SecurityScorecard's Cyber Risk Quantification portfolio helps customers understand the financial impact of a cyber-attack.

NEW YORK, April 26, 2022 /PRNewswire/ -- SecurityScorecard, the global leader in cybersecurity ratings, today introduced its Cyber Risk Quantification (CRQ) capabilities that will enable customers to understand cyber risk in financial terms, enabling organizations to bring cyber risk into holistic business risk analysis, and assisting organizations in a cost-benefit analysis of cyber investment options. SecurityScorecard's CRQ capabilities help customers understand the financial impact of a cyber-attack, gain insight into the probability of incidents over time and quantify the reduction in expected losses if issues are resolved. The SecurityScorecard CRQ capabilities will be included in the company's risk intelligence platform, the industry's first holistic offering that proactively protects organizations from every angle.

"Executives and boards of directors lack the ability to connect cybersecurity budgets to business outcomes, hindering the CISO's ability to justify their cybersecurity budgets. By grounding risk quantification in SecurityScorecard's expansive data, we are bringing cyber security to the forefront of daily decision making," said Prashant Pai, Senior Vice President and General Manager Strategic Initiatives, SecurityScorecard. "Our goal is to help our customers make informed decisions on how to raise the bar on their cybersecurity defenses with optimized investments, and we will continue to partner with leading CRQ thought leaders to provide the options they are looking for."

To deliver the combined insights of SecurityScorecard's cybersecurity ratings data and leading risk models, SecurityScorecard is partnering with a number of leading CRQ thought leaders and developers including ThreatConnect, and RiskLens, which created Factor Analysis of Information Risk (FAIR™). With multiple views of risk available through the lens of different CRQ frameworks, risk managers can determine which framework is the best fit for their business.

With cyber risks becoming increasingly prevalent, boards of directors and executives need to evaluate those risks and become more involved with cybersecurity. Effectively reporting to the board is a key component of every security leader's job.

According to Gartner® The 2022 Board of Directors Survey, 88% of respondents viewed cybersecurity as a business risk, while 72% stated they are focused on aligning risk, strategy and performance to drive business resilience.1

"The CRQ integration between RiskLens and SecurityScorecard will finally give organizations of all sizes what they need to effectively understand and manage cyber risk: an automated, 'dollars and cents' view of cyber risk," said Nick Sanna, CEO, RiskLens. "Based on the FAIR cyber risk quantification standard, on industry benchmark data and on their SecurityScorecard security rating, organizations can now make risk-informed business decisions."

"ThreatConnect is excited to partner with SecurityScorecard as the combination of their external cybersecurity risk posture and the power of ThreatConnect Risk Quantifier (RQ) connects the outside and inside views for an organization, giving them a 360 degree perspective of the risk to their organizations," said Jerry Caponera, Vice President of Cyber Risk Strategy for ThreatConnect. "Applying ThreatConnect's statistical and machine learning algorithms to the SecurityScorecard data enables customers to easily visualize their risk and, more importantly, prioritize which factors should be improved based on financial risk reductions."

SecurityScorecard's CRQ portfolio enables executives, CISOs and risk managers to obtain a comprehensive view of their cyber risk that enables them to define cyber risk in a universally understood metric and embed those insights into decisions across the organization.

SecurityScorecard's CRQ capabilities also offer:

*   **Scalable risk quantification methodology -** With continuous monitoring of over 12 million companies, SecurityScorecard grounds its analysis in a consistent cybersecurity data-driven approach to deliver a real-time view of risk.
*   **Contextualized view of cyber risk -** SecurityScorecard directly ties financial impact to the security issues that drive losses.
*   **Multiple risk quantification frameworks–** Multiple risk frameworks are integrated into the CRQ capabilities to ease the evaluation and implementation of CRQ.

SecurityScorecard enterprise customers can learn more and gain early access to SecurityScorecard's CRQ capabilities by clicking here.

**About SecurityScorecard  
**Funded by world-class investors including Evolution Equity Partners, Silver Lake Waterman, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 30,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. SecurityScorecard is the first cybersecurity ratings company to offer digital forensics and incident response services, providing a 360-degree approach to security prevention and response for its worldwide customer and partner base. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to their trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.

1 _Gartner, "Roadmap to Renewal: The 2022 Board of Directors Survey", Partha Iyengar, published October 28, 2021, ID G00728156._

_GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved._

SOURCE Security Scorecard

SecurityScorecard Launches Cyber Risk Quantification Portfolio

Spear-phishing campaign loaded with new "Goldbackdoor" malware targeted journalists with NK News, analysts found.

New analysis has attributed a spear-phishing campaign targeting journalists covering North Korea to APT37/Ricochet Chollimia, a state-backed group linked to the Democratic People's Republic of Korea (DPRK). Notably, researchers said the group is deploying a novel malware strain called Goldbackdoor, a variation of Bluelight malware previously attributed to APT37.

According to a report from researchers at Stairwell, multiple phishing emails were sent to NK News on Mar. 18 that appeared to be from the personal email address of the previously compromised former head of of the South Korean National Intelligence Service, and contained Goldbackdoor malware. NK News handed over the information to Stairwell for further investigation, the cybersecurity firm said.

"Due to the sensitive nature of journalists' work, they are often targets of surveillance and malware, intent on stealing information, ferreting out sources or even destroying evidence and scaring the reporters into not publishing stories," Erich Kron, security awareness advocate at KnowBe4, said in response to the news. "In regimes like North Korea, where news is tightly controlled by the state, articles or information that paints the leadership or government in a negative light is treated as a serious threat to national security."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

North Korean State Actors Deploying Novel Malware to Spy on Journalists

A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.



*   Observability
    *   Explore the Platform
    *   SolarWinds Observability
    *   Hybrid Cloud Observability
    *   or View All Observability Products
*   Network Management
    *   Hybrid Cloud Observability
    *   Network Configuration Manager
    *   Kiwi Syslog Server
    *   Network Performance Monitor
    *   Netflow Traffic Analyzer
    *   Network Topology Manager
    *   or View All Network Management Products
*   Systems Management
    *   Hybrid Cloud Observability
    *   Virtualization Manager
    *   Web Performance Monitor
    *   Server & Application Monitor
    *   Storage Resource Monitor
    *   Server Configuration Monitor
    *   or View All Systems Management Products
*   Database Management
    *   Database Performance Analyzer
    *   SQL Sentry
    *   Database Insights for SQL Server
    *   Database Performance Monitor
    *   Task Factory
    *   or View All Database Management Products
*   IT Service Management
    *   Service Desk
    *   Web Help Desk
    *   Explore Dameware
    *   Dameware Remote Everywhere
    *   Dameware Remote Support
    *   or View All IT Service Management Products
*   Application Management
    *   SolarWinds Observability
    *   AppOptics
    *   Server & Application Monitor
    *   Pingdom
    *   Loggly
    *   Web Performance Monitor
    *   or View All Application Management Products
*   IT Security
    *   Access Rights Manager
    *   Patch Manager
    *   Serv-U Secured FTP
    *   Server Event Manager
    *   Identity Monitor
    *   Serv-U Managed File Transfer
    *   or View All IT Security Products
*   or View All Products & Free Trials

The SolarWinds Platform is the industry’s only unified monitoring, observability, and service management platform. It’s the foundation for a new generation of SolarWinds observability solutions and provides the architecture on how we solve observability challenges for our customers.

Top Products

*   Explore the Platform
*   SolarWinds Observability

*   Hybrid Cloud Observability

View All Observability Products

Network management tools, from configuration and traffic intelligence to performance monitoring and topology mapping, to readily see, understand, and resolve issues. An integrated, multi-vendor approach that’s easy to use, extend, and scale to keep distributed networks optimized.

Top Products

*   Hybrid Cloud Observability
*   Network Configuration Manager
*   Kiwi Syslog Server

*   Network Performance Monitor
*   Netflow Traffic Analyzer
*   Network Topology Manager

View All Network Management Products

Comprehensive server and application management that’s simple, interoperable, and customizable from systems, IPs, and VMs to containers and services. Optimize resource usage and reduce MTTR with powerful monitoring, discovery, dependency mapping, alerting, reporting, and capacity planning.

Top Products

*   Hybrid Cloud Observability
*   Virtualization Manager
*   Web Performance Monitor

*   Server & Application Monitor
*   Storage Resource Monitor
*   Server Configuration Monitor

View All Systems Management Products

Monitor, analyze, diagnose, and optimize database performance and data ops that drive your business-critical applications. Unify on-premises and cloud database visibility, control, and management with streamlined monitoring, mapping, data lineage, data integration, and tuning across multiple vendors.

Top Products

*   Database Performance Analyzer
*   SQL Sentry
*   Database Insights for SQL Server

*   Database Performance Monitor
*   Task Factory

View All Database Management Products

Modernize your service desk with intelligent and automated ticketing, asset, configuration, and service-level agreement (SLA) management; a knowledge base; and a self-service portal with secure remote assistance. SolarWinds offers an easy-to-use IT service management (ITSM) platform designed to meet your service management needs to maximize productivity while adhering to ITIL best practices.

Top Products

*   Service Desk
*   Web Help Desk
*   Explore Dameware

*   Dameware Remote Everywhere
*   Dameware Remote Support

View All IT Service Management Products

Ensure user experience with unified performance monitoring, tracing, and metrics across applications, clouds, and SaaS. Robust solutions offering rich visualization, synthetic and real user monitoring (RUM), and extensive log management, alerting, and analytics to expedite troubleshooting and reporting.

Top Products

*   SolarWinds Observability
*   AppOptics
*   Server & Application Monitor

*   Pingdom
*   Loggly
*   Web Performance Monitor

View All Application Management Products

Reduce attack surface, manage access, and improve compliance with IT security solutions designed for accelerated time-to-value ranging from security event management, access rights management, identity monitoring, server configuration monitoring and patching, and secure gateway and file transfer.

Top Products

*   Access Rights Manager
*   Patch Manager
*   Serv-U Secured FTP

*   Security Event Manager
*   Identity Monitor
*   Serv-U Managed File Transfer

View All IT Security Products

CVE-2021-35250: SolarWinds Trust Center Security Advisories | CVE-2021-35250

New 'trust' tool improves online experience and helps tackle digital fraud.

PURCHASE, N.Y., and REDMOND, Wash., April 25, 2022 /PRNewswire/ -- Mastercard on Monday announced the launch of an enhanced identity solution designed to improve the online shopping experience and tackle digital fraud in a new collaboration with Microsoft Corp.

"This builds on our commitment of working across the industry to provide advanced technologies that enable trust."

Mastercard has directly addressed these needs by enhancing its **Digital Transaction Insights** solution with next-generation authentication and real-time decisioning intelligence capabilities. The solution pairs Mastercard's network insights with the merchant's own data to confirm the consumer is who they claim to be, providing financial institutions with the additional intelligence needed to optimize their authorization decisions and approve more genuine transactions. Digital Transaction Insights is used across a wide range of online checkout instances, from click-to-pay functionality and wearables to digital wallets and in-app purchases. Now more than ever, delivering a frictionless shopping experience is critical as retailers look to shift window shopping and price comparison visits to confirmed sales. And, while consumers enjoy the convenience of shopping online, fraudsters also seek to develop new methods to use these same channels for ill-gotten gains. One of the growing types of digital fraud is first-party fraud, where a legitimate purchase is made online but later disputed. First-party fraud is estimated to be a $50 billion global issue.

Ajay Bhalla, president, Cyber and Intelligence at Mastercard, said, "Shopping online should be simple, quick and secure. But that isn't always the case. We're committed to developing advanced identity and fraud technology to help enhance the real-time intelligence we provide to financial institutions around the globe. This builds on our longstanding commitment of working across the industry to provide advanced technologies that enable trust, and help build a safe and thriving digital ecosystem for all."

Microsoft will be the first partner to share its insights and integrate with the new Digital Transaction Insights solution across several lines of business. Building on a long history of cross-collaboration, Microsoft's Dynamics 365 Fraud Protection's proprietary risk assessment, which leverages adaptive AI to assist in real-time fraud detection by identifying risky behaviors across purchase, account and in-store activities, has been integrated with Mastercard's Digital Transaction Insights to better enable real-time intelligence sharing in an easily consumable and actionable format. This will enable issuers to enhance their decision-making processes for authorizations, chargebacks and refunds. Moreover, organizations can improve transaction acceptance rates with insights that help them balance profitability and revenue opportunities against fraud loss and checkout friction.

Charles Lamanna, corporate vice president of Business Applications and Platforms at Microsoft, said, "We are excited to partner with Mastercard to leverage our cloud-native, cutting-edge fraud assessment tools to empower issuers and merchants to prevent more fraud and approve more genuine users. This partnership lays the foundation for the future of global fraud prevention where data silos are no longer a barrier to security."

Digital Transaction Insights is enabled by EMV 3-D Secure and Mastercard Identity Check, a global authentication solution built on the enhanced industry standard. Both elements support GDPR requirements and other related regulations. In 2021 alone, Mastercard Identity Check delivered a 14% uplift in transaction approval rates across billions of transactions.

**Additional resources**

For more information about Microsoft Security solutions, visit Microsoft Security. Bookmark the Security blog to keep up with expert coverage on security matters. Also, follow @msftsecurity for the latest news and updates on cybersecurity.

**About Mastercard (NYSE: MA)**

Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all. www.mastercard.com

**About Microsoft**

Microsoft (Nasdaq "MSFT" @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more.

SOURCE Microsoft Corp.

Mastercard Launches Next-Generation Identity Technology with Microsoft

Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings.

CVE-2022-29417: ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

An ecosystem of native and third-party integrations provides visibility and control across the entire attack surface.

**DALLAS, April 25, 2022** – Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, announced the launch of Trend Micro One, a unified cybersecurity platform with a growing list of ecosystem technology partners that enables customers to better understand, communicate, and lower their cyber risk.

Organizations are battling on all fronts to face mounting cyber risks from their complex and growing attack surface with stretched teams and siloed security products. The unified security platform approach delivers a continuous lifecycle of risk and threat assessment with attack surface discovery, cyber risk analysis, and threat mitigation and response.

**Inaugural partners of the Trend Micro One technology ecosystem include:** Bit Discovery, Google Cloud, Microsoft, Okta, Palo Alto Networks, ServiceNow, Slack, Qualys, Rapid7, Splunk, and Tenable.

Kevin Simzer, COO of Trend Micro, shared, "We are so proud that ecosystem partners and even some competitors value integrating into our platform. Collectively we help enterprises fight the bad guys known as cybercriminals. Alone we are strong, but together our industry is unstoppable in helping customers eliminate security gaps anywhere, identify internal and external enterprise assets, and take critical steps to mitigate them."

According to Gartner®, "vendors are increasingly acquiring or developing these adjacent technologies and integrating them into a single platform. The benefits are best realized when this integration minimizes consoles and configuration planes and reuses components (e.g., endpoint agents) and information.\[1\]"

"We all know that digital transformation is table stakes for the post-pandemic enterprise. But this comes with additional risks: a bigger target for threat actors to aim at and more visibility and security coverage gaps for them to hide in," said Jeremiah Grossman, CEO of Bit Discovery. "Trend Micro’s approach stands out from the crowd — notably with its blend of multiple sources of asset and risk visibility, including external attack surface visibility powered by Bit Discovery. Trend Micro’s platform helps customers quickly get a prioritized and comprehensive understanding of their attack surface.”

As a unified platform, Trend Micro One delivers powerful risk assessment capabilities, but the ecosystem partners extend that to make it the most complete in the industry. Joint customers benefit from truly connected visibility, better detection and response capabilities, and comprehensive protection across security layers and systems.

Trend Micro One supports this approach by enabling customers to:

*   **Discover the attack surface:** Identify, monitor, and profile cyber assets in customers’ environments.
*   **Understand and continuously assess risk:** Analyze risk exposure, the status of vulnerabilities, the configuration of security controls, and types of threat activity.
*   **Effectively mitigate risk:** Ensure the right preventative controls and take swift action to mitigate risk and remediate attacks across the enterprise by leveraging Trend Micro's threat and risk intelligence.

**_To find out more about the Trend Micro One platform, please visit:_** **_https://www.trendmicro.com/en\_us/business/products/one-platform.html_**

**About Trend Micro**

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. www.TrendMicro.com.

Trend Micro Launches New Security Platform

In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest.

CVE-2021-45841: How to summon RCEs

An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitrary code execution in SMM may occur.

Permalink

Browse files

cpu/x86/smm: Introduce SMM module loader version 2

Xeon-SP Skylake Scalable Processor can have 36 CPU threads (18 cores).
Current coreboot SMM is unable to handle more than ~32 CPU threads.
This patch introduces a version 2 of the SMM module loader which
addresses this problem. Having two versions of the SMM module loader
prevents any issues to current projects. Future Xeon-SP products will
be using this version of the SMM loader.  Subsequent patches will
enable board specific functionality for Xeon-SP.

The reason for moving to version 2 is the state save area begins to
encroach upon the SMI handling code when more than 32 CPU threads are
in the system. This can cause system hangs, reboots, etc. The second
change is related to staggered entry points with simple near jumps. In
the current loader, near jumps will not work because the CPU is jumping
within the same code segment. In version 2, "far" address jumps are
necessary therefore protected mode must be enabled first. The SMM
layout and how the CPUs are staggered are documented in the code.

By making the modifications above, this allows the smm module loader to
expand easily as more CPU threads are added.

TEST=build for Tiogapass platform under OCP mainboard. Enable the
following in Kconfig.
        select CPU\_INTEL\_COMMON\_SMM
        select SOC\_INTEL\_COMMON\_BLOCK\_SMM
        select SMM\_TSEG
        select HAVE\_SMI\_HANDLER
        select ACPI\_INTEL\_HARDWARE\_SLEEP\_VALUES

Debug console will show all 36 cores relocated. Further tested by
generating SMI's to port 0xb2 using XDP/ITP HW debugger and ensured all
cores entering and exiting SMM properly. In addition, booted to Linux
5.4 kernel and observed no issues during mp init.

Change-Id: I00a23a5f2a46110536c344254868390dbb71854c
Signed-off-by: Rocky Phagura <rphagura@fb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43684
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>

*   Loading branch information

CVE-2022-29264: cpu/x86/smm: Introduce SMM module loader version 2 · coreboot/coreboot@afb7a81

Barely over a quarter of medical device companies surveyed maintain a software bill-of-materials, and less than half set security requirements at the design stage.

The stakes for cybersecurity are literally life and death in the medical device industry. As far back as 2013, then-US Vice President Dick Cheney had his doctor turn off the wireless connectivity in his pacemaker as a precaution, as the BMJ reports. The WannaCry attacks in 2017 to 2019 and other incidents show that was not merely paranoia – and this year's Access:7 vulnerability underscores the continuing threat to connected devices, including medical systems. While such events have raised awareness in the healthcare system about security threats, "the more that medical device manufacturers work to improve their cybersecurity capabilities, the more gaps they realize they have."

That's according to a report published this week by Cybellum. The report, titled "Medical Device Cybersecurity: Trends and Predictions," collected responses from 150 security and compliance decision-makers in the medical device industry worldwide.

The highlighted bar in the above graph shows that only 27% of respondents said their company generates and maintains a software bill-of-materials (SBOM) for its products. Such documents list all of the software components that go into a product, vital to tracking unexpected dependencies and hidden vulnerabilities, as the Log4j debacle underscored. The May 2021 executive order from US President Joe Biden calls out SBOMs as important to cybersecurity. The level of mainstream awareness and implementation is what makes this low adoption rate a surprise. It's an area to watch for next year's results.

The most implemented security measures in Cybellum's survey are running binary code analysis (47%) and setting security requirements during the design phase (46%). Binary analysis can reveal patterns of security flaws and audit for known vulnerable software elements. Addressing security concerns earlier, aka "shifting left," means developers can find and fix problems before they get deeply embedded and difficult to disentangle. The good news is that almost half of security decision-makers at medical device companies say they're using at least one of those techniques; the flipside is that more than half do not use them.

Other techniques medical device companies are using to secure their products include source-code static code analysis (SAST), performed by 41% of respondents; threat intelligence, by 39%; continuous security testing across the device life cycle, by 38%; educating developers on secure coding, by 27%; pen-testing/fuzzing, by 16%; and dynamic application security testing (DAST), by 14%.

The Cybellum report notes that "looking at the data segmented by types of companies, SBOM is more popular with OEMs (34%), compared to suppliers of medical device components (20%). The ultimate responsibility for the safety and security of devices lands on the OEM, which could explain why they make it a priority. Of course, both audiences have a long way to go."

For more insights, download the report from Cybellum.

Many Medical Device Makers Skimp on Security Practices

Acquisition of cloud-based alert security company will help Sophos automate tasks bogging down security teams, the company says.

Sophos has acquired SOC.OS, a spinoff company of BAE Systems Digital Intelligence with a software-as-a-service (SaaS) solution for automating the monitoring and triaging the growing volume of data and alerts across organizations. 

Sophos said it plans to add the SOC.OS technology to its existing managed threat detection and response products. 

"Alert fatigue and lack of visibility still plague security teams worldwide," Dave Mareels, chief executive officer and co-founder of UK-based SOC.OS said. "Considering this, against the backdrop of constantly changing cyberthreats and a challenging talent landscape, defenders need new and innovative products and services that can help them solve more complex incidents in less time."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Tag

#intel