A list of topics we covered in the week of June 17 to June 23 of 2024

June 21, 2024 - A cybercriminals is giving 1 million data records from the Ticketmaster breach away for free, saying that Ticketmaster refused to pay

June 21, 2024 - “Immediately stop using \[Kaspersky\] and switch to an alternative” warned the Commerce Secretary in a new US ban of the antivirus provider.

June 21, 2024 - IntelBroker is offering source code from major companies for sale. Are they demonstrating the value of a zero-day they are also selling?

June 20, 2024 - The FTC has referred a complaint against TikTok and its parent company ByteDance to the Department of Justice.

June 18, 2024 - Despite existing countermeasures, Android overlays are still used in malware attacks and phishing. What are they and what can we do?

 A week in security (June 17 &#8211; June 23) 

Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called Rafel RAT to meet their operational objectives by masquerading it as Instagram, WhatsApp, and various e-commerce and antivirus apps.
"It provides malicious actors with a powerful toolkit for remote administration and control, enabling a range of malicious activities

Mobile Security / Threat Intelligence

Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called **Rafel RAT** to meet their operational objectives by masquerading it as Instagram, WhatsApp, and various e-commerce and antivirus apps.

"It provides malicious actors with a powerful toolkit for remote administration and control, enabling a range of malicious activities from data theft to device manipulation," Check Point said in an analysis published last week.

It boasts a wide range of features, such as the ability to wipe SD cards, delete call logs, siphon notifications, and even act as ransomware.

The use of Rafel RAT by DoNot Team (aka APT-C-35, Brainworm, and Origami Elephant) was previously highlighted by the Israeli cybersecurity company in cyber attacks that leveraged a design flaw in Foxit PDF Reader to trick users into downloading malicious payloads.

The campaign, which took place in April 2024, is said to have utilized military-themed PDF lures to deliver the malware.

Check Point said it identified around 120 different malicious campaigns, some targeting high-profile entities, that span various countries like Australia, China, Czechia, France, Germany, India, Indonesia, Italy, New Zealand, Pakistan, Romania, Russia, and the U.S.

"The majority of victims had Samsung phones, with Xiaomi, Vivo, and Huawei users comprising the second-largest group among the targeted victims," it noted, adding no less than 87.5% of the infected devices are running out-of-date Android versions that no longer receive security fixes.

Typical attack chains involve the use of social engineering to manipulate victims into granting the malware-laced apps intrusive permissions in order to hoover sensitive data like contact information, SMS messages (e.g., 2FA codes), location, call logs, and the list of installed applications, among others.

Rafel RAT primarily makes use of HTTP(S) for command-and-control (C2) communications, but it can also utilize Discord APIs to contact the threat actors. It also comes with an accompanying PHP-based C2 panel that registered users can leverage to issue commands to compromised devices.

The tool's effectiveness across various threat actors is corroborated by its deployment in a ransomware operation carried out by an attacker likely originating from Iran, who sent a ransom note written in Arabic through an SMS that urged a victim in Pakistan to contact them on Telegram.

"Rafel RAT is a potent example of the evolving landscape of Android malware, characterized by its open-source nature, extensive feature set, and widespread utilization across various illicit activities," Check Point said.

"The prevalence of Rafel RAT highlights the need for continual vigilance and proactive security measures to safeguard Android devices against malicious exploitation."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices

Today we're excited to announce a new mechanism for admins to safely and easily customize an operating system deployment with highly refined needs while taking full advantage of the automation and power provided by Red Hat OpenShift. This means you don't have to second guess the need for special device drivers for uncommon hardware, system agents, or organizational demands that require more control over your host operating system.Red Hat OpenShift is designed to run on a wide variety of hardware and operational contexts. OpenShift runs so well in a variety of environments that admins rarely ne

Today we're excited to announce a new mechanism for admins to safely and easily customize an operating system deployment with highly refined needs while taking full advantage of the automation and power provided by Red Hat OpenShift. This means you don't have to second guess the need for special device drivers for uncommon hardware, system agents, or organizational demands that require more control over your host operating system.

Red Hat OpenShift is designed to run on a wide variety of hardware and operational contexts. OpenShift runs so well in a variety of environments that admins rarely need to intervene. But increasingly, we meet customers on the leading edge of innovation who want to modify default settings to provide the customized environment their business needs. For example, OpenShift clusters used for data science, artificial intelligence (AI), and machine learning (ML) workloads often require specialized hardware accelerators. Other workloads might be storage-bound or network-bound,  requiring specialized hardware such as storage or network interfaces for optimal performance.

**Customizing a node with Machine Config Operator (MCO)**

Included in each OpenShift cluster is the Machine Config Operator (MCO). The MCO modifies node operating system (OS) configurations, updates the node OS, and ensures that each node is in the desired configuration state. When the MCO rolls out a new configuration, it performs the following steps on each node until all nodes have received the updated configuration:

1.  Cordons the node. This indicates that the node is not available for additional workloads.
2.  Drains the node. This terminates all running workloads on the node, causing them to be rescheduled onto other nodes.
3.  Applies the new configuration. It writes any new config files, enables systemd units, sets kernel arguments, or installs a new OS (assuming an OpenShift cluster is being upgraded to a newer OpenShift version).
4.  Reboots the node.
5.  Uncordons the node. This indicates that the node may have workloads scheduled on it again.

**Customizing a node with On-Cluster Layering (OCL)**

Cluster administrators can provide a Containerfile with an RPM image that layers customized content, such as device drivers or other specialized software, on top of the base OS image. Available in OpenShift 4.16 in tech preview, On Cluster Layering provides a final Open Container Initiative (OCI) image that is automatically:

*   Built within the cluster
*   Pushed to an OCI image registry
*   Installed on each cluster node by default

Admins can customize the underlying cluster OS to take advantage of specialized hardware acceleration or enhanced security tooling without incurring the maintenance burden of keeping both the OS and the additional software up-to-date. Instead, cluster administrators can update the device drivers on all of their cluster nodes as soon as a new driver update is released with their custom image overlay. Those custom images can be kept up-to-date with each OpenShift upgrade.

For example, an admin of a cluster that requires additional tooling to enhance security and manage clusters effectively can now create a Containerfile that installs a logging or security agent onto the base image and configures the agent. On Cluster Layering takes the provided Containerfile, and builds and applies it to the same workflow that installs the OS on each cluster node.

**Automatic or manual? You decide.**

There are new opportunities for additional testing and automation to be added into this process. Any tooling that works with OCI container images, such as OpenShift Pipelines or security scans provided by Quay.io, can be used to verify the contents and functionality of these customized OS images before they're rolled out. Best of all, this process can be completely automated, as desired.

**Stay up-to-date**

OpenShift customers love how easy it is to upgrade to a new OpenShift release, and each new OpenShift release includes OS updates. On Cluster Layering works closely with the OpenShift upgrade mechanism to ensure that whenever an upgrade is performed, any customizations are applied to the new OpenShift release as well. A new customized OS image is automatically built before the upgrade process begins.

Optionally, cluster administrators can put this upgraded OS image through the same process to verify its contents and functionality before beginning the upgrade. Once built and tested, cluster administrators can start the upgrade process with the full confidence of knowing that not only do their updated OS images contain everything needed to get the best performance out of their hardware, but these images also have been tested and verified to work within their specific environment.

**Image Mode for OpenShift**

By now, you might have heard about Image mode for RHEL. As you might suspect, these changes are closely related. That's a big topic, but the most important things to understand are:

*   Conceptually, everything is the same. You can now use all the same cloud-native tools, patterns, and infrastructure you know from application containers and use them with full operating system container images. Almost everything you learn from customizing CoreOS nodes carries over to Image mode for RHEL (and the other way round).
*   While there are some current technical differences between the implementations in OpenShift and Image mode for RHEL, the approaches are actively converging.

The addition of On Cluster Layering to OpenShift provides a powerful mechanism to enable full control over OpenShift cluster nodes. It provides a self-contained solution for the creation and management of customized OS images within a cluster. This feature offers additional opportunities for testing and automation, providing full confidence in the contents and functionality of these custom OS images. By leveraging On Cluster Layering, cluster administrators can significantly reduce their maintenance burden while still enjoying the benefits of a fully automated and fully customized OpenShift environment.

Customize your Red Hat OpenShift nodes and keep them updated

Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor known as GoRed.
"ExCobalt focuses on cyber espionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt Gang," Positive Technologies researchers Vladislav Lunin and Alexander Badayev said in a technical report

Cyber Espionage / Threat Intelligence

Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor known as GoRed.

"ExCobalt focuses on cyber espionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt Gang," Positive Technologies researchers Vladislav Lunin and Alexander Badayev said in a technical report published this week.

"Cobalt attacked financial institutions to steal funds. One of Cobalt's hallmarks was the use of the CobInt tool, something ExCobalt began to use in 2022."

Attacks mounted by the threat actor have singled out various sectors in Russia over the past year, including government, information technology, metallurgy, mining, software development, and telecommunications.

Initial access to environments is facilitated by taking advantage of a previously compromised contractor and a supply chain attack, wherein the adversary infected a component used to build the target company's legitimate software, suggesting a high degree of sophistication.

The modus operandi entails the use of various tools like Metasploit, Mimikatz, ProcDump, SMBExec, Spark RAT for executing commands on the infected hosts, and Linux privilege escalation exploits (CVE-2019-13272, CVE-2021-3156, CVE-2021-4034, and CVE-2022-2586).

GoRed, which has undergone numerous iterations since its inception, is a comprehensive backdoor that allows the operators to execute commands, obtain credentials, and harvest details of active processes, network interfaces, and file systems. It utilizes the Remote Procedure Call (RPC) protocol to communicate with its command-and-control (C2) server.

What's more, it supports a number of background commands to watch for files of interest and passwords as well as enable reverse shell. The collected data is then exported to the attacker-controlled infrastructure.

"ExCobalt continues to demonstrate a high level of activity and determination in attacking Russian companies, constantly adding new tools to its arsenal and improving its techniques," the researchers said.

"In addition, ExCobalt demonstrates flexibility and versatility by supplementing its toolset with modified standard utilities, which help the group to easily bypass security controls and adapt to changes in protection methods."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor

Plus: Alleged Apple source code leaks online, cybercrime group Scattered Spider's alleged kingpin gets arrested, and more.

The rolling series of breaches targeting customers of cloud platform Snowflake appears to be a supply chain attack wrapped in another supply chain attack. A hacker who claims to have been involved in the attacks tells WIRED that the hackers, known as ShinyHunter, stole victims’ Snowflake credentials by first breaching an employee of a third-party contractor. (The contractor, however, says it does not believe it was involved.)

Ultimately, the breach of the Snowflake customer accounts, which include Ticketmaster, banking firm Santander, and potentially more than 160 other companies, was possible because their Snowflake accounts did not have multifactor authentication enabled.

Antivirus giant Kaspersky’s worst nightmare has finally come true: The United States government announced on Thursday that it is banning the sale of its software to new customers in the US over alleged Russian national security threats. (Kaspersky has challenged the Biden administration’s claims.) Existing customers, meanwhile, will be banned from downloading Kaspersky software updates after September 29. What could go wrong?

Perplexity AI, an artificial-intelligence-powered search startup, says it’s already valued at a billion dollars. But a WIRED investigation published this week found that its secret sauce has a pungent ingredient: bullshit.

Beyond “hallucinating” details generated by its chatbot, WIRED found that the AI tool appears to be ignoring the Robots Exclusion Protocol—a standard web tool used to prevent scraping—on sites owned by WIRED’s parent company, Condé Nast, and other publications, seemingly allowing it to scrape articles despite the internet equivalent of a “Do Not Enter” sign hanging on WIRED and other Condé Nast sites. Perplexity’s chatbot later plagiarized that same article when prompted.

People traveling through some of the largest train stations in the United Kingdom secretly had their faces scanned by Amazon’s face-recognition tools, according to documents obtained by WIRED. The technology, which was used as part of a trial run, predicted travelers’ various attributes, including gender, age, and likely emotions. The surveillance, which one privacy advocate called “concerning,” could potentially be used for serving advertisements.

Finally, we detailed the rise of robot “dogs” used by militaries, explained what would happen if China invaded Taiwan, and got into the nitty-gritty of the boring-sounding but serious work of spotting the billion-dollar scam tactic known as business email compromise.

That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

For months, ransomware gangs have rampaged across the health care industry, with ruthless attacks targeting Change Healthcare’s national payment network for more than a thousand health care providers, Ascension Healthcare’s 140 hospitals, and dozens of other victims in the medical field. Now that hacking epidemic is crystallizing into yet another catastrophic hospital hack—one that has resulted in the data of 300 million UK patient records leaking online.

Synnovis, a joint-venture medical testing company partially owned by the UK’s National Health Service, has for weeks been battling and negotiating with the Russia-linked ransomware group Qilin, which has deeply disrupted its services in an attempt to extort the company. The result has been well over a thousand postponed operations and thousands more postponed outpatient appointments across multiple UK hospitals. Ambulances have been diverted from the affected hospitals, potentially causing delays in lifesaving care. They’ve even had to ask for new urgent donations of O-type blood, as testing disruptions have prevented other types from being used in patients’ blood transfusions.

A Catastrophic Hospital Hack Ends in a Leak of 300M Patient Records

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) imposed sanctions against a dozen individuals serving executive and senior leadership roles at Kaspersky Lab, a day after the Russian company was banned by the Commerce Department.
The move "underscores our commitment to ensure the integrity of our cyber domain and to protect our citizens against malicious cyber

National Security / Cyber Espionage

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) imposed sanctions against a dozen individuals serving executive and senior leadership roles at Kaspersky Lab, a day after the Russian company was banned by the Commerce Department.

The move "underscores our commitment to ensure the integrity of our cyber domain and to protect our citizens against malicious cyber threats," Under Secretary of the Treasury for Terrorism and Financial Intelligence, Brian E. Nelson, said.

"The United States will take action where necessary to hold accountable those who would seek to facilitate or otherwise enable these activities."

The sanctions, however, do not extend to Kaspersky Lab, its parent or subsidiary companies, nor the company's founder and chief executive officer (CEO), Eugene Kaspersky, OFAC noted. The 12 C-suite and senior-level executives sanctioned are listed below -

*   Andrei Gennadyevich Tikhonov, Chief Operating Officer (COO) and board member
*   Daniil Sergeyevich Borshchev, Deputy CEO and board member
*   Andrei Anatolyevich Efremov, Chief Business Development Officer (CBDO) and board member
*   Igor Gennadyevich Chekunov, Chief Legal Officer (CLO) and board member
*   Andrey Petrovich Dukhvalov, Vice President and Director of Future Technologies
*   Andrei Anatolyevich Suvorov, Head of Kaspersky Operating System Business Unit
*   Denis Vladimirovich Zenkin, Head of Corporate Communications
*   Marina Mikhaylovna Alekseeva, Chief Human Resources (HR) Officer
*   Mikhail Yuryevich Gerber, Executive Vice President of Consumer Business
*   Anton Mikhaylovich Ivanov, Chief Technology Officer (CTO)
*   Kirill Aleksandrovich Astrakhan, Executive Vice President for Corporate Business
*   Anna Vladimirovna Kulashova, Managing Director for Russia and the Commonwealth of Independent States (CIS)

The development follows actions by the Commerce Department prohibiting Kaspersky from providing its software and other security services in America starting July 20, 2024, citing national security concerns. The company has also been placed on the Entity List.

Russia has said the sales ban on Kaspersky software was a typical move by the U.S. to stifle foreign competition with American products. Kaspersky has maintained that it has no links to the Russian government.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

U.S. Treasury Sanctions 12 Kaspersky Executives Amid Software Ban

After Sept. 29, 2024, organizations and individuals that continue using the vendor's products will no longer receive any updates or support.

Source: imageBROKER.com GmbH & Co. KG via Alamy Stock Photo

US businesses and consumers using Kaspersky's antivirus software products and services have until Sept. 29 to stop using them, following a Biden Administration ban earlier this week on sales of the company's technologies in the country over national security concerns.

Companies and individuals that continue to use Kaspersky products past that date will be doing so at their own — considerable — risk, because Kaspersky will no longer be able to offer any support or updates for its products after the deadline.

"It's a good time for CISOs along with other C-suite executives and board members to revisit their organizational use of the software and, frankly, to begin preparing for this to be a long-term aspect of government commercial cybersecurity regulation," says Andrew Borene, executive director at threat intelligence firm Flashpoint. "That means immediately evaluating the scope of any Kaspersky deployment, capturing current requirements, and identifying alternatives for delivering on those requirements once the ban takes full effect at the end of September."

**US Concerns About Kaspersky's Moscow Ties**

In a first-of-its-kind move, the US Department of Commerce, on June 20 formally banned Kaspersky from selling its products and services in the US, citing continued use of the company's software as presenting an "undue or unacceptable national security risk."

The Commerce Department's concerns have to do with Kaspersky being a Russian company and therefore apparently being obligated to turn over customer data to the government there, whenever asked for it.

"Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky Lab, to collect and weaponize sensitive US information," the Commerce department said.

The ban marks the first time the Commerce Department has used its authority under a Trump Administration 2019 Executive Order on Securing the Information and Communications Technology and Services Supply Chain (ICT).

As part of its action, the department also "designated" Kaspersky entities in Russia and the UK, meaning that US organizations and individuals are restricted from transacting business with them. In a related announcement, the US Department of Treasury placed similar restrictions on 12 key executives at Kaspersky, but notably not on the company's founder Eugene Kaspersky.

A Kaspersky spokesman described the Department of Commerce decision as likely motivated by the "current geopolitical climate and theoretical concerns rather than on a comprehensive evaluation of the integrity of Kaspersky's products and services." Kaspersky will pursue all available legal options to fight the decision, the spokesman said in an emailed statement. He added, "Kaspersky does not engage in activities which threaten US national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted US interests and allies."

The US government decision does not impact Kaspersky's ability to continue selling its threat intelligence services or its cybersecurity training programs in the US, the statement noted.

**Death Knell for Kaspersky in the US?**

Even so, the US government's moves this week could effectively mean the end for Kaspersky in the country. In September 2017 the US Department of Homeland Security banned Kaspersky from selling to US federal civilian executive branch agencies over similar national security concerns. Though the company appealed that decision, the Federal Acquisition Regulation Council made it an official and permanent ban in September 2019. With this week's actions, the US government has formally blocked it from selling to US private sector companies and individuals as well.

"The US government has had its eye on Kaspersky for quite a while, so the ban is not particularly surprising," says Eric Parizo, an analyst with Omdia. The 2019 Executive Order bans the use of IT products and services that are owned or directed by a foreign adversary and pose an unacceptable risk to US national security, he says.

This week's US government action does not explicitly prohibit US individuals and organizations from using Kaspersky products after Sept. 29, 2024. But since the vendor cannot provide software updates for existing customers after that date, continued use of the product would represent a clear security risk, Parizo says. "In light of these events, it would be prudent for Kaspersky customers in the US to immediately seek alternatives." What heightens the urgency is the fact that Kaspersky's software products — like all anti-virus tools — have a lot of access to sensitive data on systems on which they are installed, he says.

**Countdown to Kaspersky Sunset**

Adam Maruyama, field CTO at Garrison Technology, recommends that companies which need to replace Kaspersky software make sure to catalog and identify unmanaged corporate devices that may be running the company's software. This includes looking at systems belonging to contractors on the corporate network as well as employees using personal devices at work.

"In the longer term, companies need to be conscious that a 'rip and replace' of antivirus software may not fully remove root-level access points from their systems, as antivirus programs often require root level access that is not easily removed by uninstallers," Maruyama cautions.

Given the concerns that the Commerce Department has raised about data theft and the potential weaponization of Kaspersky software, organizations should closely monitor network security suites and technical behavior of systems where Kaspersky was previously installed, he says.

The focus should be on anomalous behavior such as continued callbacks to Kaspersky or other unidentified servers. "For users with the highest levels of access to high-risk data and administrative privileges, organizations with a critical infrastructure mission may even want to consider replacing devices that previously used Kaspersky antivirus products to guard against residual risk," he says.

**About the Author(s)**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Kaspersky's US Customers Face Tight Deadline Following Govt. Ban

PRESS RELEASE

SAN FRANCISCO, June 20, 2024 /PRNewswire/ -- Abstract Security, crafted by category creators who have consistently redefined the cybersecurity landscape, today announced general availability (GA) of its revolutionary platform designed for the future of security operations. Already in use by customers, Abstract's platform helps security analysts and operations teams navigate the complexities of data pipelines, increase security effectiveness and lower costs.

"Since the inception of Abstract, we've been working tirelessly to combat the challenges of security operations today, offering a tool that focuses on the data that matters and ties security back to business value," said Ryan Clough, co-founder and CPO of Abstract Security. "With the explosion of data over the last few years, customers need a more customizable approach that moves beyond saved searches and dashboards. We're excited to reach this GA milestone as we bring the future security operations platform to more customers."

A key feature of Abstract's platform is the Abstract Security Engineer (ASE), which leverages a combination of AI, expert systems, machine learning, and subject matter expertise and connects to data sources across an organization, delivering instant data and detection capabilities. The security data fabric approach enables:

*   Advanced analytics and correlation: Abstract's platform enables customers to surface threats across their enterprise and cloud infrastructure in real-time. It's powered by out-of-the-box detection content provided by the Abstract research team, which is purpose-built for cloud and SaaS threats.
    
*   Security pipelines: With data routing, transformation and enrichment that is geared for security telemetry, customers can reduce the volume and cost of log data sent to their SIEM. A single point of collection enables drag-and-drop routing of data to any number of sources, including cloud storage, SIEMs, and data platforms.
    
*   Optimized storage: 95% of collected log data is not usable for detection. Abstract's platform intelligently divides hot, warm, and cold storage tiers to automatically optimize storage and compute costs and make the data relevant to security analytics accessible via instant queries.
    

Since emerging from stealth and announcing its Seed funding earlier this year, Abstract Security has expanded its global footprint, hired an experienced technology leader as CTO, and appointed a long-time industry expert to its Board of Directors. To aid in the continued development of the Abstract Security platform, the team has added visionary and innovator Jon Oltsik to its Advisory Board. With over 35 years of technology industry experience, Jon founded the cybersecurity practice at the Enterprise Strategy Group (ESG) in 2003 and has spent the subsequent 20 years studying cyber threats, cyber-risk management, technical defenses, and CISO strategies. Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective. Jon is a founding member of the Cybersecurity Canon, a project dedicated to identifying a list of must-read books for all cybersecurity practitioners, and he was named one of the top 100 cybersecurity influencers by Onalytica.

"Defending against cyber-attacks is more difficult today than it's ever been. With the complexity of infrastructure and sheer volume of data that organizations must manage, today's security analytics teams are tired of the status quo," said Jon Oltsik, Advisory Board member of Abstract Security. "Working as an analyst and advisor has given me a unique perspective into the pain points of industry leaders, and that's why I'm so excited about the unique approach that Abstract Security is taking to solve the problems in the SIEM marketplace, and have the opportunity to support and guide the team as they grow."

In the past several months, Abstract has also been recognized by notable industry awards including a Global Infosec Award for "Pioneering Cybersecurity Startup" at RSA Conference 2024, and most recently, a 2024 Cybersecurity Excellence Award in both "Best Cybersecurity Startup" and "SIEM" categories. The team's commitment to crafting an excellent platform for customers, keeping their sights on innovation, and thoughtful leadership won Abstract the award in both categories, beating out more than 600 applicants.

To learn more about Abstract Security's growing team and accomplishments, visit https://www.abstract.security/our-team or watch this Q&A with Jon Oltsik and CEO Colby DeRodeff. To book a demo, please contact \[email protected\].

About Abstract Security  
Abstract Security, founded in 2023, has built a revolutionary platform equipped with an AI-powered assistant to better centralize the management of security analytics. Crafted by category creators and industry veterans known for redefining the cybersecurity landscape, Abstract transcends next-gen SIEM solutions by correlating data in real time between data streams. As a result, compliance and security data can be leveraged separately to increase detection effectiveness and lower costs – an approach that does not currently exist in the market.

Co-founders Colby DeRodeff, Ryan Clough, Aaron Shelmire, and Chris Camacho bring a unique set of experiences and backgrounds in product development and company-building expertise, formerly at companies like ArcSight (acq. by HP), Mandiant (acq. by Google), Palo Alto Networks and others. For more information about the company, please visit https://www.abstract.security/ and follow the journey @Get\_Abstracted.

Abstract Security Announces General Availability of its AI-Powered Data Streaming Platform for Security

PRESS RELEASE

June 18, 2024 – FS-ISAC, the member-driven, not-for-profit organization that advances cybersecurity and resilience in the global financial system, today announced its 2024 Board of Directors.

Four new Directors and two incumbents have been named to join nine existing Board Directors. The Board oversees FS-ISAC’s global activity and coordinates with FS-ISAC’s Europe Board of Directors and UK Strategic Subsidiary Board. Kris Fador, Chief Information Security Officer for Bank of America, will serve as the Board’s Chair.

The newly elected Directors are:

*   Kristina Dorville, Chief Information Security Officer, Truist Insurance Holdings
    
*   Debbie Janeczek, Chief Security Officer, Technology Executive, Swift
    
*   Susan Koski, Chief Information Security Officer and Head of Enterprise Information Security, PNC
    
*   Bethany Netzel, Managing Director, Operational Resilience and Global Security, CME Group
    
*   The two re-elected incumbents are:
    
*   Kyle Davis, Cyber Fusion Center Principal, Target Corporation
    
*   Steve Sparkes, Chief Information Security Officer, Scotiabank
    

“FS-ISAC’s work is critical in educating the financial services industry on the latest cybersecurity threats and developing best practices to ensure the trust of clients, customers, regulators, investors and other key stakeholders,” said Kris Fador, Chief Information Security Officer for Bank of America. “It’s a privilege to chair this important organization and have this elite group of top security experts join the FS-ISAC Board of Directors to help strengthen the security of the global financial system.”

"The financial services sector is extremely dynamic and FS-ISAC provides critical information and intelligence sharing that strengthens our collective practices and resilience," said Bethany Netzel, Managing Director of Operational Resilience and Global Security at CME Group. "I am pleased to join the FS-ISAC board and work alongside other industry leaders to maintain our strong relationships and manage evolving risks."

Elections took place during a critical year for the financial services industry, marked by rapidly evolving technology and rising geopolitical tension. The deep cybersecurity and resilience expertise of the Board will directly support FS-ISAC’s work in real-time information sharing, strategic incident response, and managing emerging risks. 

“Through nearly a decade of working with FS-ISAC, I’ve seen first-hand the value of global information sharing in defending the sector from escalating cyber threats,” said Debbie Janeczek, Chief Security Officer, Swift. “We must employ a multifaceted approach that encompasses technical solutions, strategic preparation, and industry collaboration to defend against the changing threat landscape. I look forward to continuing my service of protecting the financial sector in this capacity.”

“With the increased use of digital technology in the financial services industry, the work of FS-ISAC is paramount to protecting financial institutions and their clients against global cyber threats,” said Steve Sparkes, EVP, Chief Information Security Officer and Enterprise Platforms, Scotiabank. “I am proud to have been re-elected to the FS-ISAC board, which brings together professionals in support of cyber resilience through the shared commitment of protecting client data.”

“The complexity of the risks facing the financial sector continues to grow, and our Board of Directors ensures our work evolves in accordance with the needs of our member firms and the people they serve,” said Steven Silberstein, CEO, FS-ISAC. “I welcome the new additions to the Board as we work together to reinforce trust in the global financial system.”

Board candidates submit applications to the Board Nominating Committee, who then nominate a slate chosen for leadership qualifications, demonstrated commitment to FS-ISAC’s work, and diversity of skillset, experience, sub-sector, geography, and background. The nominees are then elected by FS-ISAC’s membership. 

FS-ISAC thanks the Directors at the end of their term for their contributions and continued commitment to ensuring the security of the global financial services sector. 

Join the new Board of Directors at FS-ISAC’s Americas Fall Summit in Atlanta, October 27 – 30, 2024. To register, click here. 

About FS-ISAC

FS-ISAC is the member-driven, not-for-profit organization that advances cybersecurity and resilience in the global financial system, protecting the financial institutions and the people they serve. Founded in 1999, the organization’s real-time information sharing network amplifies the intelligence, knowledge, and practices of its members for the financial sector’s collective security and defenses. Member financial firms represent $100 trillion in assets in 75 countries.

FS-ISAC Announces Appointments to Global Board of Directors

PRESS RELEASE

DALLAS and TOKYO, June 18, 2024— VicOne, an automotive cybersecurity solutions leader, today announced that its xNexus and xZETA solutions are available in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS). xNexus is a next-generation vehicle security operations center (VSOC) platform and xZETA is an automotive vulnerability and software bill of materials (SBOM) management system. These safeguard the automotive software supply chain with unique zero-day threat intelligence, providing accurate, contextualized, and actionable insights for risk assessment.

AWS customers will now have access to VicOne’s solutions directly within AWS Marketplace. VicOne provides AWS customers with the ability to streamline the purchase and management of xNexus and xZETA within their AWS Marketplace account. 

“In various ways, our listing in AWS Marketplace is another of our efforts to help automotive manufacturers to securely put in place all of the many high-quality solutions they need across a globally scoped software supply chain for SDVs (software-defined vehicles),” said Max Cheng, chief executive officer of VicOne. “By accessing VicOne solutions, customers, MSSPs (managed security service providers) and other partners can more efficiently and simply offer our products to protect the automotive software supply chain against zero-day vulnerabilities and cyberattacks.” 

xNexus integrates with VicOne’s in-vehicle VSOC sensor, leveraging a unique large language modeling (LLM) approach to provide customized reporting to support VSOC teams. xNexus provides VSOC teams with actionable and contextualized attack paths based on different stakeholders’ needs. The capabilities delivered by VicOne’s next-gen VSOC platform accelerate threat investigations, enable confident response to attacks, and effectively reduce the burden of chasing false alarms. 

xZETA is an automotive vulnerability and SBOM management system that scans vehicle software to identify zero-day, undisclosed, known, and customer-discovered vulnerabilities, along with CWE, malware, and advanced persistent threats. Through xZETA’s patent-pending VicOne Vulnerability Impact Rating (VVIR) technology, external and internal insights are integrated to prioritize high-risk vulnerabilities. This enables swift identification of high-risk issues and formulation of corresponding strategies. Information feeds back into Threat Analysis and Risk Assessment (TARA) results to ensure alignment with ISO/SAE 21434 processes and maintain continuous monitoring.

Services will be available in Japan as soon as it is ready.

To learn more about the VicOne solutions available in AWS Marketplace, please visit here.

About VicOne

With a vision to secure the vehicles of tomorrow, VicOne delivers a broad portfolio of cybersecurity software and services for the automotive industry. Purpose-built to address the rigorous needs of automotive manufacturers and suppliers, VicOne solutions are designed to secure and scale with the specialized demands of the modern vehicle. As a Trend Micro subsidiary, VicOne is powered by a solid foundation in cybersecurity drawn from Trend Micro’s 30+ years in the industry, delivering unparalleled automotive protection and deep security insights that enable our customers to build secure as well as smart vehicles. For more information, visit vicone.com.

You May Also Like

Tag

#intel