Deja-Vu data from this year's DBIR report feels like  we are stuck in the movie 'Groundhog Day.'

Deja-Vu data from this year’s DBIR report feels like we are stuck in the movie ‘Groundhog Day.’

Ransomware and social engineering continue to dominate challenges facing cybersecurity professionals, according to Verizon’s 15th annual Data Breach Investigations Report (DBIR).

In general, the results of DBIR merely confirm well-established trends, such as the growing threats of ransomware – up 13% this year – and the inescapability of the “human element”, which was tied to 82% of all breaches.

DBIR data is based on 23,896 reported security incidents, including 5,212 verified breaches.

**Ransomware is Still Rising**

The number of ransomware incidents increased this year by nearly 13%, which the analysts noted is “an increase as large as the last five years combined.” Ransomware now plays a role in one out of every four breaches.

Though the prevalence of ransomware has been rising, the nature of these attacks have remained surprisingly consistent. Verizon first wrote about ransomware in their 2013 report, where they explained how:

_When targeting companies, typically SMBs, the criminals access victim networks via Microsoft’s Remote Desktop Protocol (RDP) either via unpatched vulnerabilities or weak passwords._ – DBIR 2013.

Nine years later, the most common vector for ransomware attackers is still desktop sharing software – used in around 40% of attacks. The overwhelming majority of those instances involve stolen credentials.

“Had we known that what was true nine years ago would still be true today,” the researchers concluded, “we could have saved some time by just copying and pasting some text.”

**Hackers are Targeting Us**

There are all kinds of technical mechanisms by which attackers can obtain initial access into a target organization. But they usually don’t need to try all that. The much simpler solution, usually, is to just trick people.

According to Verizon, 82% of this year’s data breaches involved the “human element” – “the Use of stolen credentials, Phishing, Misuse, or simply an Error.”

Phishing, as expected, is still the hackers’ go-to. Well over 60% of this year’s breaches began that way. Phishers are still using all the same tricks, like pretexting – inventing a story to convince targets to divulge sensitive information – leading to business email compromise (27% of all attacks).

That doesn’t necessarily mean that targets are still so unaware, so naive as to click on any wayward link or smooth-talking email. “Only 2.9% of employees may actually click on phishing emails,” the researchers noted. It’s just that 2.9% is “more than enough for criminals to continue to use it” as a method for intrusion.

**It’s the Same Old Story**

Whenever human error arises in cybersecurity discourse, someone’s bound to mention training. But, as the authors of DBIR noted, “Most training takes twice as long to complete than was expected, with 10% taking three times as long.” Additionally, “while getting training is easy, proving it’s working is a bit harder.”

It may just be that the cyber threat landscape is in a holding pattern, as it has been for some time now. Every year, it seems, we’re facing the same kinds of attacks, and offering variations of the same solutions that haven’t entirely worked before. John Gunn, CEO of Token, summed it up best in an email to Threatpost:

“The most important research by and for the cybersecurity industry is out, and it feels like the movie Groundhog Day. We are waking up to the same results year after year since the first report in 2008,” Gunn wrote.

Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats – Again

In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur).

Real Player 'external::Import()' Arbitrary file download, Directory Traversal Vulnerabilities leads to Remote Code Execution

video demo: https://youtu.be/CONlijEgDLc

Real Player uses Microsoft Internet Explorer functionality and exposes properties and methods through a special mean which is application specific:

The 'external' object and it exposes several custom methods and properties.

The 'Import()' method is handled in unsafe way regarding the 'Copy to My Music' parameter, which allows for arbitrary file types downloading which could be unsafe as only audio/image/video types should be allowed to download to the user´s disk. Additionally it does not properly sanitize file paths allowing planting of arbitrary files on arbitrary locations. Even though it displays an error because it cannot render the downloaded file, the file remains until the user closes the dialog box. Additionally when opening new windows, Real Player looks for an old, obsolete IE library (shdoclc.dll), which can also be abused to run code automatically without needing to wait until reboot (true when file is planted in 'startup' folder).

The attacker needs to host the files to be copied/downloaded in an SMB or WebDav share. The directory 'appdata' must be placed in the share´s root.

Also a DOS condition in 'external.PreloadURL()' helps so that the files are not deleted by Real Player

The PoC will drop 'shdoclc.dll' (has simple code to run 'cmd.exe' at 'DllMain()' for demonstration purposes) to the user´s 'windowsapps' folder and 'write.exe' to 'startup' folder, so it works universally (any Windows version from at least XP up to 11)

tested on RP ver. 16.00.282, 16.0.3.51, Cloud 17.0.9.17, v.20.0.7.309

CVE-2022-32270: GitHub - Edubr2020/RP_Import_RCE

Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution.

**Vaikutus**

Critical

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-22556

Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to the Denial of Service.

3.7

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2022-22557

Dell PowerStore contains Plain-Text Password Storage Vulnerability in version 2.0.0.x. and 2.0.1.x. A locally authenticated attacker may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-26866

Dell PowerStore contains a Stored Cross-Site Scripting Vulnerability, an authenticated attacker may potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

5.5

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

CVE-2022-26867

Dell PowerStore contains formula injection vulnerability in which it supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It may allow a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file.

5.9

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

CVE-2022-26868

Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

6.4

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-26869

Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contain an open port vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to information disclosure, arbitrary code execution.

9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-26870

Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker may  potentially exploit this vulnerability when both Remote Secure Credential and External SSH are enabled. An attacker would gain “service” account access upon successful exploit.

7.0

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

 

**Third-Party Component**

**CVEs**

**More Information**

NVMe SSD

CVE-2021-0148

Intel-SA-00535

Axios

CVE-2020-28168

See NVD (http://nvd.nist.gov/) for individual scores of each CVE.

bind-libs  
bind-libs-lite  
bind-utils  
bind-license

CVE-2021-25215

glib2

CVE-2021-27219

gupnp

CVE-2021-33516

java-1.8.0-openjdk

CVE-2021-2369

CVE-2021-2388

CVE-2021-2341

libldb

CVE-2021-20277

libwbclient

CVE-2021-20254

Lo-dash

CVE-2021-23337

CVE-2020-28500

CVE-2020-8203

Log4j

CVE-2021-45105

CVE-2021-44832

CVE-2022-23307

nettle

CVE-2021-20305

nss  
nss-sysinit  
nss-tools

CVE-2020-25648

openldap

CVE-2020-25692

pillow

CVE-2021-28675

CVE-2021-28676

CVE-2021-25288

CVE-2021-25287

CVE-2021-28677

CVE-2021-28678

postgres

CVE-2021-20229

CVE-2021-32027

CVE-2021-3393

postgres-libs

CVE-2021-32027

postgresql-libs

CVE-2019-10208

CVE-2020-25694

CVE-2020-25695

samba-common  
samba-client-libs  
samba-common-libs libwbclient

CVE-2021-20254

screen version

CVE-2021-26937

urllib3

CVE-2021-33503

xterm

CVE-2021-27135

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-22556

Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to the Denial of Service.

3.7

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2022-22557

Dell PowerStore contains Plain-Text Password Storage Vulnerability in version 2.0.0.x. and 2.0.1.x. A locally authenticated attacker may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-26866

Dell PowerStore contains a Stored Cross-Site Scripting Vulnerability, an authenticated attacker may potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

5.5

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

CVE-2022-26867

Dell PowerStore contains formula injection vulnerability in which it supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It may allow a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file.

5.9

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

CVE-2022-26868

Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

6.4

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-26869

Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contain an open port vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to information disclosure, arbitrary code execution.

9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-26870

Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker may  potentially exploit this vulnerability when both Remote Secure Credential and External SSH are enabled. An attacker would gain “service” account access upon successful exploit.

7.0

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

 

**Third-Party Component**

**CVEs**

**More Information**

NVMe SSD

CVE-2021-0148

Intel-SA-00535

Axios

CVE-2020-28168

See NVD (http://nvd.nist.gov/) for individual scores of each CVE.

bind-libs  
bind-libs-lite  
bind-utils  
bind-license

CVE-2021-25215

glib2

CVE-2021-27219

gupnp

CVE-2021-33516

java-1.8.0-openjdk

CVE-2021-2369

CVE-2021-2388

CVE-2021-2341

libldb

CVE-2021-20277

libwbclient

CVE-2021-20254

Lo-dash

CVE-2021-23337

CVE-2020-28500

CVE-2020-8203

Log4j

CVE-2021-45105

CVE-2021-44832

CVE-2022-23307

nettle

CVE-2021-20305

nss  
nss-sysinit  
nss-tools

CVE-2020-25648

openldap

CVE-2020-25692

pillow

CVE-2021-28675

CVE-2021-28676

CVE-2021-25288

CVE-2021-25287

CVE-2021-28677

CVE-2021-28678

postgres

CVE-2021-20229

CVE-2021-32027

CVE-2021-3393

postgres-libs

CVE-2021-32027

postgresql-libs

CVE-2019-10208

CVE-2020-25694

CVE-2020-25695

samba-common  
samba-client-libs  
samba-common-libs libwbclient

CVE-2021-20254

screen version

CVE-2021-26937

urllib3

CVE-2021-33503

xterm

CVE-2021-27135

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**CVEs Addressed**

**Products**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2022-22557

PowerStore T OS  
PowerStore X OS

PowerStore T OS versions 2.0.0.x and 2.0.1.x  
\*PowerStore T OS versions 1.0.x.x are not affected.

PowerStore X OS versions 2.0.0.x and 2.0.1.x  
\*PowerStore X OS versions 1.0.x.x are not affected.

PowerStore T OS Upgrade 2.1.0.0-1561821

PowerStore T OS Upgrade 2.1.0.1-1602345

PowerStore T OS Upgrade 2.1.1.0-1649887

PowerStore X OS Upgrade 2.1.1.0-1649887

https://www.dell.com/support/home/?app=drivers

CVE-2022-22556

PowerStore T OS  
PowerStore X OS

PowerStore T OS versions before PowerStore T OS Upgrade 2.1.0.0-1561821

PowerStore X OS versions before PowerStore X OS Upgrade 2.1.1.0-1649887

PowerStore T OS Upgrade 2.1.0.0-1561821

PowerStore T OS Upgrade 2.1.0.1-1602345

PowerStore T OS Upgrade 2.1.1.0-1649887

PowerStore X OS”  
PowerStore X OS Upgrade 2.1.1.0-1649887

CVE-2021-0148

CVE-2020-28168

CVE-2021-25215

CVE-2021-27219

CVE-2021-33516

CVE-2021-2369

CVE-2021-2388

CVE-2021-2341

CVE-2021-20277

CVE-2021-20254

CVE-2021-23337

CVE-2020-28500

CVE-2020-8203

CVE-2020-25692

CVE-2021-28675

CVE-2021-28676

CVE-2021-25288

CVE-2021-25287

CVE-2021-28677

CVE-2021-28678

CVE-2021-20229

CVE-2021-32027

CVE-2021-3393

CVE-2019-10208

CVE-2020-25694

CVE-2020-25695

CVE-2021-20254

CVE-2021-26937

CVE-2021-33503

CVE-2021-27135

CVE-2022-26867

PowerStore T OS  
PowerStore X OS

PowerStore T OS versions before PowerStore T OS Upgrade 2.1.1.0-1649887

PowerStore X OS versions before PowerStore X OS Upgrade 2.1.1.0-1649887

PowerStore T OS Upgrade 2.1.1.0-1649887

PowerStore X OS Upgrade 2.1.1.0-1649887

CVE-2022-26867

CVE-2021-45105

CVE-2021-44832

CVE-2022-23307

CVE-2022-26868

PowerStore T OS  
PowerStore X OS

PowerStore T OS versions 2.0.0.x, 2.0.1.x and 2.1.0.x  
\*PowerStore T OS versions 1.0.x.x are not affected.

PowerStore X OS versions 2.0.0.x, 2.0.1.x and 2.1.0.x  
\*PowerStore X OS versions 1.0.x.x are not affected.

PowerStore T OS Upgrade 2.1.1.0-1649887

PowerStore X OS Upgrade 2.1.1.0-1649887

CVE-2022-26869

CVE-2022-26870

PowerStore T OS

PowerStore T OS versions 2.1.0.x  
\*PowerStore T OS 1.0.x.x, 2.0.0.x, 2.0.1.x are not affected

PowerStore T OS Upgrade 2.1.1.0-1649887  
 

**CVEs Addressed**

**Products**

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2022-22557

PowerStore T OS  
PowerStore X OS

PowerStore T OS versions 2.0.0.x and 2.0.1.x  
\*PowerStore T OS versions 1.0.x.x are not affected.

PowerStore X OS versions 2.0.0.x and 2.0.1.x  
\*PowerStore X OS versions 1.0.x.x are not affected.

PowerStore T OS Upgrade 2.1.0.0-1561821

PowerStore T OS Upgrade 2.1.0.1-1602345

PowerStore T OS Upgrade 2.1.1.0-1649887

PowerStore X OS Upgrade 2.1.1.0-1649887

https://www.dell.com/support/home/?app=drivers

CVE-2022-22556

PowerStore T OS  
PowerStore X OS

PowerStore T OS versions before PowerStore T OS Upgrade 2.1.0.0-1561821

PowerStore X OS versions before PowerStore X OS Upgrade 2.1.1.0-1649887

PowerStore T OS Upgrade 2.1.0.0-1561821

PowerStore T OS Upgrade 2.1.0.1-1602345

PowerStore T OS Upgrade 2.1.1.0-1649887

PowerStore X OS”  
PowerStore X OS Upgrade 2.1.1.0-1649887

CVE-2021-0148

CVE-2020-28168

CVE-2021-25215

CVE-2021-27219

CVE-2021-33516

CVE-2021-2369

CVE-2021-2388

CVE-2021-2341

CVE-2021-20277

CVE-2021-20254

CVE-2021-23337

CVE-2020-28500

CVE-2020-8203

CVE-2020-25692

CVE-2021-28675

CVE-2021-28676

CVE-2021-25288

CVE-2021-25287

CVE-2021-28677

CVE-2021-28678

CVE-2021-20229

CVE-2021-32027

CVE-2021-3393

CVE-2019-10208

CVE-2020-25694

CVE-2020-25695

CVE-2021-20254

CVE-2021-26937

CVE-2021-33503

CVE-2021-27135

CVE-2022-26867

PowerStore T OS  
PowerStore X OS

PowerStore T OS versions before PowerStore T OS Upgrade 2.1.1.0-1649887

PowerStore X OS versions before PowerStore X OS Upgrade 2.1.1.0-1649887

PowerStore T OS Upgrade 2.1.1.0-1649887

PowerStore X OS Upgrade 2.1.1.0-1649887

CVE-2022-26867

CVE-2021-45105

CVE-2021-44832

CVE-2022-23307

CVE-2022-26868

PowerStore T OS  
PowerStore X OS

PowerStore T OS versions 2.0.0.x, 2.0.1.x and 2.1.0.x  
\*PowerStore T OS versions 1.0.x.x are not affected.

PowerStore X OS versions 2.0.0.x, 2.0.1.x and 2.1.0.x  
\*PowerStore X OS versions 1.0.x.x are not affected.

PowerStore T OS Upgrade 2.1.1.0-1649887

PowerStore X OS Upgrade 2.1.1.0-1649887

CVE-2022-26869

CVE-2022-26870

PowerStore T OS

PowerStore T OS versions 2.1.0.x  
\*PowerStore T OS 1.0.x.x, 2.0.0.x, 2.0.1.x are not affected

PowerStore T OS Upgrade 2.1.1.0-1649887  
 

**Versiohistoria****Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Tämän Dell Technologiesin tietoturvatiedotteen tiedot on luettava, ja niiden avulla voidaan välttää tilanteita, jotka voivat johtua tässä kuvatuista ongelmista. Dell Technologiesin tietoturvatiedotteet tuovat tärkeitä tietoturvatietoja haavoittuvuudelle alttiiden tuotteiden käyttäjien tietoon. Dell Technologies arvioi riskin perustuen asennettujen järjestelmien hajautetun joukon keskimääräisiin riskeihin, eikä se välttämättä vastaa paikallisen asennuksen ja yksittäisen ympäristön todellista riskiä. Suositus on, että kaikki käyttäjät ratkaisevat näiden tietojen sovellettavuuden yksittäisten ympäristöjen mukaan ja ryhtyvät tarvittaviin toimenpiteisiin. Tässä esitetyt tiedot annetaan "sellaisenaan" ilman minkäänlaista takuuta. Dell Technologies kiistää kaikki suorat tai epäsuorat takuut, mukaan lukien takuut soveltuvuudesta kaupankäynnin kohteeksi, sopivuudesta tiettyyn käyttötarkoitukseen, omistusoikeudesta ja loukkaamattomuudesta. Dell Technologies, sen tytäryhtiöt tai toimittajat eivät missään tilanteessa ole vastuussa mistään vahingoista, jotka johtuvat tässä asiakirjassa mainituista tiedoista tai toimenpiteistä, joihin käyttäjä päättää ryhtyä. Tämä koskee kaikkia suoria, epäsuoria, satunnaisia, välillisiä, liikevoiton menetykseen liittyviä tai erityisluontoisia vahinkoja, vaikka Dell Technologies tai sen tytäryhtiöt tai toimittajat olisivat saaneet tiedon tällaisten vahinkojen mahdollisuudesta. Jotkin osavaltiot eivät salli satunnaisten tai seuraamuksellisten vahinkojen vastuun poistamista tai rajoittamista, joten edellä mainittua rajoitusta sovelletaan vain lain sallimassa laajuudessa.

PowerStore, PowerStore 1000X, PowerStore 1000T, PowerStore 3000X, PowerStore 3000T, PowerStore 5000X, PowerStore 5000T, PowerStore 500T, PowerStore 7000X, PowerStore 7000T, PowerStore 9000X, PowerStore 9000T, Product Security Information

21 huhtik. 2022

CVE-2022-26869: DSA-2022-014: Dell EMC PowerStore Family Security Update for Multiple Vulnerabilities

ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software.

We are experiencing technical difficulties with our internet and email access. Service should be restored by the end of the day.

Phones are working for in-office staff only. If you cannot reach your technician, please call 800-925-2493 and press 0.

**ACEware Systems, Inc. provides exceptional course management and student registration software for Continuing Education, Community Education, Workforce Training, Career Centers, and Osher Lifelong Learning (OLLI).**

*   Customizable to meet your unique needs
*   Manage courses, registrations, and payments
*   Support for memberships, certificate programs, donations, and more
*   Customer relationship management (CRM), and targeted marketing tools
*   Integrated reporting system with statistical analysis tools

**See the ACEware Advantage**

Join a Live Demonstration

**See ACEware in Action!**

Thursday, May 19 at 11:00 AM  
Register now

Personal Demonstration

Schedule a Tour for a personal or team demonstration.

**What our Customers are Saying**

*   "I've used other registration software and to have software that is specific to the needs of the continuing education world is invaluable. Specifically, having the ability to pull reports that allow us to sort through our data in a variety of ways for a variety of reasons. If we have questions, Student Manager has the answers. It assists in our marketing decisions, course creation and approval process, and the list goes on and on."
    
*   "Student Manager will organize your students and registrations. You have endless abilities to pull data from the system. You can create classes, have your students enroll online, enter payments, etc. ACEweb is basically a 24-hour employee."
    
    Brittany Thomasson  
    Auburn University at Montgomery
    
*   "The only thing better than the ACEware system itself is the group of talented people at ACEware that continuously support our efforts."
    
    Dale Fleming  
    University of West Georgia
    
*   "ACEware has provided hands-down the best technical support that I have ever experienced. Everyone at ACEware is always so willing to help you figure out a problem or how to make something work if you are trying to do something new."
    
    Karen Rankin  
    University Outreach at Auburn University
    
*   "We have been using ACEware since 1998 and the tech support and availability of advice on CE functions is unmatched."
    
    Martin Malpica  
    University of Central Florida CE
    

**Industry Leading Support**

*   Experienced Continuing Education professionals
*   Prompt support from an assigned personal technical consultant
*   Customer-driven product development
*   On-site and on-demand training, consultation, and support resources

**ACEware News**

May 2022 Newsletter

*   Does Blackboard Have You Feeling Blue?
*   Last Chance to Join Us for Conference!
*   ACEware Cloud Environment - Shopping Cart
*   Tech Tip of the Month: Deactivate Old Courses
*   Report of the Month: OK and Cancel on Report Options

Newsletter Sign Up/Archive

**Upcoming Events**

CVE-2022-24581: Student Registration Software | ACEware Systems, Inc.

Artificial intelligence technology can detect the latest wave of Trickbot ransomware and block the attack before it causes damage.

When malware strains disappear, it is often by choice of their creators and threat actors, rather than as a result of outside efforts to shut them down. The actions governments and organizations take to combat these threats directly have often proved short-term and limited in scope — a pattern that the resurrection of Trickbot last year unfortunately demonstrated.

An effort led by Microsoft and its partners to shut down Trickbot malware was conducted in the lead-up to the 2020 US election in an attempt to reduce the risk of election tampering. In the end, 94% of Trickbot's infrastructure was effectively eliminated, massively reducing its influence in late 2020.

Despite taking such substantial losses, however, Trickbot soon saw a resurrection of incredible proportions. Rather than dying off as some hoped it might, the strain grew back at such a rate that by June 2021 it had again become the most prevalent malware in the world.

One of the numerous businesses that Trickbot targeted that month was a European public administration organization. Unaware that one of its internal domain controllers had been compromised by Trickbot, the organization happened to begin a trial of Darktrace's artificial intelligence (AI)-driven cybersecurity technology, which shined a light on the malicious attack taking place within their network.

**AI Catches an Emerging Trickbot Ransomware Attack**

Darktrace employs AI-powered behavior-based detection, which can differentiate between benign and malicious activity within an organization. When the compromised domain controller began uploading DLL files to other devices, Darktrace's technology immediately detected the activity and suggested an appropriate response. However, it was configured in "human confirmation" mode — meaning it required a human operator to confirm the action.

As it waited for the human team to approve its actions, Darktrace continued to monitor the progression of the threat. It detected the compromised domain controller uploading Trickbot over SMB to almost 300 devices across the organization, and then utilizing Windows Management Instrumentation (WMI) to execute it.

Trickbot may be old and well-documented malware, but its modular nature makes it endlessly adaptable and therefore difficult for security tools to pin down. At this stage in the attack, traditional tools within the organization's network had still failed to spot the threat. When the nature of the attack changes with every new instance and modular configuration, intelligence-based security systems will always struggle to keep up.

The difficulty of relying on OSINT to address Trickbot was demonstrated in this attack when 160 of the 280 compromised devices were detected connecting to new C2 endpoints. Microsoft and its partners had specifically targeted C2 servers in 2020, but Trickbot's turnaround in the aftermath of that action showed how quickly new servers and endpoints can be established. In this case, OSINT did not associate any of the endpoints the 160 company devices connected to with malicious activity; however, Darktrace recognized the behavior as unusual nonetheless, and issued a high-severity threat notification to the organization.

For over a month, the attackers laid low. Darktrace then detected compromised devices scanning the network and downloading suspicious executable files — most likely Ryuk ransomware payloads. With several stages of the attack now months apart, it would have been hard for a human team to piece together its full scope.

**Targeted Action Before Encryption**

With AI constantly investigating threats across the entire digital environment, however, Darktrace pieced together this attack into a distinct lifecycle and presented it to the security team. It was at this stage that the organization took notice of the threat and turned Darktrace to "autonomous" mode, enabling the AI to take action.

While the automated tool can often stop ransomware attacks at the first signs of a compromise, it can engage at any stage of an attack. Thus, when it was activated at a very late stage by this organization, it still calculated a precise and effective response.

Several malicious actions were blocked by the AI, including SMB enumeration, network scanning, and suspicious outbound connections. Because it targeted these actions rather than the overall devices, the 280 compromised devices were able to continue with their normal business operations as the attack was brought to a halt.

Now that they could no longer complete command-and-control (C2) communications or move laterally, the attackers were unable to execute Ryuk and the attack came to an end. And not a moment too soon. If the attackers had been allowed to execute the ransomware, they likely would have exfiltrated and then encrypted data from across the company. Even if a ransom is paid, ransomware victims often incur numerous other costs, including network shutdowns and remediation, as well as PR fallout.

**Staying Ahead of Malware Trends**

It's clear that Trickbot is as strong and evasive as it ever was and that relying on rules or intelligence-based tools alone is no longer an option for organizations trying to avoid falling victim. Rather than waiting for companies and governments to launch offensives against the endlessly regenerating infrastructure of attackers, organizations should take matters into their own hands and bolster their own infrastructures with AI.

By recognizing how the business usually behaves, rather than worrying about identifying the attacker, Darktrace's AI can stop completely novel threats without rules or OSINT and won't be fooled by reconfigurations and rebrands. Protecting organizations against novel attacks in this way is the surefire way to start hitting Trickbot and other threat actors where it hurts.

Neutralizing Novel Trickbot Attacks With AI

We break down three ways DNS filtering can help save your business from cyberattacks.
The post 3 ways DNS filtering can save SMBs from cyberattacks appeared first on Malwarebytes Labs.

If you’re an SMB, chances are that you’re already well-aware of the fact that cyber threats can wreak havoc on your business. 

Everything from rootkits to ransomware threaten not just financial losses, but also significant network downtime and reputational damage as well. Couple this with the fact that many cyberthreats are web-based, and you might be stuck wondering how best to secure your business online. 

That’s where DNS filtering comes in. 

But first, DNS in a nutshell. So normally, every time your customer types in your web address, their computer makes a request to a DNS server. The DNS server, in turn, tells the computer where to go. If all goes well, then voila, your customer is at your website. 

A DNS filter stops you from accessing unsafe websites—including those posing a strong malware risk. But which web-based cyberthreats in particular does DNS filtering stop, you ask? 

In this post, we’ll break down three ways DNS filtering can help save your business from cyberattacks. 

**1\. Blocks phishing websites**

Let’s say someone at your company gets an email from their “bank” asking them to update their password.  

Not knowing it’s a fake, this employee clicks a link taking them to a malicious website that looks exactly like the original. Your employee then fills in some  sensitive info, maybe even downloads a malicious file — and bam, just like that, criminals now have access to your network, allowing them to install malware, steal data and spread ransomware. 

You might recognize this as one example of phishing, an attack where cybercriminals trick potential victims into sharing sensitive information or giving the perpetrator privileged access to a network. 

Luckily, by blocking the domain names of phishing sites, a DNS filter can nip attacks in the bud. 

Here’s how it works: DNS filtering references databases of known nefarious domain names. Databases of malicious websites can also be sorted into threat categories, such as spyware, typosquatting, cryptomining, and so on. From there, your organization can block malicious sites like these sites to secure their environment against phishing attacks.  

In other words, if you have a DNS filter, as soon as that same employee clicks a link to a malicious website —they’re prevented from visiting it. 

**2\. Secures you against machine-in-the-middle attacks **

Imagine you’re at a cafe chatting with a trusted friend, sharing private details about your lives with one another. You probably wouldn’t appreciate it if some random stranger was tuning into the conversation, listening carefully to every word. 

Such a scenario roughly analogous to what a machine-in-the-middle attack (MITM, also referred to as a man-in-the-middle attack) is — except in a MITM attack, the stakes are much higher. Cybercriminals in MITM attacks can steal your personal information, passwords, or banking details by intercepting the data sent between you and an application.  

One type of man-in-the-middle attack businesses should worry about is DNS spoofing. 

In a DNS spoofing attack, a hacker sits in the middle of this process. So when the computer of that same customer makes a request to a DNS server, asking where your website is, a hacker can instead redirect your computer to a malicious website! 

From there, hackers can phish sensitive customer or business information — as described above. These types of attacks are where DNS encryption, included in any good DNS filter, is essential. It secures the connection between your computer and the DNS resolver, so that cybercriminals not sit between you and and feed you spoofed DNS entries.

**3\. Detects potential DDoS attacks **

The last thing any business wants is to suffer from a Distributed Denial of Service (DDos) attack. 

You can think of a DDos attack as being kind of like a zombie invasion. Using an army of bots called a botnet, a cybercriminal can use thousands or even millions of “zombie” computers to flood your website, ultimately overloading it and bringing it down. 

The end result? Brand damage, angry customers — and often even lost revenue. 

One type of DDos attack is called a DNS flood, where the cybercriminal uses their army of bots to overwhelm a DNS server and prevent it from directing legitimate requests to your website. 

And, as is the case with most cyberthreats, the earlier you spot a potential DNS DDos attack, the better. Being able to continuously monitor DNS activity is a great way to catch the warning signs of a DNS DDoS attack — and with a DNS filter, you can do exactly that. 

**Protect your end users and your organization from web-based threats **

The web is full of dangerous corners.  

It’s a breeding ground for phishing attacks, spyware, common viruses and malware, not to mention ransomware. And as these attacks continue to increase in frequency and sophistication, it’s never been more important for SMBs to secure themselves online.  

But while having a DNS filter is great way to do that, many small and mid-size organizations don’t invest in one — leaving them exposed. 

The Malwarebytes DNS Filtering module for the Nebula platform helps block access to malicious websites and limit threats introduced by suspicious content. It blocks phishing sites, encrypts all DNS requests, and tracks website traffic to detect potential DDoS attacks. 

To top it all off, Malwarebytes DNS Filtering controls are available in the same platform used for powerful threat prevention and trusted remediation — including our Incident Response, Endpoint Protection, and Endpoint Detection and Response offerings.

3 ways DNS filtering can save SMBs from cyberattacks

Password management solution delivers proactive, seamless approach to protecting privacy and login credentials for consumers and businesses; Password Management market expected to reach $3 billion by 2026.

**SAN FRANCISCO, June 1, 2022** — Lookout, Inc., a leading provider of endpoint and cloud security solutions, today announced it has acquired SaferPass, an innovative Password Management company that provides secure online identity solutions for both consumers and businesses. By adding Password Management technology to its suite of security solutions, Lookout is expanding on its mission to deliver proactive protection and safeguard customer data for individuals and businesses.

Whether shopping online, banking, or connecting to corporate applications and email, usernames and passwords have become the standard form of authentication to validate a user’s identity and enable access to sensitive information. Passwords can be difficult to use and incredibly insecure, especially in cases where a user has many accounts. On average, people have more than 100 accounts with an associated password to remember. In addition, human-generated passwords are often algorithmically weak; according to the Verizon Data Breach Investigations Report, 81% of data breaches leveraged weak, stolen or reused employee passwords, and every time a password is reused, it opens the door to a potential data breach. Additionally, nearly 64% of people reuse the same passwords across their online accounts. If login credentials are compromised, the consequences can be serious – including personal identity theft or stolen corporate information.

SaferPass delivers a robust, innovative solution for identity and password management to both consumers and businesses, enabling users to securely manage their passwords, banking and other sensitive information across devices. The SaferPass solution provides an encrypted digital vault that stores secure login information used to access services through mobile apps and web browsers. In addition to keeping a user’s identity, credentials and sensitive data safe, the product helps create strong, unique passwords through a password generator tool that ensures the individual is not using the same password in multiple places and that their password has not been compromised in a previous breach.

According to Mordor Intelligence, the Password Management market on its own, was valued at over $1.2 billion in 2020 and is expected to reach over $3 billion by 2026.

“We are pleased to welcome the SaferPass team to Lookout, and excited to combine our respective solutions to deliver better value to consumers and businesses alike,” said Jim Dolce, Lookout CEO. “Today, every password owned by an employee is a potential access point to organizations both small and large. At the same time, large scale data breaches have leaked billions of consumer emails and passwords on the dark web, putting individuals at risk of identity theft and financial fraud. The SaferPass team shares our vision for providing seamless security solutions that address all access points and protect personal and corporate data wherever it may reside. This is an exciting next step in Lookout’s evolution.”

The acquisition of SaferPass broadens the Lookout portfolio of security solutions and expands the opportunity for its carrier ecosystem and channel partners – it also expands Lookout’s footprint in Central Europe through its new location in Bratislava, Slovakia. SaferPass will now operate under the Lookout brand and leadership and the SaferPass team will be fully integrated into the Lookout organization. The financial terms of this transaction have not been disclosed.

****Additional Resources****

*   To learn more about Lookout for SMBs and Consumers, visit: https://protection.lookout.com/
*   To learn more about the Lookout Security Platform, visit: https://www.lookout.com/products/platform
*   Sign up for a free trial of Lookout.

Follow the Lookout blog and join the conversation on LinkedIn and Twitter.

Lookout Acquires SaferPass To Address The Rising Threat Of Identity Theft

EZ-NAS also provides add-on data backup, cloud connector and ransomware anomaly detection.

Sunnyvale, Calif., June 1, 2022 – StorCentric, a data-centric security company, offering a comprehensive portfolio of secure data management solutions, today announced the general availability (GA) launch of Nexsan EZ-NAS, network attached storage (NAS). Featuring an easy to configure 1U form factor and four drives with up to 72 TB of raw capacity and 1.5 GB/s of throughput, the new EZ-NAS array is ideal for small and medium sized businesses (SMBs) and large enterprises’ edge deployments.

The Nexsan EZ-NAS platform delivers advanced enterprise-class features such as in-line compression, AD support and data-at-rest encryption. EZ-NAS also comes with the Retrospect software for optional add-on services, including data backup, cloud connector and ransomware anomaly detection.

“The new Nexsan EZ-NAS product stands apart from every other solution in its class because of its ease of use, functionality, and price point,” said Rommel Caparanga, Technology Director, TIM Engineering Systems Solutions Corporation. ”This platform is what our customers have been asking for as a solid NAS solution to accommodate current and future data management needs. Further, the reliability of the brand speaks for itself.”

“The new EZ-NAS, which delivers Nexsan’s award-winning enterprise storage in a form factor and at a price ideal for SMBs and edge use cases, is the perfect fit for many data center applications such as edge repositories, digital video and media workflows, as well as video surveillance deployments,” said Surya Varanasi, CTO, StorCentric. “EZ-NAS can also protect high-value data from the unexpected, as a file backup target. With the optional Retrospect software license, the EZ-NAS enables secure backups, data sharing and disaster recovery use cases.”

To learn more about the Nexsan EZ-NAS, please visit: nexsan.com/ez-nas.

Tweet this: @StorCentric Launches EZ-NAS - Network-Attached Storage for SMBs and Enterprise Edge Deployments https://www.nexsan.com/nexsan-news-and-press/ #Affordable #Easy #Management #NAS #Data #Backup #DataServices

**About Nexsan**

Nexsan® is a global enterprise storage leader, enabling customers to securely store, protect and manage business data. Established in 1999, Nexsan has earned a strong reputation for delivering highly reliable and cost-effective storage while remaining agile to deliver purpose-built storage. Its unique and patented technology addresses evolving, complex enterprise requirements with a comprehensive portfolio of unified storage, block storage and secure data protection. Nexsan is transforming the storage industry by turning data into a business advantage with unmatched security and compliance standards. It is ideal for a variety of use cases including Government, Healthcare, Education, Life Sciences, Media & Entertainment, and Call Centers. Nexsan is part of the StorCentric family of brands. For further information, please visit: www.nexsan.com.

**About StorCentric**

StorCentric provides world-class, award-winning, and data security-focused data management solutions. The company has shipped over 1 million storage solutions and has won over 100 awards for technology innovation and service excellence. StorCentric innovation is centered around customers and their specific data requirements, and delivers quality solutions with unprecedented flexibility, data protection, high-performance and expandability. For further information, please visit: www.storcentric.com.

StorCentric Launches Nexsan EZ-NAS -Network-Attached Storage for SMBs and Enterprise Edge Deployments

For the first time, CyberCatch's SMBVR detected significant vulnerability to 'session riding' attacks among North American SMBs.

CyberCatch today announced the publication of its quarterly Small and Medium-Sized Businesses Vulnerabilities Report (SMBVR) for Q1 2022 to alert small and medium-sized businesses (SMBs) to an alarming rise in vulnerabilities detected in Internet-facing websites, servers and applications. Of greatest concern,

CyberCatch's SMBVR has detected - for the first time in the report's history — substantial levels of vulnerability among both U.S. and Canadian SMBs to "session riding" attacks, an insidious tactic that forces authenticated users to unknowingly submit malicious requests that can have drastic consequences.

The high levels of vulnerabilities detected - across all ten segments both in the U.S. and Canada - is very concerning.

The SMBVR is a quarterly research study focused on SMBs in North America to detect vulnerabilities that a cyber attacker can identify and exploit to break into a business, steal data and or infect its systems with ransomware. The Q1 2022 SMBVR was comprised of scans of a random sample of 12,050 SMBs (10,878 in U.S. and 1,172 in Canada) in ten high-value target segments. Key findings of the Q1 2022 study include:

\-- 82% of U.S. and 78% of Canadian SMBs have spoofing vulnerabilities that attackers can easily exploit.

  
\-- CyberCatch's report detected significant levels of session riding vulnerability among SMBs, with 50% of such businesses in the U.S. demonstrating this vulnerability and 49% in Canada. This is the first time this vulnerability has reached such critical levels in the research report.

  
\-- Spoofing, clickjacking, session riding and sniffing are the four key vulnerabilities that SMBs are susceptible to in the U.S. and Canada.

  
\-- Spoofing, clickjacking and sniffing vulnerabilities levels more than doubled in the U.S. when compared to Q4 2021.

\-- Defense contractors, manufacturers, managed service providers (MSPs), technology companies, colleges and universities, legal and accounting firms and medical practices have significantly higher rates of vulnerabilities both in the U.S. and Canada.

"The Q1 2022 SMBVR should be a wake-up call for all types of SMBs. The high levels of vulnerabilities detected - across all ten segments both in the U.S. and Canada - is very concerning. It indicates that large numbers of SMBs have security holes that can be easily exploited remotely to steal data and install  
ransomware. This is an existential threat to SMBs - and to the overall economies of the U.S. and Canada," said Sai Huda, founder, chairman and CEO, CyberCatch. Mr. Huda is a globally recognized risk and cybersecurity expert and author of the best-selling book, "Next Level Cybersecurity."

"Given its size, limited knowledge about cybersecurity and resources, an SMB may never be able to recover from a cyberattack. Foreign adversaries and criminal gangs view SMBs as the weakest link in the chain and are increasingly targeting SMBs for the initial payout but also to get to the eventual larger target who the SMB may be a supplier to (upstream risk), or to the SMB's customers (downstream risk) and in the process, they don't care a bit about any collateral damage caused or if the SMB survives or not," continued Mr. Huda.

"In fact, two Joint Advisories issued in May 2022 from International Cyber Authorities, confirm the risk identified by CyberCatch. The May 11 Joint Advisory from the U.S. CISA, NSA, FBI and International Cyber Authorities (Canada, UK, Australia and New Zealand)warns of expected increased attacks targeting MSPs focusing on their customers (downstream risk). The majority of MSPs are themselves SMBs and CyberCatch's SMBVR identified MSPs as one of ten segments with significant vulnerabilities that could be exploited. The May 17 Joint Advisory from U.S. CISA, NSA, FBI and International Cyber Authorities (Canada, UK, New Zealand and Netherlands) warns of missing or ineffective cybersecurity controls that are commonly exploited by attackers, which includes failing to scan for vulnerabilities and failing to perform ongoing testing of controls, so SMBs need to take enhanced risk mitigation action as recommended in the Joint Advisories and in the SMBVR," said Mr. Huda.

To download a copy of the SMBVR, please visit CyberCatch's website.

**About CyberCatch**

CyberCatch is a unique cybersecurity Software-as-a-Service (SaaS) company that protects small and medium-sized businesses (SMBs) from cyberattacks by focusing on the root cause why SMBs fall victim: security holes. It provides an innovative cloud-based SaaS platform coupled with deep subject matter expertise to help SMBs implement just the right type and amount of cybersecurity controls. The platform then performs automated testing of controls from three dimensions: outside-in, inside-out and social engineering. It generates the Cyber Breach Score to continuously measure cyber risk, and finds security holes and guides the SMB to fix them promptly, so attackers can't exploit any missing or broken controls to break in and steal data or infect ransomware. CyberCatch's continuous value proposition: Test. Fix. Secure.

Learn more at: https://www.cybercatch.com

New CyberCatch Research Discovers Alarming Increase in Cyber Vulnerabilities for Small and Medium Sized Businesses in US and Canada

The Colonial Pipeline attack highlighted the risks of convergence. Unified security provides a safer way to proceed.

This month marks the first anniversary of the Colonial Pipeline shutdown — a hugely impactful ransomware attack against critical US infrastructure that has had significant diplomatic and legislative consequences. Among the numerous talking points the attack raised was the issue of IT/OT convergence.

The attack, orchestrated by ransomware group DarkSide, targeted the pipeline's IT billing systems rather than its operation technology (OT), but Colonial was still forced to shut down physical operations for several days. Despite its oil-pumping systems retaining functionality, Colonial believed the risk of continuing operations with an IT compromise was too great. This was largely due to the proximity of its IT and OT systems: Had the attackers moved laterally to the company's operational networks, they could have imposed a longer and more costly shutdown, potentially tampering with safety mechanisms and damaging equipment — even endangering the pipeline's employees.

The risk of IT attacks spilling over into OT has grown as the organizations operating these systems look to gain an edge over their competitors. IT/OT convergence makes industrial control systems (ICS) cheaper, easier to manage, and more rapidly available to different administrators. At the same time, as the Colonial Pipeline instance showed us, it presents new risks and avenues for cyber disruption.

This is partly because most OT security tools today look at industrial systems in isolation — as a disconnected silo, separate to the rest of the business. The same is true of network security, email systems, and the cloud. And when many of these tools were being developed, there was nothing wrong with this approach. But as these digital environments converge, relying on disjointed point solutions to stop cyberattacks isn't effective, especially because a single attack can now target and traverse multiple fields of operation.

By unifying their security stack, defenders can use IT/OT convergence to their advantage and turn vulnerability into strength.

This requires a move away from tools trained on historical attacks and toward self-learning technology that can learn its digital surroundings from scratch, without any prior assumptions. By understanding the unique behavior of every IT and OT device — no matter how bespoke or complex the technology — this approach enables the detection of novel threats. By definition, a cyberattack causes a machine or user account to behave in a way it normally does not, and these deviations can be picked up, no matter where they appear.

**How Ransomware Groups Exploit IT/OT Convergence**

The risk of connecting cloud platforms to ICS was demonstrated in an attack against a European OT R&D investment firm last year.

Two of the firm's Industrial Internet of Things (IIoT) devices, which ran Windows OS and made regular connections to an industrial cloud platform, were compromised when they used the server message block (SMB) protocol to connect to an infected domain controller and read a malicious executable file. Security teams are often stymied by IIoT devices, which can lack CPUs, traditional operating systems, or sufficient disk space for putting security measures in place.

A malicious payload lay dormant for almost a month within the two IIoT devices, one of which was a human-machine interface (HMI) and the other an ICS historian. Darktrace's investigation showed that, while network segregation was sufficient to stop the attack's command-and-control (C2) communications on the HMI device, connections from the ICS historian reached around 40 unique external endpoints.

Both devices then wrote suspicious shell scripts to network servers and, finally, used SMB to encrypt files stored in network shares. A ransomware note was written by the ICS to targeted devices, and the attack was complete. This kind of attack life cycle, which demonstrates the limitations of network segregation and air-gapping, has been the basis for widespread concerns around IT/OT convergence.

No signatures or threat intelligence were associated with this attack, and so it flew under the radar of the company's traditional security tools. Only through self-learning technology from Darktrace was the security team able to gain full visibility into the attack.

**Riding the Changing Tides**

Reference architectures that rely on air-gapping ICS from IT are increasingly incompatible with the technological advancements many organizations are making in order to remain competitive. If attackers no longer view IT and OT as distinct, partitioned regions, neither should security teams.

It is possible for businesses to safely embrace interconnectivity, with all of its advantages, by adopting security that learns the business from the ground up to address sophisticated threats across both their IT and OT environments.

Unified security efforts reflect the reality of converging systems and ensure that no gaps are left for attackers to exploit. When the entire digital environment can be viewed through a single pane of glass and no single, exploitable system is left without protection, organizations will be able to interconnect systems without taking on undue risk.

Tag

#samba