license data—either with permission, by stealing a copy stored in an iPhone backup, or through remote compromise—the brute force gives them the ability to read and modify any of the data stored on the file.

From there, it's a matter of using simple brute-force software and standard smartphone and computer functions to extract the file storing the credential, decrypting it, changing the text, re-encrypting it, and copying it back to the device. The precise steps on an iPhone are:

*   Use iTunes backup to copy the contents of the iPhone storing the credential the fraudster wants to modify
*   Extract the encrypted file from the backup stored on the computer
*   Use brute-force software to decrypt the file
*   Open the file in a text editor and modify the birth date, address, or other data they want to fake
*   Re-encrypt the file
*   Copy the re-encrypted file to the backup folder and
*   Restore the backup to the iPhone

With that, the ServiceNSW app will display the fake ID and present it as genuine.

The following video shows the entire process from start to finish.

Death by 1,000 Flaws

A variety of design flaws make this simple hack possible.

The first is a lack of adequate encryption. A key based on a four-digit PIN is woefully inadequate. Apple provides a function named SecRandomCopyBytes for producing random bytes that can be used to generate secure keys. “If this was used to encrypt the Digital Driver's Licence rather than the 4 digit PIN, it would make the task of brute-forcing much harder if not completely infeasible for attackers,” Farmer wrote.

The next major flaw is that, astonishingly, DDL data is never validated against the back-end database to make sure that what’s stored on the iPhone matches records maintained by the government department. With no means to natively validate the data, there’s no way to tell when information has been tampered with. As a result, attackers are able to display the falsified data on the Service NSW application without any means to prevent or detect the fraud.

The third shortcoming is that using the “pull-to-refresh” function—a cornerstone of the DDL verification scheme intended to ensure the most current information is showing—fails to refresh any of the data stored in the electronic credential. Instead, it updates only the QR code. A better response would be for the pull-to-refresh function to download the latest copy of the DDL from the ServiceNSW database.

Fourth, the QR code transmits only the DDL holder’s name and status as either over or under the age of 18. The QR code is supposed to allow the person checking the ID to scan it with their own ServiceNSW app to validate that the data presented is authentic. To bypass the check, a fraudster only needs to obtain the driver's license details from a stolen or otherwise-obtained DDL and replace it locally on their phone.

“When an unsuspecting victim scans the fraudster’s QR code, everything will check out, and the victim won't know that the fraudster has combined their own identification photo with someone's stolen Driver's Licence details,” Farmer explained. Had the system returned the legitimate image data, the scanning party would easily see that the fraudster had forged the DDL, since the face returned by Service NSW wouldn’t match the face displayed on the app.

The last flaw the researcher identified was that the app allows the data it stores to be backed up and restored at all. While all files stored in the Documents and Library/Application Support/ folders are backed up by default, iOS allows developers to easily exclude certain files from backup by calling NSURL setResourceValue:forKey:error: with the NSURLIsExcludedFromBackupKey key.

With a reported 4 million NSW residents using the DDLs, the gaffe could have serious consequences for anyone who relies on DDLs to verify identities, ages, addresses, or other personal information. It's not clear how or even if Service NSW plans to respond. Given time differences between San Francisco and New South Wales, officials with the department weren't immediately available for comment.

Farmer noted this tweet, which called out a hotel bar for refusing service to someone who had only physical ID and instead accepting only DDLs. “I know 10 kids that you let in regularly with fake digital licenses because they are easy to make,” the person claimed.

While the veracity of that claim can’t be verified, it certainly sounds plausible, given the ease and effectiveness of the hack shown here.

_This story originally appeared on_ _Ars Technica__._

‘Tough to Forge’ Digital Driver’s Licenses Are—Yep—Easy to Forge

Company to debut its AD capabilities at the 2022 RSA Conference.

HERZLIYA, Israel, May 24, 2022 /PRNewswire/ -- XM Cyber, the multi-award-winning attack path management company, announced today a new security capability for Microsoft's Active Directory (AD). XM Cyber is the first in the industry to link the use of AD into the entire attack path, bringing multiple attack techniques together and offering a complete and accurate view of an organization's cybersecurity risk, across on-prem and cloud environments. With this new capability, enterprises gain end-to-end attack path visualization for easy understanding and prioritized remediation of all weaknesses before an attack can take place.

A chain of attack vectors (vulnerabilities, misconfigurations, user privileges, human errors, etc.) that enables lateral movement through an organization's network is called an attack path. Once an attacker is inside the network, they can move laterally, escalating their privileges and targeting systems to gain access to sensitive data and business-critical resources, and even gain access to the cloud environment by moving from a compromised enterprise AD user to the associated Azure AD user.

AD is widely used by enterprises around the world (including approximately 90% of Global Fortune 1000 companies) to connect and manage endpoints inside corporate networks. This makes it an attractive target for hackers seeking to obtain domain admin-level access. An attacker that has compromised an AD user can elevate privileges, conceal malicious activity in the network, execute malicious code, and gain access to the cloud environment to compromise assets. The XM Cyber Research team recently reported that 73% of the top attack techniques used to compromise critical assets in 2021 involved mismanaged or stolen credentials; and according to EMA research, at least 50% of organizational attacks are due to AD compromise.

"It is critical to make concentrated efforts to comprehensively secure and monitor AD, proactively look for threats and misconfigurations, and remediate to prevent dangerous actions from taking place," according to Gartner®. \[1\]

The XM Cyber Attack Path Management platform demonstrates how AD abuse comes into play across the entire attack path, bringing together multiple attack techniques to pinpoint the riskiest credentials and permissions across users, endpoints and services managed in AD. This enables organizations to direct resources to remediate the most impactful risks first using step-by-step guidance. The platform's comprehensive security posture analysis surfaces AD weaknesses in real time, correlating the likelihood of attacks that can compromise critical assets.

"Existing solutions provide security teams with limited visibility into which users can expose critical assets," said Boaz Gorodissky, CTO, XM Cyber. "Our unique ability to chain together AD attack techniques gives organizations the edge against attackers, enabling them to reduce their risk before the attack ever happens. We are committed to providing proactive security so CISOs can focus on maximizing resources to protect their most business-critical applications and data."

XM Cyber will debut its AD capabilities at the 2022 RSA Conference, taking place June 6-9 in San Francisco. Interested parties can book a personal demo here or visit us at booth #4328 at the Moscone North Expo. Learn more about XM Cyber Active Directory security here.

\[1\] Gartner, "Emerging Technologies and Trends Impact Radar: Security", Ruggero Contu, Mark Driver, et al, 12 October 2021. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

**About XM Cyber  
**XM Cyber is a leading hybrid cloud security company that is changing the way innovative organizations approach cyber risk. Its attack path management platform continuously uncovers hidden attack paths to businesses' critical assets across cloud and on-prem environments, enabling security teams to cut them off at key junctures and eradicate risk with a fraction of the effort. Many of the world's largest, most complex organizations choose XM Cyber to help eradicate risk. Founded by top executives from the Israeli cyber intelligence community, XM Cyber has offices in North America, Europe, and Israel.

XM Cyber Adds New Security Capability for Microsoft Active Directory

New features include context-aware, zero-trust data protection on local peripherals and devices.

SANTA CLARA, Calif. – May 24, 2022 – Netskope, the leader in Security Service Edge (SSE) and zero trust, today announced a key expansion of data protection capabilities to endpoint devices and private apps. The introduction of a patented endpoint data loss prevention (DLP) solution will enable Netskope Intelligent SSE customers to protect data everywhere it moves across the hybrid enterprise.

Zero trust principles are critical to SSE, which describes the security stack needed to enable a modern Secure Access Service Edge (SASE) architecture. Data protection is of utmost importance throughout a SASE architecture—specifically, the need for security to move with data wherever it is accessed, and apply zero trust to determine the right level of access. Additionally, legacy and endpoint DLP offerings have failed enterprises by being siloed, complicated, and intrusive, hindering user productivity.

Netskope has been consistently recognized by top industry analysts for its advanced data protection capabilities. With today’s continued expansion of the Netskope Intelligent SSE platform, Netskope customers will be able to protect data across SaaS, IaaS, private applications, web, e-mail, and endpoint devices from a single converged data protection solution, leveraging machine learning, user and entity behavior analytics (UEBA), and insider threat mitigation capabilities to improve security efficacy, efficiency, and agility.

  
Notable features of Endpoint DLP include:

· Context-aware, zero trust data protection on local peripherals and devices, such as USB drives and printers

· Unified data classification, policy enforcement, and incident management for DLP across SaaS, IaaS, private apps, web, e-mail, and endpoint devices

· A patented lightweight endpoint agent with cloud-based inspection and contextual data protection policies that enhance the user experience

· Machine learning and Advanced Analytics to help simplify data classification and policy definition, lowering operational overhead

· UEBA, which makes it possible to identify and stop complex data loss scenarios such as insider risk, where users are unintentionally or even maliciously abusing their access to data

“No SASE or zero trust journey will be successful without data protection capabilities that can address all critical use cases in a way that is easy to deploy and doesn’t slow down users,” said John Martin, Chief Product Officer, Netskope. “The introduction of Endpoint DLP extends Netskope’s award-winning data protection capabilities that much further, to critical use cases with endpoint devices. While some competitors may offer unified policy and management or provide data protection for certain vectors, Netskope is the only vendor that can provide truly converged data protection across the full IT environment. We are very excited to deliver Endpoint DLP to customers as another Netskope game-changer.”

“With Netskope’s new eDLP, we can now offer single-pass data protection —across all vectors, from the cloud to the endpoint —with unified policies, within a single management console,” said Mick Coady, Global Vice President CyberSecurity Solutions, World Wide Technology. “As a Platinum Partner in Netskope’s Evolve partner program, we’re seeing the huge growth opportunity that Netskope’s Intelligent SSE approach represents. This new addition will accelerate that growth.”

A work-from-anywhere, or “hybrid,” environment makes it increasingly difficult to maintain security models based on implicit trust in any entity that wants to connect. Zero trust principles enable organizations to govern access to data based on behavior by users, devices, networks, and applications— increasing confidence in policy enforcement everywhere. By evaluating several contextual elements—user identity, device identity and security posture, time of day, geolocation, business role, sensitivity level of the data, and more—the resource itself can determine an appropriate level of confidence, or trust, only for that specific interaction and only for that specific resource. Using Netskope Intelligent SSE with zero trust principles applied throughout the environment, businesses become more agile, reduce risk, and streamline solution deployment and maintenance.

"DLP has been extremely complicated and cumbersome, and that's before you factor in cloud, web, email, private apps, and endpoints,” said Frank Dickson, IDC Group Vice President, Security & Trust. “Netskope looks to address complexity with integration, providing a unified cloud delivered solution. Compared to old school network and endpoint-based DLP solutions, having DLP in this integrated solution makes it dramatically easier to protect data wherever it may be and in a manner that is frictionless for end users. It is a win-win.”

Visit Netskope and take a demo of Intelligent SSE at Booth #S449 at RSA Conference, June 6-9, 2022, in San Francisco. For more on today’s announcement, read the Netskope blog.

**About Netskope**  
Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply zero trust principles to protect data. The Netskope Intelligent Security Service Edge (SSE) platform is fast, easy to use, and secures people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements. Learn how Netskope helps customers be ready for anything on their SASE journey, visit netskope.com.

Netskope Expands Data Protection Capabilities to Endpoint Devices and Private Apps

New funding led by global cyber investor Paladin Capital Group, alongside existing investors Columbia Capital and Skylab Capital.

**ALEXANDRIA, Va., May 24, 2022**\--(BUSINESS WIRE)--Nisos, The Managed Intelligence CompanyTM, today announced $15 million in Series B funding led by global cyber investor Paladin Capital Group alongside existing investors Columbia Capital and Skylab Capital. The new funding will be leveraged to accelerate company growth with investments in the company’s Managed Intelligence services, the Nisos Intelligence PlatformTM, and additional staff to meet client’s increasing intelligence needs.

"Nisos provides a level of intelligence that is timely, relevant, and actionable. Their monitoring, analysis, and investigation services have been a critical component of our diligence process, enabling us to quickly quantify risk and accelerate acquisitions," said Jason Button, Lead for Security, Integration, and Mergers, Cisco Systems, Inc.

To date, the company has secured over $33 million in funding and experienced tremendous momentum, with a 140 percent increase in Q1 bookings year-over-year. In the last year, the company expanded internationally with the opening of its first European office, increased its headcount by 60 percent, and issued prominent, high visibility research that reveals cybersecurity issues and disinformation campaigns throughout the globe.

"While threat intelligence holds the promise of making protection efforts more precise, in many cases it does the exact opposite, overwhelming teams with terabytes of unorganized information. Managed Intelligence is addressing these shortcomings and empowering security teams with the right information at the right time so that they can effectively combat today's sophisticated adversaries," said Christopher Steed, Chief Investment Officer and Managing Director at Paladin Capital Group. "In this emerging space, Nisos is pioneering an innovative new approach with its unique ability to connect cyber and physical risk for more effective threat intelligence, enabling the company to triple its valuation in two years while also positioning itself for continued rapid growth."

As part of the company’s client enablement strategy, the new funding will be used to expedite product management and development, drive market awareness and elevate customer services and success. This includes plans to refine the Nisos Intelligence Platform to improve analyst and client experiences and build a foundation for additional growth ahead.

"Over the last year, Nisos has grown tremendously as we’ve expanded our platform and continued to add talented experts to address the needs of our growing client base, positioning us at the forefront of the Managed Intelligence market," said David Etue, CEO at Nisos. "This funding helps us expand our offerings and the company to meet accelerating demand from clients who increasingly understand the value of intelligence, and discover that the more they learn, the more resources and expertise they require."

**About Nisos**

Nisos is The Managed Intelligence CompanyTM. Our services enable security, intelligence, and trust & safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyberattacks, disinformation and abuse of digital platforms. For more information visit: www.nisos.com

**About Paladin Capital Group**

Paladin Capital Group was founded in 2001 and has offices in Washington DC, New York, London, Luxembourg, and Silicon Valley. As a multi-stage investor, Paladin Capital Group’s core strength is identifying and supporting innovative companies that develop promising, early-stage technologies to address the critical cyber and advanced technological needs of both commercial and government customers.

Combining proven investment experience with deep expertise in global security, cyber technology, and cutting-edge research, Paladin has invested in more than 60 companies and has been a trusted partner to investors, entrepreneurs, and governments for over two decades. Follow the firm on Twitter @Paladincap and visit www.paladincapgroup.com.

Nisos Announces $15 Million in Series B Funding Round

NIST may be on the brink of revealing which post-quantum computing encryption algorithms it is endorsing, solidifying commercial developments like QuProtect.

Cybersecurity experts are awaiting the imminent announcement from the National Institute for Standards (NIST) of its recommended post-quantum computing (PQC) encryption algorithms, an important milestone in a years-long process that started back in 2016 with 82 candidates. NIST has signaled it will reveal its decision imminently — possibly just before or during the RSA Conference in San Francisco in two weeks, amid a swirl of new activity in the field of quantum computing.

The PQC algorithms would join RSA and elliptic curve cryptography (ECC) as a new generation of NIST-recommended encryption standards. The PQC algorithms promise to enable encryption that is exponentially more powerful than current standards, which will become essential when quantum computers are available for commercial use.

Once NIST reveals which four algorithms it is endorsing, the next phase of drafting standards will begin. That process is expected to take roughly a year. But the pending decision will establish which algorithms to focus on. While the NIST selection will allow stakeholders to apply them to their offerings, many providers say that is just one part of the solution. Several startups focused on addressing PQC are now coming out of stealth. The latest came last Thursday, when QuSecure, a San Mateo, Calif.-based company formed three years ago, officially launched both itself and its first PQC product, called QuProtect. QuSecure describes QuProtect as an orchestration platform that can protect data in transit and at rest encrypted with the new PQC algorithms.

**A 'Perfect Storm' for Quantum Computing**

NIST's selection, until recently considered at least a year away, would come amid a perfect storm unfolding this month in quantum computing, all signaling that CISOs should accelerate their PQC strategies. Recent disclosures portend that quantum computing could become commercially available sooner than once thought likely. Notably, IBM two weeks ago revealed that it will release a 433-qubit processor called IBM Osprey by the end of this year, more than a threefold increase from IBM Eagle, a 127-qubit processor introduced in November 2021. IBM's updated roadmap calls for the introduction of a 1,000-qubit processor next year called IBM Candor. In three years, IBM plans to deliver a multi-cluster offering capable of exceeding 4,000 qubits.

"By 2025, we will have effectively removed the main boundaries in the way of scaling quantum processors up with modular quantum hardware and the accompanying control electronics and cryogenic infrastructure," Jay Gambetta, VP of quantum computing and an IBM Fellow, explained in a May 10 blog post. During that same week, D-Wave Systems announced the availability of its Advantage quantum computer via the Leap quantum cloud service, a part of the University of Southern California-Lockheed Martin Quantum Computing Center hosted at USC's Information Sciences Institute (ISI).

After the creation of Shor's algorithm in 1994, researchers realized that once quantum computers arrive with an abundant level of scale and precision, they will be able to break current forms of encryption. Besides RSA and ECC, quantum computers are expected to break the long-trusted Diffie-Hellman key exchange algorithm used for modern cryptographic communications including SSL, TLS, PKI, and IPsec.

Meanwhile, efforts to provide protections from quantum computing is accelerating. The recent White House directives emphasized that the government and industry should move forward with NIST's standards as well as calling for swift passage of the Bipartisan Innovation Act, legislation reintroduced last year as the Endless Frontier Act by US Senate Majority Leader Chuck Schumer, Senator Todd Young (R-IN), Representative Ro Khanna (D-CA), and Representative Mike Gallagher (R-WI). The bill seeks to boost funding in research and the advance of technology deemed critical to US national security, which includes artificial intelligence, PQC, and semiconductors.

Following the White House directive, the US House of Representatives Oversight and Government Reform Committee on May 11 unanimously passed the Quantum Computing Cybersecurity Preparedness Act, a bill proposed by US Representative Nancy Mace (R-SC) seeking to advance the migration of federal government IT systems with PQC capabilities. The legislation now sits before the House for consideration.

**Building QuProtect**

QuSecure was founded by chairman and COO Skip Sanzeri, CEO Dave Krauthamer, and chief product officer Rebecca Krauthamer, who is also a member of the World Economic Forum's Global Future Council on Quantum Computing.

Sanzeri tells Dark Reading that roughly 15 customers are now piloting QuProtect, including several branches of the US Department of Defense and large enterprise businesses. The only commercial customer QuSecure has permission to reference is Franklin Templeton, the New York-based diversified investment firm with roughly $1.5 trillion in assets under management as of April 30, which is best known for its large mutual funds. QuSecure is incubated within Franklin Templeton, which is also an investor in the company.

While Franklin Templeton declined to comment on its QuProtect pilot, Sanzeri says it is currently in beta there. "We are moving to the next step to a broader rollout," Sanzeri says. While Sanzeri said he was restricted in the amount of detail he could offer, it has established the quantum communications link between its servers and select institutional customers. The technology doesn't require the customers to add anything on their end, he says.

The QuProtect communications channels can run on servers on premises and in the cloud, Sanzeri adds. Eventually, it will run on network switches as well, according to Sanzeri, who says QuSecure has been in talks with players including Cisco, Fortinet, Juniper Networks, and Palo Alto Networks. "The switch providers are very standards based," Sanzeri says. "And one of the reasons why they haven't necessarily adopted this yet, across the board is because NIST hasn't finalized their standards. But once they do, then I think the switch providers will all come along nicely."

QuProtect provides a secure communications channel designed to protect any node on a network and is designed to use any of the NIST-approved PQC algorithms. Sanzeri claims QuSecure is the first company that is offering a complete PQC platform. "There are some point solutions out there that might be focusing on, say, quantum random number generation, or possibly just on cryptography," Sanzeri says. "And we think that is fine. However, it's not enough. If you're going to protect the enterprise, you need to be able to protect holistically."

Vincent Berk, chief strategy officer of QuantumXchange, which provides software that uses PQC keys shared on two specific endpoints, disputes QuSecure's claim of being the only company developing a complete offering. "To claim you're the first one that brings post quantum cryptographic solutions to the entire world, I can make that exact same claim for QuantumXchange, and we can start bickering over what we consider post quantum hard," Berk says.

Nevertheless, Berk, who joined QuantumXchange earlier this year after serving as CTO and chief security architect at Riverbed Technology, believes the QuSecure has a viable offering. "What I think they're doing a great job of is they're trying to make it as easy as possible to get you to know that you can trust your new cryptographic algorithms are working for you," Berk adds.

QuSecure Carves Out Space in Quantum Cryptography With Its Vision of a Post-RSA World

Next I.T. is the sixth and largest acquisition to date for Valeo Networks.

ROCKLEDGE, Fla. and MUSKEGON, Mich., May 23, 2022 /PRNewswire/ -- Valeo Networks, a leading Managed Security Service Provider (MSSP), today announced the acquisition of Next I.T., a Michigan-based Managed Service Provider (MSP). Financial terms are not being released.

A recognized and highly respected MSP, Next I.T. is the sixth and largest acquisition to date for Valeo Networks and further supports its goal of building a national network of IT and cybersecurity experts to comprehensively support and protect its client base.

The company will continue to operate as DBA Next I.T. (A Valeo Networks Company), and maintain its current Michigan office locations in Muskegon, Kalamazoo, and Traverse City. The Next I.T. team consists of Microsoft Certified Engineers, Cisco Certified Engineers, and certified technicians in both HP and Dell. They specialize in providing IT solutions for clients across a wide range of industries, including manufacturing, non-profits, and healthcare.

"We are thrilled to welcome Next I.T. to the Valeo Networks family," said Travis Mack, CEO, Valeo Networks. "Their deep skill set and broad expertise will be an excellent fit within our organization, as we continue to advance our nationwide growth strategy. As with each of our divisions, we will partner with Next I.T. to strengthen resources and capabilities in cybersecurity, managed services, cloud solutions, and compliance."

"I am excited for Next I.T. to join Valeo Networks and be part of a larger organization," said Eric Ringelberg, CEO, Next I.T. "With as much as we have grown over the past twenty-one years and having robust IT services in place, this was the natural next step for our continued growth. The Valeo leadership team really stood out to me in offering a true partnership, holding the same values, and having a track record of keeping its acquired companies intact. I look forward to accelerating Next I.T.'s growth throughout the Midwest region with the resources, capital backing, and collaboration that Valeo Networks provides."

**About Next I.T.  
**Next I.T., an award-winning Managed Service Provider (MSP), specializes in industry-specific solutions that leverage technology, increase productivity, and reduce risk for small and medium-sized businesses. It offers a full line of computer hardware, telecommunication equipment, and the professional expertise with remote capabilities to install and service systems. Next I.T. is headquartered in Muskegon, MI, with additional branches in Kalamazoo and Traverse City. For more information, visit www.next-it.net.

**About Valeo Networks  
**Valeo Networks is a full-service, award-winning Managed Security Service Provider (MSSP) that serves State, County, Municipal markets; small-to-medium businesses (SMBs); and non-profit organizations. Firmly seated in the top 5% of revenue generating MSSPs nationwide—making it one of the largest MSSPs nationally—Valeo Networks provides solutions in the areas of cybersecurity, compliance, cloud, network infrastructure, and managed IT services. With over 20 years of industry experience, Valeo Networks is headquartered in Rockledge, FL, with additional locations nationwide. Learn more at www.valeonetworks.com.

Valeo Networks Acquires Next I.T.

Cisco on Friday rolled out fixes for a medium-severity vulnerability affecting IOS XR Software that it said has been exploited in real-world attacks.
Tracked as CVE-2022-20821 (CVSS score: 6.5), the issue relates to an open port vulnerability that could be abused by an unauthenticated, remote attacker to connect to a Redis instance and achieve code execution.
"A successful exploit could allow

Cisco on Friday rolled out fixes for a medium-severity vulnerability affecting IOS XR Software that it said has been exploited in real-world attacks.

Tracked as CVE-2022-20821 (CVSS score: 6.5), the issue relates to an open port vulnerability that could be abused by an unauthenticated, remote attacker to connect to a Redis instance and achieve code execution.

"A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database," Cisco said in an advisory.

"Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system."

The flaw, which it said was identified during the resolution of a technical assistance center (TAC) case, impacts Cisco 8000 Series routers running IOS XR Software that has the health check RPM installed and active.

The networking equipment maker also cautioned that it's aware of the attempted exploitation of the zero-day bug earlier this month. "Cisco strongly recommends that customers apply suitable workarounds or upgrade to a fixed software release to remediate this vulnerability," it added.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Cisco Issues Patch for New IOS XR Zero-Day Vulnerability Exploited in the Wild

Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability.

CVE-2022-28104: Security Bulletins | Foxit Software

By Jon Munshaw. 
Welcome to this week’s edition of the Threat Source newsletter. 
I will openly admit that I still own a “classic” iPod — the giant brick that weighed down my skinny jeans in high school and did nothing except play music. There are dozens of hours of music on there that I...


[[ This is only the beginning! Please visit the blog for the complete entry ]]

_By Jon Munshaw._ 

Welcome to this week’s edition of the Threat Source newsletter. 

I will openly admit that I still own a “classic” iPod — the giant brick that weighed down my skinny jeans in high school and did nothing except play music. There are dozens of hours of music on there that I always tell myself I’m going to back up somewhere and never do. The iPod doesn’t have any charge at the moment, and I still need to hop on eBay to buy one of those flat chargers for it to even start the backup process. So no, I’m sure I’ll never get around to backing it up and recycling the device. 

But that doesn’t make it any less painful to hear that Apple is going to stop making iPods altogether. I’m a longtime iPod user and have owned everything from the original “stick of gum” iPod shuffle, to the tiny, square iPod nano that clipped to my backpack and made me think I was really cool, along with pretty much every other iteration of the nano. 

The news of the iPod’s end got me thinking about how far the threat landscape has come. We all have a supped-up iPod in our pockets now that connects to the internet at a moment’s notice and is one risky click away from someone stealing your banking app password. It used to be that when I wanted new music, I would have to plug the iPod into my parents’ Mac at home and connect to the internet, and then pray that whatever perilous download I was grabbing from uTorrent or LimeWire wasn’t going to download a virus. Most of the time, I thankfully landed on a somewhat legitimate version of a Slayer album. 

Nowadays, attackers have even come up with ways to install malware on your iPhone even when it’s powered down — that was never an issue in the heyday of the iPod! 

Though in my walk down memory lane, I did learn that some classic iPods shipped in 2006 contained Windows malware known as “RavMonE.exe,” an early example of why everyone should have at least a base anti-virus enabled.  

I’ll miss the days of the iPod, when I didn’t have to worry about malware following me in my backpack or briefcase. But I don’t miss having to illegitimately listen to Slayer, I’ll gladly pay the $10 a month for Spotify to avoid having to hope a file from “xX\_metalhead420Xx\_” doesn’t have malware in it.  

**The one big thing **

A critical vulnerability in F5’s BIG-IP software continues to dominate security headlines and haunt defenders. Though we released coverage for this vulnerability last week, attackers are still exploiting it in the wild. Security researchers at the SANS Institute recently discovered adversaries exploiting the vulnerability to try and completely wipe some Linux systems. The U.S. Cybersecurity and Infrastructure Security Agency also added CVE-2022-1388 to its list of known vulnerabilities and gave federal agencies until May 30 to patch for the issue.   

> **Why do I care? **
> 
> The continuous warnings around this vulnerability show how truly widespread and potentially dangerous it is. Due to the nature of this vulnerability, and adversary could exploit it and obtain root privileges in the Linux operating systems powering BIG-IP devices. While most attackers seem to be using it to gain an initial foothold on a system, this also opens the door to an attacker running specific commands to delete files on the system, including ones that are required for the operating system to function correctly.  
> 
> **So now what? **Cisco Secure products have several ways of detecting exploitation of this vulnerability and defending against it. F5 also has a patch available for the vulnerability, which should be implemented immediately. If users are not able to patch for some reason, Talos, CISA and F5 all recommend blocking iControl REST access through the self IP address and management interface. 

**Other news of note**

The quantum computing race is on. This week, U.S. officials said they believe America will be the first country to harness the power of quantum computing, outpacing rivals like China. It’s widely believed that quantum computers will break current encryption technologies. This means the U.S. also has to develop new encryption standards, which has interested privacy experts. Though the National Security Agency has had backdoors into encryption methods in the past, the agency says that will not be the case for whatever standard the U.S. develops to combat quantum computing. (CyberScoop, Bloomberg) 

U.S. officials released a warning this week that North Koreans are posing as remote workers and hiding their true identities to apply for jobs with cryptocurrency-related companies. These individuals eventually aim to get onto corporate networks and steal currency for the North Korean government. While many of the adversaries are based in North Korea, others are operating out of China, Russia, Africa and South East Asia. North Korean state-sponsored actors have been finding different ways to steal virtual currency for years, mainly in the name of funding the country’s weapons program. (BBC, U.S. Department of Treasury) 

Western governments and security experts continue to sound warnings about potential cyber attacks from Russian state-sponsored groups. Although there have not been any major public attacks as expected when Russia invaded Ukraine, there has been a sustained effort to improve Russia’s standing in the war. Finland and Sweden’s application to join the NATO military alliance also raised the possibility that Russia could respond with a cyber attack. Albeit more low-stakes, Russian actors also tried to disrupt the semifinals and finals of the Eurovision Song Contest in Italy last week, a contest that Ukraine eventually won. (Reuters, The Hill, BBC) 

**Can’t get enough Talos? **

*   Talos Takes Ep. #96: Takeaways from victim chats with two ransomware groups
*   Vulnerability Spotlight: Multiple memory corruption vulnerabilities in NVIDIA GPU driver
*   Ransomware: How executives should prepare given the current threat landscape
*   Threat Roundup for May 6 - 13

  

**Upcoming events where you can find Talos ****NorthSec 2022 (May 19 – 20, 2022)  
Montreal, Canada ****REcon (June 3 – 5, 2022)  
Montreal, Canada ****RSA 2022 (June 6 – 9, 2022)  
San Francisco, California ****Cisco Live U.S. (June 12 – 16, 2022)  
Las Vegas, Nevada ****Most prevalent malware files from Talos telemetry over the past week  **

**SHA 256:** e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934  **MD5:** 93fefc3e88ffb78abb36365fa5cf857c  **Typical Filename:** Wextract    
**Claimed Product:** Internet Explorer    
**Detection Name:** PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg  

**SHA 256:** 1b94aaa71618d4ecba665130ae54ef38b17794157123675b24641dc85a379426    
**MD5:** a841c3d335907ba5ec4c2e070be1df53  **Typical Filename:** chip 1-click installer.exe    
**Claimed Product:** chip 1-click installer     
**Detection Name:** Win.Trojan.Generic::ptp.cam  

**SHA 256:** a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91   **MD5:** 7bdbd180c081fa63ca94f9c22c457376  **Typical Filename:** c0dwjdi6a.dll    
**Claimed Product:** N/A   **Detection Name:** Trojan.GenericKD.33515991  

**SHA 256:** 59f1e69b68de4839c65b6e6d39ac7a272e2611ec1ed1bf73a4f455e2ca20eeaa   **MD5:** df11b3105df8d7c70e7b501e210e3cc3   **Typical Filename:** DOC001.exe   **Claimed Product:** N/A     
**Detection Name:** Win.Worm.Coinminer::1201  

**SHA 256:** e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c  **MD5:** a087b2e6ec57b08c0d0750c60f96a74c  **Typical Filename:** AAct.exe    
**Claimed Product:** N/A    **Detection Name:** PUA.Win.Tool.Kmsauto::1201

Tag

#cisco