**DALLAS****,** **Jan. 5, 2023** **/PRNewswire/ --** Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, has established CTOne, a new Trend Micro subsidiary focused on advancing 5G network security and beyond. The group's intellectual capital and leadership come from Trend Micro's culture of innovation and is the latest incubation project to launch as a standalone business.

_To learn more about CTOne's private 5G network solutions, please visit:_ https://www.ctone.com

Eva Chen**, CEO of Trend Micro:** "Trend Micro has been at the forefront of network transformations for over three decades. The 5G network technology has enabled new capabilities and applications requiring new cybersecurity infrastructure. With our foresight and over six years of dedicated research into network technology, we are confident that CTOne will safeguard organizations in all 5G network environments."

Organizations need to integrate resources to combat emerging threats in the private 5G networks more effectively. By pre-deploying a security net, CTOne strengthens the digital resilience of vertical application fields and provides security for landing applications in private 5G network environments and achieving comprehensive protection from network to endpoint.

Low latency, large bandwidth, and high-density capabilities have accelerated many organizations to adopt private 5G networks. According to a Grand View Research report\*, the global private 5G network market size was valued at USD 1.38 billion in 2021 and is expected to expand at a compound annual growth rate of 49% in the next year. Private 5G networks are usually considered the most secure wireless communications standard. However, with the widely used Open Radio Access (O-RAN) structure, the proliferation of cloud networks, open-source software, and the variety of IoT devices, the 5G environment faces more cyber threats than ever.

Jason Huang**, CEO of CTOne:** "Safety today doesn't guarantee Safety tomorrow. While the communications technology market is booming, business operations are facing exposure to more complex risks. CTOne enables enterprises to secure private 5G networks against potential cyberattacks and build a high-quality industrial application ecosystem. In the future, we will collaborate with partners to maximize the advantages of private 5G with comprehensive security solutions."

In addition to private 5G network end-to-end security solutions, CTOne is also developing O-RAN and edge computing security solutions to assist enterprises in mitigating cyber risk when deploying related technologies.

\* Private 5G Network Market Size, Share & Trends Analysis Report By Component (Hardware, Software, Services), By Frequency (Sub-6 GHz, mmWave), By Spectrum, By Vertical, By Region, And Segment Forecasts, 2022 – 2030, Grand View Research

**About Trend Micro**

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. www.trendmicro.com.

**About CTOne**

CTOne, a global cybersecurity leader in communication technology, offers enterprise cybersecurity solutions for next-generation wireless networks. A subsidiary of Trend Micro, CTOne enables digital transformation and strengthens the resilience of communication technology. https://www.ctone.com

SOURCE Trend Micro Incorporated

Trend Micro Announces New Subsidiary for 5G Cybersecurity

When police infiltrated the EncroChat phone system in 2020, they hit an intelligence gold mine. But subsequent legal challenges have spread across Europe.

For a week in October 2020, Christian Lödden’s potential clients wanted to talk about only one thing. Every person whom the German criminal defense lawyer spoke to had been using the encrypted phone network EncroChat and was worried their devices had been hacked, potentially exposing crimes they may have committed. “I had 20 meetings like this,” Lödden says. “Then I realized—oh my gosh—the flood is coming.”

Months earlier, police across Europe, led by French and Dutch forces, revealed they had compromised the EncroChat network. Malware the police secretly planted into the encrypted system siphoned off more than 100 million messages, laying bare the inner workings of the criminal underground. People openly talked about drug deals, organized kidnappings, planned murders, and worse.

The hack, one of the largest ever conducted by police, was an intelligence gold mine—with hundreds arrested, homes raided, and thousands of kilograms of drugs seized. But it was just the beginning. Fast-forward two years, and thousands of EncroChat users across Europe—including in the UK, Germany, France, and the Netherlands—are in jail. 

However, a growing number of legal challenges are questioning the hacking operation. Lawyers claim investigations are flawed and that the hacked messages should not be used as evidence in court, saying rules around data-sharing were broken and the secrecy of the hacking means suspects haven’t had fair trials. Toward the end of 2022, a case in Germany was sent to Europe’s highest court. If successful, the challenge could potentially undermine the convictions of criminals around Europe. And experts say the fallout has implications for end-to-end encryption around the world.

“Even bad people have rights in our jurisdictions because we are so proud of our rule of law,” Lödden says. “We’re not defending criminals or defending crimes. We are defending the rights of accused people.”

Hacking EncroChat

Around 60,000 people were signed up to the EncroChat phone network, which was founded in 2016, when it was busted by cops. Subscribers paid thousands of dollars to use a customized Android phone that could, according to EncroChat’s company website, “guarantee anonymity.” The phone’s security features included encrypted chats, notes, and phone calls, using a version of the Signal protocol, as well as the ability to “panic wipe” everything on the phone, and live customer support. Its camera, microphone, and GPS chip could all be removed.

Police who hacked the phone network didn’t appear to break its encryption but instead compromised the EncroChat servers in Roubaix, France, and ultimately pushed malware to devices. While little is known about how the hacking took place or the type of malware used, 32,477 of EncroChat’s 66,134 users were impacted in 122 countries, according to court documents. Documents obtained by Motherboard showed all data on the phones could potentially be hoovered up by the investigators. This data was shared between law enforcement agencies involved in the investigation. (EncroChat has claimed it was a legitimate company and shut itself down after the hack.)

Across Europe, legal challenges are building up. In many countries, courts have ruled that messages from EncroChat can be used as evidence. However, these decisions are now being disputed. The cases, many of which have been reported in detail by Computer Weekly, are complex: Each country has its own legal system with separate rules around the types of evidence that can be used and the processes prosecutors need to follow. For instance, the UK largely doesn’t allow “intercepted” evidence to be used in court; meanwhile, Germany has a high bar for allowing malware to be installed on a phone.

Cops Hacked Thousands of Phones. Was It Legal?

**ATLANTA****,** **Jan. 4, 2023** **/PRNewswire/ --** CORL Technologies, the leading provider of risk management solutions for healthcare, today introduced Third-Party Incident Response (TPIR). This managed incident response solution allows healthcare providers to address third-party security incidents proactively. CORL's TPIR service tames the chaos of incident response by enabling healthcare companies to share information and provide total clarity about how each party will respond to industry-wide vulnerabilities and episodic data breaches.

According to SC Magazine, nine out of the ten most significant healthcare data breaches were caused by third-party vendors. The Verizon annual Data Breach Investigations Report indicates ransomware saw a 13% increase in 2022, making up almost 70% of malware breaches. Ransomware incidents can cause computer systems to be down for weeks, creating a ripple effect that can impact hundreds of providers and patients.

CORL's TPIR eliminates the chaos of third-party incident response for faster resolution. TPIR clarifies every stage in an incident lifecycle, including proactive preparedness profiles and scoring, impact mapping, managing outreach and response, automating communications, and identifying key metrics using standardized data. CORL offers healthcare companies numerous benefits, including:

*   **Improved preparedness** – Create a strong data foundation with readiness profiles, managed key contact rolodexes, and scores by vendor, vendor tier, and in aggregate.
*   **Extended visibility** – Understand incident implications using impact mapping, live response tracking, reports, and other tools.
*   **Reduced internal burden** – CORL serves as an expert partner providing scalable outreach, response management, and reporting.
*   **Well-defined course of action** – TPIR provides a clear communication plan for each vendor with correct contacts and escalations.

"We developed Third-Party Incident Response to prepare healthcare providers and vendors before an incident occurs," said Cliff Baker, Chief Executive Officer of CORL Technologies. "Vendor data breaches happen every day, and very few know who to contact or how to escalate when they don't get what they need. With TPIR we eliminate the chaos, provide clarity around points of contact, escalation, incident impact, remediation, etc., and do all the outreach, so there is no impact on the internal team."

TPIR provides preparedness at scale, starting with an accurate data foundation. CORL prepares a Third-Party Incident Preparedness (TPIP) profile and score for each vendor to identify gaps and improve preparedness across all vendors. CORL's managed Third-Party Incident Impact (TPI3) workflow provides rapid insight into how an incident impacts the business. The result is a coordinated plan of action that outlines responsibilities and eliminates duplicate efforts.

"CORL is committed to going beyond risk management tools that stop short of solving the problem," continued Baker. "Our managed assessment methodology, the way we utilize data, and decision-support tools address the healthcare industry's real-world security and privacy challenges. We are committed to integrating the best of technology and human intelligence to make third-party risk management a business enabler."

**About CORL Technologies**

CORL is a leading provider of vendor risk management solutions for the healthcare industry. CORL gets results by scaling organizational and vendor risk programs through our healthcare vendor risk clearinghouse solution, dashboard reporting that business owners can understand, and proven workflows that drive measurable risk reduction. CORL accelerates the speed of vendor risk assessments and holds vendors accountable for remediating risk exposures. Together with sister company Meditology healthcare's preeminent cybersecurity consulting firm and certification body, the company has offices in Atlanta, Philadelphia, Denver, San Diego, and St. Louis. 

For more information, visit http://corltech.com.

CORL Technologies Introduces Proactive Third-Party Incident Response Solution for Healthcare

Improve overall IT administration and establish a framework to identify misconfigurations and automate the process of checking IaC before it makes it into the production environment.

Infrastructure as code (IaC) has gained rapid popularity for its ability to automate the management and provisioning of IT infrastructure by replacing manual processes with machine-readable configuration (definitions) files that contain specifications that are simple to edit, maintain, and distribute.

This approach is especially appealing and efficient when standing up and modifying infrastructure-as-a-service (IaaS) instances in cloud application environments.

But, like any technology, these gains aren't without some pain. One of the most formidable tasks is dealing with IaC management and security. While it's now incredibly fast and convenient to propagate changes across multiple production environments, errors and vulnerabilities can also spread like wildfire. This includes misconfigurations and incorrect default settings, all of which can potentially expose sensitive data, intellectual property (IP), and trade secrets.

As a result, it's wise to establish a framework — including the right strategy and technology tools — that can identify misconfigurations, fix incorrect values, and automate the sometimes-daunting process of checking IaC.

**Cracking the Code on IaC**

One of the things that makes infrastructure-as-code so appealing is the ability to automate infrastructure deployment processes as part of the development life cycle. This practice is usually referred to as creating a CI/CD pipeline — continuous development and continuous deployment. Manually provisioning, configuring, and managing systems is a time-consuming and error-prone task. IaC is an essential component for automating these processes. With the click of a button, it's possible to set up, delete, or make widespread changes to an existing environment across multiple cloud platforms using APIs

It's also possible to gain visibility into all these changes. So, if it is necessary to roll back a system to a particular date or configuration, the task is reasonably easy to manage. Because IaC typically has built-in support for things like declarative and imperative language, filters, and rules and settings, it's possible to create a standard deployable configuration file that tells a cloud provider exactly what resource to provision.

Eliminating manual processes doesn't prevent problems. IaC environments remain vulnerable to configuration errors. In many cases, IaC definition files mitigate the risk of introducing security misconfigurations due to human errors such as applying the wrong user access policy or important security settings. However, when human-made mistakes happen, they will affect all resources that are using the same definition files and may impact thousands of resources.

In fact, it's remarkably easy to miss configuration issues in IaC, especially when a large and complex cloud infrastructure is provisioned. And once the problem exists in the production environment it's usually a lot more difficult and time-consuming to fix. As a result, organizations should implement a shift-left approach to IaC security that's designed to fix issues directly when code is written or modified.

**Finding the Fix**

Addressing the problem involves scanning new IaC files for errors and fixing them before they are released to production, as well as discovering misconfigurations already deployed in cloud environments and modifying the IaC files. This requires following a clearly defined three-step process:

*   **Identify the misconfigurations.** This "hygiene" starts with state and resource aware scanning of configuration files to identify errors or policy violations that need to be fixed. These processes should scan the cloud runtime environment and take into account the plan and state outcomes. Once problems have been identified, it's critical to fix code for all files that touch the cloud environment. In some cases, thousands of configuration files might exist.
*   **Create a staging environment for testing.** One of the big advantages of IaC is that you can quickly create many instances of your entire infrastructure, it's simple to create a staging environment and a production environment. Once the review process is complete in the staging environment, transferring it to a live setting is a process that takes place at the push of a button.
*   **Inspect an IaC environment before provisioning to production so that it aligns with security policies.** The inspection process should include a review that ensures that a policy is correctly translated into a control, and the control is correctly embedded in the configuration file. For example, an organization might check to see that any sensitive data isn't stored in clear text or secrets are not exposed. It's critical to conduct a thorough review so that a new setting or configuration doesn't introduce a new issue.
*   **Add the correct values.** The next step is to fix the actual problem. This may be something as straightforward as encrypting a database that was previously unencrypted or something as complicated as changing a specific setting in all the virtual machines or storage devices in a particular region or country. Once this analysis is complete, it's possible to update configuration files or create new ones.
*   **Deploy the new or updated code.** After you have made the necessary changes, it's time to push out the new or updated configuration files. While IaC makes this task much easier, it's important to ensure that the update is going to the right place and that it will be deployed as intended, as part of a managed CI/CD process.

While IaC provides huge advances for deploying and managing today's highly complex cloud and IT environments, it does not address security issues and configuration errors that will inevitably occur. However, with the right processes, procedures, and tools it's possible to automate the detection and remediation of security risk in even the largest IaC deployments.

Understanding Infrastructure-as-Code Risks in the Cloud

**DUBLIN****,** **Jan. 4, 2023** **/PRNewswire/ --** The "Global Mobile Biometrics Market Size, Share & Industry Trends Analysis Report By Industry, By Technology, By Authentication Mode (Single Factor and Multi Factor), By Component (Hardware, Software and Service), By Regional Outlook and Forecast, 2022 - 2028" report has been added to  ResearchAndMarkets.com's offering.

The Global Mobile Biometrics Market size is expected to reach $91.9 billion by 2028, rising at a market growth of 21.8% CAGR during the forecast period.  
Mobile biometric authentication uses biometrics to recognize and confirm a person's identity when they attempt to access any mobile application. Authentication can be carried out using these mobile biometric devices in a number of different ways, including face recognition, fingerprint readers, voice recognition, and others. Mobile biometrics solutions straddle the line between identity and connectivity.  
They make use of smartphones, tablets, other forms of handheld devices, wearable technologies, and Internet of Things devices for their flexible deployment capabilities. Controlling access to information, locations, and systems have become more and more necessary over time. Many businesses currently use cards, PINs, or passwords to verify users' identities before granting access. However, there are significant problems with this conventional method.  
In recent years, biometric technology has gained popularity on mobile devices. The technology improved in terms of user-friendliness and consumer affordability. This biometric solution is a method used to authenticate a person who is in possession of a mobile device and uses it as a distinctive biometric identifier. Single-factor authentication (SFA) and multi-factor authentication (MFA) are the two different authentication mechanisms used by mobile biometric systems.  
These systems operate using a variety of techniques, including Deep Neural Networks and Keystroke Dynamics. Together, these procedures form a mobile biometrics system that provides coordinated security for mobile devices. The demand for this effective security solution typically increases significantly. In order to determine similarity, biometric authentication compares data for a person's features to that person's biometric "template".  
**COVID-19 Impact Analysis**  
The pandemic had a positive impact on the mobile biometrics market. This was due to a significant shift toward the rise of digital stores and e-commerce platforms, which has led to an increase in the use of online payments. The potential for an increase in cyberattacks in the form of fraud and identity theft also guided the market. Secure authentication services for different banking and financial applications, like client KYC and money transfer, are required in such a situation, and the usage of top-notch security tools is crucial.  
**Market Growth Factors**

**Increase In Platforms Using Biometric Authentication**  
The demand for biometric solutions has increased over the past few years as digital media and internet content delivery have grown. Traditional methods of authentication, like signatures and text-based credentials, have been shown to be more difficult for users to use because they are so vulnerable to contemporary cyberattacks. Furthermore, customers really need to develop faster methods of authentication due to the growing quantity of digital services.  
**Assurance Of Higher Security With Biometrics Usage**  
One of the key factors propelling the growth of mobile biometrics is the increasing demand for intelligence security devices in mobile devices to secure the data saved in the devices, such as bank account information, photos, recordings, contacts, and other personalized data. By confirming a physical, real-world characteristic that is (typically) specific to that person, such as fingerprints, facial features, voice articulation, and others, biometric solutions can give providers a higher level of assurance that the person is real.  
**Market Restraining Factors**

**Wrong And Inaccurate Results Through Biometrics**  
False positives and inaccuracy are two of the most significant challenges. Biometric authentication procedures rely on insufficient data to confirm a user's identity. For instance, during the enrollment step, a mobile biometric device will scan a whole fingerprint and turn it into data. Future fingerprint biometric authentication, however, will only require a portion of the print to confirm identity, making the process speedier overall.

**Scope of the Study**

**Market Segments Covered in the Report:**

**By Industry**

*   Public Sector
*   BFSI
*   Healthcare
*   IT & Telecommunication
*   Others

**By Technology**

*   Fingerprint Recognition
*   Face Recognition
*   Voice Recognition
*   Others

**By Authentication Mode**

*   Single Factor
*   Multi Factor

**By Component**

*   Hardware
*   Software
*   Service

**By Geography**

*   North America
*   US
*   Canada
*   Mexico
*   Rest of North America
*   Europe
*   Germany
*   UK
*   France
*   Russia
*   Spain
*   Italy
*   Rest of Europe
*   Asia Pacific
*   China
*   Japan
*   India
*   South Korea
*   Singapore
*   Malaysia
*   Rest of Asia Pacific
*   LAMEA
*   Brazil
*   Argentina
*   UAE
*   Saudi Arabia
*   South Africa
*   Nigeria
*   Rest of LAMEA

**Key Market Players**

**List of Companies Profiled in the Report:**

*   3M Company
*   Apple Inc.
*   NEC Corporation
*   BIO-key International, Inc.
*   Fujitsu Limited
*   HID Global Corporation
*   Precise Biometrics AB
*   M2SYS Technology, Inc.
*   Aware, Inc.

For more information about this report visit https://www.researchandmarkets.com/r/vwb2z6

Insights On the Mobile Biometrics Global Market To 2028 - Increase In Platforms Using Biometric Authentication Drives Growth

Ransomware: contemporary threats, how to prevent them and how the FBI can help
In April 2021, Dutch supermarkets faced a food shortage. The cause wasn't a drought or a sudden surge in the demand for avocados. Rather, the reason was a ransomware attack. In the past years, companies, universities, schools, medical facilities and other organizations have been targeted by ransomware threat actors,

**_Ransomware: contemporary threats, how to prevent them and how the FBI can help_**

In April 2021, Dutch supermarkets faced a food shortage. The cause wasn't a drought or a sudden surge in the demand for avocados. Rather, the reason was a ransomware attack. In the past years, companies, universities, schools, medical facilities and other organizations have been targeted by ransomware threat actors, turning ransomware into the internet's most severe security crisis.

**The Ransomware Landscape**

Ransomware has existed for more than 30 years, but it became a lucrative source of income for cyber actors and gangs in the past decade. Since 2015, ransomware gangs have been targeting organizations instead of individuals. Consequently, ransom sums have increased significantly, reaching millions of dollars.

Ransomware is effective because it pressures victims in two, complementary ways. First, by threatening victims to destroy their data. Second, by threatening to publicize the attack. The second threat has an indirect impact, yet it is just as serious (if not more). Publication could trigger regulatory and compliance issues, as well as negative long-term brand effects.

Here are some examples of real ransomware notes:

Ransomware as a Service (RaaS) has become the most widespread type of ransomware. In RaaS attacks, the ransomware infrastructure is developed by cyber criminals and then licensed out to other attackers for their use. The customer attackers can pay for the use of software or they can split the loot with the creators. Etay maor, Senior Director Security Strategy at **Cato Networks** commented, "There are other forms of RaaS. After receiving the ransomware payment some Ransomware groups sell all the data about the victim's network to other gangs. This means the next attack is much simpler and can be fully automated as it does not require weeks of discovery and network analysis by the attackers."

Some of the major RaaS players, who are notorious for turning the RaaS landscape into what it is today, are CryptoLocker, who infected over a quarter million systems in the 2000s and profited more than $3 million in less than four months, CryptoWall, who made over $18 million and prompted an FBI advisory, and finally Petya, NotPetya and WannaCry who used various types of exploits, ransomware included.

**How the FBI Helps Combat Ransomware**

An organization under attack is bound to experience frustration and confusion. One of the first recommended courses of action is to contact an Incident Response team. The IR team can assist with investigation, recuperation and negotiations. Then, the FBI can also help.

Part of the FBI's mission is to raise awareness about ransomware. Thanks to a wide local and global network, they have access to valuable intelligence. This information can help victims with negotiations and with operationalization. For example, the FBI might be able to provide profiler information about a threat actor based on its Bitcoin wallet.

To help ransomware victims and to prevent ransomware, the FBI has set up 56 Cyber Task Forces across its field offices. These Task Forces work closely with the IRS, the Department of Education, the Office of Inspector General, the Federal Protective Service and the State Police. They're also in close contact with the Secret Service and have access to regional forensics labs. For National Security cyber crimes, the FBI has a designated Squad.

Alongside the Cyber Task Force, the FBI operates a 24/7 CyWatch, which is a Watch Center for coordinating the field offices, the private sector and other federal and intelligence agencies. There is also an Internet Crime Complaint Center, ic3.gov, for registering complaints and identifying trends.

**Preventing Ransomware Attacks On Time**

Many ransomware attacks don't have to reach the point where the FBI is needed. Rather, they can be avoided beforehand. Ransomware is not a single-shot attack. Instead, a series of tactics and techniques all contribute to its execution. By identifying the network and security vulnerabilities in advance that enables the attack, organizations can block or limit threat actors' ability to perform ransomware. Etay Maor added "We need to rethink the concept that "the attackers need to be right just once, the defenders need to be right all the time". A cyber attack is a combination of multiple tactics and techniques. As such, it can only be countered with a holistic approach, with multiple converged security systems that all share context in real time. This is exactly what a **SASE architecture**, and no other, offers the defenders".

For example, here are all the steps in a REvil attack on a well-known manufacturer, mapped out to the MITRE ATT&CK framework. As you can see, there are numerous phases that took place before the actual ransom and were essential to its "success". By mitigating those risks, the attack might have been prevented.

Here is a similar mapping of a Sodinokobi attack:

Maze attack mapping to the MITRE framework:

Another way to map ransomware attacks is through heat maps, which show how often different tactics and techniques are used. Here is a heat map of Maze attacks:

One way to use these mappings is for network analysis and systems testing. By testing a system's resilience to these tactics and techniques and implementing controls that can mitigate any risks, organizations reduce the risk of a ransomware attack by a certain actor on their critical resources.

**How to Avoid Attacks - From the Horse's Mouth**

But don't take our word for it. Some ransomware attackers are "kind" enough to provide organizations with best practices for securing themselves from future ransomware attacks. Recommendations include:

*   Turning off local passwords
*   Using secure passwords
*   Forcing the end of admin sessions
*   Configuring group policies
*   Checking privileged users' access
*   Ensuring only necessary applications are running
*   Limiting the reliance of Anti-Virus
*   Installing EDRs
*   24 hour system admins
*   Securing vulnerable ports
*   Watching for misconfigured firewalls
*   And more

Etay Maor of Cato Networks highlights "Nothing in what several Ransomware groups say organizations need to do is new. These best practices have been discussed for years. The reason they still work is that we try to apply them using disjoint, point solutions. That didn't work and will not work. A SASE, cloud native, architecture, where all security solutions share context and have the capability to see every networks flow and get a holistic view of the attack lifecycle can level the playing field against cyber attacks".

**Ransomware Prevention: An Ongoing Activity**

Just like brushing your teeth or exercising, security hygiene is an ongoing, methodical practice. Ransomware attackers have been known to revisit the crime scene and demand a second ransom, if issues haven't been resolved. By employing security controls that can effectively mitigate security threats and having a proper incident response plan in place, the risks can be minimized, as well as the attackers' pay day. The FBI is here to help and provide information that can assist, let's hope that assistance won't be needed.

To learn more about ransomware attacks and how to prevent them, **Cato Networks' Cyber Security Masterclass series is available for your viewing.**

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

The FBI's Perspective on Ransomware

**JERUSALEM, ISRAEL (PRWEB)** **JANUARY 03, 2023 --** C2A Security, a leading provider of automated cybersecurity solutions for connected, autonomous, and electric vehicles will showcase its flagship product, EVSec, during the Consumer Electronics Show (CES 2023) taking place in Las Vegas, January 5-8, 2023. EVSec’s innovative automated cybersecurity DevOps platform helps C2A Security customers and partners including Thundersoft, NTT Data, Marelli, MIH, and more, manage software at scale.

As electric and software-defined vehicles become more popular on the roads, governments are instituting regulations, and OEMs, tier-1, and tier-2 suppliers are seeking ways to keep up with this new, ever-evolving industry landscape. C2A Security’s EVSec - Cybersecurity DevOps platform - was built to automate the compliance process for current and emerging cybersecurity standards and regulations. EVSec enables developers to focus on innovation and enhancements, such as new products and features, so automotive companies can stay competitive and provide more business value to the end customer while getting built-in, efficient, and streamlined cybersecurity at scale.

With automotive regulations in Europe and the US promoting the future sales of EVs to rise, cyber threats are inevitable, making C2A’s EVSec solution critical to maintaining the safety of not only the drivers but critical infrastructures as well. Growing its sales funnel by 15 times this past year, and creating strategic partnerships with European, US, and Asian-based OEMs and Tier-One suppliers, C2A Security’s award-winning solution has proven a necessity for the future of the global EV ecosystem.

Partners include:

Thundersoft\- C2A provides the necessary tools for OEMs and suppliers in China to enable the development of intelligent connected and electric vehicles and to effectively identify and respond to cyberattacks and provide full lifecycle security protection for the automotive industry.

"We have deeply felt the growth of the intelligent connected vehicle business and cybersecurity is an indispensable part of the intelligent connected vehicle," says Wenguang Wu, Executive President of ThunderSoft. "The cooperation with C2A Security provides cybersecurity solutions for the whole lifecycle of connected vehicles in China. We look forward to expanding the cooperation globally and bringing the vehicle industry to a safer future."

NTT Data Corporation \- A Japanese multinational player in the field of IT services: C2A Security’s EVSec platform will be sold globally by NTT DATA and is the first platform selected to be incorporated in the new Global Automotive Security Test Center of NTT Data. 

“We want to apply our expertise in cybersecurity to the connected car sector, thanks to our global Automotive Security Test Center and to our collaboration with C2A Security, NTT DATA will be an international reference point to protect connected cars from cyber-attacks and ensure the drivers' safety,” said Marco Garelli, Head of Automotive at NTT DATA Italy.

Marelli - C2A Security’s joint project with Marelli, a leading global Tier-1using EVSEC Attacker, intelligent system level, and security validation tool to shift left the system validation process using the information from the target to support more targeted, faster, and result-oriented testing which leads to smart and efficient validation. 

“Fuzz testing, with C2A’s solution, enables early discovery of vulnerabilities hence reducing the time needed to deliver SW and products,” said Cosimo Senni Guidotti Magnani Senior Manager Connected Vehicle Cyber Security of Marelli

MIH Consortium - C2A Security is the ambassador of the Foxconn-initiated MIH Consortium winning the MIH startup challenges and showing a strong alignment with the MIH open and agnostic EV platform built by MIH, C2A is an official MIH member and contributes to bringing cybersecurity as a full component of MIH projects. 

“C2A Security shares the same vision as MIH, in offering a seamless and holistic approach to automotive cybersecurity over the entire lifecycle,” said Jack Cheng, CEO of MIH Consortium

At CES, C2A’s executive team is scheduling appointments and demonstrations of EVSec at the Westgate Hotel to showcase the solution and the value it provides to its customers.

About C2A Security 

C2A provides automated cybersecurity solutions to enable the connected, autonomous, and electric mobility revolution. C2A Security's flagship product EVSec is a Cybersecurity DevOps platform, helping automotive companies remain competitive and provide more business value in the software-defined vehicle era, supporting the security lifecycle from development to operations and back and automating the process of complying with cybersecurity standards and regulations. Using EVSec, C2A’s customers get efficient and streamlined cybersecurity, managing software at scale while overcoming the shortage of professional cyber experts, reducing costs and time to deployment.

C2A Security To Showcase Automotive Cybersecurity DevOps Platform at CES In Las Vegas, January 5-8

The Evil Corp-linked malware family has undergone an evolution, becoming more obfuscated and "several times more complex," as the group behind it tests how far the worm can be spread.

Hacking groups are using a new version of the Raspberry Robin framework to attack Spanish and Portuguese-language based financial institutions — and it's complexity quotient has been significantly upgraded, researchers said this week.

According to a Jan. 2 report from cybersecurity firm Security Joes, the group has used the same QNAP server for several rounds of attacks — but victim data is no longer in plaintext but rather RC4-encrypted, and the downloader mechanism has been updated with new anti-analysis capabilities, including more obfuscation layers.

Raspberry Robin is a backdooring worm that infects PCs via Trojanized USB devices before spreading to other devices on a target's network, acting as a loader for other malware. Since being spotted nesting in corporate networks in May, it has gone on to rapidly infect thousands and thousands of endpoints — and the species is rapidly evolving.

The threat actor behind the worm is thought to be part of larger ecosystem facilitating preransomware activity and is considered one of the largest malware distribution platforms currently active. Researchers recently linked it to Evil Corp, for instance, thanks to its significant similarities to the Dridex malware loader.

"What is unique about the malware is that it is heavily obfuscated and highly complex to statically disassemble," the research team wrote.

**Upgraded Malware Version Takes Flight

In the latest iteration, the malware protection mechanism has been upgraded to deploy at least five layers of protection before the malicious code is deployed, including a first-stage packer to obscure the code of the next stages of the attack followed by a shellcode loader.

The next three layers include a second-stage loader DLL, intermediate shellcode, and finally the shellcode downloader. This complex framework makes the worm more difficult to detect and simultaneously eases lateral movement through networks, the researchers explained.

The research also indicated Raspberry Robin operators have began to collect more data about their victims than earlier reported.

"Not only did we discover a version of the malware that is several times more complex, but we also found that the C2 beaconing, which used to have a URL with a plain-text username and hostname, now has a robust RC4 encrypted payload," wrote senior threat researcher Felipe Duarte, who led the investigation.

In one case, the research team documented how a 7-Zip file was downloaded from the victim's browser, potentially from a malicious link or attachment that tricked the user into acting.

"Upon inspection, the archive was found to be an MSI installer that, when executed, drops several files onto the victim's machine," the report noted.

In a second case, the malicious payload was hosted on a Discord server, which was used by the threat actors to deliver malware onto the victim's machine, to avoid detection and bypass security controls.

"In the cases we investigated, threat actors decided to implement additional validations on their backend to have a better segmentation and visibility of their targets," the report noted. "This allows them to filter bots running in sandboxes, analyze environments and respond to any other circumstance that could interfere a segment of the botnet operation, to fix it in real-time."

****Raspberry Robin Makes the Rounds**

The threat is flighty, following a pattern of appearing, disappearing, then reappearing with significantly upgraded capabilities.

Security firm Red Canary first analyzed and named Raspberry Robin in May, noting that it was infecting targets via malicious USB drives and worming to other endpoints — but then remaining dormant.

Subsequent reports then found Raspberry Robin worm to have added 10 layers of obfuscation and fake payloads, in order to launch attacks against telecommunications companies and governments across Australia, Europe, and Latin America, according to a December research report from Trend Micro.

Soon after, it came to the attention of other researchers, including IBM Security and the Microsoft Security Threat Intelligence Center (MSTIC); the latter is monitoring the operators of the Raspberry Robin worm under the moniker DEV-0856.

Raspberry Robin Worm Hatches a Highly Complex Upgrade

EuskalHack Security Congress sixth edition is a new proposal from the EuskalHack Computer Security Association, with the aim to promote the community growth and the culture in the digital security field. As usual, in this new edition proximity to our public and technical quality will be our hallmarks. This exclusive conference is shaping up as the most relevant in Basque Country, with an estimated 200 attendees for this sixth edition. The participants include specialized companies, public organisms, state security organizations, professionals, hobbyists and students in the area of security and Information Technology. The date for the conference is the 23th and 24th of June 2023 in the lovely city of Donostia San Sebastian.

                                                                                                                                          i@@@@@@@@@@@@t                                                                                                 ;@@@@@@@@88@@@@@@@@t                                                                                            ,@@@@@:          .@@@@@1                                                                                         C@@@@                8@@@8                                                                                       L@@@L                  ;@@@8                                                                                      @@@0                    f@@@,                                                                                    1@@@.                     @@@C                                                                                ::  t@@@                      @@@0   ,                                                                           @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@f                                                                          @@           G@@@@@@@@@@@G          i@L            _____          _         _ _   _            _                  @@       1@@@t;8@C8GG088.f@@@i      ;@f           | ____|   _ ___| | ____ _| | | | | __ _  ___| | __              @@     8@@t8@@@@@@i@L@0@@@@0;@@G    ;@f           |  _|| | | / __| |/ / _` | | |_| |/ _` |/ __| |/ /              @@   f@@ .@@@@f@01C@L1@@C@@@@ .@@:  ;@f           | |__| |_| \__ \   < (_| | |  _  | (_| | (__|   <               @@  8@G  @GL;8@@@@@@@@@@@L:C0@  G@C ;@f           |_____\__,_|___/_|\_\__,_|_|_|_|_|\__,_|\___|_|\_\              @@ 8@L     @@@@@@@@@@@@@@@@f     C@t;@f           / ___|  ___  ___ _   _ _ __(_) |_ _   _                         @@i@@     @@@@@@@;   ,@@@@@@8     @@i@f           \___ \ / _ \/ __| | | | '__| | __| | | |                        @@@@i    @@@@@@@       0@@@@@i    i@@@f            ___) |  __/ (__| |_| | |  | | |_| |_| |                       @@@@@0    @@@@@@8       C@@@@@G   1@@@@@;          |____/ \___|\___|\__,_|_|  |_|\__|\__, |    ___    ___ _        @@@@,    @@@@@@@8     C@@@@@@L    ,@@@f            / ___|___  _ __   __ _ _ __ ___  |___/__   \  \  /  /| |        @@C@C    :@@@@@@@@   @@@@@@@@     C@t@f           | |   / _ \| '_ \ / _` | '__/ _ \/ __/ __|   \  \/  / | |        @@ @@     ;@@@@@@@   @@@@@@@      @@;@f           | |__| (_) | | | | (_| | | |  __/\__ \__ \    \    /  | |        @@ ,@@      8@@@@@@@@@@@@@i      @@ ;@f            \____\___/|_| |_|\__, |_|  \___||___/___/     \__/   |_|        @@  .@@,      .@@@@@@@@@       :@@  ;@f                             |___/                                         @@    0@@  .8@0C@8@@@8@0L@8,  @@C   ;@f                                                                           @@      0@@L  :@@@@@@@@@,  G@@G     ;@f                                                                           @@        .8@@@8C@C@18G@@@@8.       ;@f                                                                          @@@8GGGGGGGGGGGG8@@@@@@@8GGGGGGGGGGGG@@@,                                                                         G@@1:::::::::::::::0@::::::::::::::::@@@                                                                   ] EuskalHack Security Congress VI Call For Papers [Introduction------------EuskalHack Security Congress sixth edition is a new proposal from the EuskalHack Computer Security Association, with the aim to promote the community growth and the culture in the digital security field. As usual, in this new edition proximity to our public and technical quality will be our hallmarks.This exclusive conference is shaping up as the most relevant in Basque Country, with an estimated 200 attendees for this sixth edition.The participants include specialized companies, public organisms, state security organizations, professionals, hobbyists and students in the area of security and Information Technology.Date and location-----------------The date for the conference is the 23th and 24th of June 2023 in the lovely city of Donostia – San Sebastian.Take part as a speaker----------------------We want to open the doors to all those who wish to be part of this fifth edition of the EuskalHack Security Congress in one of the various categories of talks and workshops we offer.We are looking for small workshops or talks related to digital security, information security or tech in general, such as: - Robotics, Drones, Consoles, Hardware Hacking, Gadgets, mobile environments... - Critical infrastructure security, industrial environments, Smart City, financial... - Cloud insecurity, virtualization, containers, Hardening, DevOps, cloud forensics... - GSM signal hacking, SDR, LTE, 4G/5G, Satellite links, VoIP... - Cryptography, steganography, forensics techniques and countermeasures... - AI, Neuronal networks, Data mining, statistical modeling... - Malware, APT, Sandboxing, Sandbox escapes, Bypassing “things”... - Corporate security and intelligence, Social engineering, OPSEC, OSINT... - Web Hacking, SQL and NoSQL injection, LDAP injection, Hacking with search engines... - Hacktivism, net neutrality, Deep web, darknet, cryptocurrencies... - Reverse engineering.All proposals will be valued according to their originality, educational value, contribution to the community, and the capacity to make our audience have a good time.Highest priority will be given to those proposals that have not been previously exhibited at another event. Please don't forget to indicate it when making your submission.Language and internationalization---------------------------------At EuskalHack we value linguistic diversity and internationalization; this is why we accept talks in Spanish, Basque or English. Just let us know what language you plan to use for your slides and for the talk. Note: We positively value bilingual options which can be understood by the maximum number of attendees as possible as, for example, slides in one language while speaking in another one.Talks and Workshops-------------------We will have several spaces over the course of the event, which will include talks and workshops concurrently, taking two different approaches: * Standard talks: 50 minutes duration * Specific workshops: 120 minutes duration    Once all the proposals have been received, the total number of presentations of each type will be determined, considering aspects such as technological diversity and the audience.Workshops will be taught on June 24 with a capacity of 40 attendees. In addition, please confirm the necessary infrastructure and material required in the sent proposal.Proposals---------Proposal submissions should be sent before April 23th through the forms found on the following links:ENGLISH    https://forms.gle/xr3wEfiJYuFkwVYr5SPANISH    https://forms.gle/iPH3LRoSfzyjY3Em6  EUSKERA     https://forms.gle/CGRhHeVbCysQ5A7G8Dates to consider-----------------The following are the dates and milestones which should be considered during various phases by the speakers directly involved:26/12/22    Speaker registration begins23/04/23    Speaker registration ends30/04/23    Speaker confirmation date deadline by the organization 15/05/23    Speaker requirements submission31/05/23    Follow-up communication22/06/23    Speakers reception23/06/23    EuskalHack Security CongressCommitment in meeting the dates set by those interested for the paper planning and effective implementation of the congress is requested.Speaker rights and privileges----------------------------- * Take part in the reference security congress in Basque Country. * Round trip paid by the organization (conditions to be agreed *). * Accommodation paid in a hotel near to the congress, in the beautiful city of Donostia - San Sebastian (Double room). * Complete access to the conference with a companion. * Dinners with the other speakers and conference organizers.Disclaimer---------- * The talks and workshops not exhibited previously at other security congresses or media will be considered a priority. * Compliance with obligations and regulations by all concerned parties is vital to avoid any setbacks for the speaker and the congress. * The duration of the talks must stick to the terms of the agreement, allowing the audience to have time for the round of questions. * The talks and workshops must stick to the computer security ethical code, common sense and the applicable laws. * It is essential that you indicate the needs regarding travel and accommodation in order to manage your stay with us in the best possible way.  The organization reserves the right not to take charge of this aspect if it is not expressly indicated.Sponsors--------------Being part of EuskalHack as a sponsoring company implies having presence and impact in a unique and singular area, allowing directing a message to a target audience, and facilitating and strengthening your brand and products’ knowledge in a major community event.We have a maximum number of allowed sponsors, as we consider it essential to establish a balance between the visitors and the companies involved. If you would like to be a part of the conference, please contact us as soon as possible at the following address: info@euskalhack.orgContact-------Web:        http://www.euskalhack.org/Mail:       info@euskalhack.orgTwitter:    @EuskalHack

EuskalHack Security Congress VI Call For Papers

Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker to execute JavaScript code in the context of users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Notify Users About Modification menu and the Notifications feature. A user can send malicious notifications and execute JavaScript code in the browser of every user who has enabled notifications. This is a stored XSS, and can lead to privilege escalation in the context of the application. (Another issue is present in the Favorites tab. The name of a favorite or a folder of favorites is interpreted as HTML, and can thus embed JavaScript code, which is executed when displayed. This is a self-XSS.)

��ܥ�!U�sЕ������'��.�yZB<�|�iHF�ҁ!%�m���m/7}�3i��<�vD�|;�눩|�u\`H U)�����3��������9�;��p)P����!� 6��Un��?��PHˋ�i\[e ���a�v� �e?�5�<�F>b�\],a��w�KÓ8�K�\` �1�:�F�ţl�"�5�9�F~R�Y�p0O���|2 �IAa���s0|��b�p!����b�c#?&�ϓ88흷 i��������e�o�E,�����L�1�͋�P���$f�s8���b�/�N�B�\]qp���s0����"-ҡ9���A�/c�\[o���%�����dR�HD�\_��\[��ՒW���K%�l�(��eڈ��M�0N{�?�D�a��8���W����K%�l�(�Xeڈ �PdJ,O�Ȓ��~�%�z��tRUȎ�b�O��@:�Cq�)q��.�8��-�b�u1�$ن7t�� Y�ȨM���7p��a��"�6j��k\]1I����8H��Z� "�e��%�+-y�F��v{��Q^E��L qȷ���'�%�r}�{-V��(iQE�� �Ƿaψ�8H�8HKw�t���z,&�Ea��ڰ���0�jL�.,q��Wư���K:d�'=�J�o�����������2��K�e���<��m\_�y8�%�!�f�y�1>-u��2�����!T�e�$�qTQ���o������j���Ϟc�$z��w/ q���yc�z�e,u�/I�6\_�F@bi��Ak�\`I��n�,�F'o��"�?�A�V~�K�$/�9s��;�n��uce���.���pp�Z$���Kp�߮UƎ����Fuq0Y{�P(�R�,Mؐa� \_��c��\`K\\o�����d��>�MV�i�=\\dG

Tag

#intel