**BOSTON** – Today, the Healey-Driscoll Administration announced a $2.3 million grant through the MassTech Collaborative's MassCyberCenter to CyberTrust Massachusetts, a nonprofit dedicated to strengthening the cybersecurity ecosystem, to support cybersecurity resiliency for Massachusetts communities and help develop a talent pipeline at Masschusetts colleges and universities to encourage students to enter the field. The CyberTrust Massachusetts grant was announced at the seventh annual Massachusetts Cybersecurity Forum held at the State House today during Massachusetts Cybersecurity Month. 

"Our administration knows how important it is to protect our municipal governments, small businesses, and community organizations from cybersecurity threats," said Secretary Yvonne Hao of the Executive Office of Economic Development. "This grant to CyberTrust Massachusetts will help support cybersecurity resiliency in our cities and towns while bringing new students into the field through training and career development opportunities."

"This grant is a game changer," said Carolyn Kirk, Executive Director of the Massachusetts Technology Collaborative, the parent organization of the MassCyberCenter. "When you recognize that cybersecurity impacts us at every level, from the state government to your personal laptop, it becomes apparent that you need to build a strong plan to solve such a complex and pervasive issue. That is why we have taken a multi-pronged approach that educates students about the opportunities that exist in a cybersecurity career, providing the critical training on cutting-edge tools, and the mentorship they need to succeed in a career. As a former mayor, the support that these students will provide to municipalities and small businesses, supported by the award to CyberTrust Massachusetts, will help protect small organizations that face critical funding and staffing challenges which leave them exposed to emerging cyber threats. Through our support for CyberTrust Massachusetts, we can accomplish this dual mission – to provide new career opportunities for Massachusetts students, while at the same time bolstering our cyber readiness statewide."

"This is more than a financial grant; it builds on the institutional capital our consortium members are investing in the future of cybersecurity in Massachusetts. After a strong start, we look forward to being able to scale," said Peter Sherlock, CEO of CyberTrust Massachusetts. "We are creating a new model, where experiential learning meets cutting-edge technology to fortify our cybersecurity infrastructure across the state and ready the next generation of cyber professionals for meaningful and impactful careers."

The funding will allow CyberTrust Massachusetts to support cybersecurity resiliency for local governments in Massachusetts through Security Operations Centers (SOCs), which are centers staffed by security experts who protect the cybersecurity of an organization through monitoring, detection, and response to cyber threats. The SOCs will provide 24/7 services for municipalities, which often cannot afford to hire outside SOCs or security experts to support their technical infrastructure, and help these communities conduct assessments to test their vulnerability to cybersecurity risks. The funding will also allow CyberTrust Massachusetts to hire students from affiliated academic organizations in Massachusetts and provide training, experience, and career development for these young cybersecurity professionals. In addition to municipal support, CyberTrust Massachusetts will continue providing key training tools used by cyber ranges at community colleges and universities across the state where students and young professionals can learn how to respond to cyber threats in a simulated environment. 

"Cybersecurity is often perceived as a technical discipline that is exclusive to coders and professionals with STEM degrees, but there is a strong demand in the field for individuals with diverse skills like problem solving and critical thinking that do not require advanced degrees," said John Petrozzelli, Director of the MassCyberCenter at MassTech. "In order for the cybersecurity ecosystem in Massachusetts to improve and grow, it's essential that we communicate to students the opportunities that are available in cybersecurity and how valuable these skills are, so that anyone interested in becoming a cybersecurity expert knows these career pathways exist and are not limited to a select few. At the MassCyberCenter, we believe this approach will not only build new pathways for students and enable companies to hire new talent, but believe it will significantly improve the cybersecurity posture of our municipalities and businesses alike."

Today's Massachusetts Cybersecurity Forum brought together industry experts, academic leaders, and government officials to discuss partnerships, identify resources, and share innovative ideas about how to meet the state’s cybersecurity goals. The event featured a keynote from John Petrozzelli, Director of the MassCyberCenter, as well as discussions about collaborations for cyber defense and how Massachusetts organizations are confronting the cybersecurity implications of artificial intelligence and quantum computing.   

"It is critically important that we not only make our governments, industries, and constituents secure against the cyber threats of today, but also that we foster a pipeline for the next generation of cybersecurity professionals that can fight the cyber criminals of tomorrow. This generous grant from the Healey-Driscoll Administration does just that," said State Senator Michael Moore (D-Millbury). "I'd like to thank the Governor for recognizing how important it is to harden our online systems and to make them more resilient against bad actors. I am confident that CyberTrust Massachusetts will use these funds to help build a better, stronger, more secure Commonwealth."

**About the MassCyberCenter at the MassTech Collaborative**

The MassCyberCenter was launched in September 2017 to enhance opportunities for the Massachusetts cybersecurity ecosystem and strengthen the resiliency of the state's public and private communities. Earlier this month, the center held the 2023 Massachusetts Municipal Cybersecurity Summit in Worcester, which brought together municipal leaders, first responders, utility providers, and IT personnel from across the state to discuss threats, training, workforce development and cyber incident response planning. The MassCyberCenter works with cities, towns, universities, and the private sector to build cyber awareness, institute best practices, leverage future workforce talent, and create a more powerful cyber defense force to guard against future threats. Learn more at masscybercenter.org.

Healey-Driscoll Awards $2.3M to CyberTrust Massachusetts to Strengthen Municipal Cybersecurity Efforts

Generative artificial intelligence tools have unleashed a new era of terror to CISOs still battling longstanding shadow IT security risks.

Security teams are confronting a new nightmare this Halloween season: the rise of generative artificial intelligence (AI). Generative AI tools have unleashed a new era of terror for chief information security officers (CISOs), from powering deepfakes that are nearly indistinguishable from reality to creating sophisticated phishing emails that seem startlingly authentic to access logins and steal identities. The generative AI horror show goes beyond identity and access management, with vectors of attack that range from smarter ways to infiltrate code to exposing sensitive proprietary data.

According to a survey from The Conference Board, 56% of employees are using generative AI at work, but just 26% say their organization has a generative AI policy in place. While many companies are trying to implement limitations around using generative AI at work, the age-old search for productivity means that an alarming percentage of employees are using AI without IT's blessing or thinking about potential repercussions. For example, after some employees entered sensitive company information onto ChatGPT, Samsung banned its use as well as that of similar AI tools.

Shadow IT — in which employees use unauthorized IT tools — has been common in the workplace for decades. Now, as generative AI evolves so quickly that CISOs can't fully understand what they're fighting against, a frightening new phenomenon is emerging: shadow AI.

**From Shadow IT to Shadow AI**

There is a fundamental tension between IT teams, which want control over apps and access to sensitive data in order to protect the company, and employees, who will always seek out tools that help them get more work done faster. Despite countless solutions on the market taking aim at shadow IT by making it more difficult for workers to access unapproved tools and platforms, more than three in 10 employees reported using unauthorized communications and collaboration tools last year.

While most employees' intentions are in the right place — getting more done — the costs can be horrifying. An estimated one-third of successful cyberattacks come from shadow IT and can cost millions. Moreover, 91% of IT professionals feel pressure to compromise security to speed up business operations, and 83% of IT teams feel it's impossible to enforce cybersecurity policies.

Generative AI can add another scary dimension to this predicament when tools accumulate sensitive company data that, when exposed, could damage corporate reputation.

Mindful of these threats, in addition to Samsung, many employers are limiting access to powerful generative AI tools. At the same time, employees are hearing time and time again that they'll fall behind without using AI. Without solutions to help them stay ahead, workers are doing what they'll always do — taking matters into their own hands and using the solutions they need to deliver, with or without IT's permission. So it's no wonder that the Conference Board found that more than half of employees are already using generative AI at work — permitted or not.

**Performing a Shadow AI Exorcism**

For organizations confronting widespread shadow AI, managing this endless parade of threats may feel like trying to survive an episode of _The Walking Dead_. And with new AI platforms continually emerging, it can be hard for IT departments to know where to start.

Fortunately, there are time-tested strategies that IT leaders and CISOs can implement to root out unauthorized generative AI tools and scare them off before they begin to possess their companies.

*   **Admit the friendly ghosts.** Businesses can benefit by proactively providing their workers with useful AI tools that help them be more productive but can also be vetted, deployed, and managed under IT governance. By offering secure generative AI tools and putting policies in place for the type of data uploaded, organizations demonstrate to workers that the enterprise is investing in their success. This creates a culture of support and transparency that can drive better long-term security and improved productivity.
*   **Spotlight the demons**. Many workers simply don't understand that using generative AI can put their company at tremendous financial risk. Some may not clearly understand the consequences of failing to abide by the rules or may not feel accountable for following them. Alarmingly, security professionals are more likely than other workers (37% vs. 25%) to say they work around their company's policies when trying to solve their IT problems. It's essential to engage the entire workforce, from the CEO to frontline workers, in regular training on the risks involved and their own roles in prevention while enforcing violations judiciously.
*   **Regroup your ghostbusters.** CISOs would be well-served to reassess existing identity and access management capabilities to ensure they're monitoring for unauthorized AI solutions and can quickly dispatch their top squads when necessary.

Shadow AI is haunting businesses, and it's essential to ward it off. Savvy planning, diligent oversight, proactive communications, and updated security tools can help organizations stay ahead of potential threats. These will help them seize the transformative business value of generative AI without falling victim to the security breaches it will continue to introduce.

What Lurks in the Dark: Taking Aim at Shadow AI

The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk_filter_search' shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

This record contains material that is subject to copyright.

**Copyright 2012-2023 Defiant Inc.**

**License:** Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy. **Read more.**

**Copyright 1999-2023 The MITRE Corporation**

**License:** CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy. **Read more.**

Have information to add, or spot any errors? Contact us at wfi-support@wordfence.com so we can make any appropriate adjustments.

CVE-2023-5705: VK Filter Search <= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes (color). This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-5817: Neon text <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Wordfence Intelligence

When organizations start incorporating cybersecurity regulations and cyber incident reporting requirements into their security protocols, it's essential for them to establish comprehensive plans for preparation, mitigation, and response to potential threats.
At the heart of your business lies your operational technology and critical systems. This places them at the forefront of cybercriminal

_When organizations start incorporating cybersecurity regulations and cyber incident reporting requirements into their security protocols, it's essential for them to establish comprehensive plans for preparation, mitigation, and response to potential threats._

At the heart of your business lies your operational technology and critical systems. This places them at the forefront of cybercriminal interest, as they seek to exploit vulnerabilities, compromise your data, and demand ransoms. In today's landscape, characterized by the ever-present risk of ransomware attacks and the challenges posed by fragmented security solutions, safeguarding your organization is paramount. This is where **The National Institute of Standards and Technology (NIST) advocates** for the development of resilient, reliable security systems capable of foreseeing, enduring, and rebounding from cyberattacks.

In this guide, we'll explore strategies to fortify your defenses against cyber threats and ensure uninterrupted operations. Fidelis Security, **a pioneer in proactive cybersecurity**, is here to stand with you on this journey.

****Prepare********1\. Compliance and Regulatory Compliance:****

Compliance is especially critical in regulated industries, where adhering to industry-specific and government regulations is non-negotiable. Fidelis Security's Compliance Management solutions provide controls and monitoring capabilities to ensure that their organizations remain compliant, even in the face of evolving regulatory requirements.

In a world of ever-evolving regulations, maintaining compliance can be a daunting task. Fidelis Security simplifies this challenge by providing comprehensive Compliance Management solutions. These solutions offer the controls and monitoring capabilities necessary to ensure that organizations adhere to industry-specific and government regulations. By maintaining compliance, they not only avoid potential penalties but also bolster their overall cybersecurity posture.

Fidelis Security's patented deep session inspect (DSI) and real-time traffic analysis enable analysts to find information on the network that is controlled by regulatory compliances statutes, such as PCI, HIPAA, FISMA, GLBA and FERPA, in addition to PII, intellectual property, finance-related, and confidential or secret information. By using pre-built data leakage protection (DLP) or custom-built policy, analysts can match these classes of content in addition to any content they deem sensitive. Prevention can be enabled on the network to stop exfiltration as the transfer occurs, which may have originated from a malicious actor or possibly an insider threat.

****2\. Continuous Monitoring and Threat Detection:****

Continuous monitoring and **real-time threat detection** are essential components of a proactive cybersecurity strategy. Fidelis Security's Network Detection and Response (NDR) solutions offer continuous monitoring and advanced threat detection capabilities, helping organizations identify and respond to threats in real-time.

In the face of constantly evolving cyber threats, the ability to monitor networks and detect threats in real-time is invaluable. Fidelis Security's Network Detection and Response (NDR) solutions are designed to provide continuous monitoring of networks and endpoints. These solutions leverage advanced threat detection capabilities to identify and respond to potential threats before they escalate. With Fidelis NDR, organizations gain the upper hand in the ongoing battle against cyberattacks.

Fidelis NDR employs many features over the entire platform to accomplish real-time detection and response. Deep Session Inspection (DSI) and decoding, Deep Packet Inspection (DPI), Antivirus detection (AV), and DNS protocol anomaly detections, on network and mail sensors, provide a multi-faceted approach to network-based detection. Event and sequence-based detections, as well as anomaly detections, are accomplished using the Fidelis Collector, a real-time database of all decoded session and object metadata that is collected as it traverses the network. In addition, Fidelis Endpoint detects malicious objects, traffic flows, and behaviors on endpoints with an agent installed.

Fidelis Deception empowers you to create deception layers that are aligned with your actual network infrastructure. These layers are designed to identify and track malware and intruders as they attempt to move stealthily within your network. By strategically placing decoys and breadcrumbs, this solution aids in enhancing your network's security posture. This approach enables you to achieve heightened visibility and safeguard your assets, even in areas where conventional security agents cannot be deployed—such as in enterprise IoT, Shadow IT, and legacy systems. As a result, you can proactively pinpoint and neutralize threats within your network, preventing potential harm to your organization.

Finally, the Fidelis Threat Research Team provides timely intelligence in the form of detection policy and threat intelligence feeds to each of these platforms to catch bad actors during the threat lifecycle and not after the fact. Any detections are presented to analysts in the Fidelis CommandPost so that they may initiate a rapid response.

****Mitigate********3\. Vulnerability Management:****

Vulnerability management plays a critical role in reducing security risks. It involves identifying and addressing weaknesses in IT infrastructure. Fidelis Security's Vulnerability Management solutions offer a robust approach to identifying and prioritizing vulnerabilities effectively, helping organizations fortify their defenses.

Vulnerabilities in IT infrastructure can provide cybercriminals with entry points into systems. To counter this threat, Fidelis Security's Vulnerability Management solutions empower organizations to identify and prioritize vulnerabilities effectively. By addressing weaknesses in infrastructure, they fortify their defenses and reduce security risks, ultimately enhancing their cybersecurity posture.

****4\. Insider Threat Mitigation:****

The threat of insider incidents, whether intentional or accidental, is a concerning challenge. Mitigating these risks is vital to business continuity. Fidelis Security's Data Loss Prevention (DLP) solution is designed to address insider threats by detecting unusual activities and protecting sensitive data from unauthorized access.

Insider threats are a complex challenge that can have far-reaching consequences. Fidelis DLP provides a multifaceted approach to mitigating these risks, by safeguarding sensitive data from unauthorized access and exfiltration.

****Respond********5\. Incident Response and Recovery Planning:****

Incident response and recovery plans are the lifelines in times of a cyber crisis. Fidelis Security's Incident Response solutions are their go-to resource for creating and implementing effective response plans, ensuring swift and efficient actions when needed most.

Incidents are a matter of 'when' rather than 'if' in the cybersecurity landscape. Being prepared to respond swiftly and effectively is essential. Fidelis Security's Incident Response solutions are designed to help organizations create and implement effective response plans. These plans are their lifeline in times of crisis, ensuring that organizations can respond swiftly and efficiently to contain and mitigate the impact of cyber incidents.

****6\. The Fidelis Challenge:****

Fidelis Security brings expertise and commitment to the forefront of cybersecurity. They firmly believe that their perspective on cyber threats is unmatched. To prove this, organizations are invited to take the Fidelis Challenge. For 30 days, they can integrate Fidelis Elevate into your enterprise environment, and Fidelis Security will showcase its unparalleled threat detection capabilities. Fidelis Security is confident that organizations will see the difference they can make in safeguarding their organizations. **Try it for free**.

****Conclusion****

Cyber incidents have the potential to impact national security, economic stability, and public safety. Therefore, organizations should prioritize the security of their critical infrastructure. The main points from this guide emphasize the importance of robust cybersecurity measures for maintaining seamless operations. Organizations are encouraged to concentrate on their cybersecurity efforts and leverage expertise to find the right tailored solutions for their security needs, thereby enhancing their protection against ever-evolving threats.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

How to Keep Your Business Running in a Contested Environment

Google has announced that it's expanding its Vulnerability Rewards Program (VRP) to reward researchers for finding attack scenarios tailored to generative artificial intelligence (AI) systems in an effort to bolster AI safety and security.
"Generative AI raises new and different concerns than traditional digital security, such as the potential for unfair bias, model manipulation or

Artificial Intelligence / Vulnerability

Google has announced that it's expanding its Vulnerability Rewards Program (VRP) to reward researchers for finding attack scenarios tailored to generative artificial intelligence (AI) systems in an effort to bolster AI safety and security.

"Generative AI raises new and different concerns than traditional digital security, such as the potential for unfair bias, model manipulation or misinterpretations of data (hallucinations)," Google's Laurie Richardson and Royal Hansen said.

Some of the categories that are in scope include prompt injections, leakage of sensitive data from training datasets, model manipulation, adversarial perturbation attacks that trigger misclassification, and model theft.

It's worth noting that Google earlier this July instituted an AI Red Team to help address threats to AI systems as part of its Secure AI Framework (SAIF).

Also announced as part of its commitment to secure AI are efforts to strengthen the AI supply chain via existing open-source security initiatives such as Supply Chain Levels for Software Artifacts (SLSA) and Sigstore.

"Digital signatures, such as those from Sigstore, which allow users to verify that the software wasn't tampered with or replaced," Google said.

"Metadata such as SLSA provenance that tell us what's in software and how it was built, allowing consumers to ensure license compatibility, identify known vulnerabilities, and detect more advanced threats."

The development comes as OpenAI unveiled a new internal Preparedness team to "track, evaluate, forecast, and protect" against catastrophic risks to generative AI spanning cybersecurity, chemical, biological, radiological, and nuclear (CBRN) threats.

The two companies, alongside Anthropic and Microsoft, have also announced the creation of a $10 million AI Safety Fund, focused on promoting research in the field of AI safety.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Google Expands Its Bug Bounty Program to Tackle Artificial Intelligence Threats

**PRESS RELEASE**

**MILPITAS, Calif.,Oct. 26, 2023/PRNewswire/ --** As Cybersecurity Awareness Month comes to a close, SonicWall today released the findings of its 2023 SonicWall Threat Mindset Survey which found that 55% of its customers are more concerned about cyberattacks in 2023, with the main threat being focused on digital attacks like ransomware and spear phishing.

"Understanding our partners and customers greatest concerns is at the heart of SonicWall's outside-in strategy," said SonicWall President and CEO Bob VanKirk. "Even further, it's taking that insight and acting upon it to provide key value-add products and services. The data from the 2023 SonicWall Threat Mindset Survey helps keep our finger on the pulse of what truly matters to our valued customers. As organizations around the globe struggle with economic declines and political strife, SonicWall remains committed to providing the latest in threat intelligence and cyber security solutions to help our partners and customers successfully navigate these rough waters."

SonicWall's proprietary threat mindset survey uncovered additional findings:

*   **Continued concerns about intensifying cyberattacks**: There is growing concern regarding cyberattacks amongst 54% of professionals surveyed; ransomware leads the distress as 83% of all customers cited it as their biggest concern. 94% of respondents are equally or more concerned about overall attacks in 2023. Phishing and spear-phishing (76%), as well as encrypted malware (64%), comprised the top three concerns.
*   **Organizations slow to patch**: Despite rising cyberattack concerns, 78% of organizations don't patch critical vulnerabilities within 24 hours of patch availability; another 13% only apply critical patches when time allows.
*   **Increased fear around insider threats:** Insider threat incidents have continued to increase and 49% of IT professionals cited it as a growing worry. The larger the organization, the more potential insider threat incidents exist. Critical business information and sensitive data can be found in employees' emails – and IT professionals feel the concern.
*   **Now Hiring: cybersecurity professionals needed:** 41% of respondents described their IT/ cybersecurity personnel as inadequate. With the cyberattack landscape becoming savvier with stronger capabilities of pulling off attacks, organizations must prioritize protection and hiring individuals who have the knowledge and skills to best position their company to not fall victim to these ongoing cyberattacks.

Companies are not only losing millions of dollars to unending malware and ransomware strikes but cyberattacks on essential infrastructure are impacting real-world services. Despite the growing concern of cyberattacks, organizations are struggling to keep pace with the fast-moving threat landscape as they orient their business, networks, data and employees against never-ending cyberattacks.

"The evolving cyber threat landscape is the new normal," said EIS Management CIO Jeff Falk. "The labor diverted from business initiatives to cybersecurity concerns swells year-over-year, which demands I spend more of my time managing the business' security needs, having an impact on business operations."

In an effort to promote cybersecurity attentiveness, SonicWall supports Cybersecurity Awareness Month in October with an added emphasis on a new enduring cybersecurity awareness program, Secure Our World. Secure Our World reflects a new enduring message to be integrated across the Cybersecurity and Infrastructure Security Agency's (CISA) awareness campaigns and programs and encourages all of us to take action each day to protect ourselves when online or using connected devices.

**Methodology**

SonicWall surveyed approximately 10,000 customers from around the globe. Questions were optional and some were open-ended, while others were multiple choice.

**About SonicWall**

SonicWall, a partner-first business, has been an unquestioned leader in the cybersecurity for more than 30 years. SonicWall defends organizations mobilizing for their new business normal with seamless protection that stops the most evasive cyberattacks across endless exposure points and increasingly remote, mobile and cloud-enabled workforces. By knowing the unknown, providing real-time visibility and enabling breakthrough economics, SonicWall closes the cybersecurity business gap for enterprises, governments and SMBs worldwide. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

SOURCE SONICWALL INC

SonicWall Data Confirms That Ransomware Is Still the Enterprise's Biggest Fear

**PRESS RELEASE**

**DENVER****,** **Oct. 26, 2023** **/PRNewswire/ --** New data from the Lumen Technologies (NYSE: LUMN) Distributed Denial of Service (DDoS) mitigation platform landed the banking industry in the unenviable position of being the most targeted vertical of Q3 2023. This is the first time the banking industry topped Lumen's "most targeted verticals" list and was largely due to the events of a single day: Sept. 21, 2023.

On that day, a single banking customer was targeted with more than 230 DDoS attacks – a whopping 4,500% increase over the daily average for that industry – yet it experienced no downtime. Had the attackers been successful, they could have caused significant damage in the form of lost business, remediation costs and reputational damage.

"The successful mitigations for this banking customer can be traced back to Lumen's multi-layered approach to DDoS mitigation," said Brett Lemarinel, director of unified threat management for Lumen. "It starts at our network, where countermeasures are built in, and our intelligent routing technology, which sends excess traffic through our 500+ scrubbing locations. Our DDoS customers have an added layer of protection from Rapid Threat Defense, our proprietary capability that utilizes threat intelligence from Lumen Black Lotus Labs® to block DDoS botnet traffic before it reaches the customer's environment."

Lemarinel continued, "This should be a warning to all other businesses. More than 230 mitigations in a single day suggests the threat actor was determined to wreak havoc on this customer. Even though the attacker failed, the activity we saw on Sept. 21 is a potent reminder that any business can be in an attacker's crosshairs on any given day."

**Other notable findings in the report include:**

A never-before-seen, four-vector combination was attempted during the Sept. 21 event. The four-vector combination included DNS Amplification, IP Fragmentation, Invalid Packets and Static Filtering. Cyber attackers frequently modify their vector combinations as they attempt to defeat mitigation strategies, but the Lumen DDoS mitigation platform has the flexibility required to recognize and stop these attacks before they impact the targeted customers. The total number of attacks decreased in Q3 2023. Attackers frequently run their operations like a business and, as with any business, cyberattacks have seasonal ups and downs. In Q3 2023, Lumen mitigated 4,217 attacks, which was a 23% quarter-over-quarter decrease and a 24% annual decrease. The banking industry was also the most-targeted vertical for application threats, according to Lumen's application protection partner, ThreatX. Among all industries, the highest percentage of blocked traffic (25.5%) came from programmatic access, which are suspicious, automated attempts to access a web application. This number is up 89% from the previous quarter. The banking sector experienced a significant percentage of "Attacks Against Authentication" (nearly 25%), which are used to gain unauthorized access to financial data. Financial institutions are attractive to attackers, as evidenced by the high attack ratio and combination of brute-force attacks that targeted banks in Q3. Protecting financial data is paramount, but robust web application and API protection solutions can help protect the industry.

"The Q3 ThreatX application attack analysis underscores the critical importance of bot protection and the need for awareness of industry-specific threats," said Neil Weitzel, director, Security Operations Center at ThreatX. "The especially high number of programmatic access threats this quarter underscores the prevalence of bots in API and application attacks. In addition, our findings reveal variations in threats across industries, so businesses must stay vigilant and proactive to safeguard their applications and APIs."

**About Lumen Technologies**

Lumen connects the world. We are igniting business growth by connecting people, data, and applications – quickly, securely, and effortlessly. Everything we do at Lumen takes advantage of our network strength. From metro connectivity to long-haul data transport to our edge cloud, security, and managed service capabilities, we meet our customers' needs today and as they build for tomorrow. For news and insights visit news.lumen.com, LinkedIn: /lumentechnologies, Twitter: @lumentechco, Facebook: /lumentechnologies, Instagram: @lumentechnologies, and YouTube: /lumentechnologies.

**About ThreatX**

ThreatX is managed API and application protection that lets you secure them with confidence, not complexity. It blocks botnets and advanced attacks in real time, letting enterprises keep attackers at bay without lifting a finger. Trusted by companies in every industry across the globe, ThreatX profiles attackers and blocks advanced risks to protect APIs and applications 24/7. Learn more at https://www.threatx.com.

Lumen Q3 DDoS Report: Banking Was the Most Targeted Industry for the First Time

**PRESS RELEASE**

**SEATTLE – Oct. 24, 2023 –** WatchGuard® Technologies, a global leader in unified cybersecurity, today announced the launch of WatchGuard MDR, a new 24/7 cybersecurity service purpose-built to make MDR vastly more accessible to managed service providers (MSPs) working to address soaring customer demand for managed cybersecurity delivery. The new service is managed by an elite team of cybersecurity experts and powered by AI. It requires no investment in a traditional security operation center (SOC) infrastructure, advanced technologies, or security experts, which addresses the pressures of scarce cybersecurity professionals and funding faced by MSPs.

“WatchGuard’s new solution has effectively super charged our managed security services business by allowing us to effortlessly tap into the immense potential of MDR and offer it as a value-added service to customers,” said Raul Zayas, president of ZTek Solutions. “By removing the burden on us to create a modern SOC, WatchGuard MDR expedited our ability to give customers what they need the most: top-notch, comprehensive cybersecurity backed by industry-leading cyber experts to ensure a resilient defense against evolving cyber threats. Not only has WatchGuard put us in the fast lane in that regard, they also make it all incredibly simple to do through their Unified Security Platform architecture to help ensure we stay ahead of the curve.”  

Highly customizable and scalable, this new MDR service further strengthens WatchGuard's Unified Security Platform architecture, providing advanced threat detection and response capabilities on top of WatchGuard EDR, EPDR, and Advanced EPDR that empower MSPs to build out robust, comprehensive security offerings for their customers. It comes with the support of WatchGuard’s automated Zero-Trust Application Service, Threat Hunting Service, advanced security analytics, threat intelligence, and a dedicated team of skilled cybersecurity analysts that monitor, detect, and respond to threats 24/7. 

“As a 100% channel-driven company, we wanted to deliver an enterprise-class MDR solution that would allow our MSP partners to expand their business without the expense of building their own SOC or adding to the challenges they already face in finding cybersecurity talent,” said Andrew Young, chief product officer at WatchGuard Technologies. “We are dedicated to supporting our MSP community, and the launch of WatchGuard MDR represents another milestone in the long-term trusted relationships we build with our partners. Not only does this service help MSPs break through existing barriers to entry for delivering managed security services – it allows them to capitalize on a growing opportunity with an innovative new solution we’ve purpose-built for them specifically.” 

**Key Features and Benefits**

WatchGuard MDR is the ideal choice for service providers looking to elevate the security posture of their customers, expand their portfolio, and generate recurring revenue streams with zero investment in modern security operations center (SOC), sophisticated and expensive AI-based technology, and scarce cybersecurity experts. Capabilities include:  

*   **24/7 Endpoint Activity Monitoring and Data Collection –** to provide real-time and retrospective monitoring using event data captured by WatchGuard EPDR or Advanced EPDR in WatchGuard’s modern SOC.
*   **24/7 Proactive Hunting and Detection** – to reduce time to detect and mitigate threats using AI, machine learning, and other advanced techniques to identify indicators of attack, while WatchGuard’s MDR threat hunters search for threats lurking in endpoints.
*   **24/7 Investigation and Validation** – to minimize the impact of potential threats by relying on WatchGuard experts to quickly investigate and accurately validate incidents to determine their nature and severity.
*   **Immediate Incident Notification** – to provide prompt notification with key insights such as affected machines and tactics used when a validated incident occurs so MSPs can take immediate action.
*   **Options for Mitigation and Guidelines for Remediation** – to give MSPs the flexibility to choose the strategy that works best for their business. They can rely on their own team with guidance from WatchGuard experts on how to contain and remove traces of an attack, restore data, patch vulnerabilities, and install additional controls. Or they can outsource the initial response and the containment through endpoint isolation to automated playbooks developed by WatchGuard MDR experts.
*   **Weekly Security Health Status Report and Monthly Activity Reporting** – to build trust with customers by providing regular reports on their security status, which service providers can customize to better engage customers with their MDR service and provide valuable feedback throughout the process.  

For more information about WatchGuard MDR, click here.

**About WatchGuard Technologies, Inc.**

WatchGuard® Technologies, Inc. is a global leader in unified cybersecurity. Our Unified Security Platform® is uniquely designed for managed service providers to deliver world-class security that increases their business scale and velocity while also improving operational efficiency. Trusted by more than 17,000 security resellers and service providers to protect more than 250,000 customers, the company’s award-winning products and services span network security and intelligence, advanced endpoint protection, multi-factor authentication, and secure Wi-Fi. Together, they offer five critical elements of a security platform: comprehensive security, shared knowledge, clarity & control, operational alignment, and automation. The company is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.

For additional information, promotions and updates, follow WatchGuard on Twitter (@WatchGuard), on Facebook, or on the LinkedIn Company page. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at www.secplicity.org. Subscribe to The 443 – Security Simplified podcast at Secplicity.org, or wherever you find your favorite podcasts.

WatchGuard Launches MDR Service, Helps MSPs Accelerate Cybersecurity Service Delivery

**PRESS RELEASE**

**CAMBRIDGE, England****,** **Oct. 26, 2023** **/PRNewswire/ --** Darktrace, a global leader in cyber security AI, today unveiled a new Darktrace/Cloud™ solution based on its unique Self-Learning AI. The new solution provides comprehensive visibility of cloud architectures, real-time cloud-native threat detection and response, and prioritized recommendations and actions to help security teams manage misconfigurations and strengthen compliance. When combined with insight from Darktrace solutions for network, email, apps, zero trust and endpoint, Darktrace/Cloud provides a deeper, contextualized understanding of the risks and threats currently facing an organization's digital estate.  

According to a recent report, "Gartner® anticipates over 99 percent of cloud breaches will be based on a customer error, account takeover or misconfiguration until 2027"\[1\]. Cloud environments are constantly evolving so security professionals need to increase the level of visibility while keeping up with changing compliance, risk and security requirements. The rise of cloud-native technologies including containers, Kubernetes and microservices also require new tools and techniques for detecting and responding to known and novel threats.

"Unlike static cloud security tools that provide snapshots of a specific point in time, Darktrace/Cloud is real-time, all the time. Our Self-Learning AI continuously learns patterns between workloads, assets, policy configurations and identities to provide a dynamic view of cloud architectures. We analyze the entire cloud stack from data to control plane, combining an understanding of architecture and network with a new flexible, scalable deployment model," said Jack Stockdale, Chief Technology Officer, Darktrace. "Our innovative approach to cloud security is built on more than a decade of leadership in Cyber AI that is already protecting our customers' critical business areas from network and email to operational technology."

Available today, the new capabilities in Darktrace/Cloud include:

*   **Comprehensive visibility and architecture modeling** for insights into the constantly changing nature of cloud environments. This visibility is constructed dynamically from configuration, network, users and identity and access management (IAM) data. Darktrace establishes patterns of life for cloud resources, identities, and services to understand who has access to what and how. This is critical for detecting anomalies and unknown threats.
*   **Universal attack path modeling** provides a dynamic view of where attackers may look to move next. Darktrace brings together real-time cloud data and a deep understanding of your cloud environment with a platform approach that provides insights about risks from other covered areas of the business (e.g., network, email) to highlight potential attack paths and prioritize important assets to secure.
*   **Unique real-time and cloud-native threat detection and response** that provides a dynamic view of known and novel threats within the cloud. Darktrace combines deep cloud attack path knowledge with real-time anomaly and threat detection through cloud-native autonomous response actions, such as detaching a policy from a user or removing a workload from a security group.
*   **Prioritized cloud posture management** that starts by examining cloud configurations against common compliance frameworks. Where misconfigurations are detected, Darktrace provides a prioritized view of what to fix first, based on a risk profile generated from security and business context. Guided steps can be provided to help teams proactively address these before they become a significant issue.
*   **Cost discovery** to provide a better understanding of cloud resource allocation. This helps teams contextualize their cloud resources according to security and business priorities.
*   **Communication and collaboration capabilities** to streamline workflows between security teams and DevOps teams. Tickets can be created on demand, teams can communicate directly via messaging platforms, and alerts and anomaly detections can be sent to Security Information & Event Management (SIEM) or Security Orchestration, Automation and Response (SOAR) products and the Darktrace Mobile app so they can be alerted on the go.
*   **Flexible deployment options** include an agentless deployment by default so organizations can be up and running in minutes. Teams can use the dynamic architectural view and risk context to decide where to deploy agents for enhanced real-time actions and deeper inspection.

Sykes Cottages, a cloud-native travel agency platform in the UK, has experienced significant growth in the last five years and has relied on the cloud to help them scale throughout this period.

"When it comes to cybersecurity, having visibility and an understanding of what you've got and your risks is critical. If I don't know it's there, I can't protect it," said Jonny Mattey, Head of Cybersecurity, Sykes Cottages. "Having a holistic, live view of our cloud environment enables us to work pragmatically and use AI to cut down management time so that we can address security risks and improve our resilience."

The new Darktrace/Cloud solution is now available on Amazon Web Services (AWS) through the AWS Marketplace, a curated digital catalog that makes it easy for customers to find, buy, deploy, and manage the third-party software they need to build solutions and run their business. Darktrace and AWS have been collaborating since 2017 to help organizations secure their AWS environments. Darktrace protects AWS environments for organizations around the world including Sunwest Bank and ProPhase Labs. Darktrace is an AWS Security Competency Partner and is part of the AWS ISV Accelerate program.

"Security is job zero at AWS," said Paddy Fitzpatrick, Director – Independent Software Vendors, UK & Ireland at Amazon Web Services. "As the threat landscape continues to evolve, the availability of AI-based tools like Darktrace/Cloud on the AWS Marketplace will help customers to gain increased visibility, and respond more effectively to security risks and threats."

Darktrace first extended its Cyber AI capabilities to cloud environments in 2016, applying its world class algorithms to granular network traffic. Darktrace/Cloud was recently named Cloud Security Product of the Year for Large Enterprises by Computing Magazine in its 2023 Cloud Excellence Awards.

Learn more about the new enhancements to Darktrace/Cloud by tuning into the launch event at 11:30am ET/4:30pm BST.

**ABOUT DARKTRACE**

Darktrace (DARK.L), a global leader in cyber security artificial intelligence, is on a mission to free the world of cyber disruption. Breakthrough innovations in our Cyber AI Research Center in Cambridge, UK have resulted in over 160 patents filed and research published to contribute to the cyber security community. Rather than study attacks, Darktrace's technology continuously learns and updates its knowledge of 'you' and applies that understanding to optimize your state of optimal cyber security. Darktrace is delivering the first ever Cyber AI Loop, fueling a continuous end-to-end security capability that can autonomously spot and respond to novel in-progress threats within seconds. Darktrace employs over 2,200 people around the world and protects approximately 8,900 customers globally from advanced cyber threats. Darktrace was named one of TIME magazine's 'Most Influential Companies' in 2021. To learn more, visit http://www.darktrace.com.

SOURCE Darktrace

Tag

#intel