Proposals from Google and Apple drastically reduce the life cycle of certificates, which should mean more oversight — and hopefully better control.

Source: ArtemisDiana via Alamy Stock Photo

Shortening the life cycle of Transport Layer Security (TLS) certificates can significantly reduce the vulnerability of websites and hardware devices that require these certificates. TLS certificates are exchanged between Web server and Web client (or server to server) to establish a secure connection and safeguard sensitive data. The majority of today's digital certificates have a time-to-live of 398 days — that's a 365-day certificate with a 33-day grace period, equaling 398 actual days before the certificate expires. If the proposals from Google and Apple are approved, however, that life cycle could drop to 100 days (90 days plus a grace period) or even 47 days (30 days plus a grace period).

It is not unusual to find certificates as short as 10 days or less in DevOps environments, says Jason Soroko, a senior fellow and CTO at Sectigo. Shorter lives are set because the number of days a certificate is live increases the possibility that data will be lost if the certificate is compromised. An expired certificate can lead to denying a browser connection, effectively interrupting the breach and stopping data exfiltration.

**Automated Updates Make Change Easier**

Despite the marked change in how often digital certificates will renew, not much will change operationally for organizations that currently rely on security information and event management (SIEM); security orchestration, automation, and response (SOAR); or some other method for automating the renewal of such certificates, a common setup. In fact, Soroko says, certificate life cycle management (CLM) logs feed into the organization's SIEM and SOAR systems to ensure that the certificates are updated before they expire, which creates business continuity.

Many small to midsize businesses (SMBs) that employ a service provider to manage their networks and network security might already be getting automated certificate updates through CLM services. Organizations using managed service providers or managed security service providers should ask them whether such updates are in place. CLM manages contracts from initiation through renewal. Using CLM software to automate processes can help limit organizational liability and improve compliance with legal requirements.

The only groups that could be significantly affected operationally are those that still manually update certificates. Each time a certificate needs manual updating, errors could be introduced, Soroko says. Instead of the annual updates done today, a 30-day certificate (plus its proposed 17-day grace period) would require 12 updates annually, a multiplier of 12 in introducing errors and increasing risk.

"For smaller companies that don't have unlimited resources to manage their infrastructure, it's going to be quite a wake-up call," says Arvid Vermote, GlobalSign's worldwide CIO and CISO, a Brussels-based certificate and identification authority. "In the past, \[certificate authorities\] have been advocating automation. They have been providing the tools. But why change if it's not needed?"

As the certificates' time to live gradually shrinks, companies doing a manual process will soon realize that automation is not only a quicker way but also a more reliable way to renew certificates.

Updating certificates manually is not easy, Soroko notes.

"It's a very technical task, and it's not difficult to fat-finger it and make an error that takes a website down," he says, adding that most larger enterprises could not afford to have downtime on their Web assets, so they started to deploy CLM rather than manual updates years ago.

Regardless of the size of the company, Soroko says, the organization should automate updates. The technology is "ideally suited for everyone, and not just handing you a cert, but handing you visibility, automation, and discovery of \[digital\] certificates you don't even know you have," he says.

**CLM Casts Light on Shadow IT**

The frequent rotation of certificates means the CLM system will be scanning your environment often for certificates to update — possibly even finding digital certificates the IT department did not have on record, Soroko adds. This happens sometimes when enterprise department heads with signing authority to purchase services acquire software-as-a-service applications and Web services to address operational needs but do not report these services to the IT team.

With rogue applications running on virtual machines, Web servers, load balancers, and other hardware, it can be difficult to identify all elements of shadow IT. However, having the CLM systems constantly monitoring certificates can help identify new hardware, virtual servers, and cloud instances requiring digital certificates that might have been overlooked in the past. A certificate on an unknown device or virtual machine might be identified as an unauthorized connection or breach in progress.

The change in certificate life cycles likely will affect SMBs the most, Vermote says. In fact, this could be a good time for the CISO to go to the board and request funding for automation if they do not already have it.

"\[The\] CISO only gets money from the board if there is an incident," Vermote notes. "CIOs only get money from the board when systems are unavailable. In this case, it's both, because if the board doesn't give them the funding to properly automate and inventories of certificates expire, websites \[and\] legitimate services provided to customers, internal or external, will become unavailable."

Justin Lam, an analyst with 451 Research, says enterprises need to look at digital certificates from a proactive risk management perspective rather than a reactive compliance perspective. While certificates with a longer life always could be revoked in the case of a breach or incident, shorter life cycles mean there is more oversight — and hopefully better control — of certificates that IT might not have been made aware of.

"Many security professionals do not actually own the environments where these things are protected," Lam says.

And while managing all of the tools for cloud security posture management, zero trust, cloud-native application protection, and other security tools falls under the auspices of the CISO, many CISOs do not know when cloud sessions that require digital certificates are spun up. They have the responsibility to defend their networks but not necessarily the visibility into those networks — or the funding to protect everything.

**About the Author**

Contributing Writer

Stephen Lawton is a veteran journalist and cybersecurity subject matter expert who has been covering cybersecurity and business continuity for more than 30 years. He was named a Global Top 25 Data Expert for 2023 and a Global Top 20 Cybersecurity Expert for 2022. Stephen spent more than a decade with SC Magazine/SC Media/CyberRisk Alliance, where he served as editorial director of the content lab. Earlier he was chief editor for several national and regional award-winning publications, including MicroTimes and Digital News & Review. Stephen is the founder and senior consultant of the media and technology firm AFAB Consulting LLC. You can reach him at \[email protected\].

Digital Certificates With Shorter Lifespans Reduce Security Vulnerabilities

About Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039) vulnerability. It was released on November Microsoft Patch Tuesday and showed signs of exploitation in the wild right away. To exploit the vulnerability, an authenticated attacker runs a specially crafted application on the target system. The attack can be performed from an AppContainer restricted environment. Using […]

**About Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039) vulnerability.** It was released on November Microsoft Patch Tuesday and showed signs of exploitation in the wild right away. To exploit the vulnerability, an authenticated attacker runs a specially crafted application on the target system. The attack can be performed from an AppContainer restricted environment. Using this vulnerability, an attacker can elevate their privileges to **Medium Integrity** level and gain the ability to execute RPC functions that are restricted to privileged accounts only.

ESET reports that the vulnerability allowed the RomCom attackers to execute malicious code outside the Firefox sandbox and then launch hidden PowerShell processes to download and run malware from C&C servers.

👾 There is a backdoor code on GitHub that exploits this vulnerability.

На русском

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.

А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.

About Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039) vulnerability

Another day, another cybercrime operation shut down - this time, Europol has dismantled the MATRIX encrypted messaging service.

****SUMMARY****

*   **MATRIX Encrypted Platform Shut Down**: Authorities dismantled MATRIX, an encrypted messaging service used by criminals.

*   **Millions of Messages Intercepted**: Over 2.3 million encrypted messages were decrypted, exposing serious crimes.

*   **International Raid**: Arrests and server seizures occurred across France, Spain, Germany, and Lithuania.

*   **Sophisticated Criminal Tool**: MATRIX operated on 40+ servers and required invitation-only access.

*   **Big Win for Law Enforcement**: The takedown disrupts organized crime and aids ongoing investigations.

Authorities have dismantled MATRIX, a highly notorious encrypted messaging platform used by criminals for drug trafficking, arms deals, money laundering, and other illicit activities. The operation was carried out by Dutch and French agencies, with support from Europol and Eurojust.

****MATRIX, a Platform Built for Crime****

MATRIX first emerged during the investigation into the 2021 murder of a Dutch journalist. Authorities discovered the platform on the phone of a convicted criminal, initiating a thorough investigation.

According to investigators, MATRIX was explicitly created for criminal use, providing a hidden communication channel for illegal activities on an international scale. The platform’s technical sophistication and customized features made it a go-to tool among organized crime networks.

MATRIX was far more complex than previous encrypted messaging platforms such as Sky ECC and EncroChat. Its creators promoted the service as more secure, requiring invitation-only access and operating through a network of 40 servers spread across multiple countries, including France and Germany.

****MATRIX Goes Down****

According to Europol’s press release, authorities managed to intercept and monitor MATRIX for three months, collecting over 2.3 million messages in 33 languages. These messages revealed a network engaged in serious crimes, including international drug and arms trafficking, as well as money laundering.

On December 3rd, a coordinated operation led to the takedown of MATRIX servers in France and Germany, arrests in Spain and France, and searches in Lithuania. Users logging into the service are now met with a splash page alerting them to the law enforcement intervention.

Jake Moore, Global Cybersecurity Advisor at ESET, praised the operation, telling Hackread.com that the operation highlights law enforcement’s ongoing efforts to combat crime in digital spaces. While obtaining admissible evidence remains a challenge, the disruption caused by the takedown will severely impact criminal networks relying on MATRIX.

“Criminals flourish on hidden and secure communication channels, so for an encrypted service used for illicit means to be shut down is both significant and impressive,” Jake explained. “Capturing evidence will still remain at the heart of the investigation as few prosecutions in cybercrime make it to a court hearing.”

MATRIX’s takedown is the latest in a series of disruptions targeting encrypted platforms used by criminals. Previous operations brought down services like Sky ECC, EncroChat, Exclu, and Ghost, forcing criminal networks to adopt less reliable or custom-built tools.

1.  **Europe’s largest known illegal IPTV op dismantled by police**
2.  **Europol takes down VPNLab used by ransomware operators**
3.  **Europol nabs 106 criminals involved in SIM swapping scams**
4.  **Europol Busts Major Online CSAM Racket in Western Balkans**
5.  **Telegram Founder Pavel Durov Reportedly Arrested in France**

Authorities Take Down Criminal Encrypted Messaging Platform MATRIX

BCID mitigates the risk of consumers being harmed by fraud and bad actors by vetting to deliver a trusted, branded call experience for consumers.

Source: Andrey Suslov via Alamy Stock Photo

NEWS BRIEF

In an effort to convince consumers that it's safe to answer their phones, root of trust provider SecureG has partnered with CTIA, a trade association that represents the wireless communications industry, on an initiative intended to deliver a secure branded call experience for businesses.

Branded Calling ID (BCID) is an industry-led, standards-based Rich Call Data project to create a secure, interoperable ecosystem in which businesses can embed information like their logos and reason for calling when they reach out to consumers by phone. BCID digital signatures are secured by SecureG's public key infrastructure (PKI) solutions. 

"No one wants to answer their phone because of all the spam and scams, and it is only getting worse now that AI-generated voices can impersonate people and businesses," said Todd Warble, CTO of SecureG, in a statement. BCID has a secure-by-design foundation that enables consumers to trust the authenticity of the brands and intentions of the caller, Warble said.

To secure the caller's brand identity, SecureG provides high-assurance operations of the CTIA Secure Telephone Identity Certification Authority (CTIA STI-CA), Intermediate Certification Authority, and the Certificate Repository. The SecureG trust anchors, secured in hardened concrete bunkers, give BDIC the ability to authenticate participants to sign calls. The BCID system is designed to work across networks and mobile phones, and enterprise customers pay only for branded calls that are confirmed delivered. 

BCID allows businesses to brand their calls while preventing scammers and spammers from gaining access to NCID signing certificate. BCID is designed to work seamlessly across networks and mobile phones, so enterprise businesses can deliver trusted, branded calls to their consumers.

The initiative is aimed at reducing the risk of fraud and spam calls from bad actors who impersonate real businesses. A recent survey found that three-quarters of respondents would answer a call if the caller was authenticated by a name, logo, or reason for the call, the company said in a statement. BCID mitigates the risk of consumers being harmed by fraud and bad actors by vetting to deliver a trusted, branded call experience for consumers.

**About the Author**

Contributing Writer

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master's degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.

SecureG, CTIA Project Secures Business Phone Calls

SUMMARY Cybercriminals are exploiting SpyLoan, or predatory loan apps, to target unsuspecting users globally. McAfee cybersecurity researchers report…

****SUMMARY****

*   **SpyLoan Rise:** SpyLoan apps have increased by 75% between Q2 and Q3 2024, targeting users globally.

*   **Play Store Threat:** 15 malicious loan apps on Google Play have been downloaded over 8 million times.

*   **How They Work:** These apps lure users with fake loan offers, harvest sensitive data, and exploit victims financially.

*   **Global Impact:** High prevalence reported in India, Mexico, the Philippines, Kenya, and seven other countries.

*   **Staying Safe:** Users should research apps, avoid granting excessive permissions, and use antivirus software.

Cybercriminals are exploiting SpyLoan, or predatory loan apps, to target unsuspecting users globally. McAfee cybersecurity researchers report a whopping 75% rise in SpyLoan apps and infected devices between Q2 and Q3 of 2024. These apps lure users with promises of quick, hassle-free loans but are designed to harvest sensitive data, resulting in extortion, harassment, and financial losses.

This increase can be understood by the fact that researchers spotted 15 such apps on the official Google Play Store with over 8 million installations worldwide. These apps, especially targeting users in South America, Southern Asia, and Africa, use social engineering tactics to trick users into providing sensitive information and granting excessive permissions.

Malicious apps (Credit: McAfee)

Here’s a list of malicious PayLoan apps found on the Google Play Store:

1.  **Préstamo Seguro-Rápido, seguro** – Downloads 1M, Country: Mexico – Deleted
2.  **Préstamo Rápido-Credit Easy** – Downloads 1M, Country: Colombia – Available
3.  **ได้บาทง่ายๆ-สินเชื่อด่วน** – Downloads: 1M, Country: Senegal – Available
4.  **RupiahKilat-Dana cair** – Downloads: 1M, Country: Senegal – Available
5.  **ยืมอย่างมีความสุข – เงินกู้** – Downloads: 1M, Country: Thailand – Deleted
6.  **เงินมีความสุข – สินเชื่อด่วน** – Downloads: 1M, Country: Thailand – Deleted
7.  **KreditKu-Uang Online** – Downloads: 500K, Country: Indonesia – Deleted
8.  **Dana Kilat-Pinjaman kecil** – Downloads: 500K, Country: Indonesia – Available
9.  **Cash Loan-Vay tiền** – Downloads: 100K, Country: Vietnam – Available
10.  **RapidFinance** – Downloads: 100K, Country: Tanzania – Deleted
11.  **PrêtPourVous** – Downloads: 100K, Country: Senegal – Deleted
12.  **Huayna Money – Préstamo Rápido** – Downloads: 100K, Country: Peru – Deleted
13.  **IPréstamos: Rápido Crédito** – Downloads: 100K, Country: Chile – Available
14.  **ConseguirSol-Dinero Rápido** – Downloads: 100K, Country: Peru – Deleted
15.  **ÉcoPrêt Prêt En Ligne** – Downloads: 50K, Country: Thailand – Available

****How SpyLoan Apps Work****

These apps operate by using a common framework to encrypt and exfiltrate data from a victim’s device to a command and control (C2) server. They often use deceptive marketing, mimicking reputable financial institutions, and are promoted through social media ads. Once installed, they request unnecessary permissions, such as access to contacts, SMS, storage, and even a microphone or camera.

The apps then use a similar onboarding process, including a countdown timer to create a sense of urgency and require users to provide sensitive identification documents and personal information. This data is then exfiltrated and used for financial exploitation, including hidden fees and high interest rates, as well as privacy violations, such as data misuse and harassment.

The consequences of using these apps can be devastating. Users have reported receiving threatening calls and death threats, having personal photos and IDs misused, and experiencing emotional and psychological distress. In some cases, victims have even reported suicidal thoughts.

The threat of SpyLoan apps is not limited to a single region. They have been reported globally, with localized adaptations. India, Mexico, Philippines, Indonesia, Thailand, Kenya, Colombia, Vietnam, Chile, and Nigeria are among the top 10 countries with the highest prevalence of fake loan apps.

****Law Enforcement Actions****

While law enforcement agencies have taken action against some of these operations, the threat persists. In Peru, authorities raided a call center engaged in extortion and fake loan app operations, detaining over 300 individuals. In Chile, the commission for the financial market has highlighted tens of fraudulent credit applications distributed on Google Play.

****Protecting Yourself****

To avoid falling victim to these predatory loan apps, users must be cautious when downloading financial apps. Here are some tips:

*   Read reviews and check ratings
*   Research the app and its developer thoroughly
*   Be wary of apps that request excessive permissions
*   Use reputable antivirus software to detect and block malicious apps
*   Never provide sensitive information without verifying the app’s legitimacy

1.  New Tool DVa Detects and Removes Android Malware
2.  Scammers Using Fake Loan Apps for Money Laundering
3.  These 8 Apps on Play Store Contain Android/FakeApp Trojan
4.  “Scary” FakeCall Android Malware Captures Photos and OTPs
5.  Octo2 Android Malware Uses Fake NordVPN App to Infect Phones

15 SpyLoan Apps Found on Play Store Targeting Millions

Organizations that rely on their content delivery network provider for Web application firewall services may be inadvertently leaving themselves open to attack.

Source: ArtemisDiana via Shutterstock

Many organizations using Web application firewall (WAF) services from content delivery network (CDN) providers may be inadvertently leaving their back-end servers open to direct attacks over the Internet because of a common configuration error.

The problem is so pervasive that it affects nearly 40% of Fortune 100 companies leveraging their CDN providers for WAF services, according to researchers at Zafran who studied the cause and scope of the problem recently. Among the organizations that the researchers found susceptible to attacks included recognizable brands, including Chase, Visa, Intel, Berkshire Hathaway, and UnitedHealth.

**Pervasive Issue**

WAFs act as intermediaries between users and Web applications. They inspect traffic for a range of threats and block or filter anything deemed suspicious or matching known patterns of malicious activity. Many organizations have deployed WAFs in recent years to protect Web applications against vulnerabilities they haven't had time to patch.

Organizations have multiple options for deploying WAFs, including on-premises in the form of physical or virtual appliances. There are also cloud- and host-based WAFs.

In total, Zafran found some 2,028 domains belonging to 135 companies among the Fortune 1000 that contain at least one supposedly WAF-protected server that an attacker could directly access over the Internet to launch denial-of-service (DoS) attacks, distribute ransomware, and execute other malicious activities.

"The responsibility \[for\] the misconfiguration lies primarily \[with\] the customers of CDN/WAF providers," says Ben Seri, chief technology officer of Zafran. But CDN providers who offer WAF services share some responsibility as well for failing to offer customers proper risk avoidance measures and for not building their networks and services to circumvent misconfigurations in the first place, he says. 

The problem, as Seri explains it, has to do with organizations not adequately validating Web requests to back-end origin servers that host the actual content, applications, or data that users are trying to access.

**A Failure to Follow Best Practices**

With a CDN-integrated WAF service, the CDN provider — like a Cloudflare or an Akamai — provides the WAF as part of its edge infrastructure. All incoming traffic to an organization's Web applications is routed through the CDN's WAF — a reverse proxy server within the vendor's edge network. The reverse proxy identifies which back-end server or resource a particular Web request is intended for and then routes it there in an encrypted fashion. "This means that when a CDN service is used as a WAF, the web application it protects is open to Internet traffic and is expected to validate that it responds only to web traffic that originates from and by the CDN service," according to the Zafran blog post.

If the customer is using best practices, the IP address of the back-end server is something that only the customer and CDN provider would know. CDN providers also recommend that organizations add IP filtering mechanisms to ensure that only requests from the CDN provider's IP address range are permitted access to back-end servers. Other recommendations include using pre-shared digital secrets known only to the CDN provider and the back-end server as a validation mechanism, and using what is known as mutual TLS authentication to validate both the origin server and the CDN provider's proxy server.

These measures are effective in protecting back-end servers when implemented correctly. But what Zafran discovered was that many organizations have not adopted any of these recommended validation precautions, thereby leaving back-end servers directly accessible over the Internet. "It is a lack of validation in Web applications that are designed to be protected by a CDN/WAF that leaves them open to all Internet traffic," Seri says. "It is like having a private S3 bucket left open to the Internet as a public bucket. Only in this case, it is protected Web applications that are left open to the Internet, instead of allowing only inbound traffic from the CDN provider."

**Easy to Find**

Exacerbating the situation is the fact that the IP addresses of enterprise origin services are not as private as many assume, Zafran's researchers found. The security vendor pointed to certificate transparency (CT) logs as one example of a relatively easy place for attackers and researchers to discover all domains belonging to a specific organization. CT logs provide a publicly accessible record of all SSL/TLS certificates that certificate authorities issue to website operators and are meant to improve trust and accountability around certificate issuance. Unfortunately, they also provide a starting point for attackers to gather detailed information on all the domains and subdomains belonging to an organization, including those associated with critical back-end servers and services.

"The issue was discovered to be extremely widespread," Seri says. "From a random sample of Internet servers that were designed to be protected by Cloudflare, 13% were found to suffer from this misconfiguration. This means that, potentially, 13% of all domains protected by Cloudflare can be directly attacked." Unfortunately, CDN/WAF providers require the cooperation of their customers, who control their own load balancers and Web applications, to mitigate this threat, he adds. Zafran is contacting affected companies as well as impacted CDN/WAF providers to help them quickly identify the full extent of this misconfiguration and address it, Seri says.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Misconfigured WAFs Heighten DoS, Breach Risks

PRESS RELEASE

TAMPA BAY, Fla., Dec. 3, 2024 /PRNewswire/ -- KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today released its Q3 2024 Phishing Report. This quarter's findings reveal the most frequently clicked email subjects in simulated phishing tests, demonstrating the continued efficacy of HR and IT-related phishing attempts.

KnowBe4's Q3 2024 Phishing Report reveals that HR and IT-related phishing emails claim a significant 48.6% share of top-clicked phishing types globally. Despite evolving techniques by bad actors, phishing emails remain among the most prevalent tools for executing cyberattacks. KnowBe4's 2024 Phishing by Industry Benchmarking Report reveals that about one in three users is susceptible to interacting with malicious links or fraudulent requests. Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into clicking malicious links or opening harmful attachments.

The report spotlights the ongoing threat posed by email-embedded phishing links, which continue to be the top attack vector of choice. These malicious links, PDF attachments and spoofed domains, when interacted with, often result in disastrous cyberattacks, including ransomware attacks and business email compromise. The report also reveals a surge in phishing campaigns leveraging QR codes. Popular QR code phishing subjects include HR reminders for policy reviews, DocuSign emails to sign an urgent document, and Zoom meeting invitations. These messages, often masquerading as communication from HR, colleagues or external vendors, pose substantial risks as they can easily be replicated by malicious actors.

"Our latest phishing report underscores the evolving sophistication of phishing tactics, with cybercriminals increasingly exploiting the trust employees place in internal communications," said Stu Sjouwerman, CEO of KnowBe4. "The prevalence of HR and IT-themed phishing attempts, coupled with emerging techniques like QR code integration, presents a complex threat landscape. These tactics are particularly deceptive as they leverage the perceived legitimacy of trusted sources, often prompting hasty actions before verification. In this rapidly changing environment, a well-trained workforce and a robust security culture are not just beneficial—they are essential. By prioritizing human risk management, organizations can effectively build a formidable defense against avoidable cyberthreats."

To download a copy of the Q3 2024 KnowBe4 Phishing Report infographic, visit here.

About KnowBe4 

KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven 'best-of-suite' platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization's biggest asset.

You May Also Like

KnowBe4 Releases the Latest Phishing Trends in Q3 2024 Phishing Report

Companies today constantly look for ways to improve their work with customers and perform better overall. The transition…

Companies today constantly look for ways to improve their work with customers and perform better overall. The transition to a more digital approach has become important for businesses that want to stay ahead in the market. A big part of this change is using customer relationship management (CRM) systems. Salesforce is one of the top choices for CRMs because it offers a wide range of features that can be adapted to different industries. This article will explore how using Salesforce can help drive digital transformation in organizations.

****Understanding Digital Transformation****

Digital transformation involves integrating technology into various aspects of business operations to change how companies function and fundamentally provide value to customers. It encompasses a culture shift that requires organizations to question traditional approaches, test new technologies, and adjust to evolving market trends.

According to Skydog Ops, a Salesforce integration company, Salesforce hosts more than 150,000 customers worldwide including Apple, Amazon Web Service and Walmart Inc, showcasing productivity and enhanced customer satisfaction.

****The Significance of CRM Systems****

Customer Relationship Management (CRM) systems play a critical role in driving transformation initiatives by enabling businesses to manage interactions with current and prospective customers more efficiently. These tools assist companies in gathering and analyzing customer data to improve decision-making and tailor experiences. Through the use of CRM systems, businesses can optimize their operations, automate tasks, and cultivate meaningful connections with customers.

****Salesforce: A Leader in CRM Solutions****

Salesforce has emerged as a leader in the CRM industry with its range of cloud-based solutions designed for sales support, customer service, and other business needs. Among the platform’s functionalities are wide applications that help businesses organize customer information, analyze interactions, and gather valuable insights. These tools are customized to fit an organization’s goals during its digital transformation efforts.

****Enhancing Customer Experience****

One of the primary goals of digital transformation is to enhance the customer experience, and Salesforce aids in achieving this by enabling companies to offer personalized and seamless interactions across various platforms. Leveraging real-time customer data allows businesses to customize their marketing strategies, delivering relevant content and promotions. Furthermore, with Salesforce’s automation features, organizations can provide timely responses to customer queries, improving satisfaction and fostering customer loyalty.

**Streamlining Business Processes**

Integrating Salesforce into business operations can greatly improve efficiency by automating routine tasks and enabling employees to focus on strategic priorities instead of manual work such as data entry, reporting, or workflow management. This shift toward automation helps minimize errors and boosts productivity across the organization. These improvements align with the goals of digital transformation, which seek to enhance both efficiency and effectiveness.

****Data-Driven Decision Making****

In today’s digital age, data is a valuable asset, and Salesforce equips businesses with the tools to unlock its full potential. By utilizing the in-depth analytics and reporting tools provided by Salesforce, businesses can gain insights into customer behaviour, discover sales patterns, and identify market opportunities. This data-driven approach allows companies to make informed decisions, refine strategies, and highlight areas for improvement—ultimately leading to enhanced agility and adaptability in response to evolving market dynamics.

****Fostering Collaboration and Innovation****

Salesforce’s use of cloud technology promotes collaboration by improving communication between departments and sparking creativity through shared access to information and ideas across the organization. The ability to work together seamlessly helps foster innovation and drives organizational growth.

****Scalability and Flexibility****

As companies grow and evolve, their requirements change. Salesforce’s scalability allows businesses to adapt their CRM system to meet the demands of growth and shifting circumstances. The platform’s versatility enables organizations to integrate new functionalities and applications, tailoring the system to meet their specific needs. This flexibility ensures that Salesforce remains a valuable tool throughout the entire transformation process.

****Overcoming Implementation Challenges****

Implementing Salesforce comes with its own set of challenges that organizations must address. Proper planning and execution are essential to avoid setbacks. To ensure a smooth rollout, it’s important to evaluate business requirements, set clear goals, and provide adequate training for employees. Working with professionals or consultants can also make the process more efficient, allowing businesses to fully leverage the benefits of Salesforce.

****Conclusion****

The use of Salesforce is crucial in leading the digital evolution of businesses across various sectors. Its wide range of features, flexibility, and focus on customer satisfaction make it an effective tool for improving productivity, promoting creativity, and gaining a competitive advantage. By adopting Salesforce, organizations can unlock the full benefits of digital transformation and position themselves for long-term success in an increasingly digital world.

1.  A Look at the 4 Main Functionalities of NetSuite
2.  The Role of Artificial Intelligence in Lead Generation
3.  How to Find Success with the Salesforce Admin Exam
4.  Types of SaaS Applications: Categories and Examples
5.  Effective, and powerful tools for identifying site visitors

The Role of Salesforce Implementation in Digital Transformation

An implementation bug in the Kolide Agent (known as `launcher`) allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. Impacted versions include versions >= 1.5.3 and the fix has been released in 1.12.3. 

The bug was introduced in version 1.5.3 when launcher started storing upgraded binaries in the ProgramData directory (#1510). This move to the new directory meant the launcher root directory inherited default permissions that are not as strict as the previous location. These incorrect default permissions in conjunction with an omitted SystemDrive environmental variable (when launcher starts osqueryd), allows a malicious actor with access to the local Windows device to successfully place an arbitrary DLL into the osqueryd process's search path. Under some circumstances, this DLL will be executed when osqueryd performs a WMI query. This combination of events could then allow the attacker to escalate their privileges to SYSTEM.

This issue was found by Bryan Alexander of Atredis Partners and responsibly reported through the Kolide bug bounty program. Kolide made the appropriate changes and released a fix in version 1.12.3 of the `launcher` package.


1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-54131

**Kolide Agent Privilege Escalation (Windows, Versions >= 1.5.3, < 1.12.3)**

High severity GitHub Reviewed Published Dec 3, 2024 in kolide/launcher • Updated Dec 3, 2024

**Package**

gomod github.com/kolide/launcher (Go)

**Affected versions**

\>= 1.5.3, < 1.12.3

An implementation bug in the Kolide Agent (known as launcher) allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. Impacted versions include versions >= 1.5.3 and the fix has been released in 1.12.3.

The bug was introduced in version 1.5.3 when launcher started storing upgraded binaries in the ProgramData directory (#1510). This move to the new directory meant the launcher root directory inherited default permissions that are not as strict as the previous location. These incorrect default permissions in conjunction with an omitted SystemDrive environmental variable (when launcher starts osqueryd), allows a malicious actor with access to the local Windows device to successfully place an arbitrary DLL into the osqueryd process's search path. Under some circumstances, this DLL will be executed when osqueryd performs a WMI query. This combination of events could then allow the attacker to escalate their privileges to SYSTEM.

This issue was found by Bryan Alexander of Atredis Partners and responsibly reported through the Kolide bug bounty program. Kolide made the appropriate changes and released a fix in version 1.12.3 of the launcher package.

**References**

*   GHSA-66q9-2rvx-qfj5
*   kolide/launcher#1510

Published to the GitHub Advisory Database

Dec 3, 2024

GHSA-66q9-2rvx-qfj5: Kolide Agent Privilege Escalation (Windows, Versions >= 1.5.3, < 1.12.3)

AI chatbot provider WotNot left a cloud storage bucket exposed that contained almost 350,000 files, including personally identifiable information.

Researchers have discovered a huge Google Cloud Storage bucket, found freely accessible on the internet and containing a treasure trove of personal information.

AI startup WotNot provides companies with the ability to create their own customized chatbot. The company reportedly has 3,000 customers including some household family names.

But the way its solution is set up introduces an extra link in the chain in the flow of personally identifiable information (PII) from the customer to the company that deployed the chatbot, leaving an additional risk of exposure.

Given the variety in the data the researchers found in the 346,381 files, they suspect that it stems from several WotNot customers. Some of the records that were found included:

*   Identification documents including passports, which contain information like full names, dates of birth, passport numbers, and other information cybercriminals love to get their hands on.
*   Medical records including diagnoses, treatment history, test results and other medical information that should be private.
*   Resumes which include employment history, addresses, education, and contact data like email addresses and phone numbers.

All in all, if a group of cybercriminals finds data like that they can deploy all sorts of schemes to defraud the people whose information they found—ranging from phishing mails that look convincing because they include personal information, to identity theft.

In a statement, WotNot said:

> “The cause for the breach was that the cloud storage bucket policies were modified to accommodate a specific use case. However, we regretfully missed thoroughly verifying its accessibility, which inadvertently left the data exposed.”

The “specific use case”  seems to be that these customers were using the “free plan” which apparently comes with no security.

WotNot clarified:

> “For enterprise customers, we provide private instances to ensure security and compliance standards are strictly adhered to.”

WotNot also said it typically recommends that its customers delete such files from the server after they have been received and forwarded to their own systems. I would recommend that WotNot customers provide their own customers with a method to send them such files directly.

We have already seen way too many cases where leaks in the supply chain have exposed data from people who had never heard of the company that leaked them.

If anything, the incident shows the importance of checking where your data is going before providing companies with sensitive personal information. But it also demonstrates it’s not always clear to the end user whether there are extra links in the chain to the company they are dealing with.

If you do get a chance, don’t send sensitive data to a chatbot, but ask for a safe company email address instead.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Tag

#git