By Owais Sultan
In banking and business, you need to know how your investments are doing and what they are made…
This is a post from HackRead.com Read the original post: Unlocking the Power of Portfolio Analysis – A Comprehensive Guide

In banking and business, you need to know how your investments are doing and what they are made of to get the best results and make smart decisions. Portfolio analysis is a powerful tool that helps people and companies figure out how much money their assets are making, what their pros and cons are, and how to change their plans in a smart way to reach their financial goals.

This piece will explain everything you need to know about portfolio analysis tools, including what they’re for, how they work, and how buyers can make more money by using them. 

****What is Portfolio Analysis?****

The orderly process of looking at how well, how risky, and how diverse a person or business’s investments are is called portfolio analysis. It involves looking at the portfolio’s overall risk, finding out how assets are related and correlated, and looking at the results that different asset types produce. The main goals of portfolio analysis are to make sure that the right assets are assigned, that the portfolio performs as well as possible, and that it fits the investor’s goals and risk tolerance.

****Objectives of Portfolio Analysis****

1\. Performance Evaluation: By comparing investments to relevant benchmarks and monitoring the achievement of financial objectives, portfolio analysis assists investors in assessing the past performance of their holdings.

2\. Risk Assessment: By looking at the portfolio’s risk profile, investors can get an idea of how much risk they are exposed to, find possible sources of risk, and judge how well their risk management strategies are working.

3\. Diversification Analysis: Portfolio analysis can help investors find the best way to divide up their assets, while also taking into account their financial goals, investment timeline, and risk tolerance.

4\. Asset Allocation: When looking at an investor’s financial goals, investment timeline, and risk tolerance, portfolio analysis can help them find the best asset allocation plan.

5\. Rebalancing: Using portfolio analysis, investors may be able to find ways to adjust their portfolio by changing the way their assets are allocated to keep the risk-return profile they want.

****Leveraging Investment Portfolio Analysis Tool for Better Profit****

Using tools for portfolio analysis could help you make smart investment choices. Let’s talk about it:  

*   Performance Tracking: Users of financial portfolio analysis tools can keep an eye on how their stocks are doing in real-time by comparing them to relevant standards and previous data. This tool lets investors keep track of their progress toward their financial goals and make changes to their plans as needed.
*   Risk Assessment: These tools help buyers figure out how risky their investments are by looking at things like volatility, association, and possible bad results. As long as investors know how risky their assets are, they can use risk management methods to keep their cash safe.
*   Asset Allocation: Investors can find out how they have spread their money across different types of assets, businesses, and regions by using tools that analyze investment accounts. By seeing how the portfolio is put together, investors can find areas where they are over- or under-exposed and make changes to their assets.
*   Diversification Analysis: These tools check the financial diversity of the portfolio to make sure it’s not too focused on just a few stocks or businesses. Diversification is one of the most important things you can do to lower risk and boost results. Investment portfolio research tools can help you do it.
*   Scenario Analysis: Investors can model different market events with the help of advanced technologies and see how they will affect their investments. Modeling different possible outcomes can help investors figure out how resistant their assets are to changes in the market.

****Methodologies of Portfolio Analysis****

There are different techniques and methods used in portfolio analysis, and each one has its purpose and way of giving information about the portfolio. The following are examples of common techniques:

1\. Modern Portfolio Theory (MPT): MPT is a popular method for portfolio analysis that places a strong emphasis on the value of diversity and the connection between risk and return. It assists investors in building effective portfolios that provide the best returns for a certain degree of risk.

2\. Risk-Return Analysis: This approach evaluates the risk-return characteristics of the portfolio by looking at the past performance of individual assets and how they correlate with market benchmarks.

3\. Sector and Asset Class Analysis: Investors may spot regions of overexposure or underrepresentation and decide on diversification by looking at the portfolio’s composition of various asset classes and industries.

4\. Scenario Analysis: Using this method, one may examine the possible risks and possibilities under fluctuating market circumstances by simulating various scenarios and evaluating their influence on the portfolio.

****Benefits of Portfolio Analysis****

Find out right now why you should use portfolio analysis:  

*   Informed Decision-Making: By giving investors insightful information on the performance and makeup of their assets, portfolio analysis enables them to make data-driven choices that support their financial objectives.
*   Risk Management: Investors may safeguard their assets from market volatility and unanticipated occurrences by implementing proper risk management measures when they have a clear grasp of the risk exposure of their portfolio.
*   Improved Returns: Investors may find chances to optimize the performance of their portfolio, rebalance assets, and modify the asset allocation to maximize returns by using portfolio analysis.
*   Goal Alignment: By ensuring that their investment plan is in line with their time horizon, risk tolerance, and financial objectives, investors may remain on track to meet their objectives with the use of portfolio analysis.

****Conclusion****

A good way for buyers to get a good idea of their investment portfolio’s results, dangers, and variety is to do a portfolio analysis. By carefully looking over their stocks, investors can make smart decisions, get the best results, and learn important things about how well their investment plan is working.

No matter how much experience you have, taking the time to look over your account may help you reach your financial goals and feel confident in your ability to handle the constantly changing financial markets.

Unlocking the Power of Portfolio Analysis – A Comprehensive Guide

At most, someone who intentionally or repeatedly shares information on their social platform that’s misleading or downright false may have their account blocked, suspended or deleted.

Thursday, April 18, 2024 14:00

If you’re a regular reader of this newsletter, you already know about how strongly I feel about the dangers of spreading fake news, disinformation and misinformation. 

And honestly, if you’re reading this newsletter, I probably shouldn’t have to tell you about that either. But one of the things that always frustrates me about this seemingly never-ending battle against disinformation on the internet, is that there aren’t any real consequences for the worst offenders. 

At most, someone who intentionally or repeatedly shares information on their social platform that’s misleading or downright false may have their account blocked, suspended or deleted, or just that one individual post might be removed.  

Twitter, which has become one of the worst offenders for spreading disinformation, has gotten even worse about this over the past few years and at this point doesn’t do anything to these accounts, and in fact, even promotes them in many ways and gives them a larger platform. 

Meta, for its part, is now hiding more political posts on its platforms in some countries, but at most, an account that shares fake news is only going to be restricted if enough people report it to Meta’s team and they choose to take action.  

Now, I’m hoping that Brazil’s Supreme Court may start imposing some real-world consequences on individuals and companies that support, endorse or sit idly by while disinformation spreads. Specifically, I’m talking about a newly launched investigation by the court into Twitter/X and its owner, Elon Musk.  

Brazil’s Supreme Court says users on the platform are part of a massive misinformation campaign against the court’s justices, sharing intentionally false or harmful information about them. Musk is also facing a related investigation into alleged obstruction.  

The court had previously asked Twitter to block certain far-right accounts that were spreading fake news on Twitter, seemingly one of the only true permanent bans on a social media platform targeting the worst misinformation offenders. Recently, Twitter has declined to block those accounts. 

This isn’t some new initiative, though. Brazil’s government has long looked for concrete ways to implement real-world punishments for spreading disinformation. In 2022, the Supreme Court signed an agreement with the equivalent of Brazil’s national election commission “to combat fake news involving the judiciary and to disseminate information about the 2022 general elections.” 

Brazil’s president (much like the U.S.) has been battling fake news and disinformation for years now, making any political conversation there incredibly divisive, and in many ways, physically dangerous. I’m certainly not an authority enough on the subject to comment on that and the ways in which the term “fake news” has been weaponized to literally challenge what is “fact” in our modern society.  

And I could certainly see a world in which a high court uses the term “fake news” to charge and prosecute people who are, in fact, spreading \*correct\* and verifiable information.  

But, even just forcing Musk or anyone at Twitter to answer questions about their blocking policies could bring an additional layer of transparency to this process. Suppose we want to really get people to stop sharing misleading information on social media. In that case, it needs to eventually come with real consequences, not just a simple block when they can launch a new account two seconds later using a different email address. 

**The one big thing **

Talos recently discovered a new threat actor we're calling “Starry Addax” targeting mostly human rights activists associated with the Sahrawi Arab Democratic Republic (SADR) cause. Starry Addax primarily uses a new mobile malware that it infects users with via phishing attack, tricking their targets into installing malicious Android applications we’re calling “FlexStarling.” The malicious mobile application (APK), “FlexStarling,” analyzed by Talos recently masquerades as a variant of the Sahara Press Service (SPSRASD) App. 

**Why do I care? **

The targets in this campaign's case are considered high-risk individuals, advocating for human rights in the Western Sahara. While that is a highly focused particular demographic, FlexStarling is still a highly capable implant that could be dangerous if used in other campaigns. Once infected, Starry Addax can use their malware to steal important login credentials, execute remote code or infect the device with other malware.  

**So now what? **

This campaign's infection chain begins with a spear-phishing email sent to targets, consisting of individuals of interest to the attackers, especially human rights activists in Morocco and the Western Sahara region. If you are a user who feels you could be targeted by these emails, please pay close attention to any URLs or attachments used in emails with these themes and ensure you’re only visiting trusted sites. The timelines connected to various artifacts used in the attacks indicate that this campaign is just starting and may be in its nascent stages with more infrastructure and Starry Addax working on additional malware variants. 

**Top security headlines of the week **

**A threat actor with ties to Russia is suspected of infecting the network belonging to a rural water facility in Texas earlier this year.** The hack in the small town of Muleshoe, Texas in January caused a water tower to overflow. The suspect attack coincided with network intrusions against networks belonging to two other nearby towns. While the attack did not disrupt drinking water in the town, it would mark an escalation in Russian APTs’ efforts to spy on and disrupt American critical infrastructure. Security researchers this week linked a Telegram channel that took credit for the activity with a group connected to Russia’s GRU military intelligence agency. The adversaries broke into a remote login system used in ICS, which allowed the actors to interact with the water tank. It overflowed for about 30 to 45 minutes before officials took the machine offline and switched to manual operations. According to reporting from CNN, a nearby town called Lockney detected “suspicious activity” on the town’s SCADA system. And in Hale Center, adversaries also tried to breach the town network’s firewall, which prompted them to disable remote access to its SCADA system. (CNN, Wired) 

**Meanwhile, Russia’s Sandworm APT is also accused of being the primary threat actor carrying out Russia’s goals in Ukraine.** New research indicates that the group is responsible for nearly all disruptive and destructive cyberattacks in Ukraine since Russia's invasion in February 2022. One attack involved Sandworm, aka APT44, disrupting a Ukrainian power facility during Russia’s winter offensive and a series of drone strikes targeting Ukraine’s energy grid. Recently, the group’s attacks have increasingly focused on espionage activity to gather information for Russia’s military to use to its advantage on the battlefield. The U.S. indicated several individuals for their roles with Sandworm in 2020, but the group has been active for more than 10 years. Researchers also unmasked a Telegram channel the group appears to be using, called “CyberArmyofRussia\_Reborn.” They typically use the channel to post evidence from their sabotage activities. (Dark Reading, Recorded Future) 

**Security experts and government officials are bracing for an uptick in offensive cyber attacks between Israel and Iran** after Iran launched a barrage of drones and missiles at Israel. Both countries have dealt with increased tensions recently, eventually leading to the attack Saturday night. Israel’s leaders have already been considering various responses to the attack, among which could be cyber attacks targeting Iran in addition to any new kinetic warfare. Israel and Iran have long had a tense relationship that included covert operations and destructive cyberattacks. Experts say both countries have the ability to launch wiper malware, ransomware and cyber attacks against each other, some of which could interrupt critical infrastructure or military operations. The increased tensions have also opened the door to many threat actors taking claims for various cyber attacks or intrusions that didn’t happen. (Axios, Foreign Policy) 

**Can’t get enough Talos? **

*   Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services 
*   Decade-old malware haunts Ukrainian police 
*   Attackers are pummeling networks around the world with millions of login attempts 
*   OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal 
*   Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials 
*   Talos Takes Ep. #179: Why we need to stop calling as-a-service group takedowns "takedowns" 

**Upcoming events where you can find Talos **

 **Botconf** **(April 23 - 26)** 

_Nice, Côte d'Azur, France_

> _This presentation from Chetan Raghuprasad details the Supershell C2 framework. Threat actors are using this framework massively and creating botnets with the Supershell implants._

**CARO Workshop 2024** **(May 1 - 3)** 

_Arlington, Virginia_

> Over the past year, we’ve observed a substantial uptick in attacks by YoroTrooper, a relatively nascent espionage-oriented threat actor operating against the Commonwealth of Independent Countries (CIS) since at least 2022. Asheer Malhotra's presentation at CARO 2024 will provide an overview of their various campaigns detailing the commodity and custom-built malware employed by the actor, their discovery and evolution in tactics. He will present a timeline of successful intrusions carried out by YoroTrooper targeting high-value individuals associated with CIS government agencies over the last two years.

**RSA** **(May 6 - 9)** 

_San Francisco, California_    

**Most prevalent malware files from Talos telemetry over the past week **

_This section will be on a brief hiatus while we work through some technical difficulties._

Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?

Debian Linux Security Advisory 5664-1 - Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5664-1                   security@debian.orghttps://www.debian.org/security/                          Markus KoschanyApril 17, 2024                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : jetty9CVE ID         : CVE-2024-22201Jetty 9 is a Java based web server and servlet engine. It was discovered thatremote attackers may leave many HTTP/2 connections in ESTABLISHED state (notclosed), TCP congested and idle. Eventually the server will stop accepting newconnections from valid clients which can cause a denial of service.For the oldstable distribution (bullseye), this problem has been fixedin version 9.4.50-4+deb11u2.For the stable distribution (bookworm), this problem has been fixed inversion 9.4.50-4+deb12u3.We recommend that you upgrade your jetty9 packages.For the detailed security status of jetty9 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/jetty9Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmYgPqhfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFDRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7UeS8Wg/+JvDyNdRq1Tu6rEqfHprMuxVifvPSH4RefpWMVY1MUIwRSxCyL9GEKCtuq0a+Vf/JycNVbTcRB0n/UpgFdCCWE6dUngLIoYX/SmA+dXKLN9a+FIKj/aivOvOrCUEkaJiVBjARYoBxDzoLG8STAJkxJvCAIduOSZ4Pr3iaZ+3+mHLpz38aAHz7QCXSNoqaD66hMTCVPnVTTr3CvrhCIjcdxQRteJwkJ0XxT5WxYSBmVuB+zEAxHUt6ocv25bMel+B4OMcNrRrdQiUtqAF2i7ktAPO2HUo5+9kxYCwkB1DbgIEhdtkA6aBtTYZ0ZJbx4kV206DrQO7PjLzbY6RA2o2EiNb1zEZlaaFuGq6ctIpR52PplC0sEPUTVbDHLlDAQUIXzmmJGhD2etF5dpknbBTcAhUjGebCiasqwZ8HWiVUeIEwi89je7+CThjB3phSjyzqZivdkpYiZTApy3UU3lzXHViCtTIverkaQNoYExWVCKihvMRtSAlhw4b0ukEt+PNzrgl2N0M3bYh1oEh+TGqiP961Je38l5756wKLSxgzfTwTlrPmH6BFwhkFEnMxzjX4jvRWkVC2Yz4/DiJnRnAEjS3iOsvvDnP/lZkWZOXMT3TY0bRJSwUuEgCcNPF/PE/q6KRtzyxJLuTOFRwk/xob/q4GucD+RuqwHEC2w3fN7WE==HK3G-----END PGP SIGNATURE-----

Debian Security Advisory 5664-1

The missing ingredient in NIST's newest cybersecurity framework? Recovery.

Alex Janas, Field Chief Technology Officer, Commvault

April 18, 2024

5 Min Read

Source: Borka Kiss via Alamy Stock Photo

COMMENTARY

As the digital landscape grows more treacherous, companies are finally beginning to treat cybersecurity as a top operational risk. And for enterprises revising their data security strategies, the updated guidance from the National Institute of Standards and Technology (NIST), the US government's key technical standards adviser, is a good starting point. NIST's cybersecurity framework, first released in 2014, has functioned as the leading educational and academic guide. The newest version includes important updates, like the addition of data governance as one of the core pillars. Unfortunately, it falls short in a significant way. It doesn't say nearly enough about the most crucial ingredient of any comprehensive and contemporary cybersecurity plan: the ability to recover from a cyberattack. 

It's important to keep in mind that recovering from an attack is not the same as disaster recovery or business continuity. It's not enough to simply tack the recovery function onto a broader incident response plan. Recovery must be ingrained into the security stack and into your response plans. And even outside a crisis scenario, there must be a continual feedback loop established, where all parts of the cybersecurity function — including recovery — are always sharing information and are a part of the same workflow. 

Given the persistent threat landscape and the growing number of mandatory regulations, such as the EU's Digital Operational Resilience Act (DORA), companies must urgently address the gaps in their cybersecurity preparedness plans.

**Shifting From a Frontline Mentality **

While NIST is a comprehensive framework, the cybersecurity industry (and, by proxy, most companies) put far more attention on the part that focuses on preventing cyberattacks. That's important, but prevention can never be assured and should not be done at the expense of a comprehensive security plan. 

A company that only uses the NIST Cybersecurity Framework will put that company in a position where they are underinvested in responding to current and future cyberattack scenarios. That's a risk no organization can afford to take. You will be breached. In fact, you are breached, you just don't know it yet. This means the restoration platform must be integrated with the security stack to help protect itself and the business environment to ensure the company can get back to business — which is one of the main goals of this work.

Vendors and customers alike must put resources toward returning to a post-attack state: How to get there, and how to test and verify that capability. The secret to a robust recovery is planning. To truly be safe, businesses must take steps now to integrate the technology and people responsible for recovery into the rest of their cybersecurity function. 

Once that happens, although recovery teams can still operate independently, there's a continual feedback loop. So, all the different parts of the security teams can still easily send and receive information to and from the other functions. 

**Test, Test, Test**

While companies often have time frames in mind of how quickly systems must be back online, far fewer have fully considered what it takes to get to that safe state following an attack. 

Testing helps inform how long each step in the identification and remediation of a breach should take, so companies have a benchmark to use when an actual incident occurs. And without adequately testing backup environments, the recovery function becomes much more difficult — and potentially more dangerous. When restoring from an untested backup environment, the company might inadvertently restore implanted malicious code, provide attacker access, or return to a vulnerable state. 

Companies must actively run simulated or real-world drills that test all facets of their cyber resilience to uncover the weak points, including any issues that could impact a company's ability to get their IT systems operational again. 

**Linking the Steps  **

Integrating recovery tools into the larger incident response arsenal can yield valuable intelligence, both in preparing for and responding to an attack. 

These days, modern recovery systems can actively monitor backup repositories and regularly send feeds back to the security teams to detect any abnormal behavior far quicker than in the past — a vital capability as attackers increasingly aim their efforts at the last-mile data centers. And as a cyber-resilient restoration platform becomes integrated into the modern security stack, it must connect with the systems that transform the intelligence from the various systems and services to provide security teams with better context about the events that are happening in their environment as well as better auditing required under the various compliance and regulations around the globe. 

**Aligning the People to the Process **

While many organizations have experts attached to every other process in the NIST framework, few have teams or even individuals dedicated to managing recovery. 

Often, the function falls between the domain of the chief information security officer (CISO) and chief information officers (CIO), which leads to both assuming the other owns it. The overworked security team typically views recovery as tedious — and something that occurs only at the tail end of a chaotic process that should be handled by the IT team. 

Meanwhile, the IT team, unless steeped in security, may not even know what the NIST framework is. Facing a deluge of complaints, their focus is on simply getting the environment back online as quickly as possible, and they may not recognize how perilous an unplanned, hasty recovery can be. 

Taking this seriously involves dedicating resources to oversee recovery, making sure this step doesn't get overlooked in the ongoing planning and testing — let alone in the chaos that often accompanies a breach. 

When given strategic direction from the C-suite, and assigned the right ongoing responsibilities, the recovery individual or team can ensure that the response protocols are regularly tested, as well as serve as the bridge to connecting recovery with the rest of the cybersecurity function.  

**The Most Vital Step**

In this era when every business should assume they are breached, recovery must be recognized as just as important as the other steps in the NIST framework. Or maybe even more important.

Companies that only play cyber defense will eventually lose. They are playing a game where they think the score matters. Defenders can have 1,000 points but will lose to an attacker who scores once. There's simply no way to guarantee victory against an opponent who plays outside the rules and controls when and how the game is played.

Businesses must allocate resources to prepare for cyberattacks. Without a tested response plan to resume operations safely and securely, companies will have no choice but to capitulate to attackers' demands, pay the ransom, and thereby embolden an attacker.

**About the Author(s)**

Field Chief Technology Officer, Commvault

As the Field Chief Technology Officer for Commvault, Alex Janas is responsible for overseeing cybersecurity. He is a distinguished cybersecurity expert with over 20 years of diverse experience, spanning the private sector and the Department of Defense (DOD). 

In his work within the private sector, Alex has excelled in a wide range of security responsibilities; Cyber and Physical Security Penetration Assessments, Incident Response and Forensics, Virtual Chief Information Security Officer (vCISO), Cyber Executive Protection and Technical Surveillance Countermeasures (TSCM).

Alex’s government experience is highlighted by his tenure at the National Security Agency (NSA), where he served for 11 years in the Tailored Access Operations as an Analyst, Operator, and Division Technical Director. Alex is a proud recipient of the Master Operator designation, a prestigious honor bestowed upon a highly select cadre of Computer Network Operations personnel.

Rebalancing NIST: Why 'Recovery' Can't Stand Alone

Industry leaders aim to solve the threat to both the mental health of workers and security of organizations with solutions that recognize the enormous pressures facing cybersecurity professionals.

Source: Roman Samborskyi via Alamy Stock Photo

It's no secret that burnout is an epidemic among cybersecurity professionals that threatens not only the mental health of workers in the field, but also the security of organizations. But how to solve the growing crisis is still something with which the industry is grappling.

Peter Coroneos, founder of Cybermindz, and Kayla Williams, CISO of Devo, have different perspectives on cybersecurity burnout given their distinct roles and perspectives as industry leaders, but together they have a shared vision to find solutions to help break the current cycle of burnout that faces the cybersecurity profession.

Coroneos is founder of Cybermindz, a not-for-profit that offers resilience training for cyber teams, among others; and Williams is chief information security officer (CISO) of Devo, a cloud-native security analytics company.

The two — whose companies already are partners in fighting burnout — will come together at the upcoming RSA Conference to host a session called "Burnout in Cyber: The Intersection of Neuroscience, Gender, and Wellbeing." Their session will present some reasons why cybersecurity burnout has become a vicious cycle, as well as how a combination of empathetic leadership and neuroscience-based training can help break it.

**Security Staff Burnout: A Wake-Up Call**

The "wake-up call" for Coroneos on how serious the burnout problem came when a survey of 200 cybersecurity professionals conducted by Wakefield Research on behalf of Devo released its results last September. The study found that a hefty 83% of those surveyed admit that stress has led them and peers to make errors that have caused data breaches.   

The COVID-19 pandemic-related workplace changes as well as the increased cyberattacks taking advantage of organizations' hasty and often insecure shift to accommodate a remote workforce really threw cybersecurity burnout into high gear, he said.

"COVID brought together a number of factors that have been brewing in the background for a number of years," Coroneos says in a recent interview.

Working remotely, cybersecurity professionals felt even less of a separation between their work and home lives and felt as if they quite literally always took their work home with them. And with cyberattackers exploiting the vulnerable security situation with which many companies were faced at the time, there was even more work for them to do, and thus more pressure than ever, he says.

It was a "perfect storm" of conditions to foster burnout, Coroneos says. "We started to see many more reports of the degradation in the mental health status of cybersecurity teams," he says. "They feel this relentless pressure with no end in sight."

**The Blame Game**

Some of that pressure comes with the often-unfair burden of blame that CISOs and chief security officers (CSOs) in particular shoulder when a data breach or attack goes horribly wrong for a company, says Williams, who in her position as CISO knows all too well.

A key source of stress these executives experience is that they often don't control their budgets and the overall security roadmap at their respective organizations, and thus don't typically get the sufficient funding to execute their vision for a company's security. However, they still will be held accountable if something goes wrong, Williams says.

She cited notable high-profile lawsuits brought against top security executives from Uber and SolarWinds in which they took the brunt of the blame for security incidents at their respective companies as scenarios that are scaring top professionals out of the industry.

"From what I'm seeing and hearing, turnover is incredibly high," Williams says. "Speaking to my peers, they don't want to be CSOs anymore."

Indeed, the Devo survey found that 85% of professionals surveys will leave their role in the next year, while 25% will leave the industry entirely.

The current situation that many security professionals find themselves in is a burnout cycle that keeps those who stay in the profession feeling stressed out and hopeless about their jobs, while creating unprecedented numbers of turnover in a position that already faces job shortages. This circular cycle creates even more burnout for those who stay in cybersecurity roles, Coroneos and Williams say.

**Breaking the Security Fatigue Cycle**

To break this cycle, the two professionals pose a combination of empathetic leadership strategies and a neuroscience-based solution to help retrain people's minds to deal with high levels of stress.

As a CISO herself, Williams says she knows how important it is to communicate effectively with people in various cybersecurity roles within the organization to ensure that their individual needs both professionally and emotionally are being met. This is especially true as a new generation of cyber professionals with different emotional needs is entering the workforce, she says.

"As a people leader, it is my responsibility to ensure that I am communicating to my teams in a way that resonates with them," Williams says. It's important for leaders to take time to understand the needs of individuals on a team and to check in with them as they would with family or friends to ensure they are not feeling overwhelmed by stress or the demands of their responsibilities, she says.

Meanwhile, Cybermindz is taking a page out of the playbook of international armed forces with a training solution called Integrative Restoration (iRest) that has been implemented by the US and Australian military since 2006 and 2016, respectively.

iRest — the result of more than 40 years of observation, research and development by clinical psychologist Richard Miller and his team at an institute of the same name California — is an attention-training technique to help the brain's limbic system return to a restful state after an intense period of high stress.

The problem for cybersecurity pros is that they often get stuck in a constant state of psychological fight-or-flight response pattern due to the constant stress cycle of their jobs, Coroneos explains. iRest is a training that helps them switch out of this cycle to bring them to a deeper state of relaxation to reset that fight-or-flight response. This will help the brain switch off, so it is not constantly creating stress not only in the workplace but throughout their everyday lives, thus creating burnout, he says.

"We need to get them into a position where they can come into a proper relationship into their subconscious," Coroneos says, adding that so far cybersecurity professionals who have experienced the training — which Cybermindz is currently piloting— report they are sleeping better and making clearer decisions after only a few sessions of the program.

Indeed, while burnout remains a serious problem, the message Coroneos and Williams ultimately want to convey is one of hope that there are solutions to solve the burnout problem currently facing cybersecurity professionals, and that the enormous pressures these dedicated professionals face is not being overlooked.

"We want to show them that their mental health need not be the price of their career," Coroneos says.

**About the Author(s)**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Break Security Burnout: Combining Leadership With Neuroscience

Sandboxes are synonymous with dynamic malware analysis. They help to execute malicious files in a safe virtual environment and observe their behavior. However, they also offer plenty of value in terms of static analysis. See these five scenarios where a sandbox can prove to be a useful tool in your investigations.
Detecting Threats in PDFs
PDF files are frequently exploited by threat actors to

How to Conduct Advanced Static Analysis in a Malware Sandbox

Two new code-execution techniques, Poison Fiber and Phantom Thread, take advantage of a little-known Windows OS workhorse to sneak shellcode and other malware onto victim machines.

Source: Robert K. Chin via Alamy Stock Photo

BLACK HAT ASIA – Singapore – Windows fibers, little-known components of Windows OS, represent a largely undocumented code-execution pathway that exists exclusively in user mode — and is therefore largely overlooked by endpoint detection and response (EDR) platforms. As such, it's possible for attackers to exploit them to stealthily land on PCs and deploy malicious payloads.

That's according to Daniel Jary, an independent security researcher, who laid out two new proof-of-concept (PoC) attacks using fibers in a session at Black Hat Asia on Thursday.

Fibers are an alternative to the standard "threads" that Windows uses to execute code from the OS or an application, he explains.

"Threads are like workers, essentially, within a Windows process or an application, and traditionally, they've always been the way that you'd execute code and get things done," he tells Dark Reading. "But there's a more niche way of doing it, through fibers."

**Fibers: A Forgotten & Overlooked Windows OS Pathway**

Fibers, when used, exist within threads — they're essentially smaller, more lightweight versions of the bigger thread concept. Fibers were initially developed at a time when CPUs had fewer cores available to them and could accommodate only so many threads. At a high level, the smaller were a way to expand capacity, by allowing developers to split up workloads within a single thread and make processes more efficient.

"But as computers became more powerful, with more memory to play with, fibers became somewhat redundant in the vast majority of scenarios," Jary explains. "That's why a lot of people really haven't heard about them and they're a bit obscure, but they do serve a few purposes for some old legacy applications and a way to port programs from other operating systems over to Windows. And some Windows processes themselves actually still use fibers."

Thus, fibers enjoy the dubious honor of being both a core Windows function and an overlooked one by security teams. To boot, Jary notes that traditional detection mechanisms in EDR platforms and antivirus engines tend to ignore them — making them a perfect stealth avenue to execute malicious code.

"Threads are heavily monitored by EDR agents, which look at syscalls and kernel mode callbacks to capture telemetry and send it to a rules engine to generate detection," Jary says. "But fibers exist purely in user mode and don't show up in kernel collection, so their telemetry is not actually getting recorded by EDRs."

Some open source techniques already exist to take advantage of fibers' under-the-radar status. A PoC from 2022, for instance, details a method for hiding malicious shellcode inside a fiber, thus evading the majority of AV engines.  

Others have created methods for callstack masking, which enables attackers to hide a malicious execution pathway within a thread — in this case, a fiber — behind a different, dormant fiber that's benign, also evading detection. The technique takes advantage of the fact that if fibers are in use, there's always an active fiber, then a dormant fiber that it switches off with. This masking capability that was added into Cobalt Strike's Artefact Kit in 2022.

**New Frontiers in Malicious Fiber Execution**

Jary set off to explore whether it's possible to improve on existing malicious fiber techniques, and came up with two new PoCs, dubbed Phantom Thread and Poison Fiber.

Existing adversarial fiber methods have certain disadvantages for attackers: Some indicators could still be used for EDR detection, and the maliciousness isn't hidden from inline event-based callstack collection. Any collection of dormant fibers, for which several techniques exist, would remove callstack masking.

Phantom Thread is a next-gen callstack masking approach that removes the ability of memory scans to target fibers by having those fibers masquerade as threads. This involves creating a fiber, then patching it so that it self-identifies as a thread. Then it becomes possible to remove any fiber callstack indicators and essentially hide the fibers from any scanning altogether.

The second PoC, Poison Fiber, enumerates any running Windows processes, looking at threads in use and then whether any of those threads are using fibers. Then "it presents you with an opportunity to inject your payload or your shellcode into a dormant fiber," Jary explains.

"You can only one run one fiber per thread at any one time, which means you always have another dormant fiber parked somewhere else on the stack," he says. "When we execute our code using Poison Fiber, this injects our code into a dormant fiber, so we don't have to suspend the thread in order to inject the shellcode, which is a huge indicator for malicious activity. And because we've injected the payload into a dormant fiber, then the application triggers the execution for us, and we don't initiate the execution ourselves." The technique has an added benefit of allowing remote code execution (RCE) as well.

**Wake Up to Fiber's Adversarial Potential**

While they remain somewhat obscure, fibers should be on security teams' list of attack vectors, warns Jary, who has not yet released his evolved PoCs or granular details on the methods publicly. He reasons that it's only a matter of time before others find ways of overcoming drawbacks in existing open source fiber execution methods.  

"Fiber's alternate execution method is valuable to attackers because it helps us sidestep traditional telemetry sources that we get with threads, in particular kernel callbacks," he says. "Fibers aren't a privilege escalation tactic, and they aren't a user access control (UAC) bypass. But it does allow a payload delivery that gets a lot less spotlight and attention from the security community. Fibers are really simple to implement, but they're harder to detect. So that makes them perfect for any script kiddie to use to attack businesses."

Jary advises implementing mature EDR products that can be continually tested against emerging techniques like these.

"Talk to your red teamers about open source fiber methods that are being used in the wild," he says. "Do some research to see what attackers are having joy with, what's popular in the wild, then feed that back into your research team and your EDR product developers. That's going to help build better defenses and probably make your threat hunters' lives a little bit easier as well."

**About the Author(s)**

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

Sneaky Shellcode: Windows Fibers Offer EDR-Proof Code Execution

Having a solid disaster recovery plan is the glue that keeps your essential functions together when all hell breaks loose.

Source: Aleksei Gorodenkov via Alamy Stock Photo

COMMENTARY

As the conflict in Ukraine enters its third year, the global community is confronted with the grim reality of modern warfare, where cyber operations have emerged as a pivotal battleground. Reflecting on past events and the ongoing crisis, it's evident that cyberattacks have become a constant threat, leaving no sector untouched and rendering the Ukrainian people and their systems vulnerable to relentless aggression.

In January 2022, as tensions loomed, I was tasked with outlining the potential consequences of a Russian attack on Ukraine to a private equity client with operations in the region. Little did we know that the scenarios we discussed would soon transition from hypothetical to harrowing realities.

Fast forward to 2024, and the dire situation persists. Recent cyberattacks targeting Ukrainian state agencies, including the state-owned energy company, and financial institutions such as Monobank, Ukraine's largest mobile-only bank, underscore the severity of the ongoing digital onslaught. The infiltration of Ukrainian telecommunications giant Kyivstar by Russian hackers further highlights the magnitude of the threat, leaving millions without vital services for days.

**How to Prepare for Cyber Warfare**

Amidst this turmoil, organizations must prioritize disaster recovery preparedness to mitigate risks and enhance resilience. Here are essential steps to consider:

1.  Safety of personnel: Beyond technical aspects, acknowledging the human impact of cyber warfare is paramount. With millions of Ukrainian people displaced and seeking refuge, ensuring the safety and well-being of your teams and their vulnerable families should be a top priority.
    
2.  Comprehensive backup strategies: Implementing robust backup solutions for critical data, systems, and networks is essential to restore operations swiftly in the event of a cyberattack. A multisite strategy ensures data survivability even in the face of unforeseen disasters.
    
3.  Cybersecurity training and awareness: Educating employees about cybersecurity best practices significantly reduces the likelihood of successful attacks, making every individual a frontline defender against cyber threats.
    
4.  Multilayered defense mechanisms: Adopting a multilayered approach to cybersecurity, including firewalls, intrusion detection systems, and endpoint protection, strengthens defenses and minimizes vulnerabilities.
    
5.  Incident response planning: Developing a comprehensive incident response plan enables organizations to react swiftly and effectively to cyber breaches, ensuring minimal disruption and damage.
    
6.  Collaboration and information sharing: Collaborating within the cybersecurity community and sharing threat intelligence and best practices bolsters defenses and adaptability against evolving threats.
    

When I reflect on the pre-war briefing on that cold January day in 2022, I recall how dark and macabre my presentation was. Nobody thought that what I was outlining could become reality. But it did. And even worse.

As we continue to witness the devastating impact of cyber warfare in Ukraine, it serves as a poignant reminder of the imperative for preparedness and resilience in the face of modern threats. By implementing proactive cybersecurity measures, prioritizing human safety, and fostering collaboration, organizations can defend against cyberattacks and uphold principles of sovereignty and stability in the digital age. It is essential for organizations to have a solid disaster recovery plan, as it is the glue that keeps your essential functions together when all hell breaks loose. Together, we can navigate the complexities of cyber warfare and work towards a future where technology protects and empowers all, even amidst conflict and adversity.

**About the Author(s)**

Independent Cybersecurity Consultant

Hadi Shavarini an independent cybersecurity consultant is a seasoned CISSP, with over 20 years of extensive Cloud Security experience across Data, Application, IAM, and Infrastructure domains, along with strategic cybersecurity expertise. As a Cybersecurity Consultant and virtual Chief Information Security Officer (vCISO), he specializes in delivering unparalleled advisory and cybersecurity services fortifying organizations' governance, risk, and compliance strategies. Hadi has demonstrated proficiency in steering cybersecurity initiatives across diverse industries, including financial services, healthcare, energy, manufacturing, tech, and retail. As a vCISO and trusted advisor, he excels in fostering strong client relationships, conducting cybersecurity evaluations, and guiding clients in implementing security frameworks and regulatory compliance. Hadi's leadership extends to his roles as CEO & Cofounder at Blue Robin Inc., and CEO & Cofounder at WebMedicPro. His expertise encompasses a wide range of IT solutions, project management, and strategic consultancy in cybersecurity and technology integration.

Preparing for Cyber Warfare: 6 Key Lessons From Ukraine

PRESS RELEASE

Woburn, MA – April 16, 2024 – Today Kaspersky introduced its new flagship product line, Kaspersky Next, combining robust endpoint protection with the transparency and speed of EDR (Endpoint Detection and Response), alongside the visibility and powerful tools of XDR (Extended Detection and Response). Customers can now choose one of three product tiers tailored to their business requirements, the complexity of their IT infrastructure, and their available resources.

Amid the constantly evolving cyberthreat landscape, it is vital for companies to have a comprehensive cybersecurity solution they can trust and rely on for effective protection. According to Enterprise Strategy Group’s XDR and SOC Modernization Report, businesses are still struggling to find information security tools that can detect and investigate advanced threats on time. As a leading innovative and technological company, Kaspersky is continuously developing its solutions to address all of the cybersecurity requirements of businesses, helping them build up reliable cybersecurity frameworks.

Kaspersky Next is a new line of cybersecurity products that includes robust endpoint protection powered by AI capabilities, and goes beyond the classic EPP (Endpoint Protection Platform), bringing together EDR and XDR for corporate customers of any size and industry. As the most advanced and effective cybersecurity solutions, EDR and XDR help companies to withstand the more prevalent, evasive, and sophisticated attacks, providing businesses with total visibility, control, rapid response and proactive threat hunting.

Kaspersky Next is deployment-agnostic and allows for both cloud and on-premises installations. Companies can manage it either through a streamlined console to perform core cybersecurity tasks quickly, or via an enterprise-grade console with more granular controls and advanced monitoring.

The new product line helps companies build crucial cybersecurity functions to provide robust protection against multiple types of threats that business face the most, such as ransomware, malware and data breaches, and avoid infrastructure penetration through Business Email Compromise, supply chain attacks, exploits and other vulnerabilities. It protects personally identifiable information (PII), such as social security numbers, employer identification numbers (EIN), and driver's licenses in files uploaded to Office365. This function also informs administrators of potential security issues or compliance conflicts with data protection laws.

Kaspersky Next includes multiple automation features such as cloud monitoring and blocking, vulnerability and patch management, IoC scan and playbooks that help businesses not only to support the effective detection and remediation of complex and new threats, but also to significantly reduce the burden on cybersecurity teams by minimizing the number of routine cybersecurity tasks.

Kaspersky Next currently comprises three product tiers:

Kaspersky Next EDR Foundations provides powerful endpoint protection that identifies and neutralizes threats before they can harm business processes. Flexible, straightforward security controls and built-in IT scenarios enable hands-off operation and let companies customize their security policies to suit their unique needs. 

This solution is recommended for companies where information security is performed by IT departments.

Kaspersky Next EDR Optimum provides strong endpoint protection with essential EDR functionality, advanced controls, patch management and cloud security. Threat visibility, investigation and response are guided to help businesses deflect attacks rapidly and with minimal resources.

This solution is recommended for companies with small information security teams. 

Kaspersky Next XDR Expert aggregates, analyzes and correlates data from various sources across an organization’s IT infrastructure, providing real-time visibility and deep insights into evolving cyber risks to deliver advanced threat detection and automated response. It’s a robust cybersecurity solution that can also integrate with third-party vendors. 

This solution is recommended for companies with experienced cybersecurity teams or Security Operations Centers (SOC).

Kaspersky Next is a part of the company’s B2B product ecosystem and it is designed to be directly compatible with other Kaspersky solutions and services. With the growing demand for more comprehensive cybersecurity protection, companies can also easily migrate from one tier to another, depending on their current cybersecurity requirements.

“Today we are launching our market-leading XDR and reinventing our corporate product offering, as we embark on a new chapter of our history as a B2B vendor,” said Claudio Martinelli, managing director, Americas at Kaspersky. “Kaspersky Next makes EDR and XDR simpler for companies and organizations of all sizes. We are bringing top protection powered by unique expertise to all customers – from those with zero cybersecurity officers to those that have experienced cybersecurity teams. Our goal is to allow companies to build reliable and cost-effective information security systems of the highest quality for their specific requirements.”

To learn more about Kaspersky Next, please visit this website.

Kaspersky Unveils New Flagship Product Line for Business, Kaspersky Next

By Cyber Newswire
In a digital age where information is the new currency, the recent global hack has once again highlighted…
This is a post from HackRead.com Read the original post: Global Hack Exposes Personal Data: Implications & Privacy Protection – Axios Security Group

In a digital age where information is the new currency, the recent global hack has once again highlighted the urgent need for enhanced cybersecurity measures.

The breach was identified as Midnight Blizzard, from the Russian state-sponsored actor known as NOBELIUM. It has affected Millions of individuals and government agencies worldwide, underscoring the far-reaching consequences of cyberattacks and the critical importance of protecting sensitive information.

****The Scope of the Breach****

The scale of the global hack is staggering. Hackers gained unauthorized access to databases containing a wealth of personal data, including financial records, social security numbers, email addresses, and passwords.

The exposed information poses a significant risk of identity theft, financial fraud, and other forms of cybercrime. The breach has impacted individuals across various sectors, including government agencies, businesses, and private citizens, highlighting the pervasive nature of cyber threats.

****Implications for Individuals****

The fallout from a hack can be devastating for individuals whose data has been compromised. Identity theft, in particular, poses a significant threat. Hackers use stolen information to open fraudulent accounts, make unauthorized purchases, or even commit acts of impersonation. Moreover, the exposure of sensitive personal information can erode trust and privacy, leaving individuals vulnerable to exploitation and manipulation.

****Response and Accountability****

After the breach, affected organizations must take swift and decisive action to mitigate the damage and restore trust. This includes implementing robust cybersecurity measures, notifying affected individuals, and cooperating with law enforcement agencies to identify and apprehend the perpetrators.

Additionally, there must be accountability for those responsible for the breach, whether they are individuals, criminal organizations, or state-sponsored actors. Holding perpetrators accountable prevents future attacks and conveys that protecting personal data is paramount.

****Safeguarding Privacy in an Era of Cyber Threats****

While the global hack serves as a sobering reminder of the dangers posed by cyberattacks, it also underscores the importance of proactive cybersecurity practices. Individuals and organizations alike must remain vigilant in safeguarding sensitive information and adopting best practices for data protection.

This includes using strong, unique passwords, encrypting sensitive data, regularly updating security software, hiring the right cybersecurity company for monitoring, and being cautious when sharing personal information online. Moreover, governments and regulatory bodies must enact robust data protection laws and regulations to hold organizations accountable for safeguarding personal data and provide recourse for individuals affected by breaches.

****Hack Aftermath****

The exposure of personal data in the recent global hack serves as a wake-up call for individuals, businesses, and governments alike. Cybersecurity must be a top priority in an interconnected world where data is increasingly valuable and vulnerable.

That is why Axios Security Group believes that implementing robust security measures, fostering a culture of accountability, and advocating for more robust data protection laws, can be implemented together to mitigate the risks of cyber threats and safeguard the privacy and security of personal information. Only through collective action can we effectively confront the challenges posed by cybercrime and ensure a safer, more secure digital future.

****About Axios Security Group****

Axios Security Group is a trusted leader in comprehensive security solutions, offering organizations physical and digital protection. With a dedicated team of experts, Axios created tailored security strategies to safeguard assets, personnel, and data.

Its physical security services range from on-site personal security to cutting-edge surveillance technologies, while our cybersecurity experts provide robust digital defences, including threat detection and incident response. Axios collaborates closely with each client to ensure our solutions align with their unique needs, industry regulations, and budgetary constraints.

Axios Security Group provides a vCSO (Virtual Security Officer) program in addition to physical and cyber security. A vCSO (Virtual Chief Security Officer) is a C-suite-level security expert who enhances your company’s security. They bring strategic vision, devising comprehensive security plans encompassing digital information and physical asset protection.

By collaborating closely with your leadership team, a vCSO tailors security solutions to your unique needs, aligning them with your organizational goals and industry regulations. This approach ensures that your organization is well-prepared to navigate the ever-evolving landscape of security challenges, creating a robust, adaptable, and resilient security infrastructure. A vCSO provides all the same security expertise and protections for your organization at a 1/3 of the cost of a full-time CSO (Chief Security Officer.)

Contact Axios to learn how Axios Security Group can protect one of your most considerable corporate assets.

**Contact**

**Contributor**  
**Robin Carter**  
**News Break**  
**8004853983  
\[email protected\]**

Tag

#ios