SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36957: Published | Zero Day Initiative

The new open source specification from Open Compute Project is backed by Google, Nvidia, Microsoft, and AMD.

Some of the top names in the hardware industry have joined forces to create common technologies to enhance security in the cloud.

Google, Nvidia, Microsoft, and AMD partnered to establish Caliptra, an open specification to embed security mechanisms inside chips. The spec, which is open source and free to license, was announced on Tuesday at the Open Compute Project Summit, being held in Santa Clara, Calif. The participating companies are members of the Open Compute Project (OCP), which will maintain the development of the specification along with the Linux Foundation.

The Caliptra project revolves around establishing a root of trust (RoT) — building security layers into silicon so data is encrypted and not exposed as it travels in data centers or the cloud.  

"We need to embed that capability in silicon. At some point in the future, it's not going to be enough to have it on the motherboard, for example in the server as a separate piece of circuitry," said Cliff Grossner, vice president of market intelligence at OCP, during a press briefing.

Caliptra expands the security boundaries of data from the chip level to the cloud. The specification provides common language for chip makers and cloud providers to create technologies around confidential computing, which is gaining attention as a way to protect data while it is in storage, in transit, or being processed in the cloud.

"With the rise of edge computing, the resultant growth in the exposed attack surface also presents a need for stronger physical security solutions," wrote Mark Russinovich, Microsoft CTO for Azure, in a Tuesday blog post about Caliptra.

**Defining Open Source Confidential Computing**

Vulnerabilities like Spectre and Meltdown showed hackers could steal data by attacking hardware. Intel and AMD, whose CPUs dominate the data center and cloud infrastructure, are adding proprietary features to lock down data at the chip level, but Caliptra is being pitched as a viable open source alternative.

The specification defines a reusable silicon block that can be dropped into chips and devices to establish an RoT. The silicon block provides verifiable cryptographic assurances that the chip security configuration is correct. It also provides a mechanism within the chip to ensure that the boot code can be trusted.

"This represents an enhancement over existing solutions today, and we expect that this will meet the enhanced security requirements for edge and confidential computing going forward," OCP's Grossner said.

The specification includes mechanisms to protect data from a range of electromagnetic, side-channel, and other common attacks. But Caliptra does not cover emerging attack vectors like quantum computers, which will provide the means to crack advanced encryption in just seconds.

The Caliptra specification also covers major aspects of attestation, which is more of a chip-level handshake to ensure that only authorized parties get access to data stored in hardware enclaves. The RoT blocks in a chip isolate the data, while providing an effective mechanism to verify the authenticity and integrity of code, firmware, and other security assets.

**Securing the Enterprise Cloud**

The first Caliptra spec, version 0.5, can be prototyped on field-programmable gate arrays before being implemented into final chip designs. The specification document points to the technology being geared for enterprise computing infrastructures rather than home or business PCs.

The tenets of Caliptra, which include authentication, detection, and recovery, tilt heavily toward establishing a silicon RoT for server and edge chips, which are built differently than PC chips.

Microsoft is using attestation based on Trusted Platform Module (TPM) chips as a security mechanism for Windows 10 and 11 operating systems. The company's Pluton security chip, which has a TPM built in and can be used for attestation, has largely been rejected by the wider PC industry.

Microsoft and Google executives didn't say whether or when they would make Caliptra a part of their cloud services. Microsoft last week expanded the use of AMD's SNP-SEV technology for confidential computing in the cloud. Azure also offers virtual machine instances with Intel's proprietary SGX security enclave.

**Expanding the Open Compute Project**

The Open Compute Project was established in 2011 by the likes of Google and Meta (then Facebook), which were buying thousands of servers and looking to standardize on hardware designs in their mega data centers. The goal was to reduce the server build times and cut costs by stripping off unnecessary components.

OCP has since grown into a powerhouse that counts all major infrastructure hardware providers as members — with the exception of Apple and Amazon, which rely on internally designed hardware.

OCP guidelines also include power, cooling, storage, and networking specifications that are now widely adopted. The OCP has also inspired nontech companies, largely in the financial sector, to experiment and develop standardized servers for on-premises data centers.

"We have the industry leaders coming together here within the OCP community, and we want to bring the standardized facility architecture for deployed servers," Grossner said. "Server security will become scalable."

Servers previously largely depended on CPUs, but now include different computing devices such as GPUs to handle applications like artificial intelligence. Standardizing the server security architecture was a top priority for company executives addressing media during the OCP call.

"This ecosystem we all play in — it starts with trust you have ... in your computing. We were on a path to have a number of bifurcated solutions, and that's just not good for anyone," said Mark Papermaster, chief technology officer at AMD, during the call.

Hardware Makers Standardize Server Chip Security With Caliptra

Many enterprises continue to leave cloud storage buckets exposed despite widely available documentation on how to properly secure them.

Cloud storage misconfigurations of the sort that Microsoft disclosed late yesterday continue to be a major contributor to data breaches.

Microsoft Security Response Center said in a post that information shared by prospective clients with the company in recent years potentially may have been compromised via a misconfigured cloud storage endpoint.

SOCRadar, the threat intelligence firm that reported the issue to Microsoft, described discovering the data in an Azure Blob storage bucket that was publicly accessible over the Internet. The data was associated with more than 65,000 companies in 11 countries and included statement-of-work documents, invoices, product orders, project details, signed customer documents, product price lists, personally identifiable information (PII), and potentially intellectual property as well.

Microsoft blamed the issue on an unintentional misconfiguration on an endpoint containing the data, and said SOCRadar "greatly exaggerated the scope of this issue," with some duplicate data that exaggerated the numbers.

**Ongoing Problem**

Storage-bucket misconfigurations by other organizations have resulted in numerous data breaches in recent years. A Trend Micro study last year found storage-related configuration errors to be among the most common cloud security issues that lead to data breaches. The analysis showed, for example, that administrators frequently misconfigure a setting in Amazon's AWS cloud service that allows organizations to block public access to data in their S3 storage buckets. But even with readily available and detailed documentation, administrators often fall short and leave Amazon S3 buckets open and publicly accessible. 

The security vendor found the same problem prevalent in Microsoft Azure storage environments as well. The Azure storage account service that contains Azure Storage objects such as blobs, file shares and tables, had a misconfiguration rate of 60.75%, Trend Micro found.

Unsurprisingly, data exposures resulting from misconfigured cloud storage buckets remain commonplace. Many of the publicly known instances have involved data in insecure or poorly configured AWS S3 storage buckets. One recent example is Skyhigh Security's discovery of some 3TB worth of airport data — more than 1.5 million files — stored in a publicly accessible S3 bucket. The compromised data included PII and sensitive employee and company data associated with at least four airports in Peru and Colombia.

According to third-party risk management vendor UpGuard, there have been thousands of S3-related breaches tied to misconfigured S3 settings in recent years. Incidents involving Azure Blob misconfigurations — though fewer in number — have resulted in major compromises as well. Research that CyberArk conducted last year uncovered millions of files stored online in Azure Blob storage without any access restrictions at all, meaning anyone looking for the data could access it. Many of the files that CyberArk found include personal identifiable information, payment card information, financial information, and other sensitive data.

**So Much Data**

Meantime, the circumstances surrounding Microsoft's newly disclosed Azure Blob misconfiguration are not clear, says Claude Mandy, chief evangelist for data security at Symmetry Systems. "A more technical post-incident analysis would be beneficial for the entire industry to take proactive steps to avoid similar issues," he says.

The information released thus far on the Microsoft incident suggests that either the Azure storage container or the blobs containing the data was configured to allow anonymous public read access to the data — a setting that is not allowed by default. "This configuration drift is unfortunately common. For example, it may result from users with excessive privileges attempting to share specific data with external parties without having the expertise to configure external access securely," Mandy says.

In addition, it appears that the specific blob storage may have also been used to backup data from other blob storages, resulting in further unattended sharing of data, he adds.

The incident underscores the challenges organizations face from the sheer scale of data being generated and collected these days, and the way it is shared and managed. "This can include simple changes such as people joining and leaving organizations, or the need to use or share data with different parties," Mandy says. "The impact of the continual change at the most granular data object level can result in unattended and significant consequences but is challenging to manually monitor at scale."

Andrew Hay, chief operating officer at Lares Consulting, believes the recent incident was likely the result of an oversight by a developer or administrator. "Like AWS S3, users must go out of their way to allow public access to the Azure Storage Blob," Hay says. "Public read-access to blob data is an optional setting that can be enabled on a container."

While public read-access can be convenient for sharing data it also entails security risks, he says. Azure allows administrators to disallow public access to data in a storage account, he notes. Any subsequent request for access to blob data then would need to be authorized and anonymous requests would fail, Hay explains.

Microsoft had not responded to a request for additional comment as of this posting.

Microsoft Data-Exposure Incident Highlights Risk of Cloud Storage Misconfiguration

By Deeba Ahmed
According to researchers, the data included 335,000 emails, 548,000 users, and 133,000 projects.
This is a post from HackRead.com Read the original post: Microsoft Exposed 2.4 TB of Business Customer Data in BlueBleed Breach

The IT security researchers at SOCRadar have identified a treasure trove of data belonging to the technology giant Microsoft that was exposed online – Thanks to a database misconfiguration – The researchers have dubbed the incident “BlueBleed.”

Microsoft has already acknowledged the exposure of customer data and email content in the incident. The company also confirmed that the data exposure happened inadvertently as the company failed to configure a server, which exposed sensitive customer data.

Per Microsoft, a misconfigured endpoint exploit leaked the data. Microsoft asserted that the data was mostly related to business transactions between Microsoft and its “prospective customers.”

> “The issue was caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability.”
> 
> Microsoft

**Incident Details**

The incident was **reported** to Microsoft by threat intelligence firm SOCRadar. The company regards the incident as one of the most “significant B2B leaks.” SOCRadar informed Microsoft about this leak in September 2022.

Further probe revealed that leaked files were dated from 2017 to August 2022. SOCRadar revealed identifying several misconfigured cloud storage buckets dubbed BlueBleed. This includes six large buckets storing information about 150,000 firms across 123 countries.

The buckets included a **misconfigured Azure Blob Storage database**, which contained info on over 65,000 entities in 111 countries. But Microsoft stated that the number is pretty exaggerated and fairly low.

**Exposed Data**

In total, 2.4 TB of files collected are part of this leak. It is alleged that the data includes 335,000 emails, 548,000 users, and 133,000 projects. The exposed data reportedly contains names, email content, email IDs, company name, and phone numbers.

In addition, in a **blog post**, Microsoft revealed that exposed data includes attached files on business dealing between Microsoft and a customer or Microsoft or an authorized partner. The leak also includes PoE (proof-of-execution) and SoW (statement of work) documents, product orders/offers, project details, user info, and private data.

Leaked email data (SOCRadar)

Microsoft quickly addressed and fixed the issue and notified affected customers about the incident. However, this is not the first time when Microsoft exposed such sensitive data online. **In September 2020**, the Microsoft Bing server exposed user search queries and location data.

The disturbing part of the incident was the fact that the Microsoft Bing server logged some horrific search terms, including searchers for murder and child abuse content.

1.  **A critical bug in Microsoft left 400M accounts exposed**
2.  **250m Microsoft customer support records leaked in plain text**
3.  **LAPSUS$ Leak Trove of Data, Claim to Breach Microsoft and Okta**
4.  **Microsoft investigating Windows XP, Server 2003 source code leak**
5.  **38 million records exposed in Microsoft Power apps misconfiguration**

Microsoft Exposed 2.4 TB of Business Customer Data in BlueBleed Breach

Global data privacy software innovator will use growth funding, led by GT Investment Partners and facilitated by Aon, to fuel customer success and expand global partnerships, sales, marketing, and industry education.

**NEW YORK CITY and BRUSSELS, October 19, 2022** — Anonos, provider of the only technology that resolves the conflict between data use and protection with 100% accuracy, today announced it has raised $50 million in growth financing backed by its intellectual property (IP) portfolio, facilitated by Aon (NYSE: AON) and led by GT Investment Partners (“Ghost Tree Partners”).

The company will use the growth funding to scale customer success and expand partnerships, sales and marketing for its Data Embassy® software platform, which powers secure data processing in untrusted environments with cleartext accuracy and speed for faster insights to achieve enterprise goals. This additional growth capital brings Anonos’ total funding to $70 million, including $20 million in prior funding led by Edison Partners.

Data Embassy uniquely combines patented statutory pseudonymization, synthetic data and other state-of-the-art privacy-enhancing computation techniques that make it easy for organizations to control the level of identifiable data that they process. Streamlined approvals and workflows mean more data can be approved faster for more use cases with lower risk – all while ensuring the highest level of compliance with the General Data Protection Regulation (GDPR), Schrems II and other global data privacy and security requirements.

“Data-driven enterprises haven’t been able to use their data assets to their fullest advantage because of privacy and security restrictions,” explained Gary LaFever, co-CEO and general counsel of Anonos. “Other vendors have attempted to resolve this issue, but we believe Anonos’ 10 years of R&D on Data Embassy is game-changing for organizations that depend on accessible yet compliant and uninterrupted data supply chains. The technology’s 26 granted international patents and more than 70 additional patent assets serve as the backbone of this financing that takes us to a new level of business execution.”

“Data Embassy is the only technology that eliminates the tradeoff between data protection and data utility,” added Ted Myerson, co-CEO and president of Anonos. “The significant value of our IP and its ability to solve such critical global data issues allowed us to work with Aon and Ghost Tree to secure growth financing. With the new funding, Anonos will increase awareness of our unique position within the market and highlight our capabilities to ensure the success of our growing customer base by accelerating their speed to insight.”

LaFever and Myerson have been business partners for more than 21 years. Their prior company, FTEN, was the fastest-growing software company on the Inc. 500 for two years in a row and was acquired by NASDAQ OMX in 2010 for integration into its 100+ global exchanges. The principles behind that technology, which re-linked data for risk management in securities trading, paved the way for development of Data Embassy and its ability to de-link data from both direct and indirect identifiers to obscure identity while enabling organizations to use more of their data for compliant analytics, artificial intelligence, machine learning, data sharing and data transfer.

Recognized as a Gartner Cool Vendor and a member of the World Economic Forum’s Global Innovators Community, Anonos makes data that otherwise would be restricted accessible to expand and expedite strategic initiatives, so organizations can create more value and still be compliant with data privacy and security regulations. Data Embassy creates Variant Twins®: source data that has been transformed into new, statutorily pseudonymized and 100% accurate data assets authorized for specific use cases. Because Variant Twins are embedded with multi-level data privacy and security controls that are technologically enforced, they can travel anywhere. Controlled relinking to the original data accelerates speed to insights for innovation, competitive differentiation and operational efficiency among other benefits, but that process can only occur with the addition of other data held separately by the data controller or an authorized party.

“Innovation is the key to a growth economy, but intangible assets are the foundation. That is why we are bringing unique solutions to the market to help IP-rich companies like Anonos leverage the value of their intellectual property,” said Lewis Lee, CEO of Aon’s Intellectual Property Solutions. "We are excited to help companies of all sizes and industries unlock the value of these assets so they can further pursue their growth ambitions with options that can help prevent diluting their ownership."

“Anonos’ leadership team has a successful track record of making regulatory compliance a competitive advantage for its customers and anticipating needs at the intersection of law and technology to transform how industries approach data,” said Mark Fox, Managing Partner at Ghost Tree Partners. “We are excited to support their next phase of growth for wider adoption of statutory pseudonymization and other privacy-preserving technologies to maximize data value while ensuring compliant use.”

**Additional Resources**

● Read the S&P Market Intelligence Market Insight Report, October 2022

● Visit the Data Embassy Product Page

● Request a Data Embassy Product Briefing

**About Anonos**

Anonos is a global software company that provides the only technology capable of protecting data in use with 100% accuracy, even in untrusted environments, making otherwise restricted assets accessible to expand and expedite data-driven initiatives. Its patented Data Embassy platform transforms source data into Variant Twins: non-identifiable yet 100% accurate data assets for specific use cases. Because multi-level data privacy and security controls are embedded into the data and technologically enforced, Variant Twins can travel anywhere – across departments, outside the enterprise, or around the globe. Therefore, data protection teams and data users can collaborate to advance projects for capturing valuable insights without compromising privacy, security, accuracy or speed. Anonos. Data without the drama. To learn more, visit www.anonos.com or follow us on LinkedIn.

**About Aon**

Aon plc (NYSE: AON) exists to shape decisions for the better — to protect and enrich the lives of people around the world. Our colleagues provide our clients in over 120 countries with advice and solutions that give them the clarity and confidence to make better decisions to protect and grow their business.  

**About Ghost Tree Partners**

Headquartered in Irvine, CA, Ghost Tree Partners is an alternative asset manager focused on providing private credit financing solutions to small and middle-market borrowers in the US, Europe and Asia. Founded in 2021, the firm is led by Mark Fox, Scott Warner, Jeff Willardson and David Byrne, who combine for over 85 years of investment experience with Goldman Sachs, Bain Capital Credit, Fidelity and PAAMCO Prisma (KKR affiliate). The team has invested billions of dollars on behalf of the world’s most sophisticated investors throughout their careers. Ghost Tree’s private credit financing solutions include corporate cash flow loans, specialty finance, asset backed lending and real estate bridge loans.

Anonos Secures $50 Million in IP-Backed Financing to Deliver Data Privacy Technology with 100% Accuracy and Utility to Data-Driven Enterprises

Latest investment to broaden integrations with top firewall vendors.

OTTAWA, Ontario, Oct. 20, 2022 /PRNewswire-PRWeb/ — Corsa Security, leaders in scaling network security, announced today it has secured an additional $10 million in funding from Roadmap Capital. The funds will be used to propel product development of the Corsa Security Orchestrator (CSO) with industry leading features and to engage in key customer trials in multiple geographies. This follows the successful launch of the updated CSO earlier this year and continues the focus on providing dynamic scaling functionality for next-generation firewalls from leading vendors. In addition, the CSO will be specifically addressing the demand for a scalable 5G next-generation firewall through Corsa Security's proprietary clustering technology.

"We are continuing to stimulate our company's growth," said Eduardo Cervantes, CEO and Chairman, Corsa Security. "We are seeing more and more interest in the market as enterprises need easy-to-deploy on-premise network security that allows them to dynamically add virtual firewall capacity at the touch of a button. This funding allows us to further broaden our Corsa Security Orchestrator new features and integrations with top firewall vendors so we can bring our solution to even more customers."

The Corsa Security Orchestrator provides an intuitive interface to simplify all the complex operations associated with running on-premise virtual firewall instances, including licensing, deployment, maintenance, troubleshooting, and push-button scaling. It is designed to deploy, scale and optimize firewalls from leading vendors with tailored workflows that run on commodity compute. By integrating virtualization with intelligent orchestration, organizations can realize up to 9x lower TCO and speed their time to deployment by a factor of 24. The CSO also includes other powerful features to save customers time and money--it automates on?premise virtual firewall deployments, optimizes server resource allocation, and maximizes firewall license credits by scaling up firewalls when and if needed.

**About Corsa Security**

  
Corsa Security is the leader in automating network security virtualization, which helps large enterprises and service providers deploy, scale and optimize virtual on-premise firewalls with speed (24x faster deployment), simplicity (zero-touch operations) and savings (9x lower TCO). By tightly integrating firewall virtualization with intelligent orchestration, the Corsa Security Orchestrator provides an aggregated view of all your virtual firewalls while managing their infrastructure health, capacity and performance. Customers subscribe to the Corsa Security services based on their current needs and then pay as they grow by integrating flex licensing from our firewall partners. Learn how Corsa Security is revolutionizing network security at corsa.com.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Corsa Security Drives Forward with Additional $10 Million Funding

New cloud data survey from the Cloud Security Alliance and BigID sheds light on the state of cloud data security in 2022.

NEW YORK, Oct. 20, 2022 /PRNewswire/ — BigID, the leading data intelligence platform that enables organizations to know their enterprise data and take action for privacy, security, and governance, today released the Cloud Data Security Research Report 2022, in partnership with Cloud Security Alliance (CSA) — with results from over 1,500 IT & Security professionals.

The results? According to the survey, organizations consider cloud data security a top 3 priority when protecting data - and cloud data security posture management (DSPM) is critical to addressing gaps.

Key findings include:

*   **Organizations are struggling with securing and tracking sensitive data in the cloud:** Only 4% believe all of their cloud data is sufficiently secured: over a quarter of organizations aren't tracking regulated data, nearly a third aren't tracking confidential or internal data, and 45% aren't tracking unclassified data.
*   **82% of organizations consider capturing dark data a moderate to high priority this year.** Additionally, 79% of organizations reported to have moderate to high levels of concern around the proliferation of dark data in their organization but are unsure about how to approach the challenge.
*   **SaaS Data needs to become a priority:** 76% of organizations rate tracking data across SaaS platforms as moderately to highly difficult.
*   **Organizations are utilizing multiple cloud platforms:** 86% of organizations utilize multiple cloud platforms to store their data- across IaaS, PaaS, and SaaS
*   **62% of organizations** report that they are likely to experience a cloud data breach in the next year.

"Cloud data security is top of mind for organizations of all sizes, showing that many organizations are unprepared to deal with the unique challenges of securing data in the cloud. With the rapid growth of cloud, it is essential that organizations take steps to improve their cloud data security posture," said Dimitri Sirota, CEO and co-founder at BigID. "This research underscores the value of solutions like BigID to accelerate cloud data security with a risk-based, data-first approach that can scale as data continues to expand across the multi-cloud."

To learn more, download a copy of BigID's Cloud Data Security Research Report 2022 today.

**Learn more:**

*   **Read** a summary of the survey at bigid.com/blog
*   **See** a live demo with our security experts at BigID

**Methodology**

The survey was conducted online by CSA in July 2022 and received 1663 responses from IT and security professionals from organizations of various sizes and locations.

**About BigID**

BigID enables organizations to know their enterprise data and take action for data-centric security, privacy, and governance. Companies deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. By applying next-gen ML across the data landscape, BigID's data security, privacy, and governance solutions enrich and extend the modern tech stack, making it easier than ever to discover dark data, reduce risk, accelerate cloud migrations, achieve compliance, and align with security frameworks by taking a data-first approach. Go big with the BigID Data Intelligence Platform or start small with SmallID: the first cloud-native, on-demand data-centric security solution designed to automatically discover, manage, and protect cloud data - across IaaS, PaaS, and SaaS.

Only 4% of Security and IT Leaders Believe All of Their Cloud Data is Sufficiently Secured

External attack surface management leader unveils evolution of risk intelligence solution, including a virtual sandbox environment to safely validate steps to remediation.

PALO ALTO, Calif., Oct. 20, 2022 /PRNewswire/ — CyCognito today announced the next generation of its Exploit Intelligence solution to help security teams prioritize and mitigate the most critical security risks in their external attack surface. Exploit Intelligence leverages CISA, FBI and other threat intelligence sources, including adversary activity, to create advisories that validate where threats in the wild align to risks in the organization.

Sandbox Virtual Lab, a key new feature of Exploit Intelligence, is the industry's first integrated external attack surface sandbox testing environment. Now security teams can simulate how an adversary would compromise a specific asset, quickly validating if and how a vulnerability can be exploited and the potential impact. Additionally, Sandbox Virtual Lab enables repeat asset testing to ensure proper patching.

This initial release of the Sandbox Virtual Lab focusses on Log4j because it remains a pervasive threat. In the coming months, Sandbox Virtual Lab will also support additional simulate Log4Shell, ProxyShell, ProxyLogon and ZeroLogon threats.

"CyCognito's Exploit Intelligence fills a gap between threat intel and vulnerability management," said Rob Gurzeev, CEO, CyCognito. "The addition of Exploit Intelligence doesn't just link vulnerabilities to specific assets, but answers the important question of why it is important to prioritize fixing specific assets immediately because of their attractiveness to active attackers."

Exploit Intelligence dramatically reduces Mean Time to Remediation (MTTR) of an organization's riskiest external assets, saving security teams time and money. CyCognito's unparalleled discovery and mapping engine paired now with integrated Exploit Intelligence gives security teams actionable knowledge (not just data feeds) to build, test and deploy fixes for today's most pervasive threats, such as Log4j.

Features and benefits include:

*   **Remediation Acceleration:** Exploit Intelligence quickly identifies highest-risk exploitable assets within an external attack surface, empowering security teams to reduce response and remediation timelines from months to days.
*   **Curated Intelligence:** Understand how threats are being actively executed by attackers in the wild and how those threats map to vulnerabilities in your attack surface.
*   **Quick Impact Assessment:** A focused map that paints a picture of all assets potentially at risk, including those assets that are already protected and those that remain vulnerable.
*   **Identify Ownership:** The CyCognito discovery engine determines asset ownership to quickly identify who is responsible for fixing vulnerable assets.
*   **Verify and Act with Confidence****:** Safely test exploits against assets in the Sandbox Virtual Lab to determine actual risk to an IT stack.
*   **Mitigate Threats Faster:** Integrates with SIEM/SOAR, ticketing tools and remediation workflows to provide evidence and mitigation guidance.

**About Cycognito  
**CyCognito solves one of the most fundamental business problems in cybersecurity: seeing how attackers view your organization, where they are most likely to break in, what systems and assets are at risk, and how you can eliminate the exposure. Founded by national intelligence agency veterans, CyCognito has a deep understanding of how attackers exploit blind spots and a path of least resistance. The Palo Alto-based company is funded by leading Silicon Valley venture capitalists, and its mission is to help organizations protect themselves from even the most sophisticated attackers. It does this with a category-defining, transformative platform that automates offensive cybersecurity operations to provide reconnaissance capabilities superior to those of attackers.

CyCognito Launches Next Generation of Exploit Intelligence Threat Remediation Platform

HP enhances HP Wolf Security portfolio to stop attackers hijacking privileged access to sensitive data.

PALO ALTO, Calif, October 20, 2022. —– HP Inc. (NYSE: HPQ) today announced enhancements to its HP Wolf Security endpoint protection portfolio, with the launch of Sure Access Enterprise (SAE). SAE protects users with rights to access sensitive data, systems, and applications. It prevents attackers from hi-jacking these privileged sessions – even if the users’ endpoint device is compromised, the access to high value data and systems can remain secure. This stops minor endpoint breaches turning into major security incidents.

Available for both HP and non-HP devices, SAE leverages HP’s unique task isolation technology to run each privileged access session within its own, hardware-enforced virtual machine (VM). This ensures the confidentiality and integrity of the data being accessed, isolating it from any malware in the endpoint operating system. Users are free to conduct privileged, non-privileged, and personal activities securely from one machine. This improves user experience, reduces IT overheads, and enhances protection.

“Gaining access to a privileged users’ device is a critical step in the attack chain. From here, an attacker can scrape credentials, escalate privileges, move laterally, and exfiltrate sensitive data.” comments Ian Pratt, Global Head of Security for Personal Systems at HP Inc. “Sure Access Enterprise is a unique solution that prevents this escalation, thwarting attackers.”

Organizations have several types of users that need to access privileged data, systems, and applications daily. These users range from IT administrators, IoT and OT support staff, through to customer support and finance teams. Allowing these users to perform privileged and non-privileged tasks on the same PC comes with considerable risk. Even if a Privileged Access Management (PAM) system is used to control access to privileged systems, attackers can potentially still usurp privileged sessions, steal sensitive data and credentials, or insert malicious code and commands (e.g., via injected keystrokes, clipboard capture, or memory scraping) if the endpoint is compromised. Traditional best practice has been to issue privileged users with separate dedicated Privileged Access Workstations (PAW) that are used solely for privileged tasks. However, this inconveniences users and increases IT overheads purchasing and managing two systems.

SAE uses advanced hardware-enforced virtualization to create protected VMs that are isolated from the desktop operating system and hence cannot be viewed, influenced, or controlled by it. Thus, confidentiality and integrity of the application and data inside the protected VM can be assured, without the operational cost and complexity of issuing a separate PAW.

“By isolating tasks in protected VMs, which are transparent to the end user, Sure Access Enterprise breaks the attack chain,” continues Pratt. “As well as protecting System Administrators accessing high-value servers, SAE can be used to protect other sensitive assets – for example, protecting credit card details accessed by customer support at a retailer, patient data access at a healthcare provider, or connections to an Industrial Control System at a manufacturer.”

Sure Access Enterprise is available now and features:

*   **Strong Integrations** with Privileged Access Management (PAM) solutions (e.g., CyberArk, BeyondTrust), IPSec remote access tunnels and Multifactor Authentication (MFA).
*   **Centralized Management** to enable separation of duties and flexible policy options – such as locking connections to specific PCs or users or requiring HP Sure View activation for privacy.
*   **Hardware root of trust**, supported by the latest Intel® technologies, to prevent malware from bypassing security controls
*   **Encrypted, tamper-resistant session logging** to track access, without recording sensitive data or credentials, easing compliance.

To learn more, visit: https://www.hp.com/uk-en/security/endpoint-security-solutions.html

About HP  

HP Inc. is a technology company that believes one thoughtful idea has the power to change the world. Its product and service portfolio of personal systems, printers, and 3D printing solutions helps bring these ideas to life. Visit http://www.hp.com.

About HP Wolf Security

From the maker of the world’s most secure PCs and Printers, HP Wolf Security is a new breed of endpoint security. HP’s portfolio of hardware-enforced security and endpoint-focused security services are designed to help organizations safeguard PCs, printers, and people from circling cyber predators. HP Wolf Security provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services.

HP Launches Sure Access Enterprise to Protect High Value Data and Systems

Bolster delivers intelligence and remediation across web, social media, app stores, and Dark Web, with 24/7, live SOC support.

**Los Altos, CA- October 20, 2022 —** Bolster, Inc., the automated digital risk protection company, today announced the addition of Dark Web Intelligence and 24/7 support. Bolster’s new Dark Web offering is the easiest to use actionable threat solution on the market - adding to the value of the entire Bolster product portfolio. Customers will have access to a comprehensive platform able to monitor and protect their brand across the web, social media, app stores and dark web; with access to experts 24/7.

Designed for actionable insight, Bolster’s Dark Web monitoring allows organizations to gather threat intelligence across the dark web and predict how threat actors will behave and act. Organizations can discover hacking tools, exploit kits, relevant chatter and how that affects a brand. The Bolster platform offers automated and curated responses that deliver the most effective risk mitigation strategy internally.

“Because the dark web can be a place of great intelligence on pre and post breach information, having dark web monitoring is essential to understanding threats to your brand,” said Abhishek Dubey, co-founder and CEO of Bolster, Inc. “We have designed our solution to be completely actionable by allowing customers to create curated, automated workflows when they spot a certain type of alert or activity. This allows for an easy method of both obtaining instant insight and responding quickly and effectively to threats.”

When a threat or suspicious activity is discovered, customers now have the ability to call a security expert 24/7 and 365 days a year. The 24/7 support offering provides the following services:

*   **Around the Clock Support:** Whether it be active online threats or questions about reporting, Bolster’s 24 hour, 7 days a week, 365 days a year SOC team support will put customers in direct contact with a security expert.

*   **Strategic Planning:** A dedicated, curated quarterly business review and executive reporting will be available to provide consulting, configuration strategies, best practices, strategic adversary services, and more. Strategic planning will help organizations plan for and mitigate future risks.

*   **Expert Management:** Bolster managed services allow customers to focus on their core business objectives while they handle the detection, monitoring, and takedown of threats to brands. Customers will have a trusted team of experts to navigate the digital risk landscape.

With dark web intelligence and around the clock expert support built into the Bolster platform, customers have the one consistent, intuitive experience to track threats across any online channel. Ease of use and a hands-off remediation process will help ease training and administration as well as refocus IT resources to other core business objectives. Bolster offers the industry’s best user experience for detecting, monitoring, and remediating digital risk.

For more information on Bolster, please visit: https://bolster.ai/

**About Bolster, Inc.**  

At Bolster, our mission is to make the internet safe for everyone. That's why we created the first and only fully automated platform purpose-built from the ground up to detect, monitor, and take down fraudsters on the Internet. We call it Automated Digital Risk Protection. Our comprehensive platform offers the most efficient protection across web, social media, app stores and the dark web to combat fraudulent sites and content. Bolster was founded in 2017 by security industry veterans with headquarters in Los Altos, CA. To learn more, go to www.bolster.ai.

Tag

#intel