The goal: Ensure that data is always finely curated and accessible, and that security decisions get made with high-fidelity data.

In a tale seemingly as old as time, security teams have been continuously under siege. Be it novel attack paths, lethal adversaries, new technologies — such as public cloud, containerization, Kubernetes, and serverless computing — or stringent regulatory requirements, teams have faced quite the burden. To help shoulder the load, the industry has established frameworks and pushed out amazing tech, from SIEMs to CNAPPs and XDRs to CASBs. These processes and technologies have helped to keep attackers at bay and people protected, but have created a new problem of far too much data.

To face off against this data-driven world, CISOs and security teams will need to embrace the data and look outside of traditional security personas to adopt a new model of working: security data operations, or simply (and catchier) SecDataOps.

SecDataOps is a term used to describe the process of integrating data into the entire security life cycle, whether for risk management, incident response, or cyber-threat intelligence production. Quantitative data about your environment, assets, business domain, and adversaries must be used. This also means security teams have to adopt strong data analysis, engineering and science processes from data collection and storage to dissemination and archiving. The goal of SecDataOps is to ensure that data is always finely curated and accessible, and that security decisions are made with high-fidelity data.

**Joint Task Force**

SecDataOps need not be a formalized reporting structure all at once but instead can be a joint task force and an additional horizontal responsibility in a security program. Occasionally, SecDataOps may bleed into enterprise architecture, enterprise IT, and other teams as needed. Instead of forcing all your security engineers to become data engineers, consider first bringing in big data consultants and other experts to help take account of how data moves in the organizations, where it's stored, how much it costs, all the way down to schema and formats.

Once the governance and management of raw data available to a team directly from security tools or from environments (e.g., cloud APIs, configuration management databases, existing data lakes) is complete, metrics need to be defined. Service-level agreements (SLAs) are typically formalized agreements but are a great way to hold your burgeoning SecDataOps practices to high quality standards.

Strong SLAs define the purpose of setting the SLA (the why), the promise and specific metric (the what and how), and any specific requirements (the when), if applicable. Creating these SLAs from the start that align to both the overall SecDataOps program and for specific datasets, data feeds, or projects will be important to achieve cohesion and long-term SecDataOps success.

Only once a strong baseline is set can specialized projects or process overhauls can be carried out. This same contextual approach can be applied to cloud security posture management remediation or as enrichment for real-time investigatory requirements such as pulling in ownership and asset data into a security alert investigation.

The leadership decision of a SecDataOps team is an important choice and may need to change as the team matures. When existing as an additional responsibility or joint task force, it may make sense to have the CISO run the function no matter what their level of hands-on technical acumen is; this is to hold the cross-functional team together. The results of SecDataOps will have a strong business emphasis, as the goal is to rapidly detect, pinpoint, and address various risks.

Harnessing data and building generative adversarial networks and massive business-intelligence dashboards to quantify cyber-risk is the exciting part of SecDataOps. But large parts of the work will be formative and the outcome for protecting the business is still the primary goal. Do not fear bringing in outside talent to build out the data piece of the equation. Having a team that is ready to cross-train and learn from one another will be vastly more successful than throwing security engineers to the data wolves.

This security data problem is not going away. Starting off is simply an information gathering operation: meet with your teams, understand how they harness data, what data they wish they had, and start from there. Do not get lost dreaming of what cool machine-learning algorithms you can deploy when sometimes the best outcome is well-governed data. SecDataOps is the way we win this data war and defeat our adversaries.

Why SecDataOps Is the Future of Your Security Program

**DENVER****,** **Feb. 14, 2023** **/PRNewswire/ --** Ping Identity, the intelligent identity solution for the enterprise, has formed a new strategic alliance with Deloitte, a leader in global security consulting services, to help the organizations' shared clients improve advanced Identity Access Management (IAM) Solutions selection and onboarding. Through the alliance, Ping and Deloitte's shared clients will be able to streamline digital identity management and effectively authorize which employees, customers, vendors, and suppliers can access sensitive corporate resources.

Deloitte brings to the alliance its significant experience in identity and access management across strategy, implementation and operations-managed services for both workforce and customer IAM solutions in a global customer ecosystem. Ping Identity brings its strength in single sign-on (SSO) and multi-factor authentication (MFA) technologies as well as advanced capabilities like identity authorization, risk and fraud mitigation, and overall IAM orchestration. Deloitte and Ping's shared clients will have access to intelligent identity solutions able to scale enterprise-wide and to offer customers a secure and frictionless experience. 

"We're moving into an experience-first world where identity is paramount to enable security and frictionless interactions," said Andre Durand, CEO and founder of Ping Identity. "Our IAM solutions align well with Deloitte's deep knowledge of connected customer journeys and trusted customer experiences. This alliance will help more organizations reduce risk and accelerate time-to-value as they look to modernize their identity strategies."

As part of the alliance, Deloitte will receive Ping Identity's dedicated sales training, certifications, product roadmap updates, and marketing resources that strengthen and secure access to the cloud, mobile, SaaS, and on-premises applications across the hybrid enterprise.

"As the digitization of businesses continues to increase, providing a trusted employee and customer experience is imperative for organizations," said Nakul Sharma, a Deloitte Risk & Financial Advisory managing director, Deloitte & Touche LLP. "Offering visibility and transparency around how data is used is important to building trust throughout the enterprise as well as with consumers. Our alliance with Ping is an important step in our ecosystem growth to offer Deloitte clients enhanced identity management solutions to help secure identities and data across digital engagement channels."

As used in this document, "Deloitte" means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of our legal structure. Certain services may not be available to attest clients under the rules and regulations of public accounting.

**About Ping Identity**

At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. That's digital freedom. We let enterprises combine our best-in-class identity solutions with third-party services they already use to remove passwords, prevent fraud, support Zero Trust, or anything in between. This can be accomplished through a simple drag-and-drop canvas. That's why more than half of the Fortune 100 choose Ping Identity to protect digital interactions from their users while making experiences frictionless. Learn more at www.pingidentity.com.

Ping Identity and Deloitte Forge Alliance to Give Organizations Advanced Identity and Access Solutions

**ARLINGTON, Va.****,** **Feb. 14, 2023** **/PRNewswire/ --** ThreatConnect, maker of leading threat intelligence operations (TI Ops) and risk quantification solutions, announced today the company's accelerated growth through 2022 and market leading position heading into 2023.

"With a tumultuous year marked by geopolitical and economic uncertainty that increased pressure on CISOs and their teams to improve security effectiveness and efficiency, ThreatConnect had a tremendous year in both new customer acquisition and product innovation," said Balaji Yelamanchili, CEO of ThreatConnect. "As we enter 2023, we're positioned to continue delivering market leading product innovation that enables our customers and partners to manage efficient TI Ops with quantifiable risk mitigation strategies."

**Customer & Revenue Growth** 

*   Substantial double-digit growth in new logo and expansion business, including some of the world's largest technology, financial services, healthcare, governmental, and cyber security organizations choosing ThreatConnect for their TI Ops and risk quantification initiatives.
*   Expanded risk quantification and TI Ops deployments with three of the top five software companies in the world, 12 global financial services organizations, and 33 other large enterprise customers.
*   Now serving nearly 200 global customers, including five of the top 10 software companies in the world, three of the top five airlines, three of the top five pharmaceutical companies, two of the top five insurance providers, and more than 10 defense and federal agencies.

**Threat Intelligence Operations Innovation**

The company's product and engineering teams delivered a variety of new features that enable cyber threat intelligence (CTI) teams to more efficiently investigate and create intelligence, and work with security operations (SecOps) teams to consume and operationalize threat intelligence.  These new features are designed to deliver better security outcomes in terms of mean time to detect (MTTD) and mean time to resolve (MTTR) potential threats and incidents, and drive efficiencies across teams and tools.

**Specific Innovations:** 

ThreatConnect made many useful product enhancements, including:

*   ThreatConnect's Collective Analytics Layer (CAL™), powered by Big Data and Machine Learning, increased its volume of data by 25% versus prior year to over 176 billion points of data used for scoring potential indicators of compromise (IOCs), providing insights for investigations, and categorizing relationships between indicators, threat actors, malware, and campaigns. By merging anonymized insights from ThreatConnect users with this massive data set creates the ability to have better confidence scoring and enrichment on potential IOCs that very few other players in the market can claim.
*   Natural Language Processing (NLP) capabilities to recognize MITRE ATT&CK® techniques by extracting insights from open source blogs, research, and other sources. This enables customers to get faster insights on relevant threats they are investigating.
*   Highly intuitive graph investigation capability that incorporates the customer's threat intelligence and internal case & investigation data, with insights from CAL's Automated Threat Library, including threat actors, campaigns, and ATT&CK techniques, and a growing number of third-party intelligence and enrichment sources.
*   A new reporting engine that makes it easy to create and disseminate threat intelligence reports with graphs, tables, images, and narrative descriptions.
*   New Enrich Anywhere capability automates the addition of context to indicators of compromise, allowing users to easily identify false positives and pinpoint actionable intelligence.  
*   Streamline the work of the SOC by infusing relevant threat intelligence directly into every step of their case workflow, and allowing for relevant artifacts and findings to be promoted for validation as threat intelligence by the CTI team.
*   Measure the work being done by the team with case and analyst efficiency metrics.
*   Stronger multi-tenant management of clients for MSSP and multi-tiered organizations with the introduction of Super Admin Users who can answer RFI's or work alongside analysts in other organizations without leaving their ThreatConnect instance.

**Risk Quantification Break Out Year**

*   Significant double digit annual sales growth, including new customers in healthcare, finance and manufacturing.
*   Launched technology alliance and go-to-market partnership with SecurityScorecard, resulting in 14 net new customers.
*   New go-to-market partnership with 3 of the top global software vendors.

**Industry recognition**

Winner of multiple industry accolades, including the Global Infosec Awards, Cybersecurity Excellence Award, and the top 100 most Innovative Cybersecurity companies by Expert Insights.

**Experienced Leadership and Board Advisors**

In 2022, the company added seasoned cybersecurity operators to its executive ranks with cybersecurity veterans. Balaji Yelamanchili, previously EVP and General Manager of Symantec's Enterprise Security business, joined the company as Chief Executive Officer.  Burney Barker, a veteran of Forescout, Gigamon, and Dell EMC, joined the company as Chief Revenue Officer.  In the Chief Marketing Officer role, Charles Gold joined the company, bringing more than 25 years of executive experience at category leaders including Sonatype, Virtru, and FireMon.

The company also added an elite group of enterprise cybersecurity leaders as Board Advisors.  This esteemed group includes Colin Anderson, current CISO at Ceridian and former CISO at Safeway and Levi Straus, Myrna Soto former CISO at MGM and Comcast and current Board member at Spirit Airlines and Trinet, and Patrick Joyce, CISO at Medtronic.  They will advise the company's Board and executive team on strategic product and go-to-market matters.

"Enterprises are transforming  their approach to security operations to support their move to the cloud and the digital economy while at the same time addressing a growing threat landscape and emerging threats like ransomware,"  said Yelamanchili.   "Our TI Ops and risk quantification solutions are critical to these initiatives and, given our momentum in 2022 and near term product roadmap, I couldn't be more excited about this coming year."

**About ThreatConnect**

ThreatConnect enables threat intelligence operations, security operations, and cyber risk management teams to work together for more effective, efficient, and collaborative cyber defense and protection. With ThreatConnect, organizations can infuse ML and AI-powered threat intel and cyber risk quantification into their work, allowing them to orchestrate and automate processes to get the necessary insights, and respond faster and more confidently than ever before. More than 200 enterprises and thousands of security operations professionals rely on ThreatConnect every day to protect their organizations' most critical assets.

ThreatConnect Closes 2022 with Accelerated Growth in Threat Intelligence Operations (TI Ops)

No, there’s not a sudden influx of unidentified objects in the skies above the US—but the government is paying closer attention.

When U.S. government officials in early February identified and eventually shot down a surveillance balloon attributed to China, the prominent acknowledgment of a spy balloon captured public attention and inflamed tensions between Washington and Beijing. But since then, the prospect of the US government intercepting unidentified flying objects has become quotidian, with three UFOs shot down in the past four days—two near Alaska and one over Lake Huron near Michigan. The spree raises the question, are there more UFOs over US airspace than usual, or is everyone just looking more closely?

Researchers say it's the latter, and they note that even before the balloon mania began, the US government tracked many UFOs in its airspace, including a number of balloons. The US Office of the Director of National Intelligence (ODNI) released a January report, for example, tracking incidents involving UFOs, which the US government calls Unidentified Anomalous Phenomena or UAPs. Between March 5, 2021, and August 30, 2022, the All-Domain Anomaly Resolution Office had 247 reports of UAPs. In a wider pool of 366 UAP reports that also includes newly discovered incidents that occurred before 2021, ODNI said that 163 were balloons “or balloon-like entities,” 26 were “Unmanned Aircraft Systems,” or drones, and six were “attributed to clutter.” So, not all UFOs are balloons, and not all unidentified balloons are spy balloons.

Additionally, CNN reported on Friday that in the past year, the US intelligence community invented a novel technique for conducting real-time tracking of spy balloons or other balloon vehicles of interest. After an incident in which a Chinese spy balloon briefly entered US airspace in 2021, US intelligence forces used data they'd collected about the balloon to look back at radar and other aerial surveillance data to search for previously unidentified past incidents. The results then allowed officials to create models for tracking balloon flights around the world in close to real time.

The heightened alert in recent days may have also led to other tweaks to US radar noise reduction methods to detect more small aircraft at altitudes where planes don't usually fly.

“This isn't new; we just hadn't been detecting them in the past,” says Brynn Tannehill, a RAND Corporation senior technical analyst and a former naval aviator. “I suspect that filters on US systems had previously been ignoring things that were too slow, high, or small to be considered threats. Now that the parameters on the filters have been adjusted, we're seeing more of what was already there for the past few years.”

US government officials said at the beginning of the month that the Chinese spy balloon was roughly the size of three buses. Meanwhile, US Defense Department officials said the UFO the US shot down on Friday was likely not a balloon and was roughly the size of a small car. The object shot down on Saturday, on orders from Canada's prime minister, Justin Trudeau, was described by Canadian officials as cylindrical and seemingly smaller than a surveillance balloon. US officials said the UFO shot down on Sunday was octagonal and didn't seem to be carrying anything.

The White House says that China has been working on a balloon surveillance initiative in recent years “that it has used to violate the sovereignty of the US and over 40 countries across five continents,” according to a statement by National Security Council spokesperson Adrienne Watson. On Sunday, the Chinese government claimed that the US illegally flew over 10 balloons in its airspace in the past year. The Biden administration denied the allegation. “Any claim that the US government operates surveillance balloons over the PRC is false,” Watson said in the statement.

“With the balloon at the beginning of February, the US caught China with its hands in the proverbial cookie jar and made the decision to make it public,” says Jake Williams, a former National Security Administration hacker and an analyst at the Institute for Applied Network Security. “There is likely a ton of statecraft happening in the background, either as a result of the decision to publicly acknowledge the first balloon or that led to the decision itself. Generally, yes, things change once a surveillance target knows they're being surveilled.”

The Biden administration has been been criticized by some Republican lawmakers and others for being slow to shoot down the Chinese spy balloon and hesitant to reveal specific details about the three other UFOs taken out in recent days. (US officials said shooting down the balloon over land would pose an unacceptable risk due to falling debris.) RAND's Tannehill says, though, that from an investigative perspective, it's difficult to process so many cases simultaneously. 

“The White House is caught between rapid response and getting the facts right,” Tannehill says. “Until the path analysis is done, we're guessing at who launched them. Getting the facts wrong publicly would be highly damaging to US credibility.” She adds that the UFO disabled on Saturday that also flew over Canadian airspace “brings another NATO country into the discussion, and it becomes a NATO problem, not just US or NORAD,” the North American Aerospace Defense Command. 

Of the object shot down on Sunday over Lake Huron, the US Defense Department said in a statement, “We did not assess it to be a kinetic military threat to anything on the ground, but assess it was a safety flight hazard and a threat due to its potential surveillance capabilities. Our team will now work to recover the object in an effort to learn more.”

Oh, and if you're still holding out for this flurry of aerial activity to be related to aliens, the White House is here to burst your bubble: “I know there have been questions and concerns about this," White House press secretary Karine Jean-Pierre said at a press conference yesterday, “but there is no, again no indication of aliens or extraterrestrial activity with these recent takedowns.” General Glen VanHerck, commander of the Air Force’s Northern Command, added during a news conference on Sunday, though, “I haven’t ruled out anything at this point.”

The More You Look for Spy Balloons, the More UFOs You’ll Find

One thing is clear. The "business value" of data continues to grow, making it an organization's primary piece of intellectual property.
From a cyber risk perspective, attacks on data are the most prominent threat to organizations. 
Regulators, cyber insurance firms, and auditors are paying much closer attention to the integrity, resilience, and recoverability of organization data – as well as

One thing is clear. The "_business value"_ of data continues to grow, making it an organization's primary piece of intellectual property.

From a cyber risk perspective, attacks on data are the most prominent threat to organizations.

Regulators, cyber insurance firms, and auditors are paying much closer attention to the integrity, resilience, and recoverability of organization data – as well as the IT infrastructure & systems that store the data.

****What Impact Does This Have On The Security Of Storage & Backup Systems?****

Just a few years ago, almost no CISO thought that storage & backups were important. That's no longer the case today.

Ransomware has pushed backup and recovery back onto the IT and corporate agenda.

Cybercriminals, such as Conti, Hive and REvil, are targeting storage and backup systems, to prevent recovery.

Some ransomwares – Locky and Crypto, for example – now bypass production systems altogether, and directly target backups.

This has forced organizations to look again at potential holes in their safety nets, by reviewing their storage, backup, and data recovery strategies.

****CISO Point of View****

To get insights on new storage, backup, and data protection methods, 8 CISOs were interviewed. Here are some of those lessons.

_Source: CISO Point of View: The ever-changing role of data, and the implications for data protection & storage security (Continuity)_

CISOs are concerned about the rise of ransomware – not only of the proliferation of attacks but also of their sophistication: "_The storage and backup environments are now under attack, as the attackers realize that this is the single biggest determining factor to show if the company will pay the ransom,_" says **George Eapen**, Group CIO (and former CISO) at Petrofac,

**John Meakin**, former CISO at GlaxoSmithKline, BP, Standard Chartered, and Deutsche Bank believes that "_As important as it may be, data encryption is hardly enough to protect an organization's core data. If attackers find their way into a storage system (as data encryption alone won't prevent them from doing so), they are free to cause severe damage by deleting and compromising petabytes of data – whether they're encrypted or not. This also includes the snapshots and backup._"

Without a sound storage, backup, and data recovery strategy, organizations have little chance of surviving a ransomware attack, even if they end up paying the ransom.

****Shared Responsibility - CISO vs. Storage & Backup Vendor****

While storage & backup vendors provide excellent tools for managing availability and performance of their infrastructure, they don't do the same for the security and configuration of those same systems.

Some storage and backup vendors publish security best practice guides. However, implementation and monitoring of security features and configurations is the responsibility of an organization's security department.

There are, however, a number of cyber resiliency initiatives that are being carried out. These include:

****Current Ransomware Resiliency Initiatives For Storage & Backup:********Air-gapped data copies****

Adding an air-gap means separating backups from production data. This means that if the production environment is breached, attackers don't immediately have access to backups.

You can also keep storage accounts separate.

****Storage snapshots & replication****

Snapshots record the live state of a system to another location, whether that's on-premises or in the cloud. So, if ransomware hits the production system, there is every chance it will be replicated onto the copy.

****Immutable storage & vault****

Immutable storage is the simplest way to protect backup data. Data is stored in a Write Once Read Many (WORM) state and cannot be deleted for a pre-specified period.

Policies are set in backup software or at storage level and it means backups can't be changed or encrypted.

While immutability is helpful in remediating cyberthreats, it is certainly not bullet proof.

Immutable storage can be 'poisoned', enabling hackers to change the configuration of backup clients and gradually replace stored data with meaningless information. In addition, once hackers gain access to the storage system, they can easily wipe out snapshots.

****Storage security posture management****

Storage security posture management solutions help you get a full view of the security risks in your storage & backup systems. It does this by continuously scanning these systems, to automatically detect security misconfigurations and vulnerabilities.

It also prioritizes risks in order of urgency and business impact, and provides remediation guidance.

****4 Steps to Success****

1.  Define comprehensive security baselines for all components of storage and backup systems (NIST Special Publication 800-209; Security Guidelines for Storage Infrastructure provides a comprehensive set of recommendations for the secure deployment, configuration, and operation of storage & backup systems)
2.  Use automation to reduce exposure to risk, and allow much more agility in adapting to changing priorities. Storage security posture management (also known as storage vulnerability management) solutions can go a long way to helping you reduce this exposure.
3.  Apply much stricter controls and more comprehensive testing of storage and backup security, and the ability to recover from an attack. This will not only improve confidence, but will also help identify key data assets that might not meet the required level of data protection
4.  Include all aspects of storage and backup management, including often-overlooked key components such as fiber-channel network devices, management consoles, etc.

NIST Special Publication 800-209; Security Guidelines for Storage Infrastructure provides an overview of the evolution of storage technology, recent security threats, and the risks they pose.

It includes a comprehensive set of recommendations for the secure deployment, configuration, and operation of storage resources. These include data and confidentiality protection using encryption, isolation and restoration assurance.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

A CISOs Practical Guide to Storage and Backup Ransomware Resiliency

Microsoft on Monday attributed a China-based cyber espionage actor to a set of attacks targeting diplomatic entities in South America.
The tech giant's Security Intelligence team is tracking the cluster under the emerging moniker DEV-0147, describing the activity as an "expansion of the group's data exfiltration operations that traditionally targeted government agencies and think tanks in Asia

Cyber Threat Intelligence

Microsoft on Monday attributed a China-based cyber espionage actor to a set of attacks targeting diplomatic entities in South America.

The tech giant's Security Intelligence team is tracking the cluster under the emerging moniker **DEV-0147**, describing the activity as an "expansion of the group's data exfiltration operations that traditionally targeted government agencies and think tanks in Asia and Europe."

The threat actor is said to use established hacking tools such as ShadowPad to infiltrate targets and maintain persistent access.

ShadowPad, also called PoisonPlug, is a successor to the PlugX remote access trojan and has been widely put to use by Chinese adversarial collectives with links to the Ministry of State Security (MSS) and People's Liberation Army (PLA), per Secureworks.

One of the other malicious payloads put to use by DEV-0147 is a webpack loader called **QuasarLoader**, which allows for deploying additional payloads onto the compromised hosts.

Redmond did not disclose the method DEV-0147 might be using to gain initial access to a target environment. That said, phishing and opportunistic targeting of unpatched applications are likely vectors.

"DEV-0147's attacks in South America included post-exploitation activity involving the abuse of on-premises identity infrastructure for recon and lateral movement, and the use of Cobalt Strike for command-and-control and data exfiltration," Microsoft said.

DEV-0147 is far from the only China-based advanced persistent threat (APT) to leverage ShadowPad in recent months.

In September 2022, NCC Group unearthed details of an attack aimed at an unnamed organization that leveraged a critical flaw in WSO2 (CVE-2022-29464, CVSS score: 9.8) to drop web shells and activate an infection chain that led to the delivery of ShadowPad for intelligence gathering.

ShadowPad has also been employed by unidentified threat actors in an attack targeting an ASEAN member foreign ministry through the successful exploitation of a vulnerable, and Internet-connected, Microsoft Exchange Server.

The activity, dubbed REF2924 by Elastic Security Labs, has been observed to share tactical associations with those adopted by other nation-state groups such as Winnti (aka APT41) and ChamelGang.

"The REF2924 intrusion set \[...\] represents an attack group that appears focused on priorities that, when observed across campaigns, align with a sponsored national strategic interest," the company noted.

The fact that Chinese hacking groups continue to use ShadowPad despite it being well-documented over the years suggests the technique is yielding some success.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad

In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause a low impact on integrity of the application.

CVE-2023-23856

SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the application causing high impact on confidentiality, integrity and availability of the application.

CVE-2023-24530

SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality and limited impact on integrity of the application.

CVE-2023-0020

Morphus's deep cybersecurity research expertise, cyber defense and threat intelligence services widen Accenture's cybersecurity footprint in Latin America.

**FORTALEZA, Brazil and NEW YORK; Feb. 13, 2023 –** Accenture (NYSE: ACN) has acquired Morphus, a privately held Brazil-based cyber defense, risk management and cyber threat intelligence services provider, expanding its practice capabilities in Brazil and Latin America. Financial terms were not disclosed.

Founded in 2003, Morphus is headquartered in Fortaleza, which is in the Ceará region in northeastern Brazil, with offices in Recife, São Paulo, Rio de Janeiro and Santiago, Chile. Morphus’s end-to-end portfolio includes red and blue team services; governance, risk and compliance services; enterprise risk management; cyber strategy; threat intelligence; and managed security services (MSS). 

According to Accenture’s recent Cyber Threat Intelligence research, Brazil is one of the top victims of infostealer malware – a malicious software designed to steal victim information such as passwords. 

“Together with the capabilities and experienced leadership of Morphus, we will work as one team to help organizations build a cyber resilient business and better secure their digital core, their technology and supply chains,” said Paolo Dal Cin, who leads Accenture Security globally. “The acquisition brings more than 230 highly skilled professionals, making Accenture one of the largest cybersecurity professional services providers in Brazil. Our clients are always looking for the best solutions to strengthen their cyber defenses, and the addition of Morphus expands our global research workforce and network of talented, innovative security professionals.”

The acquisition expands Accenture’s portfolio and marks the launch of a Cyber Industry practice in Latin America led by seasoned former CISOs from Morphus. The new offerings also expand Accenture’s position in Growth Markets in Morphus’s primary industry groups: communications media and technology, financial services, energy, retail and aviation.

Rawlison Brito, CEO of Morphus, said: “We believe that security and science go hand-in-hand. With Accenture, we can continue our cyber threat research and expand our advanced studies of cybersecurity by collaborating with security research experts on a global scale. We are excited to join Accenture to offer our thought leadership and better serve our clients by providing market-leading services and stronger cyber defense protection in Latin America.”

With a strong footprint in Brazil and Chile, the acquisition brings to Accenture Morphus Labs, a research facility in Fortaleza dedicated to cybersecurity studies, vulnerability and threat analysis and MSS. This will add a new Cyber Fusion Center in Fortaleza to Accenture’s existing global network, which includes Morphus’s cybersecurity R&D capabilities.

Andre Fleury, Accenture Security lead for Latin America, said: “The cybersecurity team at Morphus will accelerate the growth of our Cyber Industry practice in the region, nearly doubling our security footprint in Brazil. The acquisition complements our global Security practice and will enable us to help our clients embed security by design and enhance the offerings we provide across a wide variety of industries in Latin America.”

Last year, Accenture was recognized as a leader in strategic security services and MSS in Brazil by ISG.

Since 2015, Accenture Security has made 16 acquisitions. Following its January 2020 acquisition of Symantec’s Cyber Security Services business, Accenture became one of the leading global providers of MSS. Accenture further strengthened its cyber defense and MSS capabilities through the acquisition of Brazil-based Real Protect, and European cyber companies Sentor and Openminded in 2021.

**Forward-Looking Statements**

Except for the historical information and discussions contained herein, statements in this news release may constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Words such as “may,” “will,” “should,” “likely,” “anticipates,” “aspires,” “expects,” “intends,” “plans,” “projects,” “believes,” “estimates,” “positioned,” “outlook,” “goal,” “target” and similar expressions are used to identify these forward-looking statements. These statements are not guarantees of future performance nor promises that goals or targets will be met, and involve a number of risks, uncertainties and other factors that are difficult to predict and could cause actual results to differ materially from those expressed or implied. These risks include, without limitation, risks that: the transaction might not achieve the anticipated benefits for Accenture; Accenture’s results of operations have been, and may in the future be, adversely affected by volatile, negative or uncertain economic and political conditions and the effects of these conditions on the company’s clients’ businesses and levels of business activity; Accenture’s business depends on generating and maintaining client demand for the company’s services and solutions including through the adaptation and expansion of its services and solutions in response to ongoing changes in technology and offerings, and a significant reduction in such demand or an inability to respond to the evolving technological environment could materially affect the company’s results of operations; if Accenture is unable to match people and their skills with client demand around the world and attract and retain professionals with strong leadership skills, the company’s business, the utilization rate of the company’s professionals and the company’s results of operations may be materially adversely affected; Accenture faces legal, reputational and financial risks from any failure to protect client and/or company data from security incidents or cyberattacks; the markets in which Accenture operates are highly competitive, and Accenture might not be able to compete effectively; Accenture’s ability to attract and retain business and employees may depend on its reputation in the marketplace; Accenture’s environmental, social and governance (ESG) commitments and disclosures may expose it to reputational risks and legal liability; if Accenture does not successfully manage and develop its relationships with key ecosystem partners or fails to anticipate and establish new alliances in new technologies, the company’s results of operations could be adversely affected; Accenture’s profitability could materially suffer if the company is unable to obtain favorable pricing for its services and solutions, if the company is unable to remain competitive, if its cost-management strategies are unsuccessful or if it experiences delivery inefficiencies or fail to satisfy certain agreed-upon targets or specific service levels; changes in Accenture’s level of taxes, as well as audits, investigations and tax proceedings, or changes in tax laws or in their interpretation or enforcement, could have a material adverse effect on the company’s effective tax rate, results of operations, cash flows and financial condition; Accenture’s results of operations could be materially adversely affected by fluctuations in foreign currency exchange rates; changes to accounting standards or in the estimates and assumptions Accenture makes in connection with the preparation of its consolidated financial statements could adversely affect its financial results; as a result of Accenture’s geographically diverse operations and strategy to continue to grow in key markets around the world, the company is more susceptible to certain risks; if Accenture is unable to manage the organizational challenges associated with its size, the company might be unable to achieve its business objectives; Accenture might not be successful at acquiring, investing in or integrating businesses, entering into joint ventures or divesting businesses; Accenture’s business could be materially adversely affected if the company incurs legal liability; Accenture’s global operations expose the company to numerous and sometimes conflicting legal and regulatory requirements; Accenture’s work with government clients exposes the company to additional risks inherent in the government contracting environment; if Accenture is unable to protect or enforce its intellectual property rights or if Accenture’s services or solutions infringe upon the intellectual property rights of others or the company loses its ability to utilize the intellectual property of others, its business could be adversely affected; Accenture may be subject to criticism and negative publicity related to its incorporation in Ireland; as well as the risks, uncertainties and other factors discussed under the “Risk Factors” heading in Accenture plc’s most recent Annual Report on Form 10-K and other documents filed with or furnished to the Securities and Exchange Commission. Statements in this news release speak only as of the date they were made, and Accenture undertakes no duty to update any forward-looking statements made in this news release or to conform such statements to actual results or changes in Accenture’s expectations.

**About Accenture** 

Accenture is a leading global professional services company that helps the world’s leading businesses, governments and other organizations build their digital core, optimize their operations, accelerate revenue growth and enhance citizen services—creating tangible value at speed and scale. We are a talent and innovation led company with 738,000 people serving clients in more than 120 countries. Technology is at the core of change today, and we are one of the world’s leaders in helping drive that change, with strong ecosystem relationships. We combine our strength in technology with unmatched industry experience, functional expertise and global delivery capability. We are uniquely able to deliver tangible outcomes because of our broad range of services, solutions and assets across Strategy & Consulting, Technology, Operations, Industry X and Accenture Song. These capabilities, together with our culture of shared success and commitment to creating 360° value, enable us to help our clients succeed and build trusted, lasting relationships. We measure our success by the 360° value we create for our clients, each other, our shareholders, partners and communities. Visit us at www.accenture.com.

Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter, LinkedIn or visit us at accenture.com/security.

Tag

#intel