Call us Toll Free (USA): 1-833-844-9468     International: +1-603-280-4451 M-F 8am to 6pm EST

Press Release Archive

Wib launches high-definition risk engine – the first risk-ranking solution to meet OWASP standards for API security

API risks exposed in unprecedented clarity across the API lifecycle with weighted risk scores based on context, likelihood and business impact

Tel Aviv, Israel – August 2nd 2023 – API lifecycle security expert Wib, through its unified API Security platform has announced the launch of its a high-definition risk engine that gives the richest picture yet of API security threats, enabling organizations to manage API risks with greater certainty, accuracy and in alignment with published OWASP Risk Methodology standards.

Part of the company’s Fusion Platform, Wib’s high-definition risk engine is the first to meet OWASP’s requirements for effective API risk prioritization. Wib’s solution spans the complete API lifecycle from code development, through testing, and into production, and calculates the three critical dimensions of each defined risk (context, business impact (and the likelihood it will occur) to determine a weighted risk score.

According to Gartner, in its API Security and management report, API security vulnerabilities will account for more than 50% of all enterprise data loss by 2025. This is because security risks are shifting from the user interface to the API as web and cloud applications proliferate, creating blind spots in legacy approach that prevent enterprises from maintaining a sound risk posture. Wib’s high-definition risk engine equips organizations to fight back with crystal-clear clarity of API risks, enabling a risk ranking methodology that exemplifies the recommended approach of OWASP, the internationally recognised authority for API security standards.

Wib VP of Products, Gil Shulman, said: “If you can’t prioritise risks you can’t have an effective defensive strategy. Just as a high-definition screen uses detail to show you a clearer picture, our high-def engine provides a very granular view of every risk. But the detail is no use without understanding the context. Not all APIs are equal so our solution takes business impact into account. It puts a higher weighting on those involved in customer data or payment information, for example.”

Wib’s rankings are based on:

  • Multi-lens information gathered from data sources across the API lifecycle – coding, testing and production.
  • Context and impact for each API, which are determined by factors such as the value of the data, importance of the process and the regulatory or financial consequences of a successful attack
  • The probability of an attack occurring – assessed using a mix of technical criteria, such as misconfiguration and incident history, with analysis of the incentives for the attacker and the difficulty of launching an attack.

This data is automatically combined to provide weighted risk scores for each API.

Shulman adds: “Almost everyone in the API security market claims to produce a risk score, but when you dig deeper into these methodologies, they don’t differentiate between APIs or rank risks according to business context. The purpose of ranking is to tell you what’s most important and help the SOC and incident response teams to decide what to do about it. Insights are only useful if they’re actionable.”

About Wib

Wib is pioneering a new era in advanced API security with its industry-first holistic API security platform. Providing unified, continuous and complete visibility and control across the entire API ecosystem, Wib enables developers to code with confidence and security teams to secure with surety.

Wib’s elite team of developers, attackers, defenders, and seasoned cybersecurity professionals draw on real-world experience and expertise to help define and develop innovative technology solutions that enable customers with the identity, inventory and integrity of every API, wherever it may be within the development lifecycle, without compromising development or stifling innovation.

Wib is Headquartered in Tel Aviv, Israel with international presence in Dallas, USA and London, UK. It was founded in August 2021 by serial entrepreneur Gil Don (CEO), Ran Ohayon (CRO) and Tal Steinherz who previously served as the CTO of Israel’s national cyber directorate. Visit www.wib.com

Supporting Resources:

 

CovertSwarm revolutionizes Attack Surface Management with launch of free Offensive Operations Center

CovertSwarm’s new platform is the missing link that joins SaaS-identified vulnerabilities and the ability to validate risk through a seamless ‘one click’ submission for ethical hacker testing

CovertSwarm, the leading global ethical hacker, red team, and cybersecurity solution provider, has today announced the launch of its Offensive Operations Center (OOC) to the world – for free – to fundamentally disrupt and redefine the traditional Attack Surface Management (ASM) market by empowering organizations to outpace cyber threats.

The OOC is a centralized SaaS portal that seamlessly manages every aspect of an organization’s offensive security program. This unified all-in-one toolset offers both free and premium-level insights into clients’ ever-evolving attack surfaces.

CovertSwarm’s industry-unique cyber product challenges costly ‘point’ solutions by providing immediate value to organizations, enabling them to gain a comprehensive understanding of their external attack surface in real-time, without incurring any costs.

This groundbreaking approach bridges the gap between Attack Surface Management products, SaaS-identified vulnerabilities, and the ability to validate and explore risks via CovertSwarm’s in-house red team. With just a simple ‘one click’ submission, organizations can request CovertSwarm ethical hacker testing and targeted red team attacks, streamlining the cyber risk lifecycle and enhancing security measures.

Built upon CovertSwarm’s proven, and previously subscription-only, client platform, the OOC offers a range of features, including managing penetration testing, red teaming, offensive security delivery output, and control over target assets for CovertSwarm’s team of ethical hackers. Additionally, it provides the capability to curate future-facing CovertSwarm ‘Attack Plans’ that cover the full spectrum of digital, social, and physical security testing specialisms.

As part of the new free subscription offering, organizations can utilize the OOC for external asset discovery, passive vulnerability enumeration, and threat alerting. This empowers them to proactively safeguard their assets and swiftly respond to emerging risks.

Anders Reeves, CEO and founder of CovertSwarm, said: “Understanding what assets your organization has, and so needs to protect, is fundamental to executing a coherent security strategy.

“The CovertSwarm Offensive Operations Center enables users to gain real-time attack surface insights, be provided with highly targeted vulnerability detection, and – I believe most importantly – solves how to seamlessly provide an interface for users to submit OOC discovered changes, assets, or suspected issues through to our Swarm of ethical hackers for deeper exploration.

“No other platform offers this joined-up, quality of service and hybrid approach to offensive cybersecurity mapping and testing.”

Headquartered in the US and UK, CovertSwarm’s disruptive approach to the cyber market continues to gain momentum, serving over a hundred global brands, millions of web services, and protecting software delivery to more than 20,000 education facilities.

CovertSwarm addresses the limitations of outdated point-in-time penetration testing and red teaming approaches, providing a solution for organizations that move at an accelerated pace, constantly releasing software, policy, and infrastructure changes.

Reeves further emphasized: “Working with some of the world’s biggest brands, our red team of ethical hackers and developers have created an offensive cyber SaaS platform that combines deep market intelligence and insights with a clear customer need. It is both innovative and highly disruptive to legacy cyber platform vendors. We are excited to see our Offensive Operations Center transform enterprise security in the cyber SaaS market.”

The CovertSwarm Offensive Operations Center serves as a comprehensive offensive security solution for information security managers and security operations center and blue team leaders across all enterprises. The platform is available for immediate registration and use, enabling organizations to enhance their security measures effectively.

Find out more about CovertSwarm’s Offensive Operations Center by clicking here.

 

SafeGuard Cyber Welcomes Aliant to its Illuminate Partner Program for MSSPs

Client Risk Consulting Managed Service Provider Joins SafeGuard Cyber’s Channel Program to Provide LATAM Customers with Enhanced Compliance-as-a-Service Programs

July 27, 2023 – CHARLOTTESVILLE, Va. – SafeGuard Cyber, the most comprehensive integrated cloud communications security and compliance platform, today announced that Aliant has joined its Illuminate Partner Program to provide customers in Latin America with enhanced Compliance-as-a-Service programs. As SafeGuard Cyber’s newest managed service provider (MSP), Aliant will ensure that joint customers adhere to the dynamic and often ambiguous business conduct and regulatory requirements related to business communications cloud applications like WhatsApp and Microsoft Teams, thus mitigating costly and time-consuming legal concerns.

SafeGuard Cyber’s Illuminate Partner Program provides partners with industry-leading security and compliance technology, training, tiered MSSP pricing, and support to protect customers against cybersecurity threats and compliance risks across the modern cloud workplace. Through a combination of unified visibility, contextual analysis, and multi-channel investigations and detections, the SafeGuard Cyber Platform mitigates regulatory and compliance risks in mobile messaging, collaboration applications, email, and social media.

“IT, Compliance and HR teams have growing concerns around inappropriate conduct in collaboration applications and mobile messaging apps as well as regulations laid out by regulatory organisations such as in Pharmaceutical and Financial Services industries,” said Mauricio Fiss, Executive Director, Aliant. “Compliance programs require becoming embedded into the organisation’s culture and protocols must be automated and regularly adapt to the transforming nature of doing business in digital communication. Through SafeGuard Cyber Platform, even with the multifaceted corporate landscape with a wide range of languages and platforms, it is achievable to execute effective risk management, leading to innovative, compliant and growing companies.”

“We are thrilled that Aliant has joined the SafeGuard Cyber Illuminate Partner Program. This partnership will provide new opportunities to LATAM businesses, helping them to reduce costly, time-consuming compliance needs,” said John McCabe, VP of WW Channel Sales, SafeGuard Cyber. “For businesses in highly regulated sectors, compliance is paramount. Together with SafeGuard Cyber, Aliant is bringing to market an innovative methodology to facilitate the compliance processes for their customers, permitting them to concentrate on business growth, rather than the difficulty of attaining compliance.”

To learn more about the Illuminate Partner Program, visit here.

About SafeGuard Cyber

SafeGuard Cyber is the most comprehensive integrated cloud communications compliance and security platform to address risks across the modern cloud workplace. Through a combination of unified visibility, contextual analysis, and multi-channel investigations and detections, SafeGuard Cyber mitigates regulatory and security risks in email, mobile and web messaging apps, collaboration apps, and social media apps across M365, Teams, Slack, LinkedIn, WhatsApp, Telegram, and other messaging channels. Powered by Natural Language Understanding and patented Social Engineering Detection technologies, the SafeGuard Cyber platform uses out of box and custom policy engine to reduce time-to-discovery and resolution of regulatory policy violations, social engineering, and language-based attacks in over 50 languages. The platform’s API-first, agentless deployment ensures enterprise protection is in place no matter the network or device. Take advantage of SafeGuard Cyber’s Integrated Cloud Communication Security and automated compliance to prevent compliance risks, phishing, BEC, account takeovers, insider threats, and financial fraud today.

About Aliant

Aliant develops digital solutions that inspire and strengthen the culture of integrity, trust and sustainable relationships. With a complete, versatile and uncomplicated platform, we offer expertise in solutions for governance, risk, compliance, privacy and ESG. We are strategic allies of more than a thousand companies in Brazil and worldwide. Aliant is a company of ICTS (www.icts.com.br), a Brazilian organization recognized by the Great Place to Work (2021 and 2022) and Pró-Ética (since 2015) seals. Our culture is driven by ethics, innovation and digital transformation, ensuring a human and welcoming environment for our professionals. With offices in São Paulo, Barueri, Rio de Janeiro and Belo Horizonte, our team serves consulting projects throughout the country, as well as international projects.

 

LinkedIn scam trends uncovered: Study sheds light on sophisticated tactics employed by fraudsters

A Cybersecurity expert provides advice on how to stay safe and explains LinkedIn scams in detail

According to the newest research by NordLayer, a network security solution for businesses, LinkedIn is the go-to place for professional scams. The investigation revealed the most prominent schemes on how criminals get sensitive information about companies and their employees and gain money or even get employees to leave their companies. Fake job offers, phishing attacks, connection requests, messages with suspicious links, and phony tech support are the most common techniques used.

Carlos Salas, a cybersecurity expert at NordLayer, says: “Social media platforms, including LinkedIn, have seen significant growth in user numbers and engagement over the years. With more people joining and using these platforms, scammers have a larger pool of potential victims.”

More than half of businesses in the UK had their brands impersonated

By understanding the evolving landscape of LinkedIn scams, job seekers and employers can take proactive measures to safeguard their personal and professional information. According to the research, one of the most common ways scammers fool people is by falsely using a company’s name. Half of the companies in the UK confirmed that someone was using the organization’s brand name to profit.

Salas explains the logic: “LinkedIn is a professional networking platform, and users often trust interactions with legitimate companies and organizations. By using a well-known or reputable company name, scammers can gain the trust of potential victims more quickly.”

He also adds: “Always check for the company details such as the company name, logo, and other information to match what the individual or company claims. Look for discrepancies or inconsistencies.”

What are the most prominent LinkedIn scam tactics among UK businesses?

As professionals increasingly rely on LinkedIn for career advancement and networking purposes, it is crucial to be aware of the various scam tactics employed by cybercriminals. These scams range from phishing attacks aimed at stealing personal information such as login credentials or financial data to more sophisticated schemes involving identity theft.

Salas from NordLayer overviews the most popular scam tactics among UK businesses:

Phishing messages: Scammers may send messages pretending to be a recruiter, potential employer, or business partner, asking their victim to click on a malicious link or download an attachment. These links may lead to fake login pages or malware-infected files. Up to 47% of people in the UK experienced that.

Fake job offers: Scammers might create fake job postings that seem attractive to job seekers. When applicants show interest, they may ask for personal information, bank details, or an upfront payment for job processing or training. Up to 63% of Brits experienced such scams.

Malicious attachments and links: Scammers may send seemingly harmless documents or files that contain malware or ransomware. These attachments could exploit vulnerabilities in your computer or network, leading to data breaches or financial losses. People can also face a request to connect from an unknown person with a suspicious link in the message. Nearly 37% of people confirmed that they received something like that.

Fake tech support: Scammers might pretend to be LinkedIn technical support representatives and claim an issue with their victim’s account requires immediate attention. They may then try to obtain the login credentials or personal information. Up to 38% of responders claimed to have experienced that.

Get-rich-quick offer: Scammers may approach users with promises of high returns through cryptocurrency or foreign exchange trading. They often claim to have secret strategies or insider information to guarantee profits. In reality, they may ask users to invest money with them or sign up for suspicious trading platforms, leading to potential financial losses. This was reported by 43% of victims.

Invitation to participate in a fake survey: Scammers might create fake surveys, quizzes, or contests to collect personal data from unsuspecting users. Nearly 18% of scams account for that.

How to stay safe from LinkedIn scams

Salas highlights the need for education: “Social media scams will remain a prominent issue for many years, and with the help of AI, such scams will be even more convincing and professional. Critical thinking and education are essential here. Stay informed about the latest scams, phishing techniques, and online threats. Educate your employees about common scams and how to recognize suspicious activities. Regular training and awareness programs can help everyone stay alert and cautious.”

In addition, various tools can come in handy: “Ensure that you and your employees use strong, unique passwords for all accounts. Implement 2FA wherever possible because it adds an extra layer of security by requiring a second verification form to log in.”

ABOUT NORDLAYER

NordLayer provides flexible and easy-to-implement cybersecurity tools for businesses of any size or work model developed by the standard of NordVPN. We help organizations secure networks in a stress-free way. NordLayer enhances internet security and modernizes network and resource access with technical improvements aligning with the best regulatory compliance standards. Helping organizations to adopt ZTNA and SWG principles, NordLayer is focused on the Security Service Edge of cybersecurity services. Quick and easy to integrate with existing infrastructure, hardware-free, and designed with ease of scale in mind, NordLayer meets the varying growth pace and ad-hoc cybersecurity requirements of agile businesses and distributed workforces today.

 

SeeMetrics Launches Cybersecurity Performance Boards, Displays Unified Performance Insights for CISOs

Tel Aviv, July 26, 2023 SeeMetrics, the leading Cybersecurity Performance Management (CPM) platform that’s revolutionizing how security leaders measure, track, and improve security performance, today announced the launch of its new Security Performance Boards. Organized by security domains, the new Security Performance Boards are a collection of out-of-the box metrics that empower security leaders to measure the performance of their technologies, processes, and people in real time. SeeMetrics is the first ever data platform that drives cybersecurity performance assessment directly from the operational stack and “inside the perimeter”.

With SeeMetrics’ Security Performance Boards, cybersecurity executives and operational teams gain a centralized and business-aligned view of measurements, metrics, and Key Performance Indicators (KPIs), which shows trends, risks, and historical context. The SeeMetrics boards help to build a proactive and preventative approach to detecting emerging risks and gaps. Among SeeMetrics’ Security Performance Boards are Vulnerability Management, Endpoint Protection, Identity Management, Mail Security, Security Awareness, and Incident Response.

Today, the vast majority of CISOs are required to prove the value of their security programs and tool stack. They are expected to quickly answer questions around performance, progress, and budget. Adding to the complexity is the increasing size of their security stack — the average global organization has more than 29 security solutions in place, constituting a mostly unmanageable situation due to the massive amounts of data generated nonstop.

Whereas other C-suite leaders such as those of finance, sales, and marketing are already using integrated data platforms such as CRM and ERP, most CISOs, CIOs and security leaders have yet to adopt a centralized tool that streamlines data points from dozens of operational security tools into an executive view. This means they are left without the ability to instantly know the state of their operations, what is trending, what has changed, which capabilities are currently missing, overlapping or underperforming, and how that impacts the overall performance.

SeeMetrics’ new Boards provide a bird’s eye view of overall capabilities and security tools and also come with explorable depth: behind every Board is drill-down data that is trackable back to its source. The Boards make cybersecurity goals and progress quantifiable and more visible to immediate decision makers, along with helping security leaders to communicate in a relatable language on progress and trends to different stakeholders such as executives and board members.

“SeeMetrics’ new Security Performance Boards proactively provide insights to CISOs seeking to answer common questions such as ‘How are my policies trending?,’ ‘How well are we performing compared to last quarter?’ or ‘How is our MTTR trending in the US versus Europe?’”, says Shirley Salzman, CEO and Co-Founder of SeeMetrics. “With data driven directly from the enterprise’s security stack, SeeMetrics’ Boards allow security leaders to communicate performance based on clearly-defined KPIs and in the context of historical trends, relieving security leaders who, so far, have had to base their evaluations on either external assessments or offline data. The Security Performance Boards aim not only to streamline data for management purposes but also to assist security leaders to close a long-standing communication gap between themselves, their operations teams, and business managers.”

“Security measurements are essential to helping us understand how well our tools, and therefore how our security programs, are performing,” says Sounil Yu, Author of Cyber Defense Matrix and advisor to SeeMetrics. “SeeMetrics’ introduction of Security Performance Boards is an exciting milestone in the evolution of cybersecurity metrics, giving us security leaders a practical, tangible, and insightful way to really understand with confidence how our stack is performing in real time and on a continuous basis.”

To read a more in-depth piece on SeeMetrics Cybersecurity Performance Boards, click here.

About SeeMetrics

SeeMetrics is a Gartner-recognized Cybersecurity Performance Management (CPM) platform that revolutionizes how security leaders measure, track, and improve stack performance. Unlike manual processes, SeeMetrics uses real-time stack-derived data to automate answers to questions around performance. Join SeeMetrics’ webinar on September 12th “The Good, the Bad, and the Future of Managing Cybersecurity Performance” with CISOs representing approaches from Roblox, Disney and Uber.

SeeMetrics was founded in 2021 by Shirley Salzman, CEO and Shay Haluba, CTO, who raised $6M from VCs such as Work-Bench, 8VC, AGP, Essence VC, K5 Global and Verissimo. SeeMetrics’ Advisory Committee includes well-known industry names such as Sounil Yu, CISO & Head of Research at JupiterOne; Jason Chan, Former CISO of Netflix; Rafael Franco, Former Deputy General of the Israeli Cyber Directorate; Julie Tsai, Six-time CISO/Head of InfoSec and DevOps(Sec) specialist; Frank Kim, CISO & Fellow at SANS Institute; and Yael Nagler, Yass Partners CEO.

 

Delayed investment in holistic security systems has left companies vulnerable to attacks, says Kyocera

In the wake of the MOVEit hack, companies must assess their security capabilities and act to address any vulnerabilities, particularly unprotected endpoints such as printers

The recent MOVEit hack, which has affected over 100 organisations including the University of Manchester, BBC News and British Airways, has demonstrated that further investment in comprehensive security systems should be a priority for organisations of all sizes. This should focus not just on addressing common vulnerabilities, but on identifying unsecured endpoints which can act as a point of access for cybercriminals, such as office printers and scanners. This is according to Kyocera.

A recent Office of National Statistics survey found that only three in ten businesses have undertaken cyber security risk assessments in the last year. From 2021 to 2022, UK losses to fraud and cybercrime totalled over £4 billion with the average time to identify a UK data breach measured at 181 days. This lack of preparedness is being seen in real time as more and more companies fall victim to the MOVEit hack.

“While businesses having a lot of technology at their disposal is clearly good for productivity, it is also clear that security vulnerabilities continue to be a growing concern,” said Steve Doust, Group Sales Director for Business Solutions at Kyocera UK. “The more connected devices you have in your organisation, the more endpoints there are through which cybercriminals can gain access to company data. Some of these endpoints – including printers, photocopiers and scanners – are often overlooked by organisations looking to shore up their security. Tools to implement a strong and secure system are readily available, and leading organisations must invest before it is too late.

Installing SIM (security information management) technology that automates processes and normalises data, instead of IT teams manually sorting data, is a straightforward yet highly effective way of protecting the business, regardless of its size.

Doust continued, “Larger organisations began using SIM systems a decade ago, but the market has boomed, and they are now integral to security at many small-to-midsize businesses too, particularly given the amount of data every business now holds. Robust software to protect endpoints – such as managed endpoint detection and response (M-EDR) must also be considered.

“KPIs must be set to monitor the effectiveness of any security system including SIM and M-EDR, and when a breach does happen, comprehensive disaster recovery capabilities must be in place, including backups to ensure data can be recovered in the event of data loss or a ransomware attack. Guidance for risk analysis can be found in the multiple standards available, including COBIT, the International Organization for Standardization (ISO) 27000 series and the US National Institute of Standards and Technology (NIST) 800 series.”

Doust concluded, “As technology continues to progress, so does the tenacity of cybercriminals. Organisations must remain aware, never rest on their laurels and ensure they have the latest systems in place to keep their data secure at all times. It should always be a holistic, proactive process, rather than one where vulnerabilities are patched on a reactive basis. The good news is there are plenty of tools already out there that can make a major difference.”

– ENDS –

About the KYOCERA Document Solutions Group UK

Kyocera Document Solutions Group UK is offsetting to carbon neutral while continually striving to reduce their carbon emissions to drive to a net zero target.

More: Climate Action | KYOCERA Document Solutions

As a Managed Service Provider (MSP) Kyocera Document Solutions Group UK provides Digital Transformation, Document Management, and Information Communication Technology (ICT) services. Kyocera helps customers turn information into knowledge and excel at learning by accelerating their digital adoption and enabling information to flow more dynamically throughout their organisation.

More: https://kyocerads-group.co.uk/

Kyocera Document Solutions (UK) Limited is a group company of Kyocera Document Solutions Inc., a global leading provider of total document solutions based in Osaka, Japan. The company’s portfolio includes reliable and eco-friendly MFPs and printers, as well as business applications and consultative services which enable customers to optimize and manage their document workflow, reaching new heights of efficiency. With professional expertise and a culture of empathetic partnership, the objective of the company is to help organisations put knowledge to work to drive change.

Kyocera Document Solutions Inc. is a group company of Kyocera Corporation (Kyocera), a leading supplier of semiconductor packages, industrial and automotive components, semiconductor packages, electronic devices, smart energy systems, printers, copiers, and mobile phones. During the year ended March 31, 2022, the Kyocera Group’s consolidated sales revenue totalled 1.8 trillion yen (approx. US$15.1 billion). Kyocera is ranked #665

on Forbes’ 2022 “Global 2000” list of the world’s largest publicly traded companies, and has been named by The Wall Street Journal among “The World’s 100 Most Sustainably Managed Companies.”

 

SecAlliance Report reveals the cybercrime potential of AI driven chatbots

  • Chatbots set to enable rise in low-to-moderate complexity malicious code and phishing text
  • SecAlliance assesses current GPT chatbots are not sophisticated enough to deliver high level threat, but they will be
  • Warning that future technology improvements will require increased investment from defenders in AI-enabled detection and response capabilities
London, 26 July 2023: A report from SecAlliance, the cyber threat intelligence services provider, reveals the security risks posed by the rising number of AI driven Chatbots.
The report, Security and Innovation in the Age of the Chatbot, discusses the rising fears surrounding increased adoption of AI, and the technological advancements that have led to a growing number of Chatbots.
The sector analysis suggests current-generation LLM (Large Language Model)-enabled generative AI tools (such as ChatGPT, BingBot and BardAI) have demonstrable applications in three distinct areas of concern to defenders: phishing campaign support, information operation enablement and malware development.
Since the launch of ChatGPT in November 2022, the generative pre-trained transformer (GPT) model has rapidly grown a 100m user base – faster than the growth of any social media platform. With this exponential growth comes fears of the technology being used to create malicious code, even among those with little to no understanding or skills in coding.
SecAlliance suggests that current-generation LLM-enabled generative AI tools are likely to provide lower-skilled threat actors with the ability to generate low- to moderate-complexity malicious code – without requiring significant programming experience or resources.
And while OpenAI (the research institute behind ChatGPT) ostensibly prohibits use of its tools for purposes that violate its content policy, many of the safeguards it has implemented to prevent misuse have been shown to be easily circumvented.
Certainly, since ChatGPT’s release, cybercriminal and ethical hacker interest in such generative AI tools has spiked. But given the technology’s current technical limitations, SecAlliance assesses that most high-impact malicious use cases for generative AI are unlikely to be leveraged at scale in the short-to medium-term.
Nicholas Vidal, Strategic Cyber Threat Intelligence Team Lead at SecAlliance says: “While current LLM-tools present considerable promise and considerable risk, our research shows that their broader security impacts remain muted by limitations in the underlying technology that enables their use. However, their pace of innovation is rapid, and future advancements are likely to expand the scope of possibilities for misuse.”
Already, SecAlliance has noted ChatGPT can generate “semi-reliable” text to complete tasks commonly associated with phishing campaigns and other inauthentic behaviour operations, with motivated users circumventing the language model’s content filtering mechanisms. Cybercriminals are leveraging LLMs to generate highly convincing human-language output.
SecAlliance assesses that using generative AI to produce high complexity malware (including polymorphic variants) is not something we will see in the near-term, due to quality control issues and the high threshold of programming ability required for successful campaign execution. A current limitation for persistent cybercriminals is the inability to validate code generated by LLMs, which remains a challenge for would-be polymorphic malware developers.
CyberArk researchers point out that this remains a key issue for such malware developers, who, they argue, must be skilled enough to validate all possible modulation scenarios to produce exploit code capable of being executed.
And the UK’s NCSC assesses that even those with significant ability are likely to be able to develop malicious code from scratch more efficiently than by iterating, validating and appending code produced by generative AI.
SecAlliance assesses the recently released GPT-4 is likely to be more reliable and capable of handling more nuanced instruction than its earlier generation counterparts, potentially further reducing barriers to its use by malicious actors.
In the longer term – and given the rapid evolution of the technology – future improvements in the sophistication of generative AI and the experience of threat actors in exploiting them for malicious purposes will ultimately expand their potential impact, requiring increased investment from defenders in AI-enabled detection and response capabilities.
According to a study conducted by Blackberry in February 2023, approximately 50% of IT decision makers polled stated they expect a successful cyberattack leveraging ChatGPT to be reported within the year. Of the same group, over 80% stated they planned to invest in AI-driven cybersecurity products within two years.
Business leaders are increasingly viewing AI-enabled defences as a critical means of defending against modern-day attack techniques, including those leveraging novel applications of AI. As Jeff Sims, the researcher behind HYAS’s polymorphic keylogger, BlackMamba, suggests, organisations must not only “remain vigilant” and “keep their security measures up to date” but also “adapt to new threats that emerge by operationalising cutting-edge research being conducted in this space.”
In other words, they must learn to fight fire with fire.
The full report is exclusively available on ThreatMatch for ThreatMatch subscribers.
About Security Alliance
Formed in 2007, Security Alliance is a global cyber threat intelligence product and services company with clients that include governments, central banks, healthcare, financial services, manufacturing, transportation, energy, research and Critical National Infrastructure.
Our cyber threat intelligence team is made up of seasoned intelligence professionals with diverse backgrounds, ranging from conventional intelligence, law enforcement, consulting, research and academia, to technical, software development and penetration testing.
Security Alliance provides intelligence that is gathered, analysed and curated by intelligence experts with real world experience. We pride ourselves on the quality of our intelligence product and services, and the strong relationships we build with our clients and partners.
We help clients manage and reduce cyber risks and continuously build relevant cyber security strategies and improve their cyber resilience. Our clients gain clarity of their real and greatest cyber threats so they can better develop their own intelligence capabilities.

Stellar Cyber extends partnership with Hitachi Solutions’ HIBUN to deliver Open XDR Integration ensuring quick detection of threats and minimizing information leakage

Tokyo, Japan, July 26, 2023 — Stellar Cyber, the innovator of Open XDR, today announced product integration with HIBUN from Hitachi Solutions, the leader in information leak prevention solutions in Japan. This powerful integration makes it easy to improve visibility into information leakage threats by incorporating the rich security log data generated by HIBUN into the Stellar Cyber Open XDR platform.

This product integration enables companies that have deployed HIBUN to enhance their information leak prevention by detecting and analyzing information leaks in real-time on the Stellar Cyber Open XDR platform. Stellar Cyber obains HIBUN security log data and normalizes, analyzes, and correlates it to identify information leak threats and displays them in an intuitive interface.

“We are pleased to announce that HIBUN will provide new value, real time detection and visibility into information leakage threats together with Stellar Cyber, the innovator of Open XDR. We will continue to create new value, listening to our customers and deepening mutual partnership leveraging both strengths.” said Kenichi Hirama, Executive Officer at Hitachi Solutions.

By combining HIBUN’s information leak prevention technology with Stellar Cyber’s AI- and machine learning (ML)-based detection and automated threat hunting, HIBUN administrators can detect potential information leaks earlier with fewer resources. This partnership provides an efficient and comprehensive information leak prevention solution for companies deploying HIBUN.

“We are excited to partner with HIBUN from Hitachi Solutions to deliver significant advancements in detecting and mitigating information leaks,” said Andrew Homer, VP of Technology Alliances at Stellar Cyber. “We look forward to helping organizations change the way they protect their data with our joint solution.”

“Information leaks have a significant impact on companies and require a rapid response. We are very pleased that the integration HIBUN, Hitachi Solutions’ information leak prevention solution, and the Stellar Cyber Open XDR platform will quickly determine information leak threats and provide 24-hour detection,” said Makoto Fukumi, Country Manager – Japan at Stellar Cyber.

About HIBUN

HIBUN is information leak prevention solution developed and sold by Hitachi Solutions and has gained top market share for the eighteenth straight year in the Japanese information leak prevention product market. HIBUN is consisted of three products, HIBUN Device Control which controls copying data, HIBUN Data Encryption protects data with encryption, and HIBUN Data Protection prevents abuse, leakage of data. Hitachi Solutions also delivers these products as a service, HIBUN Unified Endpoint Management Service, which supports efficient endpoint management.

About Stellar Cyber

Stellar Cyber delivers comprehensive, unified security without complexity, empowering lean security teams of any skill to secure their environments successfully. With the Stellar Cyber Open XDR Platform, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley. For more information, visit https://stellarcyber.ai.

Inside-Out Defense Launches Freemium Solution to Provide
Real-Time Visibility of Privilege Abuse Risks in Enterprise Organizations

(Palo Alto, CA) – July 25, 2023Inside-Out Defense, the cybersecurity industry’s first platform to solve privilege abuse, today announced the availability of the freemium version of the company’s platform. The freemium version provides IT staff with a complete view of the user footprint across their organizations. This view of all users is called an identity catalog, including user personas and entitlements across all systems, infrastructure, applications, and user activities, providing the context of users internally and externally. Inside-Out Defense creates its identity catalog by monitoring activities within a company’s infrastructure and applications to determine users and actions instead of relying on directory information. Recently, Inside-Out Defense was named by Chief Security Officer Magazine as One of the Cybersecurity Startups to Watch in 2023.

Inside-Out Defense is a SaaS platform providing agentless privilege abuse detection and remediation. The platform supports all environments and applications and is built for ‘Continuous Validation of Trust’™. The platform interoperates with and complements existing Identity Access Management (IAM), Privilege Access Management (PAM), and custom identity solutions. Inside-Out Defense identifies the gaps between known and unknown abuse leveraging its patented AI technology “HoneyCombe Polygraph Mesh,” which, through its proprietary LLMs and finetuning techniques, not only tracks each user activity but also monitors the adjacent user behaviors to derive/infer and deterministically flag malicious user intent, thereby stopping privilege abuse in real-time and at scale.

Key Features:

  • The free trial offer is valid for a ten-day trial period.
  • In the free trial, organizations can create an all-encompassing identity catalog for their organization, including users and identities across all systems, environments, and applications, even those not contained in the organization’s directory services. The identity catalog will also include all users different personas and entitlements.
  • The identity catalog is a valuable tool for enabling IT staff to audit privilege levels currently granted and identify ‘disconnected identities’ that may be operating outside the organization’s IAM and PAM systems, a typical hacker attack vector.
  • Customers can upgrade to a paid version to enable real-time detection and remediation of privilege abuses.
  • Inside-Out Defense hopes to increase awareness of the lurking dangers that privilege abuse presents. The identity catalog provided in Inside-Out Defense’s freemium trial offers real-time visualization of users and their entitlements, enabling IT staff to review identities and privileges across their organizations in detail.
  • The Inside-Out Defense freemium trial is a simple and easy-to-implement solution. Customers can request access and seamlessly connect their applications and environments to the Inside-Out Defense platform. IT staff can quickly visualize their identity catalog, including the context of users, their activity footprint, and behaviors.

Inside-Out Defense features beyond the identity catalog enable customers to detect and remediate hidden and emerging day zero privilege abuses, visualize the user forensics in real-time, and define/enforce policy guardrails that will be gated for the paid version.

For more information on the Freemium version, please email Inside-Out Defense at: [email protected]

About Inside-Out Defense 

Inside-Out Defense is on a mission to protect organizations against privilege abuse, the #1 attack vector used by hackers today. Inside-Out Defense’s proactive, real-time, and automated hacking intervention solution is built around a privilege governance platform for continuous trust validation. We make it possible to monitor behavior and access privileges in real-time across all your SaaS, cloud, hybrid, and legacy environments. The Inside-Out Defense solution offers proactive, real-time, and automated intervention against privilege abuse hacking. Inside-Out Defense’s customers include global pharma, manufacturing, healthcare, and fintech organizations. To learn more, visit www.insideoutdefense.com.

American SMBs lag behind European counterparts in digitalization, according to IONOS SMB digitalization and resilience survey

American SMBs are last in almost all the inquiry statements presented in the survey

PHILADELPHIA — July 12, 2023 — IONOS, a leading digitalization partner for small and midsize businesses, today announced the results of its annual survey of 4,800 American and European small and midsize business (SMB) professionals regarding digitalization, economic and cybersecurity resilience. American SMBs are last in almost all the digitalization statements presented in the survey.

Digitalization is important for all, but American SMBs lag European SMBs

One of the most striking findings of the survey is a sharp decline in digitalization initiatives among American SMBs. For example, American SMBs’ use of a company-specific website (www.companyname …) declined 21% from 65% in 2022 to 44% in 2023. American SMBs’ use of email addresses including a company-specific domain (… @companyname …) declined 16% from 60% in 2022 to 44% in 2023. These declines possibly indicate that the focus on digitalization due to the pandemic has waned along with the pandemic itself and its sheltering and social distancing aspects.

The survey specifies that digitalization includes, among other aspects, a company website, online office solutions, an online shop, virtual meetings and online marketing and communication. However, the highest percentage of American SMBs reported having an email address with the company’s domain name (44%) and having a website (44%), with lower utilization of the other aspects of digitalization included in the survey.

The results also indicate that, while European and American SMBs consider the main benefits of digitalization to be winning new customers, ease of discovery, increasing revenue and creating a modern image, American SMBs lag slightly in their estimation of its importance. Although SMBs in Spain (88%), Germany (81%), the U.K, (79%) and France (80%) are all around the 80% mark in their estimation of the importance of digitalization, 75% of American SMBs share that view. It’s unusual for SMBs to have no digitalization initiatives in place; across all countries, less than 8% of all companies claimed to work completely without digitalization.

“Those who don’t firmly anchor their business strategy in digitalization will have a hard time surviving in the market,” said Achim Weiss, CEO of IONOS. “Of course, expertise must first be developed, and resources invested, which isn’t always easy for SMBs. However, the gains they realize from digitalization, including improved visibility, growth, new business models and greater resilience to crises, far outweigh the initial outlay.”

The barriers to digitalization

The explanation for the sharp decline of company-specific websites and email addresses among American SMBs also may be the current economic uncertainty and lack of skills to implement digitalization initiatives. American SMBs note that costs (60%), lack of time (56%), lack of know-how (52%) and inflation (50%) are major barriers to digitalization. Lack of interest in digitalization doubled among American SMBs from 25% in 2022 to 51% in 2023.

Economic uncertainty is influencing investments in digitalization among American SMBs. Thirty percent report they postponed digitalization expenses that are not absolutely necessary, in response to the current economic situation, energy crisis and geopolitical threats. Twenty-four percent of American SMBs, the largest value in the survey, plan to invest less heavily in digitalization due to the current economic situation.

American SMBs gauge overall business risk and cybersecurity

Another important section of the survey focuses on overall business risk. The deepest concerns regarding business risk among American SMBs include a declining economy and threat of a recession (46%) and a shortage of skilled workers (44%).

Other common business risks, including IT security and cybercrime, are less of a concern among American SMBs. Sixty-seven percent report they are well-positioned regarding IT security and cybercrime, while no more than half of the European respondents feel well equipped in those areas. In France, the number drops to 33%. The most common protective measures that American SMBs implement include regular password updates and high password security (36%) and choosing cloud and hosting solution providers experienced in cybersecurity and maintaining critical infrastructure (33%).

Methodology

YouGov, an international research data and analytics group, conducted the survey of 4,800 respondents from American and European SMBs on behalf of IONOS in January 2023 (USA 1,000; UK 1,004; Germany 1,005; Spain 1,004; France 801 respondents).

For more information about the IONOS SMB digitalization and resilience survey, visit IONOS Newsroom.

About IONOS

IONOS is a leading digitalization partner for small and midsize businesses (SMBs). The company serves 6 million customers and operates across 18 markets in Europe and North America, with its services accessible worldwide. With its web presence and productivity portfolio, IONOS acts as a “one-stop shop” for all digitalization needs — from domains and web hosting to classic website builders and do-it-yourself solutions, and from e-commerce to online marketing tools. In addition, the company offers cloud solutions to enterprises who are looking to move to the cloud as their businesses evolve. For more information visit www.ionos.com.

WatchGuard Expands Identity Protection Capabilities with New AuthPoint Total Identity Security Bundle

The company’s new AuthPoint Total Identity Security solution adds advanced password management capabilities and dark web monitoring to help protect corporate credentials

SEATTLE – July 12, 2023WatchGuard® Technologies, a global leader in unified cybersecurity, today unveiled AuthPoint Total Identity Security, a comprehensive bundle that combines the award-winning AuthPoint multi-factor authentication (MFA) with dark web credential monitoring capabilities and a corporate password manager. The introduction of this new product, paired with the zero trust risk-based policies of WatchGuard’s Unified Security Platform® architecture, enables managed service providers (MSPs) to provide optimal modern cybersecurity delivery from WatchGuard Cloud.

“Stolen or leaked credentials are a primary cause of data breaches, yet passwords remain the most prevalent method of user authentication for organisations,” said Carla Roncato, vice president of Identity at WatchGuard. “And while multi-factor authentication has become a mandatory requirement for organisations, most still need to deal with weak and reused passwords, shared admin passwords, credential leaks on the dark web, and corporate applications with limited MFA support. AuthPoint Total Identity Security provides advanced password management capabilities and dark web monitoring to help protect corporate credentials in addition to MFA and web single sign-on.”

AuthPoint Total Identity Security enables MSPs to offer their customers credentials monitoring, on-demand dark web exposure alerts, and password management to reduce issues related to credential compromise with an all-in-one mobile authenticator app for iOS and Android. AuthPoint Total Identity Security also provides users with an easy-to-manage tool to generate complex passwords that are auto-filled through browser extensions for Microsoft Edge, Google Chrome, Apple’s Safari, and Firefox protected by a vault password. By storing each application’s credentials in a password manager, the user needs only to create and remember one unique, complex vault password, which helps mitigate the risk of phishing.

Key features of AuthPoint Total Identity Security include:

  • AuthPoint MFA Service – Delivered through WatchGuard Cloud, AuthPoint MFA makes it easy to configure and manage offline and online verification methods and access policies across endpoints, VPNs, and web applications, and set up single sign-on application portals across multiple customer deployments.
  • Dark Web Monitoring Service AuthPoint’s on-demand Dark Web Monitoring service notifies customers when compromised credentials, from up to three monitored domains, are found in newly acquired credential breach databases. Alerts are sent to impacted administrators and end users so they can generate new passwords quickly and before an account takeover occurs.
  • Password Manager Built with business use cases in mind, AuthPoint’s Corporate Password Manager enforces a higher standard for passwords and helps reduce the frequency of password reset requests. Passwords do not need to be remembered as they are stored securely in the vault and further protected by each individual user’s unique, complex vault password, ensuring only they can decrypt and access the credentials within. When users need to access their apps, they can retrieve their passwords using the AuthPoint mobile app for iOS and Android and/or the browser extension to auto-fill credentials for a smoother overall single sign-on experience. It provides:
  • Corporate Vault – Add credentials and generate strong passwords for commonly used workplace applications where SSO is not enabled. Additionally, administrators can securely share credentials for the common use of an application.
  • Private Vault – Add credentials and generate strong passwords for personal and social apps. If the employee leaves the organisation, these personal credentials can be exported and imported to another password manager.

“One of the many reasons we value WatchGuard as a technology partner is that they are continuously expanding their Unified Security Platform architecture with new services and cloud offerings to help us better serve our customers,” said Richard Jackson, Technical Director, at Aigis IT Security Ltd. “The new AuthPoint Total Identity Security bundle combines two categories of identity security into one with password management and multi-factor authentication and goes further by enabling credential monitoring to protect our customers from widespread credential-based risks. These risks affect everyone, it only takes one compromised credential to result in a successful ransomware attack, it’s the kind of product that organizations need right now and for the foreseeable future.”

For more information about AuthPoint Total Identity Security, click here.

About WatchGuard Technologies, Inc.

WatchGuard® Technologies, Inc. is a global leader in unified cybersecurity. Our Unified Security Platform® approach is uniquely designed for managed service providers to deliver world-class security that increases their business scale and velocity while also improving operational efficiency. Trusted by more than 17,000 security resellers and service providers to protect more than 250,000 customers, the company’s award-winning products and services offer five critical elements of a security platform: comprehensive security, shared knowledge, clarity & control, operational alignment, and automation. The company is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.

For additional information, promotions and updates, follow WatchGuard on Twitter (@WatchGuard), on Facebook, or on the LinkedIn Company page. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at www.secplicity.org. Subscribe to The 443 – Security Simplified podcast at Secplicity.org, or wherever you find your favourite podcasts.

WatchGuard is a registered trademark of WatchGuard Technologies, Inc. All other marks are property of their respective owners.

Oxeye AppSec Platform Automatically Discovers

Owncast & EaseProbe Security Vulnerabilities

Company Provides Recommended Remediation for Server-Side

Request Forgery (SSRF) and SQL-Server Injection Vulnerabilities

 

 

TEL AVIV – July 11, 2023 – Oxeye, the provider of an award-winning cloud-native application security platform, has uncovered two critical security vulnerabilities and recommending immediate action be taken to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and EaseProbe (CVE-2023-33967), two open-source platforms written in Go.

Owncast Vulnerability

The first vulnerability was discovered in Owncast, an open-source, self-hosted, decentralized, single-user live video streaming and chat server written in Go. The vulnerability, labeled as an Unauthenticated Blind Server-Side Request Forgery (SSRF), could potentially allow unauthenticated attackers to exploit the Owncast server by forcing the Owncast server to send HTTP requests to arbitrary locations using the GET HTTP method. This vulnerability also allows the attacker to send the requests while specifying arbitrary URL paths and query parameters. The Owncast vulnerability has a high CNA CVSS severity rating of 8.3/10 and was identified during an extensive analysis conducted by Oxeye Security’s in-house custom SAST (Static Application Security Testing) solution for compiled Golang applications.

Upon examination, the security researchers at Oxeye Security determined that the Owncast server is susceptible to an unauthenticated SSRF attack, enabling malicious actors to force the server to send HTTP requests to arbitrary locations using the GET HTTP method. Additionally, attackers can manipulate the requests by specifying arbitrary URL paths and query parameters.

The vulnerable code resides within the GetWebfingerLinks function of Owncast, specifically in the following location:
https://github.com/owncast/owncast/commit/f40135dbf28093864482f9662c23e478ea192b16 . As per the code analysis, user-controlled input passed through the “account” parameter is parsed as a URL, and subsequently, an HTTP request is issued to the specified host on line 32.

To address this critical SSRF vulnerability, Oxeye Security recommends the following remediation steps:

– Prohibit the HTTP client utilized by Owncast from following HTTP redirections to mitigate the potential exploitation of SSRF attacks.

– Implement restrictions to allow only authenticated users to trigger the vulnerable endpoint, thereby minimizing the risk of unauthorized access.

Oxeye Security has been proactive in reaching out to the Owncast development team and providing them with detailed information regarding the vulnerability and recommended remediation steps. Together with Owncast, Oxeye Security aims to ensure the prompt resolution of this security issue to safeguard the Owncast community and its users.

EaseProbe Vulnerability

Oxeye has also recently discovered multiple SQL-injection vulnerabilities in EaseProbe, a lightweight and standalone health/status checking tool written in Go. The vulnerabilities, categorized as Config-Based SQL-Injection, expose potential security risks for users of EaseProbe with a Critical NIST CVSS Security Score of 9.8/10. The vulnerable code is located in the MySQL / Postgres database client code:

·
https://github.com/megaease/easeprobe/blob/main/probe/client/mysql/mysql.go#L174

·
https://github.com/megaease/easeprobe/blob/main/probe/client/postgres/postgres.go#L203

During an extensive evaluation utilizing Oxeye Security’s in-house custom SAST (Static Application Security Testing) solution for compiled Golang applications, the security researchers identified significant vulnerabilities in EaseProbe. These vulnerabilities can be exploited by attackers who have control over the EaseProbe configuration, enabling them to read, delete, or modify all information stored in the databases configured for health checking. In certain circumstances, depending on the user privileges and the database engine, the attacker may also execute arbitrary system commands on the server hosting the database. The vulnerable code is located within the MySQL and Postgres database client code of EaseProbe.

By analyzing the EaseProbe configuration file, Oxeye Security demonstrated a practical exploitation scenario on a Postgres database. The attacker injects a malicious command “ls” to execute arbitrary system commands. The vulnerable database query is unsafely formatted with user-provided data, leading to the successful execution of the injected command.

To mitigate the risks associated with SQL-injection attacks, Oxeye Security recommends the following remediation measures:

– Properly sanitize all user input to prevent SQL-injection vulnerabilities. This can be achieved by implementing techniques such as prepared statements and parameterized queries, which treat user-provided input as values instead of executable code. If injection occurs in a query part that cannot be parameterized, strictly validate user input, considering the use of regular expressions or other appropriate methods.

– Ensure the application is regularly updated and patched to address any known vulnerabilities, as this can effectively mitigate the risk of exploitation.

Oxeye Security has taken immediate action by notifying the developers of EaseProbe about the discovered vulnerabilities. By collaborating with the EaseProbe team, Oxeye Security aims to expedite the resolution of these security issues to protect EaseProbe users from potential threats. Note: This problem has been fixed in EaseProbe v2.1.0.

If interested in learning more about how Oxeye can assist with cloud-native application security challenges, please visit
https://www.oxeye.io/contact to contact us.

Honeywell to Acquire SCADAfence, Strengthening its Cybersecurity Software Portfolio

  • SCADAfence will integrate into the Honeywell Forge Cybersecurity+ suite providing expanded asset discovery, threat detection, and compliance management capabilities.
  • SCADAfence extends Honeywell’s OT cybersecurity portfolio to build upon its comprehensive professional services, managed security services, and software solutions.

Charlotte, NC (July 10, 2023) – Honeywell (Nasdaq: HON) today announced it has agreed to acquire SCADAfence, a leading provider of operational technology (OT) and Internet of Things (IoT) cybersecurity solutions for monitoring large-scale networks. SCADAfence brings proven capabilities in asset discovery, threat detection and security governance which are key to industrial and buildings management cybersecurity programs.

The OT cybersecurity industry is expected to grow to greater than $10 billion in the next several years. Particularly in the industrial sector, cyberattacks focused on OT systems can be a significant source of unplanned downtime, with estimates that unplanned downtime represents over a trillion dollars in lost revenue for the industrial and critical infrastructure sectors.

“It is essential to protect and maintain the integrity of operational systems like process control equipment in manufacturing facilities. A simple breach in the OT environment has the potential to create safety and business continuity risk for organizations of all sizes. OT assets are inherently different than those in the IT environment as they are domain specific. Honeywell has been delivering and installing these systems for decades, which is why we launched our cybersecurity business more than twenty years ago. Adding SCADAfence’s product portfolio will strengthen our capabilities and help our customers defend themselves against cyber security risks which are progressively increasing,” said Kevin Dehoff, president and chief executive officer, Honeywell Connected Enterprise.

The SCADAfence product portfolio will integrate into the Honeywell Forge Cybersecurity+ suite within Honeywell Connected Enterprise, Honeywell’s fast-growing software arm with strategic focus on digitalization, sustainability and OT cybersecurity SaaS offerings and solutions. This integration will enable Honeywell to provide an end-to-end enterprise OT cybersecurity solution to site managers, operations management and CISOs seeking enterprise security management and situational awareness. The acquisition strengthens existing capabilities in cybersecurity and bolsters Honeywell’s high-growth OT cybersecurity portfolio, helping customers operate more securely, reliably and efficiently.

“SCADAfence is an ideal complement to Honeywell’s OT cybersecurity portfolio and, when combined with the Honeywell Forge Cybersecurity+ suite, it enables us to provide an end-to-end solution with applicability to asset, site and enterprise across key Honeywell sectors,” said Dehoff. “By enhancing our cybersecurity portfolio, we are accessing a growth engine and enabling our customers to operate their OT environments more securely and help to avoid disruption and possible catastrophic events.”

“We are thrilled to join Honeywell as we work towards fulfilling our mission of empowering industrial organizations to operate securely, reliably and efficiently. This combination creates significant opportunity for growth, allowing us to combine our top-tier OT cybersecurity products with one of the world’s leading companies in industrial software,” said Elad Ben Meir, chief executive officer, SCADAfence. “With this acquisition, we are poised to deliver some of the most advanced OT security technology to Honeywell’s broad customer base, bolstering the comprehensive Honeywell Forge Cybersecurity+ offering. We remain committed to proactively serving and supporting our customers across all verticals and geographies where we currently operate.”

SCADAfence is headquartered in Tel Aviv, Israel and will expand Honeywell’s Cybersecurity Center of Excellence in Tel Aviv. Honeywell has been implementing OT cybersecurity solutions for more than twenty years, delivering thousands of projects in over 130 countries with more than 500 employees worldwide focused specifically on OT cybersecurity.

The transaction is expected to close in the second half of 2023, subject to customary closing conditions, including receipt of certain regulatory approvals.

 

 

CyVers Discovers $126M Multichain Hack

Tel Aviv – 10 July 2023 – In one of the cyber biggest hacks of the year, more than $126 million was stolen from the cross-chain router protocol Multichain.

The AI-based CyVers platform detected the bridge exploit on Thursday, July 6, and the team immediately notified Multichain and the Web3 community to ensure that action could be taken to minimize the potential for additional losses.

The Multichain team confirmed the assets were moved to an unauthorized address. However, they are still uncertain about the exact nature of the incident and have recommended that users suspend all services. CyVers suspects the exploit could be a hack, rug pull, or an insider job involving a compromised private key.

Following the incident, Circle and Tether swiftly blacklisted addresses holding $67.5 million in stolen Multichain assets. With operations temporarily halted and concerns arising about leadership absence and centralization, Multichain is under intense scrutiny

“Instead of creating a malicious contract, the threat actors directly attacked the bridge’s MPC wallets, the critical point of transaction flows,” said Meir Dolev, CTO and co-founder of CyVers. “We were able to ‘see’ the transactions because of our AI-based behavioral analysis engine. Bridge attacks are growing in popularity; the Multichain attack is actually the second one in less than a week.”

The CyVers platform was also the first to discover the PolyNetwork bridge hack on July 1.

Beyond being a bridge attack, the Multichain incident is unusual on two counts. 1) They were prepared. Two hours before it occurred, the hackers performed three test transactions of US$2 each to ensure they would avoid difficulties during the major hack. 2) The post-attack pattern was very different. Usually, hackers try to launder the money as quickly as possible by swapping it into DEX and CEX (as we saw in PolyNetwork case). This time, the money has not moved for a few days; it is still on the hackers’ addresses.

“Based on the lack of movement, we suspect it might be related to the arrest of the Multichain CEO in May by Chinese authorities, or maybe this is an insider attack, and he doesn’t know how to move forward,” said Deddy Lavid, CEO and co-founder of CyVers.

The $126M hack is the second biggest cyber-attack this year and a stark reminder of insufficiencies in Web3 security. With increasingly sophisticated hacks, more proactive, robust security is necessary to deal with the complexities and novel challenges of the Web3 environment.

CyVers identifies and mitigates such security threats by analyzing network behaviors in the blockchain transaction space. The platform collects cross-blockchain data and applies AI-based geometric anomaly detection to identify topological outliers and swiftly detect emerging threats, including smart contract exploits and private key leakage. This enables stakeholders to respond quickly and implement effective countermeasures against exploitation and money laundering.

About CyVers

CyVers is a prominent provider of cutting-edge proactive Web3 Security solutions for centralized and decentralized finance and smart contract applications. The primary focus is on detecting and intercepting crypto attacks across various blockchains. CyVers is revolutionizing the industry with its agentless, plug-and-play, and scalable solutions that accurately identify suspicious behavior in real-time. By swiftly identifying and addressing cyber-attacks, CyVers aims to create a safer and more trustworthy Web3 economy, fostering mass adoption and greater confidence among companies and traders.

For more information, contact:

Deddy Lavid , CyVers.AI
[email protected]
+972-509250183 (+2 GMT)

Follow @Cyvers_ & @CyversAlerts on Twitter

 

 

Gigamon 2023 Hybrid Cloud Security Survey Reveals Nearly One-Third of Security Breaches Are Going Undetected by IT and Security Professionals

Annual survey shines a spotlight on global misconceptions around the extent of hybrid cloud blind spots, despite 93 percent predicting cloud security attacks are on the rise

Santa Clara, Calif – June 28, 2023 – Gigamon, the leader in deep observability, today announced its Hybrid Cloud Security trends report, emphasizing a significant gap between the perception and reality of how secure organizations truly are from cyber threats. The annual survey of over 1,000 IT and Security leaders from across the US, EMEA, Singapore, and Australia uncovered that while surface-level confidence around hybrid cloud security is high, with 94 percent of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one-third of security breaches aren’t spotted by IT and Security professionals.

According to Flexera, 74 percent of organizations now exist in the hybrid cloud and this infrastructure is considered the ‘norm’ by Forrester analysts. Yet it comes with a number of security concerns, clearly recognized by respondents to the Gigamon Hybrid Cloud Security survey; 93 percent predict cloud security attacks are only going to increase, and 90 percent had experienced a breach in the last 18 months. The issue is that 31 percent of breaches are being identified later down the line, rather than preemptively using security and observability tools – either by data appearing on the dark web, files becoming inaccessible, or users experiencing slow application performance (likely due to DoS or inflight exfiltration). This number rises to 48 percent in the US, and 52 percent in Australia.

The good news is that collaboration across IT is on the rise. 96 percent of IT and Security leaders around the world believe cloud security is everyone’s responsibility, and almost all (99 percent) see CloudOps and SecOps working towards a common goal. Yet there is still more to be done, while CloudOps seems to be leading on strategy, 99 percent of respondents claim a lack of a security-first culture means vulnerability detection is often siloed to the SecOps team.

Unexpected Issues Keeping CISOs Up at Night

The Gigamon report also identified that the key stressors for IT and security leaders in 2023 aren’t what many may have anticipated. It is unexpected blind spots (56 percent), legislation (34 percent), and attack complexity (32 percent) that keep CISOs and other IT leaders up at night, while a lack of cyber investment is only worrying 14 percent of global respondents, along with just 20 percent who were concerned about the ongoing skills gap. In fact, only 19 percent claim effective security education for staff is a crucial factor for gaining confidence on IT infrastructure security. Respondents from France and Germany are slightly more concerned about skills, with 23 percent and 25 percent respectively stating they need access to skilled people in the cloud. Instead, legislation is a growing worry on a global scale, and is a particular issue for the UK and Australia: 41 percent in the UK and 59 percent in Australia see change in cyber laws and compliance as a key concern.

Survey respondents generally acknowledged blind spots across their hybrid cloud infrastructure:

  • 70 percent lack visibility into encrypted data, a number that rises to 79 percent in Germany.

  • 35 percent had limited insights into containers, which increases to 38 percent in France and 43 percent in Singapore.

  • Just under half (48 percent) had insights into laterally moving data, although the US leads the market here with 64 percent achieving East-West visibility.

Yet despite flagging blind spots as their leading stressor, one-third of CISOs and 50 percent of other IT and Security leaders admit they lack confidence in knowing where their most sensitive data is stored and how it is secured.

“These findings highlight a trend of critical gaps in visibility from on-premises to cloud, the danger of which is seemingly misunderstood by IT and Security leaders around the world,” comments Ian Farquhar, security CTO at Gigamon. “Many don’t recognize these blind spots as a threat, yet East-West traffic – laterally moving data – and encrypted traffic can be incredibly dangerous in the hybrid cloud world. We’ve seen previous reports that highlight the vast quantity of malware that hides behind encryption. Considering over 50 percent of global CISOs are kept up at night by the thought of unexpected blind spots being exploited, there’s seemingly not enough action being taken to remediate critical visibility gaps.”

Deep Observability Facilitates the Zero Trust Journey

The Gigamon report on Hybrid Cloud Security trends points to Zero Trust as another IT and Security leader priority. In fact, there’s an upward trend of how often this security framework is discussed at a board level; 87 percent of global respondents say Zero Trust is spoken about openly by the Board, a 29 percent increase compared to findings from 2022.

Yet while half of all respondents to this year’s survey stated that Zero Trust is crucial to boosting confidence levels that their organization is secure, the reality is that many teams simply do not have the visibility to enable it. The UK (39 percent), the US (42 percent), and Australia (41 percent) are leading the market when it comes to achieving visibility to enable this framework, while France (26 percent), Germany (29 percent), and Singapore (25 percent) all fall behind. Uncertainty about the reality of Zero Trust is high in France and Singapore in particular and all global respondents are recognizing the value of deep observability – the addition of real-time, network-derived intelligence to amplify the power of metric, event, log, and trace-based (MELT) security and observability tools – for building a foundation for Zero Trust. 97 percent also believe deep observability is an important element of cloud security – a rise of 8 percent from last year.

Mark Jow, EMEA CTO at Gigamon concludes, “Zero Trust is still very much a ‘work in progress’ for organizations around the globe, but it’s positive to see that at least half of the IT and Security leaders we surveyed view it as crucial to boosting security posture and even more positive to see them recognize the value of visibility. Deep observability and going beyond traditional MELT approaches is crucial if organizations are to advance successfully on their Zero Trust journeys, securing their hybrid cloud infrastructure and eradicating the critical visibility gaps that are clearly causing headaches and restless nights.”

About Gigamon

Gigamon® offers a deep observability pipeline that harnesses actionable network-derived intelligence to amplify the power of observability tools. This powerful combination helps enable IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructure. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, 9 of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit www.gigamon.com.

© 2023 Gigamon. All rights reserved. Gigamon and the Gigamon logo are trademarks of Gigamon in the United States and/or other countries. Gigamon trademarks can be found at www.gigamon.com/legal-trademarks. All other trademarks are the property of their respective owners.

1Password Launches Unlock with Single Sign-On for OIDC-Supported Identity Providers

Enterprises can now integrate 1Password with Duo, OneLogin, JumpCloud, Ping Identity, and more

TORONTO, June 28, 2023 – 1Password, the leader in human-centric security and privacy, today announced the availability of Unlock with Single Sign-On (SSO) for additional identity providers with the new generic OpenID Connect (OIDC) configuration for 1Password Business. Business customers can now integrate 1Password with more identity providers like Duo, OneLogin, JumpCloud, and Ping Identity, to strengthen their existing security infrastructure, enforce stronger and auditable security policies from their identity provider, and allow employees to easily access their passwords and sensitive information.

“While the single sign-on provider protects logins for approved apps that are specifically added to them, 1Password protects virtually everything else,” said Steve Won, chief product officer at 1Password. “Making the easy thing the secure thing is at the core of everything we do, and unlocking 1Password with SSO benefits IT teams, employees, and businesses in that regard. Enterprises can continue to secure their employees, no matter how they need to sign in.”

The OIDC identity protocol is a modern, secure identity layer built on top of the OAuth 2.0 protocol. It is simpler, more flexible, and includes support for native and mobile applications. Building a generic OIDC configuration has allowed 1Password to offer secure support for many providers at once using the same underlying zero-knowledge architecture, encryption, and trusted device model as Unlock with Okta and Azure AD.

  • Unlock 1Password with your SSO identity provider: Vaults can now be unlocked with a single click via SSO, with zero-knowledge architecture and end-to-end encryption.

  • Set fine-grained permissions and customizable access controls: Pair 1Password with existing identity and access management (IAM) infrastructure to simplify adoption, enable secure sharing, and strengthen auditing, compliance, and reporting workflows.

  • Easy, secure access to passwords and sensitive information: 1Password’s integration with additional identity providers allows employees to authenticate 1Password without an account password and access their vaults in a single click.

“Unlocking 1Password with single sign-on has been a game changer for our organization. We pride ourselves on maximizing security and minimizing friction for our users, and with this capability, we’ve accomplished both of these goals,” Jason Waits, CISO at Inductive Automation. “By eliminating the need to remember a separate password for 1Password, we’ve made it easier for our employees to access their accounts so they can get their jobs done without compromising security. Streamlining the login process is a win for both the security team and our employees.”

The news comes on the heels of Unlock with Okta and Azure earlier this year. Effective today, 1Password Business customers can unlock 1Password with identity providers that support generic OpenID Connect. For more information, visit our website.

About 1Password

1Password’s human-centric security keeps people safe at work and at home. Our solution is built from the ground up to enable anyone – no matter their level of technical proficiency – to navigate the digital world without fear or friction. The company’s award-winning security platform is reshaping the future of authentication, including passwordless. 1Password is trusted by over 100,000 businesses such as IBM, Slack, Snowflake, Shopify, and Under Armour and protects the most sensitive information of millions of individuals and families across the globe. The company’s ultimate goal is to help consumers and businesses get more done in less time – with security and privacy as a given. Learn more at 1Password.com.

 

 

Defense Information Systems Agency Awards SandboxAQ Other Transaction Authority Agreement for Prototype to Provide Quantum-Resistant Cryptography Solutions

Building on its contracts with the U.S. Air Force and other U.S. Government agencies, SandboxAQ delivers secure systems to bolster national defense

Palo Alto, Calif. – June 27, 2023 –SandboxAQ, an enterprise SaaS company delivering AI and Quantum (AQ) technology to governments and the Global 1000, today announced it has been awarded the Prototype Quantum Resistant Cryptography Public Key Infrastructure Other Transaction Authority Agreement by the U.S. Defense Information Systems Agency (DISA). DISA, which provides a globally accessible enterprise IT infrastructure in direct support to joint warfighters, national-level leaders, and other mission and coalition partners, selected SandboxAQ from a pool of vendors after a three-phase process.

The SandboxAQ Security Suite enables agile cryptography to protect sensitive data from cyber-attacks both today and in the future, including the application of cryptographic protocols that are resistant to decryption by quantum computers. The suite, which is developed by a world-class team of cryptography and software experts, enables cryptographic inventory, policy enforcement, and remediation.

To deliver on this program, SandboxAQ selected Microsoft, which will provide the DevSecOps platform, and global systems integrator Deloitte & Touche LLP for their respective software and services capabilities.

Deloitte US has worked with DISA for multiple years and provides industry-leading services, including broad cryptographic integration and implementation, across the federal government.

Microsoft, a Gartner leader in hybrid technology deployments, has extensive implementation experience in DISA on-premise and cloud environments.

“SandboxAQ is proud to deliver our enterprise security software to DISA,” said SandboxAQ CEO Jack Hidary. “We are excited to provide capabilities that can assist in a more secure national defense. SandboxAQ and our subcontractors will implement an approach that can be applied across the U.S. Government.”

SandboxAQ and its subcontractors have been extensively involved in the national effort to prepare U.S. Government IT systems for a quantum future. SandboxAQ and Microsoft were both selected in 2022 by the National Institute of Standards and Technology’s National Cybersecurity Center of Excellence as technology collaborators to provide approaches for migration to post-quantum cryptography.

“As part of the prototype OTA agreement, SandboxAQ’s unique focus on cryptographic agility could enable U.S. government customers to automatically and seamlessly protect their IT infrastructures from both current cyber threats as well as future threats such as those posed by quantum computers,” said Jen Sovada, Global Public Sector President at SandboxAQ in regards to the prototype OTA agreement. “This first-of-its-kind program offers a pathway to protect DISA networks and data through follow-on deployments to wider architectures.”

About SandboxAQ

SandboxAQ is an enterprise SaaS company providing solutions at the nexus of AI and Quantum technology (AQ) to address some of the world’s greatest challenges. The company’s core team and inspiration formed at Alphabet Inc., emerging as an independent, growth-capital-backed company in 2022. For more information, visit https://www.sandboxaq.com.

Email Impersonation Attacks Reach All-Time High According to Latest Report from Fortra

Email impersonation makes up nearly 99% of reported threats as social engineering proves most effective at deceiving end users and security tools

Malicious emails have reached a crescendo in 2023 according to the latest report from cybersecurity software and services provider Fortra. Email impersonation threats such as BEC currently make up nearly 99% of threats, and of those 99% of threats observed in corporate inboxes are response-based or credential theft attacks. Email impersonation threats are proving to be the most difficult to block as social engineering helps cybercriminals successfully deceive both end users and the security tools designed to protect them.

Other key findings from the research compiled by Fortra’s email security group, which includes Agari, Clearswift and PhishLabs, reveal:

  • More than 60% of email threats impersonated a well-known brand name such as Microsoft or Google.
  • 36% of email display names are altered to a more granular level and pose as specific individuals.
  • Google is the most abused email platform (67.5% of recorded attacks in 2023), with Microsoft following close behind (18.3%).
  • BEC actors are moving toward intercepting payments. Instead of asking for an explicit amount, attackers ask for an unspecified sum owed
  • Office 365 phishing attack volumes have doubled since Q4 2022
  • The fundamentals of BEC attacks remain largely the same, but optimized tactics are improving success rates
  • Generative AI is trending among cybercriminals. ChatGPT, and other such language models, are giving criminals the tools to craft well-written messages at scale and avoid the poor spelling and grammar that frequently mark phishing attacks.

John Wilson, Senior Fellow, Threat Research at Fortra states, “It isn’t hard to find someone who has fallen victim to email impersonation attacks. Social engineering combined with advancing technology such as generative AI has made attacks more advanced and harder to spot. Organizations must rethink how to defend against such threats. For instance, consider if your security awareness training explores enough of current impersonation techniques, as well as how applying algorithms through machine learning can help to detect anomalies and patterns in order to accurately detect signatureless email threats at scale.”

 

 

ThriveDX and CyberProof Team Up to Quickly Fill Cybersecurity Positions –
Proving the Value of Combining a Cyber Academy with Corporate Partnerships to Solve the Cyber Talent Shortage

MIAMI, FL – June 27, 2023 –  ThriveDX, the leader in cybersecurity and digital skills training, today announced the successful launch of the Cyber Academy to place cybersecurity analysts at its partner CyberProof, a UST company that provides enterprises with expert managed detection and response services. Following the first successful round of training, twelve graduates from ThriveDX’s Cyber Academy are now working as SOC Tier 1 analysts, leveraging their collective knowledge, skills and collaborative work approach to handle complex cybersecurity challenges efficiently.

This model allowed CyberProof to quickly fill open positions with highly motivated, qualified and diverse candidates, while providing academy graduates with valuable real-world experience. The successful collaboration further proves the value of launching Cyber Academies with comprehensive bootcamp programs in partnership with employers to solve the growing cyber talent shortage.

“Partnering with ThriveDX has brought additional diversity into our talent acquisition strategy. The Cyber Academy graduates have seamlessly integrated into our organization, bringing with them a strong foundation in cybersecurity,” said Moran Alterzon Avisar, Israel Human Resources Business Partner Manager at CyberProof.

ThriveDX’s Cyber Academy offers trainees access to more than 1,000 hours of immersive learning and hands-on educational experience, ensuring they are properly prepared for real-world cybersecurity challenges. The courses are designed by industry experts and provide candidates with knowledge, skills and capabilities in a variety of subjects including network administration, incident handling, forensics, ethical hacking, threat intelligence, malware analysis and more. Through its corporate and government partnerships, ThriveDX helps to position candidates in open roles, building a new, highly skilled cybersecurity workforce. With an estimated cyber talent gap of nearly 3.5 million worldwide, partnerships such as this one with CyberProof are becoming critical to helping companies stay secure.

“Seeing our graduates thrive at CyberProof reinforces the effectiveness of our Cyber Academy approach. It’s a testament to their dedication and the strong foundation they received through the program,” said Rotem Green, Head of Projects at ThriveDX Enterprise.

ThriveDX’s adaptive training programs are continuously updated with new content on a weekly basis to address real-world threats. The enterprise suite offers relevant cyber training for every position in the organization, including application security and secure-code training for developers and engineers, security awareness and phishing simulators for the entire workforce, and specialized executive training.

“The graduates from ThriveDX have exceeded our expectations. Their skills, enthusiasm, and dedication have been invaluable to our team,” said Roee Laufer, Head of Global Security Operations at CyberProof. “They have brought fresh perspectives and innovative ideas, and we are excited to continue our partnership and support their career growth.”

For more information and to learn more about the services offered by both ThriveDX and CyberProof. please visit thrivedx.com and cyberproof.com.

###

About ThriveDX

ThriveDX is the global leader in cybersecurity training and workforce development, solving the cyber talent shortage and skills gap, by reskilling the workforce and upskilling the industry. We provide end-to-end human factor security solutions, including professional cybersecurity bootcamps, phishing and awareness simulations, application security training and beyond. We collaborate with top-tier academic institutions, enterprises, and government agencies to serve millions of learners and thousands of organizations globally. The ThriveDX team is composed of military-trained cyber experts, industry veterans, and seasoned educators united in the mission to close the worldwide skills and talent gap in cybersecurity, and encourage diversity, equity and inclusion across industries. For more information, visit https://thrivedx.com.

About CyberProof

CyberProof, a UST company, helps our clients transform their security to a cost-effective, cloud-native technology architecture. Our next-generation Managed Detection & Response (MDR) service is built to support large, complex enterprises by combining expert human and virtual analysts. Our services are enabled by our purpose-built platform, the CyberProof Defense Center – enabling us to be more agile, collaborate better, and deliver powerful analytics. Our integrated security services include Threat Intelligence, Threat Hunting, and Vulnerability Management. Our experts innovate to meet our clients’ needs with custom use cases, integrations, and automations. For more information, visit www.cyberproof.com.

NINJIO SENSE behavioral science training offers next gen CSAT by solving for emotional vulnerabilities

Award winning cybersecurity awareness training company offers personalized, data-driven solutions that focus on changing behavior

LOS ANGELES, CA (June 20, 2023) — NINJIO, an award-winning cybersecurity awareness training (CSAT) industry leader, announces the official launch of NINJIO SENSE— the company’s latest solution rooted in personalized learning and behavioral science. At a time when cyberattacks are on the rise and roughly 82% of all breaches involve human error, enterprise cyber defense requires an ever-evolving set of tools that educate employees, while helping them develop instincts to spot potential threats.

NINJIO SENSE is the next generation solution for companies that want to create a culture of cybersecurity at every level of their organization, based on how humans behave. The current comprehensive solution includes NINJIO AWARE attack vector training, consistently named Gartner’s “Customer’s Choice” for the CSAT category; and NINJIO PHISH3D, a simulated phish testing and data analysis tool used by hundreds of private and public companies worldwide, and government agencies including the Department of Homeland Security. SENSE rounds out the current offerings by focusing on specific emotions that drive employee decision-making, then deploys personalized training based on the NINJIO Risk Algorithm™. The result is robust, intuition-based, behavioral science training.

NINJIO SENSE derives its personalization data from hundreds of thousands of simulated phishing results across industries and identifies seven human needs and emotions that drive an employee’s threat response: Curiosity, Fear, Craving, Obedience, Opportunity, Social, and Urgency.

“NINJIO has long recognized that the ability to sustainably change human behavior is at the root of cybersecurity,” said Dr. Shaun McAlmont, CEO of NINJIO. “That’s why we have an expanding library of timely and engaging CSAT episodes – to teach employees how to become unhackable. It’s also why we’re excited about the next stage of our development, which will fuse the PHISH3D solution with the NINJIO Risk Algorithm™ to identify vulnerabilities and deliver relevant SENSE episodes to employees.

NINJIO’s comprehensive cybersecurity awareness platform will continue to provide relevant and engaging microlearning episodes that focus on the most urgent attack vectors, highlight real-world breaches, and ensure that employees retain what they learn. This content will be combined with advanced simulated phishing tests to evaluate each employee’s susceptibility to cyberattacks and collect data for the NINJIO Risk Algorithm™. The algorithm will also use data from employee reporting and quizzes to develop an organization-wide risk profile.

“Companies shouldn’t be satisfied with the mere existence of such a program,” adds Dr. McAlmont. “CSAT has to be capable of reliably securing sustainable behavioral change, and cybersecurity awareness isn’t just about checking a box. Rather, the focus should be on building a culture of cybersecurity in which secure behavior is second nature for everyone in the organization.”

About NINJIO

NINJIO is a cybersecurity awareness training company that provides an extensive library of engaging and personalized educational content designed to make employees unhackable. Each NINJIO episode focuses on a specific attack vector and uses real-world examples to demonstrate how employees can identify and repel cyberattacks. The NINJIO platform uses individual data on each employee’s personality traits, learning styles, and vulnerabilities to help companies drive sustainable behavioral change.

Guardz Launches AI-Powered Multilayered Phishing Protection To Secure SMEs

With more than 3 billion phishing emails sent every day, Guardz protects SMEs from the increased risk of this growing attack vector

[TEL AVIV, Israel, June 8, 2023]Guardz, the cybersecurity company securing and insuring SMEs, today announced a new AI-powered Multilayered Phishing Protection solution to help small and medium-sized enterprises (SMEs) and managed service providers (MSPs) prevent phishing attacks before their security is compromised. The hassle-free and cost effective solution uses AI to provide small businesses and the MSPs that support them with automatic detection and remediation capabilities to protect against phishing attacks – the number one threat they face. By combining email security, web browsing protection, perimeter posture, and awareness culture in one native solution, businesses can now efficiently safeguard against phishing threats, bolstering resilience and future-proofing their systems.

Ninety percent of all cyber attacks are initiated with phishing, which relies on social engineering to prey on human nature. Cybercriminals attempt to obtain sensitive information such as usernames, passwords, and credit card details by tricking recipients clicking on malicious links or providing personal information, which can then be used for identity theft, ransomware attacks, or other malicious activities. These attacks can result in data breaches, financial loss, and reputational damage to small businesses and even compromise the security of a business’s entire network, leading to the exposure of further confidential information.

Guardz’s new Multilayered Phishing Protection: continuously scans for all inbound traffic with its advanced anti-phishing email protection solution; initiates detection through AI-powered anti-phishing and anti-malware engines; removes risky emails from users’ inboxes and automatically sends them to quarantine; monitors internet browsing to detect potential phishing attempts and delivers real-time alerts to system admins to enable timely responses; and provides ongoing, active cyber awareness training and tailored phishing simulations for employees, fostering a culture of caution and vigilance. Perhaps most importantly when dealing with phishing, the Guardz solution empowers every employee to behave in ways that support and strengthen the business’s cybersecurity posture.

“The proliferation of phishing attack as a service (AaaS) tools sold on the dark web is putting the SME ecosystem increasingly at risk. Our new AI-powered phishing protection solution provides SMEs and MSPs with a holistic and accessible solution to prevent the success of phishing attacks,” said Dor Eisner, CEO and Co-Founder of Guardz. “This is a significant addition to Guardz’s holistic cyber security offering for small businesses, ensuring that they can react to cyber risks in real time with swift remediations, but also be protected by cyber insurance for complete peace of mind – a true secure and insure approach.”

The Multilayered Phishing Protection enables MSPs to provide their SME customers complete protection across all potential phishing attack vectors. It does so by automatically scanning the perimeter posture, inbound email traffic and internet browsing, and by providing ongoing, tailored cyber awareness training and simulation for employees. The platform automatically verifies emails for authentication protocols including Domain-based Message Authentication, Reporting and Conformance (DMARC), Sender Policy Framework (SPF) and checks for malicious forwarding rules.

The new Multilayered Phishing Protection solution is available now from Guardz. For further details, please visit Guardz’s website: https://guardz.com/phishing-protection/

About Guardz

Guardz is a holistic cyber security and insurance solution designed for SMEs. Guardz’s solution continuously monitors businesses’ digital landscapes to protect their entire range of assets, enables them to react to cyber risks in real time with swift remediations, and provides cyber insurance for peace of mind. Its all-in-one, affordable platform is on guard 24/7, and is easy to use for both in-house IT personnel and MSPs. With cutting-edge technologies stacked into a robust platform, Guardz was founded in 2022 by Dor Eisner and Alon Lavi along with a team of cyber and insurance experts who combine innovation, experience, and creativity to create a safer digital world for small businesses.

 

 

Network Perception Supercharges OT Security Analysis With Enhanced Platform That Delivers Next-Generation Performance

The new release of the NP-View platform introduces greater path analysis scale and speed

CHICAGO– , innovators of operational technology (OT) solutions which protect mission-critical assets, today introduced its next-generation NP-View platform, providing improved scalability and throughput, making OT network path analysis and reporting faster and more comprehensive than ever before.

“The release of NP-View 4.2 brings together all of the things that OT network owners and operators demand to quickly identify potential threats to their environment. Identifying and understanding potential security risks is the first step in combating them, so this enhanced level of visibility is paramount.”

The new NP-View platform, version 4.2, powered by a second-generation path analysis algorithm, offers significant performance improvements, including faster loading of access rules and object groups reports. OT network auditors now have much greater visibility into rule review, and therefore greater context for organizational rulesets, and the ability to analyze networks more quickly.

NP-View also offers enhanced parsing capabilities for configuration files with a large number of access rules (10,000+ per device) and object groups (30,000+ per device). Improved parallel processing performance reduces large file analysis to less than one hour.

Higher performing tables are now capable of supporting tens of thousands of rows and cells in a single view, significantly decreasing the time it takes to analyze networks. Users and auditors are also empowered to apply and verify justifications to rules directly within the table, enabling seamless collaboration and enhanced workflow transparency.

Object content lookup is another cutting-edge functionality introduced as part of NP-View’s upgraded tables, giving users a comprehensive list of contents for each object group, with links to each node for instant topology navigation. This seamless integration of tables and topology empowers users to effortlessly access the desired information and make data-driven decisions with speed and precision.

Building on its path analysis and topology navigation improvements, NP-View also introduces external path analysis. By leveraging advanced algorithms and topology inference techniques, the system intelligently identifies and maps external nodes, providing a comprehensive view of network connections and their associated risks.

“Our team is continuously working to further improve parallel processing throughput, scale external path analysis, enhance path analysis reporting, and upgrade underlying technology libraries for optimal system performance,” said Robin Berthier, co-founder and CEO of Network Perception. “The release of NP-View 4.2 brings together all of the things that OT network owners and operators demand to quickly identify potential threats to their environment. Identifying and understanding potential security risks is the first step in combating them, so this enhanced level of visibility is paramount.”

About Network Perception

Since 2014, Network Perception has set the standard for best-in-class OT network cybersecurity audit and compliance solutions. Network Perception’s technology platform and products range in functionality from essential network auditing technology to continuous and proactive assessment of OT network vulnerabilities. With intuitive, mapping-centric visualization and independent verification for network segmentation, Network Perception is securing the connected infrastructure that runs the world.

For more information visit network-perception.com.

 

 

New global cybersecurity institute to harness the potential of Cyberspace

  • The newly established Global Cybersecurity Forum Institute will address systemic challenges and unlock the many opportunities presented by Cyberspace

  • It will serve as a space where the world’s key cybersecurity stakeholders will collaborate and advance dialogue and action

RIYADH, 7 June 2023: A new global institute has been established in Riyadh, Saudi Arabia by Royal Decree, in response to the rapid development and continuing evolution of Cyberspace, coupled with the radical changes and transformation it has triggered across all areas of society.

Aiming to unite global action around the shared principles and values, the GCF Institute will tackle the most challenging cybersecurity issues facing governments, businesses, and individuals. It will be a catalyst for the exchange of ideas, driving thought leadership and developing research to inform policy solutions and action. In addition, it will also facilitate international projects and partnerships to strengthen existing efforts on key initiatives.

The GCF Institute will serve as a platform to advance stability, security, and prosperity of Cyberspace by catalyzing socioeconomic change, pushing knowledge boundaries, and uniting global champions. Its objective is to pioneer global initiatives that will maximize the benefits of Cyberspace and build resilience through dialogue, investment, research, and innovation.

​Headquartered in Riyadh, the GCF Institute will be guided by an international Board of Trustees, tasked with the responsibility of safeguarding the institution’s sustainability and independence. In addition, the institute will have an Advisory Council, composed of international experts carefully drawn from the highest echelons of government, academia, think tanks, and private sector.

Given the inherently integrated and pervasive nature of Cyberspace, its safe and secure development is a shared global responsibility. The ongoing dialogue among key global cybersecurity stakeholders has underscored the need for a new entity that can provide an action-oriented platform, designed to develop solutions to the most pressing issues in Cyberspace. With the launch of the GCF Institute, the global community will be able to count on a new instrument to complement existing efforts and harness the potential of Cyberspace.

Through the Institute, the annual Global Cybersecurity Forum will continue to convene experts and decision-makers from around the world to meet and discuss protecting the most vulnerable in Cyberspace, while maximizing its benefits for everyone.

RSA Conference Concludes 32nd Annual Event by Convening Strong Cyber Community and Experts Together

San Francisco, CA – RSA Conference™, the world’s leading cybersecurity conferences and expositions, today concluded its 32nd annual event at the Moscone Center in San Francisco. The year’s event attracted over 40,000 attendees, including 650+ speakers, 500+ exhibitors and 500+ members of the media. Throughout the week, attendees networked on the expo floor and participated in keynote presentations, track sessions, tutorials, seminars and special networking events.Several of the most pressing topics discussed during this year’s Conference included issues surrounding intelligence and threat modeling, the changing face of ransomware and malware, challenges and opportunities presented by generative AI and the wide-reaching impact of open source.The enthusiasm and buzz felt in and around RSA Conference all week was palpable as we welcomed our community to San Francisco. Gathering the world’s most efficient and innovative cybersecurity problem solvers to tackle current and future threats remains critical,” said Linda Gray Martin, Senior Vice President, RSA Conference. “Our commitment to providing a year-round platform for the community to engage, learn and access content remains stronger than ever. Whether it’s online through RSAC 365 or at in-person events, we look forward to continuing the important conversations we’ve had this week throughout the rest of the year.”RSA Conference 2023 highlights include:
  • 33 keynote presentations on two stages. West Stage keynotes featured sponsor keynotes, panels and esteemed guest speakers while South Stage brought highly coveted, in-depth sessions from industry experts on a range of topics.
  • 650+ speakers across 350+ sessions and nearly 550 exhibitors on the expo floors.
  • Key session and seminar presentations included:
  • Security as Part of Responsible AI: At Home or At Odds? – Rumman Chowdury, Founder, Bias Buccaneers; Ram Shankar Siva Kumar, Data Cowboy, Microsoft; Harvard (Moderator); Daniel Rohrer, VP of Software Product Security, NVIDIA; Vijay Bolina, CISO, Deep Mind
  • The Cryptographers’ Panel – Whitfield Diffie, Cryptographer and Security Expert, Cryptomathic (Moderator); Clifford Cocks, Former Chief Mathematician, Government Communications Headquarters, United Kingdom; Anne Dames, Distinguished Engineer, IBM Security; Radia Perlman, Fellow, Dell Technologies; Adi Shamir, Borman Professor of Computer Science, The Weizmann Institute, Israel
  • Five Most Dangerous New Attach Techniques – Heather Mahalik, DFIR Curriculum Lead, SANS Institute and Senior Director of Digital Intelligence, Cellebrite; Steven Sims, Offensive Operations Curriculum Lead and Fellow, SANS Institute; Katie Nickels, Certified Instructor and Director of Intelligence, SANS Institute and Red Canary; Johannes Ullrich, Ph.D., Dean of Research, SANS Institute; and Ed Skoudis, President, SANS Institute (Moderator)
  • Hugh Thompson Show: Quantum Edition – Shohini Ghose, Professor of Physics and Computing, Wilfrid Laurier University; Paul Kocher, Independent Researcher and Cryptographer; Christopher Lloyd, Actor; and Hugh Thompson, Program Committee Chair, RSA Conference (Moderator)

RSA Conference 2024 will take place May 6-9, 2024, in San Francisco at the Moscone Center.

RSAC EXHIBITOR AND PARTNER QUOTES:

“The incredible turnout this year shows that as today’s cyber threats grow more sophisticated and pervasive, RSA Conference stands as the premiere event to bring our adversary-focused approach to stopping breaches to this massive audience of security professionals. From our headline keynote to CEO & Co-Founder George Kurtz’s live interview on site with Bloomberg Business to CrowdStrike’s packed booth, our presence pulsed through the conference this week, creating invaluable opportunities to engage with the community and connect with attendees.”

– Pamela Corcoran, Senior Director, Global Events at CrowdStrike

“RSA Conference is one of the premiere cyber events in the nation and I love to come here every year to catch up with old friends, meet new ones, connect with the media and learn so much from my peers in the industry. The RSAC community shares WiCyS’ passion for diversifying cybersecurity, and the conference is a great opportunity to convene talented professionals dedicated to making the industry more inclusive. We are honored to share our resources at such an important event as we all work toward a common goal.”

– Lynn Dohm, Executive Director at Women in Cybersecurity (WiCys)

About RSA Conference
RSA Conference™ is the premier series of global events and year-round learning for the cybersecurity community. RSAC is where the security industry converges to discuss current and future concerns and have access to the experts, unbiased content and ideas that help enable individuals and companies advance their cybersecurity posture and build stronger and smarter teams. Both in-person and online, RSAC brings the cybersecurity industry together and empowers the collective “we” to stand against cyberthreats around the world. RSAC is the ultimate marketplace for the latest technologies and hands-on educational opportunities that help industry professionals discover how to make their companies more secure while showcasing the most enterprising, influential and thought-provoking thinkers and leaders in cybersecurity today. For the most up-to-date news pertaining to the cybersecurity industry visit www.rsaconference.com. Where the world talks security.

Contact
Ben Waring
Director, Global PR & Communications
RSA Conference
[email protected]

 

Reciprocity Transforms to RiskOptics, Delivers Contextual Risk Management to Fulfill the Promise of GRC

 Company unveils the next generation of its ROAR platform including features to quantify the financial impact of risk and automate workflows

 San Francisco – March 28, 2023 – Reciprocity, a leader in information security risk and compliance, today announced that it will be rebranding to RiskOptics to usher in a new era of cyber risk management dedicated to helping Chief Information Security Officers (CISOs) and their organizations turn risk into a strategic business asset. To mark this new chapter, the company also launched the next generation of its Risk Observation, Assessment and Remediation (ROAR) Platform, an offering that provides organizations with a game-changing level of risk insight in the context of business initiatives.

RiskOptics: The Brand Driving Proactive Risk Management

Companies have undergone extreme digital transformations in the last few years and are now more reliant than ever on third party vendors. Unfortunately, according to a February 2023 report by SecurityScorecard and Cyentia Institute, 98.3% of organizations have a relationship with at least one third party that has experienced a breach in the last two years. Meanwhile, IT teams are understaffed and being stretched thin – especially in cybersecurity, where there’s an estimated workforce gap of 3.4 million people. This talent shortage is becoming more prevalent as data and privacy regulations increase and change at every level of government, making cybersecurity a critical topic in boardroom discussions. Yet, despite these shifts, business leaders still don’t understand what cyber risk is and how it impacts everything a company does – or that it could be used as a strategic asset and core business differentiator.

This is the reason Reciprocity was founded in 2009: to challenge those in charge of Governance, Risk and Compliance (GRC) to move beyond compliance-based practices and embrace a more proactive approach to monitoring for risk. In its next chapter as RiskOptics, the company will further that commitment by empowering CISOs and their teams to see risk differently, effectively communicate that risk and leverage it to make strategic business decisions.

“Business leaders don’t readily understand or easily digest complex risk registers or scores. They care more about how they can expand and grow their businesses, and the CISOs’ role is to communicate the risk associated with those initiatives and how to mitigate it in terms leaders will understand,” said Michael Maggio, CEO and Chief Product Officer at RiskOptics. “As RiskOptics, we’re empowering CISOs with a platform that can connect the dots between the essential people, processes and technology to reveal unseen risk and break down silos. Think about how easy it is to do your taxes with an online platform like TurboTax – the software asks you what changed, and it tells you the steps you need to take accordingly. That’s how easy it should be for companies to identify risk in relation to business activity, and that’s what RiskOptics will do for businesses.”

ROAR: A Next Generation Platform to Solve Advanced Cyber Risk Challenges

Key to fulfilling this vision lies within the next generation of the ROAR platform. ROAR, launched in March 2022, is designed to give companies a unified, real-time view of risk and compliance. ROAR allows security leaders to quickly understand, quantify and convey the impact of risk on the business aspects they care about the most. The platform delivers a unified view of risk and compliance – framed around specific business priorities – so that CISOs and other security leaders can get ahead of risk by monitoring control effectiveness and getting instantly updated risk scores. When leaders can understand risk within the context of their business initiatives, they can then use that knowledge to inform next steps and enable strategic decision making.

According to The State Of Enterprise Risk Management, 2022 by Forrester Research, “Critical global events – from pandemic to war – reinforce the dynamic and consequential nature of risk. Yet ironically, for firms to innovate, differentiate, and capitalize on new opportunities, they will need to increase their risk-taking capability. To ensure they take on the right risks that balance revenue and reputation, ERM plays a critical role in helping navigate risk to steer their businesses through the changing dynamics, expectations, and requirements. Those firms that elevate their ERM program with the leadership at the right organizational level and right-sized budget are able to drive faster, better strategic decisions.”

To further extend the power and value of its ROAR platform, RiskOptics added increased capabilities designed to easily share the value of risk programs, streamline audit and compliance tasks and ensure controls are always up to date. Specifically, with this latest version, users will be able to:

  • Communicate the Impact of Risk on Business Priorities – With ROAR, security leaders can quantify the financial impact of risk based on what a business really cares about – such as expanding to a new geographic market or launching an industry-specific product line – eliminating the reliance on risk scores that business leaders may not understand and translating it to what they do: dollars and cents.
  • Automate Tedious, Time-Intensive Processes – ROAR gives infosec teams valuable time back with continuous compliance and framework monitoring that automatically collects evidence, assesses control effectiveness and checks for unexpected changes, ensuring organizations stay in compliance at all times. Likewise, in the next generation of the platform, users can reuse controls and evidence across frameworks to reduce complexity and eliminate audit fatigue.
  • Reduce Risk by Strengthening Compliance ROAR allows users to see how compliance is impacting risk postures using expert provided inherent and target risk scores to get a baseline risk assessment so they can prioritize and focus on areas of high risk to strengthen compliance and reduce organizational risk. The platform makes it easy to scale compliance programs throughout the organization by connecting requirements, controls and risks to maximize efficiency and automatically mapping new frameworks to existing controls. Evidence collection, control testing and the creation of tickets to address gaps and issues are all automated in ROAR.
  • Integrate with Existing Tech Infrastructure – Integrations with AWS, Azure, Salesforce, Jira, GCP, GitHub and others – with more on the way – automate evidence gathering and assessment, as well as streamline tasks and workflows, so that infosec teams can focus instead on value-added tasks.

“Having the right GRC platform means that we can take a proactive, data driven approach to risk and compliance without having to rely on overly complicated tools or manual processes,” said Jo-Ann Smith, Chief Information Security Officer & Privacy Officer, Long View Systems. “With the RiskOptics ROAR Platform we can take a more strategic, data-driven approach to seeing, understanding and mitigating risk. With visibility into the organization’s overall risk posture, we have a relevant and current view in support of decisions and future investments. With ROAR, our Board of Directors will have real-time visibility and access to information about our security, risk and compliance programs which is critical to making business decisions.”

To get an overview of these and other key features of ROAR, join this webinar on Wednesday, April 19 at 1:30 pm ET. To learn more about RiskOptics, visit www.riskoptics.com.

About RiskOptics

RiskOptics is the leader in IT risk management solutions, empowering organizations to convert risk into a strategic business advantage. The fully integrated and automated RiskOptics ROAR Platform provides a unified, real-time view of risk and compliance framed around business priorities, enabling CISOs and InfoSec teams to take a proactive approach to risk management. RiskOptics customers are able to quantify the impact of risk on their business, communicate that impact to key stakeholders and mitigate expensive data breaches, system failures, lost opportunities and vulnerabilities across their own and third-party data while adhering to compliance requirements.

To learn more about how to make smarter, risk-based business decisions, visit www.riskoptics.com or follow us on Twitter and LinkedIn.

 Contact:

Amanda Maguire

[email protected]

 

 

RSAC Innovation Sandbox and Launch Pad 2023 Contests Now Accepting Submissions

Boston, MA –  –RSA Conference™, the world’s leading information security conferences and expositions, today announced that submissions for the eighteenth annual RSAC Innovation Sandbox Contest are now open.Since 2005, the most promising young companies in cybersecurity have taken the RSAC™ Innovation Sandbox Contest stage to compete for the title of “Most Innovative Startup.” The competition is widely recognized as a springboard for startups, with the contest’s top 10 finalists collectively seeing more than 75 acquisitions and receiving over $12.5billion in investments over the past 18 years. Additionally, two previous RSAC Innovation Sandbox finalists have completed IPOs in the last two years: ISB 2015 Finalist SentinelOne and ISB 2012 Finalist SumoLogic. More than 170 companies have participated in the Contest; previous winners have included Imperva, Axonius, Apiiro, and most recently, Talon Cyber Security.Qualifying startups interested in participating in the RSAC Innovation Sandbox Contest are invited to submit entries online no later than 8 p.m. PT on Friday, February 10, 2023. The top 10 finalists will be announced in March. Terms and conditions can be found here.

“Having a vibrant startup community is key to continued innovation in cybersecurity and each year, RSA Conference showcases the best and brightest driving the industry forward,” said Christopher Young, RSAC Innovation Sandbox judge and EVP of Business Development, Strategy and Ventures at Microsoft. “The RSAC Innovation Sandbox competition has served as a catalyst for hundreds of dynamic companies looking to make an impact in this ever-evolving space and I am excited to see the creativity and competition in this year’s lineup.”

RSA Conference 2023 will include a variety of innovation programs, including the RSAC Early Stage Expo, which is dedicated to promising, privately-held startups under five-years old with less than $3 million in revenue. Participating companies can showcase their solutions to the multitudes of attending innovators, decision makers, and investors. RSAC Launch Pad will also be part of the 2023 line up, featuring a fun, high energy session with innovators pitching bold ideas to industry veterans for strategy, advice and community awareness. Details and criteria can be found here with finalists presenting on Tuesday, April 25, 2023.

A summary of the criteria to compete in RSAC Innovation Sandbox Contest include:

  • The product has been in the market for less than one year (launched between December 1, 2021 and December 1, 2022)
  • The product matches an identified problem in the cybersecurity marketplace
  • The product takes an original and sound approach to solving a problem and has the potential to make a significant impact on cybersecurity
  • The product is validated through a client’s beta testing or purchase of product
  • The product can be demonstrated live during the RSAC Innovation Sandbox Contest
  • The company has a management team with a track record of successfully delivering products to market
  • The company is privately held, with less than $5M in revenue in 2022

After the submission period ends on Friday, February 10 at 8 p.m. PT:

  • Entries will be reviewed and ranked by a global panel of judges that include venture capital professionals, CISOs and other outstanding industry experts
  • The top 10 finalists will be notified in March 2023 and invited to present and pitch to a panel of expert judges on Monday, April 24, 2023
  • The top 10 finalists will be recognized on the RSA Conference website with company and product profiles, and will be promoted in other RSA Conference public relations efforts

To stay up to date on the latest information about RSA Conference 2023, taking place in San Francisco from April 24-27, please visit https://www.rsaconference.com/usa.

About RSA Conference
RSA Conference™ is the premier series of global events and year-round learning for the cybersecurity community. RSAC is where the security industry converges to discuss current and future concerns and have access to the experts, unbiased content and ideas that help enable individuals and companies advance their cybersecurity posture and build stronger and smarter teams. Both in-person and online, RSAC brings the cybersecurity industry together and empowers the collective “we” to stand against cyberthreats around the world. RSAC is the ultimate marketplace for the latest technologies and hands-on educational opportunities that help industry professionals discover how to make their companies more secure while showcasing the most enterprising, influential and thought-provoking thinkers and leaders in cybersecurity today. For the most up-to-date news pertaining to the cybersecurity industry visit www.rsaconference.com. Where the world talks security.

Contact
Ben Waring
Director, RSA Conference Global PR & Communications
[email protected]

RSA Conference Closing Keynote to Feature Award-winning Journalist Katie Couric, Cybersecurity Expert Chris Krebs, and Civil Rights Leader Rashad Robinson

Bedford, MA – RSA Conference, the world’s leading information security conferences and expositions, today announces that its closing keynote will feature a dialogue on the urgent mis- and disinformation crisis. Program Committee Chairman Hugh Thompson will be joined by the co-chairs of the Aspen Institute’s Commission on Information Disorder: Read more..

RSA Conference Announces Initial 2022 Keynote Speakers

Bedford, MA – RSA Conference, the world’s leading information security conferences and expositions, today announced its initial line-up of keynote speakers for its upcoming Conference, taking place at the Moscone Center in San Francisco Feb. 7-10, 2022. Speakers include highly decorated Paralympian swimmer Jessica Long, Executive Chairman, Team Rubicon and Chief Executive, Groundswell Jake Wood, Office of the National Cyber Director for the Executive Office of the President of the United States John Inglis, as well as dozens of prominent cybersecurity experts and innovators.. Read more

Cloud Security Summit Africa is Almost Here

The Cloud Security Summit Africa, supported by Cyber Security Experts Association of Nigeria(CSEAN) brings together 250+ IT and Business heads from cross-industry verticals across Africa with an aim to foster discussions around the deep seated challenges, progress needed and tech reforms advised for the African business ecosystem. The summit will provide a platform to gather eager businesses in the African region to learn, network and collaborate with the experts from around the world.. Read more

 

Second CyberAg Symposium Takes Deep Dive into Cybersecurity Issues Affecting Agriculture and Aquaculture

EASTON, MD (March 29, 2021) – To help address the ever-increasing threat of cyberattacks against the U.S. food industry, the second Cyberag Symposium on April 14 will bring together experts from the agriculture and cybersecurity sectors to discuss and discover solutions to security problems. Registration is free and the symposium will be held virtually. Read more

 

MDR Service Provider Proficio Issued Patent for ThreatInsight® Cyber Risk Scoring

CARLSBAD –  March  10, 2021 – Proficio, a managed security services provider (MSSP) delivering managed detection and response (MDR) services, today announced that the United States Patent and Trademark Office (USPTO) has issued the company U.S. Patent No. 10,931,703 for its cyber risk scoring capabilities known as ThreatInsight. Read more

 

HORNE Cyber and Higginbotham Partner To Help Clients Reduce Costs & Lower Risk

Houston, Texas:  HORNE Cyber today announced a new partnership with Higginbotham for Day Two Services®. Higginbotham’s Day Two Services® will help clients identify, qualify and quantify cybersecurity exposures before a breach or other incident occurs. Read more

 

CyberCrimeCon 2020 – A global threat hunting and intelligence conference

Singapore, November 26, 2020 — Group-IB, a global threat hunting and intelligence company, has revealed the results of its yearslong development of proprietary high-tech products for threat hunting and research — Threat Intelligence & Attribution and Threat Hunting Framework. Altogether the solutions represent a new smart cybersecurity ecosystem uniting Group-IB’s patented innovative technologies unveiled by Group-IB at CyberCrimeCon 2020, a global threat hunting and intelligence conference. Read more

 

Automated Hunting and Identification of Threat Actors Now Possible As Cobwebs Launches its Web Investigation Platform to Corporate Security Market

NEW YORK, November 17, 2020 — Market leading web intelligence company Cobwebs Technologies (Cobwebs) has launched the only available, fully automated web investigation platform capable of unified identity resolution to the corporate security market. The law enforcement grade platform’s AI and machine learning (ML)-powered algorithms’ ability to extract targeted intelligence from the web’s big data and deliver trustworthy threat intelligence is unprecedented. Read more

 

OpenText Partners with NINJIO to Enhance Webroot Security Awareness Training for New COVID-19 Reality/a>

Waterloo, ON – July 21, 2020 – OpenText™ (NASDAQ: OTEX), (TSX: OTEX)partnered with NINJIO, a leading cybersecurity education content provider, to expand its security awareness training program for small and medium-sized businesses (SMBs) and managed service providers (MSPs). Read more

 

The virtual event of the year is here! Auto Insurance USA set to define the future of auto insurance

There is no avoiding the impact of Covid-19 and the unprecedented disruption it has caused; the way we live our lives and how we conduct our business. But it will take more than a pandemic for the insurance industry to falter. We know just how tenacious, innovative, and committed the auto insurance community is. Read more

 

Digital Fraudsters Increase Attacks Against Multiple Industries During Pandemic; Use COVID-19 Scams to Target Younger Generations

Chicago, May 13, 2020 — TransUnion (NYSE: TRU) today released its quarterly analysis of global online fraud trends, which found that the telecommunications, e-commerce and financial services industries have been increasingly impacted. From a consumer perspective, TransUnion found Millennials have been most targeted by fraudsters using COVID-19 scams. Read more

 

STANDFIRST:  Accelerate your digital capability to navigate disruption

Even before Covid-19 began its global march, the insurance industry was gearing up for profound change. But as the events of 2020 continue to evolve, there is growing sense of urgency for carriers to accelerate delivery of spot-on solutions for their customers. Read more

 

MobileIron Acquires incapptic Connect to Accelerate App Release Journey for Enterprise Customers

MOUNTAIN VIEW, Calif., April 30, 2020 — MobileIron (NASDAQ:MOBL), the company that introduced the industry’s first mobile-centric, zero trust platform for the enterprise, today announced that it has acquired incapptic Connect, a leader in mobile automation app release software based in Berlin, Germany and Warsaw, Poland, to accelerate the mobile app release journey for enterprise customers. MobileIron’s unified endpoint management (UEM) platform integrates with incapptic Connect software to help customers quickly develop, deploy and secure in-house business apps, resulting in increased productivity and business innovation. Read more

 

Call for Speakers is open for the 3rd annual QuBit Conference Sofia 2020

The call for speakers is open for the seventh annual QuBit Conference Sofia 2020, to be heldon October 29 in Sofia, Bulgaria, with pre-conference workshops on October 28. QuBit is a Cybersecurity Community Event connecting the East and West and offers its delegates as usual excellent speakers, leading edge topics, keynotes, case studies, panel discussionsand popular networking events. Read more

 

AMID COVID-19 CRISIS, CYBERSECURITY EXECUTIVES LOOK TO VIRTUAL SUMMITS FOR INFORMATION, EDUCATION

Los Angeles, CA – March 31, 2020– Data Connectors, representing the largest cybersecurity community in North America, announced today it will hold its first Virtual Cybersecurity Summit. The firm, who has put on physical conferences since 1999, responded quickly to keep scheduled events on track with an immersive, online experience. Read more

 

Axis Security Emerges from Stealth with $17 Million in Funding to Redefine Private Application Access

SAN MATEO, California – March 17, 2020 – Axis Security, the private application access company, today emerged from stealth launching a purpose-built, cloud-native security and analytics platform that offers organizations simple and secure control of private application access.  Built on a zero-trust approach, the Axis Application Access Cloud™ offers a new agentless model that delivers the easiest and safest way to connect users on any device in minutes to private apps without touching the network or the applications. Read more

 

Human skill and expertise singled out as the most important element of a cyber resilience approach by over 40 per cent of respondents in latest Infosecurity Europe poll

Richmond, Surrey, UK, 19 February 2020 –More than 40 per cent of respondents in the latest Twitter poll run by Infosecurity Europe, Europe’s number one information security event, singled out human skill and expertise as the most important element of a successful cyber resilience approach. The aim of the poll was to explore the importance of resilience in cybersecurity, that is the ability of an organisation and its cybersecurity professionals to prepare, respond, and recover when cyber-attacks happen. Read more

 

Hacker House Shakes Up InfoSec with Intensive Training in Grimbsy

Hacker House, the cyber security firm which found itself embroiled in a political storm last November, has announced its first UK class-based training for over two years. The much-anticipated intensive four-day training will be delivered by company CIO and world-renowned ethical hacker, Matthew Hickey (@hackerfantastic), at the Enterprise Village in Grimsby from March 30th to April 2nd2020. It comes after an intense period of focus on the development and launch of the company’s popular online training course, Hands-On-Hacking™ Read more

 

XR Immersive Enterprise Conference | Reuters Events | Boston | May 5-6, 2020

On May 5-6, 2020, more than 300 decision makers from the world’s largest enterprise and tech brands will gather in Boston to discover how virtual, augmented and mixed reality are transforming training, operations, design, customer service and marketing across industry. Read more

 

Chief Claims Officers from Allstate, Liberty Mutual, State Auto, Kemper, Prudential, Ameritrust and more confirmed to speak at Connected Claims USA 2020 conference and expo in Chicago

Chicago, February 3: Chief Claims Officers from Allstate, Liberty Mutual, State Auto, Kemper, Prudential and more will speak at the Connected Claims USA 2020 Summit on June 24-25, 2020. Read more

 

RSA Conference 2020 Expands Education Programs

Bedford, MA – Feb 11, 2020 – RSA Conference, the world’s leading information security conferences and expositions, today announced the addition of the RSAC Security Scholars Poster Pitch-Off to its RSAC AdvancedU programming. RSAC AdvancedU is a series of programs that provides outreach to college students to introduce and encourage a career in cybersecurity and supports education throughout the various stages of a career within the industry. Read more

 

RSA Conference Announces Finalists for RSAC Innovation Sandbox Contest 2020

Annual Competition Showcases the Most Promising Startups and Minds in Cybersecurity
RSA Conference, the world’s leading information security conferences and expositions, today announced the 10 finalists for its 15th annual RSAC Innovation Sandbox Contest. The competition calls on the most promising young companies in cybersecurity to showcase their transformative technologies to a panel of judges and live audience at RSA Conference 2020 in San Francisco. Past winners include Imperva, Phantom, and most recently, Axonius. Read more

 

Failure is Not an Option: Realize the Potential of Data Science From Swiss Re, AmFam, and Blue Cross and Blue Shield

With 90% of carriers actively investing in new data projects, project failure is not an option.Artificial intelligence (AI) and machine learning (ML) have become mainstays in the insurance industry, equipping insurance companies with tools that can help them to become more efficient and profitable than ever before. Read more

 

Legislation not technology could impede public safety prioritisation on commercial networks, says TCCA

Thursday 06 June 2019:  With more and more countries considering implementing broadband public safety services over existing commercial mobile networks, the spotlight is on ensuring that first responders do not struggle to access the network when there is high demand from consumer users. Read more

 

GTCCA’s 21st CCW event set to bring the critical communications world together in Kuala Lumpur   

16 May 2019, LONDON, UK – Critical Communications World (CCW), the leading conference and exhibition dedicated to connecting critical communications professionals, will take place from 18th – 20th June in Kuala Lumpur, hosted by Malaysia’s Sapura Group. Registration for the event is now open Read more

 

Giving Customers What They Want: Innovative Product Development with Sun Life Financial and Scotiabank

TORONTO: Canadian leaders to share strategies on increasing customer satisfaction through innovative product development, Wednesday, May 11th10:00 AM EDT. Read more

 

Preparations have begun for BIDEC 2019, one of the region’s key International defence exhibitions with key partners confirming participation

Following the outstanding success of the first Bahrain International Defence Exhibition & Conference (BIDEC) in 2017, keen interest for the next edition scheduled for 28-30 October 2019 has begun to build as major international defence and security organisations join forces to support what has been hailed as one of the most strategic events of its kind in the region. Read more

 

Autonomous Driving and Future Mobility 2019 conference was hosted in Berlin on April 8th-9th

Autonomous Driving and Future Mobility 2019 conference was hosted in Berlin on April 8th-9th. Presented by SZ&W Group, Start-up Awards Ceremony took place along sided with the event. Awards are designed for Startups who are devoted to providing advanced solutions to Autonomous Driving. After deliberation by professional judging panels over category, finalists were announced on 8th April. Read more

 

Infosecurity Europe 2019 puts the ‘human factor’ under the spotlight – with keynote stage speakers from HSBC and William Hill

June 4th, 2019 Olympia, London: Technology is only one part of the cyber security puzzle; people contribute significantly to risk, as well as to an organisation’s ability to protect itself against threats. This is why the human factor will be a key focus at Infosecurity Europe 2019, Europe’s number one information security event (4-6th June at Olympia, London). The industry skills shortage is biting hard, with research indicating there will be up to 3.5 million unfilled positions by 2021 Read more

 

President of Bolivia and President of the Federal Republic of Nigeria toured the Future Cities Show with Undersecretary of Ministry of Economy

Dubai, United Arab Emirates, 8th of April 2019: Dr. Adeeb Al-Afifi, Director of the National Program for SMEs and Projects, Ministry of Economy opened AIM Startup today. The Future Cities Show also opened today, which witnessed the presence of H.E. Abdulla Alsaleh, Undersecretary of Ministry of Economy along with Mr. Evo Morales, President of Bolivia and Mr. Muhammadu Buhari, President of the Federal Republic of Nigeria. Both the shows run in conjunction with the Annual Investment Meeting (AIM), which takes place from 8th to 10th April Read more

 

Smart cities predicted to deliver more than USD 20 trillion in additional economic benefits by 2026

Dubai, United Arab Emirates, 3rd of April 2019: Findings of a report titled ‘Role of Smart Cities for Economic Development’ estimate that the smart city concept has the potential to boost the economic development of global cities by over 5 percent and deliver at least USD 20 trillion in additional economic benefits by 2026 Read more

 

Top representatives from 140 countries to gather in Dubai for Annual Investment Meeting 2019

Dubai, United Arab Emirates, 2nd April 2019: Top-level representatives from over 140 countries from Europe, Latin America, Africa, Middle East, and Asia will gather in Dubai next week to take part in this year’s edition of the world’s leading foreign direct investment (FDI) platform, the Annual Investment Meeting (AIM) Read more

 

Incident response takes centre stage at Infosecurity Europe 2019 with keynote speakers from Maersk and UK law enforcement

Effective incident response requires planning and the bringing together of multiple stakeholders who must work quickly and efficiently to deal with a security incident. With the fallout from high profile attacks like NonPetya and WannaCry suggesting that incident response planning is still falling short of where it should be, it will be one of the most hotly debated topics at this year’s Infosecurity Europe 2019, Europe’s number one information security event. Read more

 

Web security expert Troy Hunt to be welcomed into the Infosecurity Hall of Fame

Richmond, Surrey, UK, 0900 hours, 26 March 2019 –Australian web security expert Troy Hunt has been revealed as the latest industry luminary to be selected to join the Infosecurity Hall of Fame. He will be inducted into the Hall of Fame at Infosecurity Europe, Europe’s number one information security event Read more

 

TCCA’s annual showcase of excellence to be held in Kuala Lumpur 18-20 June

21 March 2019 LONDON, UK – The Sapura Group, Malaysia’s leading technology organisation, has confirmed that it will be Host Operator for TCCA’s Critical Communications World (CCW) 2019, the world’s premier event for critical communications professionals. CCW will be held in Kuala Lumpur from 18-20 June Read more

 

2019: The Art of Navigation in a Digital World

On April 23-24, 2019 at Expocentre Fairgrounds on Krasnaya Presnya, Moscow, the 13th International Navigation Forum will open the door wide to recognized world-class experts in the field of using navigation technologies. Read more

 

TCCA’s Critical Communications Europe to host joint event with BAPCO Annual Conference & Exhibition for the first time.

18 February 2019, London, UK – Critical Communications Europe (CC Europe), Europe’s leading conference and exhibition dedicated to connecting critical communications professionals, will take place in conjunction with the BAPCO Annual Conference & Exhibition for the first time. The event will take place at the Ricoh Arena, Coventry, UK from 12-13 March 2019. Read more

 

IFSEC International and Security & Counter Terror Expo to co-locate at ExCeL London, May 2020.

ExCeL London, May 2020 – Today it has been revealed that next year will see IFSEC move to a brand new dateline of 19 – 21 May and welcome three prestigious events alongside it at ExCeL London; Security & Counter Terror Expo (SCTX), Ambition and Forensics Europe Expo. . Read more

 

Startup disruptive technological solutions to be featured at 3rdFuture Cities Show.

Dubai, UAE, January 7th, 2019 – Future Cities Show will feature disruptive innovations as it holds its third edition on April 8-10, 2019 at the Dubai World Trade Centre. Under the theme “Propelling Globalization through Digital Transformation”, FCS will gather together startup companies to showcase their projects to an international roster of investors. Read more

 

Cyber Security Connect UK Unveils Full Programme Line Up.

London, October 31st, 2018 – The full programme for the inaugural Cyber Security Connect UK, which takes place in November, has been revealed featuring leading experts from the world of cyber security. This includes representatives from the Ministry of Defence, the National Police Chief’s Council, the DCMS (Department for Digital, Culture, Media and Sport) and from the National Cyber Security Centre (NCSC) who will share their insights with delegates. Read more

 

HackIT 4.0: the cyber security center of Eastern Europe is emerging in Kyiv.

On October 8-11, the international cybersecurity forum will be held in Kyiv — HackIT 4.0. Top industry experts will share their experience, and the best white hackers will compete in a search for vulnerabilities.. Read more

 

TEkoparty 2018 Announces Full Agenda And Speakers For Its 14th Edition Of The Most Important Security Conference in Latin America.

Friday, September 21st 2018,Top Industry Experts Discuss Modern Security Challenges in a Series of Talks, Panels, Workshops, Trainings and Hands-On Activities. Read more

 

Trescon announces the second edition of Big Cyber-Security Show and Awards.

Wednesday, 19th September 2018, Mumbai: Mumbai city will be hosting the second edition of the Big Cyber-Security Show and Awards, at The Leela on September 20, 2018. The first edition, in 2017, housed more than 150 CTOs, CIOs, CXOs, CEOs, CISOs and Cyber-Tech experts from all across the nation, as well as leaders in the field of cyber-security. Read more

 

TU-Automotive West Coast 2018 Conference to Highlight How Data-Driven Technologies Will Enable the Contextually Intelligent Vehicle

TU-Automotive has published the program for their 8th annual TU-Automotive West Coast 2018 Conference and Exhibition (October 3-4, San Jose). The event will see 200+ executives assemble in California to discuss how to apply data-driven technologies and applications such as artificial intelligence to enable intelligent connected and autonomous vehicles. Read more

 

RazorSecure highlights key transport security challenges at GCHQ Cyber Accelerator Demo Day

On Wednesday 27th June, RazorSecure, an innovative supplier of intrusion and anomaly detection security software for transport, presented at the Demo Day of the GCHQ Wayra Cyber Accelerator. Read more

 

Bitcoin, Ethereum, and Blockchain Super Conference II Promises to Reveal New Profit Opportunities from the Next Bitcoin Bull Run

DALLAS, TX – In February, the Bitcoin Ethereum and Blockchain Super Conference brought together hundreds of cryptocurrency and blockchain enthusiasts, investors, and leaders. Now, the organizer and host, Richard Jacobs, is hosting a second conference at Dallas this September. Read more

 

Win $300 of Ethereum – Every Day until Sunday May 13th

DALLAS, TX – Organizers of the second Bitcoin, Ethereum, and Blockchain Super Conference (which is being held in September at Dallas) are running a special promotion. Every attendee who buys their ticket before 9:59pm each day will be put into a complimentary raffle, where one lucky winner will receive $300 of Ethereum transferred to their wallet immediately. (Considering that, on a typical day, ticket sales range from four to ten, the odds of winning stand at between 10% and 25%.)Read more

 

Bitcoin, Ethereum, and Blockchain Super Conference II:
Bring Your Kids, Friends, Colleagues for Just $97 per Head

DALLAS, TX – DALLAS, TX – Organizers of the second Bitcoin, Ethereum, and Blockchain Super Conference (which is being held in September at Dallas) are running a special promotion. Attendees who reserve their spot before midnight on Sunday May 6th will be able to add “companion” tickets for just $97 per head.Read more

 

Bitcoin, Ethereum and Blockchain Super Conference II Offers Rare Opportunity to Network with Cryptocurrency and Blockchain Leaders

DALLAS, TX – Richard, organizer of the original Bitcoin, Ethereum and Blockchain Super Conference, held in February, is hosting a follow-up conference in September. Like the first conference, the second offers attendees a rare opportunity to network with many of the most respected players in the cryptocurrency and blockchain space – including developers, entrepreneurs, venture capitalists, and “smart money” hedge fund managers who are now piling their capital into blockchain assets.Read more

 

InfoSec World is Back! Human (and Canine!) Experts to Share Their Cybersecurity Secrets and Know-How

SOUTHBOUROUGH, Mass., November 9, 2017 – MIS Training Institute (MISTI), the international leader in information security, audit and IT audit training, is pleased to announce InfoSec World 2018 Conference and Expo, scheduled for March 19-21. One of the longest running annual conferences dedicated to the business of information security will take place at Disney’s Contemporary Resort, Lake Buena Vista, Florida Read more

 

SecurityFirst™ DataKeep™
Protecting Data from Creation to Deletion

Rancho Santa Margarita, Calif. – September 27, 2017 – SecurityFirst, a provider of data-centric cyber solutions, announces the launch and immediate availability of DataKeep, an advanced data-centric security software solution….Read more

 

Discover what Asia’s CISOs are doing to counter the next Petya/WannaCry

August 2017 – The recent cyber attacks have exposed IT Security vulnerabilities among companies in Asia and this has extended far beyond sensitive data information with the potential to cause operational, financial and reputation damages. Fundamentally, all sectors are reconsidering the approach in their Cyber Security strategy, to ensure that their IT security posture is on the right track…..Read more

 

Worldwide Business Research Launches InfoSecurity Connect East

NEW YORK –November 1-3, 2017 – Worldwide Business Research (WBR) is today announcing the launch of InfoSecurity Connect East, a summit helping senior financial services executives….Read more

 

DEF CON Voting Village – Hackers easily pwned US voting machines

DEF CON 2017 – Are voting systems secure? In August 2016, the FBI issued a “flash” alert to election officials across the country confirming that foreign hackers have compromised state election systems in two states….Read more

 

Five Reasons Why You Shouldn’t Miss RSA® Conference 2017 Asia Pacific & Japan

Cybersecurity has been top of mind with WannaCry, the Internet of Things, and new government regulations dominating technology conversations today…Read more

 

NetQuest Enhances Cyber Intelligence Gathering with Industry’s First 100G Coherent Network Visibility Solution

NetQuest Corporation, a leading manufacturer of cyber surveillance solutions, today announced the I-9100 as the industry’s first network monitoring access solution to provide government agencies…Read more

 

SECURE SWISS DATA LAUNCHES FULLY ENCRYPTED MOBILE APPLICATION

Today, Secure Swiss Data, a company that specializes in protecting corporate data and individual privacy through their encrypted email and file sharing services, is launching a fully encrypted mobile application…Read more

 

INTERPOL World 2017 to Showcase the Latest Innovations for Future Security Challenges

The stage is set for INTERPOL World 2017 as it readies to welcome over 10,000 law enforcement agencies, government bodies, academia, solution providers, security professionals…Read more

 

IFINSEC Financial Sector IT Security Conference and Exhibition

IFINSEC Financial Sector IT Security Conference and Exhibition (www.ifinsec.com) will be held on 14-15 November 2017 in Istanbul, Turkey…Read more

 

New GoAnywhere Release Automates and Secures File Transfers in Cloud and Private Networks

Linoma Software, a HelpSystems company, today announced the release of version 5.5 of its GoAnywhere managed file transfer (MFT) solution, which allows organizations to deploy MFT agents…Read more

 

Detection of WannaCry Ransomware Based on Network Behavior

GREYCORTEX has examined the behavior of the WannaCry ransomware in a network using its MENDEL Network Traffic Analysis tool. As Martin Korec, Lead Analyst at GREYCORTEX says…Read more

 

ManageEngine Makes Privileged Account Management Ridiculously Simple with New UI

ManageEngine, the real-time IT management company, today announced that it is making privileged account management ridiculously simple with the new user interface for Password Manager Pro…Read more

 

INTERPOL World 2017 Congress to lead industry dialogue for a unified approach to combat future crime

INTERPOL World 2017 is set to bring law enforcement agencies, government bodies, academia, security professionals and solution providers together over three days of…Read more

 

Tangentia Partners with BlackBerry to Connect, Secure and Mobilize Enterprises in Canada

Tangentia Inc. today announced it is partnering with BlackBerry to connect, secure and mobilize enterprises in Canada…Read more

 

2017 International Cyber Security and Intelligence Conference (ICSIC)

The International Quality and Productivity Center (IQPC) is please to announce that the 8th Annual Anti Piracy and Content Protection Summit will be taking…Read more

 

8th Annual Anti Piracy and Content Protection Summit

The Ontario College of Management and Technology (OCMT) is proud to host the 2017 International Cyber Security and Intelligence Conference (ICSIC) on November, 7th-8th 2017, at the…Read more

 

Launch of CyberWISER framework: Monitoring your cyber risks in real time

The Internet and digital services play an increasing role in our business portfolios and have a growing impact on our daily lives. However, as digital services and cyberspace evolve…Read more

 

The GCC cyber security market is booming

Nowadays, cyber-security is not just a technology issue, it’s a real business issue which should engage all business functions. Digital is no longer the sole domain of IT and there are major risks…Read more

 

Cyber Security Chicago to Debut in October 2017

Imago Techmedia today announced the launch of the first annual Cyber Security Chicago conference and exposition. The event will take place from October 18-19, 2017 at McCormick Place in Chicago…Read more

 

INTERPOL World 2017 builds up momentum with strong support from public and private sectors

SINGAPORE – The second edition of INTERPOL World has garnered strong support from public and private sectors, both locally and on the international front…Read more

 

Nispana in association with DNJ Saudi Arabia is excited to announce its 3rd Annual Middle East Cyber Security Summit on the 26 & 27 March, 2017 in Riyadh at the Riyadh Marriott

Global organizations continue to grapple with the cyber security challenges, with the convergence of Internet-connected things, there will be newer risks…Read more

 

Black Hat Asia 2017 Welcomes Industry Veterans, Halvar Flake of Google and Saumil Shah of Net-Square, as Keynote Presenters

Today, Black Hat, the world’s leading family of information security events announces the keynote lineup for its upcoming event in Singapore…Read more

 

Kidnappings, Cyber Attacks and Social Media Crises Are Topics at 2nd International Crisis Management Conference in Boston, April 5

Organizers of the International Crisis Management Conference (ICMC) series today announced its second annual one-day conference on April 5 at the Aloft Seaport in Boston…Read more

 

RSA Conference 2017 Debuts RSAC AdvancedU Education Program

RSA Conference (RSAC), the world’s leading information security conferences and expositions, today announces the debut of RSAC AdvancedU – a new series of programs to educate…Read more

 

Former MI5 Director General Dame Stella Rimington to Keynote RSA Conference 2017

RSA Conference, the world’s leading information security conferences and expositions, today announces Dame Stella Rimington will be part of the keynote speaker lineup…Read more

 

RSA Conference 2017 Welcomes Dr. Neil Degrasse Tyson to Keynote Stage

RSA Conference, the world’s leading information security conferences and expositions, today announces Dr. Neil deGrasse Tyson will be part of the keynote lineup…Read more

 

Calling All Emerging Information Security Companies: RSA Conference Innovation Sandbox Contest 2017 is Now Taking Submissions

RSA Conference, the world’s leading information security conferences and expositions, today announces that the 12th annual Innovation Sandbox Contest is now accepting submissions…Read more

 

Bob warns ‘Don’t get phished this Christmas!’

Barnsley-based Cyber Security Awareness Training provider is campaigning to stop people being caught by phishing emails out this Christmas…Read more

 

Blacklist from RiskIQ Reveals Hundreds of Potentially Malicious Black Friday Apps

RiskIQ, the leader in digital risk management, today released the Black Friday eCommerce Blacklist, a cyber research study analyzing…Read more

 

Voters Believe Cyberattacks More Threatening to U.S. Than ISIS

New data released today from cybersecurity company, Cybereason, revealed that nearly 70 percent of registered U.S. voters believe cyber attacks are more threatening to the U.S. than ISIS. In fact, 64 percent are concerned about a ..Read more

 

CISO Leaders Summit Singapore

Media Corp International are pleased to announce the CISO Leaders Summit Singapore 2016 is in its final stages of registration..Read more

 

Logical Operations Announces Training Courseware Collaboration with Ingram Micro

Logical Operations, the world’s leading provider of information technology instructor-led courseware, today announced it is working with Ingram Micro Inc. (NYSE: IM) to expand the training..Read more

 

Cyber Sense World to focus on essential aspects of cyber security

In an era of global connectivity, cyber security is now at the top of the agenda with high-profile breaches, attacks and other security failures endangering companies and..Read more

 

Inaugural Singapore International Cyber Week 2016 to connect prominent policy makers, industry players and innovators

The inaugural Singapore International Cyber Week (SICW), organised by the Cyber Security Agency of Singapore (CSA), is expected to..Read more

 

Access the Latest Cyber Security Tools and Techniques at ISACA’s CSX 2016 Asia Pacific Conference in Singapore

According to ISACA’s 2016 Cybersecurity Snapshot, close to half (45%) of those surveyed worldwide report..Read more

 

SyncDog, Inc. Announces General Availability of SentinelSecure™ Containerized Workspace Version 2.5 for Securing Enterprise Systems Data from Mobile Points of Intrusion

SentinelSecure™ ver. 2.5 will be unveiled at CTIA Super Mobility 2016, Las Vegas, (booth
#6232), September 7‐9, 2016, featuring FIPS 140‐2 certification..Read more

 

Cybersecurity Ventures 2016 Cybercrime Report – Hackerpocalypse: A Cybercrime Revelation

This special report on cybercrime is sponsored by Herjavec Group, a leading global information security advisory firm and Managed Security Services Provider (MSSP) with offices across..Read more

 

Prominent business leaders to meet on 27-29 Nov to discuss cyber security in Phuket

The Cyber Security Exchange Asia 2016 conference will be taking place on the 27-29th November 2016 in Phuket, Thailand. Slated as the go-to event..Read more

 

R3: RESILIENCE, RESPONSE & RECOVERY 2016

The R3 Summit, taking place on 27 September 2016 in London, takes you through the most vital steps of your response and recovery strategy…Read more
Cybersecurity Ventures projects $1 trillion will be spent globally on cybersecurity from 2017 to 2021.

“We expect worldwide spending on cybersecurity products and services to eclipse $1 trillion for the five-year period from 2017 to 2021” (1) says Steve Morgan, founder…Read more

 

CyberWISER Light: Helping European Firms get smart about Cyber Security

Digital business is fast becoming the only way to do business. Yet evidence shows that too many small- and medium-sized businesses are not considering the impact…

Read more

 

UConn School of Business and EC-Council Partner To Train, Certify Next Generation of Cybersecurity Experts

The University of Connecticut School of Business has partnered with the EC-Council Foundation to offer three distinctive courses for information technology…

Read more

 

PERMIT THE APPLICATION, BUT MANAGE THE BEHAVIOR—NETSKOPE SELECTS INFOBLOX TO PROTECT DATA AND ENSURE COMPLIANCE

Infoblox Inc., the network control company, today announced that Netskope has deployed Infoblox solutions to achieve its mission of delivering secure cloud-based services to its customers…

Read more

 

SECEON EMERGES TO INTRODUCE COMPREHENSIVE OPEN THREAT MANAGEMENT™ PLATFORM CYBERSECURITY SOLUTION

Innovative Start-Up Combines Technical Expertise in Security, Big Data, Machine Learning and Networking to Deliver a New Approach to Cybersecurity and Risk Mitigation…

Read more

 

WORLD’S LARGEST HOMELAND SECURITY EVENT IN 2016 OPENS NEXT WEEK IN ABU DHABI

The world’s largest homeland security and national resilience event in 2016, the 7thInternational Exhibition for National Security and Resilience (ISNR), opens next week…

Read more

 

DISCUSSING NEW STRATEGIES TO TACKLE TERRORISM

High ranking security and emergency services officials will gather at World Counter Terror Congress to discuss future counter terror strategies…

Read more

 

ENITSE ENTERPRISE IT SECURITY CONFERENCE & EXHIBITION

ENITSE Enterprise IT Security Conference & Exhibition will be held on 17-18 May 2016 in Istanbul, Turkey…

Read more

ANNOUNCING THE CYBERSECURITY 500 LIST FOR Q4 2015

Cybersecurity Ventures announces the Q4 2015 edition of the Cybersecurity 500, a global compilation of leading companies who provide cybersecurity solutions and services…

Read more

 

TRANSPORT SECURITY EXPO’S WIDE-RANGING CONFERENCE AND SEMINAR PROGRAMME WILL BE FREE-TO-ATTEND

Transport Security Expo will this year be delivering more learning opportunities than ever before – and all of them will be free-to-attend for all delegates on a first-come, first-served basis…

Read more

 

CYBERSECURITY IN THE SPOTLIGHT AT EUROPE’S LARGEST DATA CENTER GATHERING IN LONDON

Digital adoption and the integration of technology into people’s lives is dramatically changing modern society, but it’s set against the backdrop of new and sophisticated cyberattack threats…

Read more

 

TREMENDOUS SUPPORT FROM GOVERNMENT SECTOR AND COMMERCIAL BUYERS FOR INAUGURAL MYANMAR SECURITY EXPO 2015

15 October 2015, Yangon, Myanmar – Myanmar Deputy Minister of Finance, Mr Maung Maung Thein officiated the opening of the inaugural Myanmar Security Expo. Over the 3 days’ event, some 2,107 government officials, commercial buyers and media convened and connected with 75 exhibitors from 17..

Read more

 

connect:ID reveals new structure, launches call for speakers

The event will now encompass the biometric ID:HUB, mobile ID:HUB and secure ID:HUB conferences, but where relevant, will also bring together the audiences to discuss cross-over issues, and to demonstrate how identity technologies are being combined to provide integrated solutions, across a wide variety of sectors…

Read more

 

ANNOUNCING THE CYBERSECURITY 500 LIST FOR Q3 2015

Menlo Park, Calif. – July 31, 2015, Cybersecurity Ventures has announced the Q3 2015 edition of the Cybersecurity 500, a global compilation of leading companies who provide cybersecurity solutions and services. The Cybersecurity 500 is online at www.Cybersecurity500.com

Read more

 

ME Homeland Security Market Will See a Growth rate that is three times the Global Average

According to a recent Frost and Sullivan report, the Middle East’s homeland security market will see a compound annual growth rate that is three times the global average, and it is driven primarily by economic diversification and massive scale-up in infrastructure projects…

Read more

 

Regional Governments Set to Spend USD 9.5 Billion on Cyber Security By 2019

Regional governments see cyber-crime as a growing threat and together are set to invest heavily on cyber security over the next four years, according to experts.
An industry on the rise, a recent report from Pricewaterhouse Coopers indicated a staggering 42.8 million information security incidents reported globally in 2014, up 48% from the previous year…

Read more

 

The Middle East Cyber Security Summit 2015

Cyber threats are a global phenomenon and are continually developing in sophistication and impact, despite the advances in cyber security technologies and practice. National & International governments in the region are determined to create a secure digital environment, but these initiatives are fragmented, tactical…

Read more

 

Hardwear.io 2015: The First Hardware Security Conference  To Check Out

Pune, India – July 20, 2015 – In the era of such advanced technology where automation plays a key role in enhancing the efficiency of devices, the need to proactively address Hardware Security is widely underestimated. From simple everyday gadgets like battery-operated cars, entertainment systems…

Read more

 

Inaugural (ISC)² Security Congress APAC Established to Commemorate the 10th Anniversary of SecureAsia Conference

Manila/Hong Kong, 16 June, 2015 — To mark the 10th anniversary of the (ISC)²® SecureAsia Conference, (ISC)², the largest not-for-profit membership body of certified information and software security professionals worldwide with nearly 110,000 members…

Read more

 

Cyber Defense Magazine Announces 2015 Award Winners

Cyber Defense Magazine, the industry’s leading electronic information security magazine and a media partner of the RSA® Conference 2015, has named winners in numerous categories for their innovations in the field of information security…

Read more

 

ANNOUNCING THE CYBERSECURITY 500 LIST FOR Q2 2015

Cybersecurity Ventures has announced the Q2 2015 edition of the Cybersecurity 500, a global compilation of leading companies who provide cybersecurity solutions and services…

Read more

 

FOR THE FIRST TIME IN THE WORLD STEALTHPHONE INFORMATION SECURITY SYSTEM

Mobile Trust Telecommunications (Switzerland) to present the first ever hardware information security system Stealthphone (http://youtu.be/PLMRui8-RaU ) for mobile phones and computers for individual users, small and medium enterprises, major corporations and state organizations…

Read more

SnoopWall Launches Mobile Wallet Security Toolkit

BARCELONA, Spain, and NASHUA, NH – SnoopWall Inc. (www.snoopwall.com), the world’s first counterveillance security software company, today announced the availability of the SnoopWall Developers Toolkit (SDK) for mobile wallet developers who want to protect consumers from identity theft and fraud…

Read more

 

Innovative security solutions to headline INTERPOL World Congress

Singapore, 11 February 2015 – Technology-driven security solutions developed by leading industry players will be presented at the INTERPOL World Congress, a knowledge sharing forum anchoring the inaugural INTERPOL World in 2015…

Read more

 

Inaugural INTERPOL World 2015 Expects High-Level International Participation

Singapore, 3 November 2014 – More than 70 percent of the exhibition space for INTERPOL World, a new international security event taking place from 14-16 April 2015 in Singapore, has been booked by key players in the security landscape…

Read more

 

INTERPOL World launches Strategic Partners Programme to design innovative security solutions with industry to address global challenges

SINGAPORE, 23 October 2014 – INTERPOL World has launched a Strategic Partners Programme with leading private-sector security solutions providers to jointly create innovative solutions to  real-world security challenges faced by global police organizations, government agencies and the private sector…

Read more

 

2014 ICS CYBER DEFENSE FOR ENERGY & UTILITIES – Securing the Future of the Energy & Utilities Industry

Abu Dhabi, UAE – On 22–24 September this year, Caxton Group will host its flagship event for Cyber Security in the Energy & Utilities sector and gathering of international and regional experts and industry leaders from the government, energy, utilities, oil & gas and the academe. The event will review the current security landscape of the region’s cyber domain and will focus on strengthening defense measures designed to counter potential breach and cyber-attacks directed towards critical infrastructures…

Read more

 

SnoopWall Launches Free Privacy App to Detect and Block Cyber Criminals, Snoops, Spies and Online Predators

Las Vegas, NV, August 7, 2014– SnoopWall (www.snoopwall.com), the world’s first counterveillance software company, announced today the release of Privacy App™ for Android (www.snoopwall.com/snoopwall-privacy-app) platform mobile devices…

Read more

 

Securing Asia & Africa 2014 was hosted at Queen Elizabeth II conference centre

Securing Asia & Africa 2014 (SA&A 2014) the 3rd annual summit was yet again a great success in all areas, commercial, political and academic. The summit provided an arena for a comprehensive expert dissection of Asia & Africa’s’ Homeland Security and Counter Terror challenges, needs, and opportunities in the new age…

Read more

 

CONFLICT IN MIDDLE EAST

The worsening situation in Iraq due to the fall of Iraq’s second largest city to the terror group Islamic State of Iraq and Syria (ISIS), raises the possibility of major upheavals in the global oil market fuelled by speculations of severe threat to the critical energy infrastructures in Middle East.The rise of ISIS, once an offshoot of Al Qaida vindicate that the threat of terrorism in Middle East remain intact even as US prepares to quit Afghanistan…

Read more

 

Securing Asia & Africa 2014

Securing Asia & Africa 2014 is a vital summit in the Homeland Security and Counter Terror calendar of annual events. With London as the global hub for procurement agencies from Asia and Africa, it provides a unique opportunity for Western solution providers of all sizes to interact directly with procurement agencies, businessmen and political figures from the Asian Security sector in a neutral forum and within a single venue…

Read more

Hexis Cyber Solutions Hosts Live Data Breach Webinar Featuring Security Industry Expert

14 May 2014

Hexis Cyber Solutions, a provider of advanced cybersecurity solutions for commercial companies and government agencies, and IANS Research, the leading provider of in-depth security insights and decision support delivered through research, community, and consulting, will be presenting a live webinar…

Read more

 

IT experts to come together in Amsterdam at the 2014 Oil and Gas Euro Cyber Security workshop

12 May 2014

Following the success of the 2014 Oil & Gas Cyber Security workshop previously held in Abu Dhabi, UAE last January, Caxton Group is proud to announce the inception of the 2014 Oil and Gas Euro Cyber Security workshop to be held on 23-25 June 2014 at the beautiful city of Amsterdam, Netherlands…

Read more

AirWatch Receives STIG-Approval to Operate on US Department of Defense Networks from Defense Information Systems Agency

5 May 2014

AirWatch® by VMware, the leading enterprise mobility management (EMM) provider, announced today that the Defense Information Systems Agency (DISA) Field Security Operations (FSO) has released the AirWatch MDM Software 6.5 Security Technical Implementation Guide (STIG) Version 1 for immediate use. The certification validates that AirWatch, one of only two STIG-approved mobile device management (MDM) providers…

Read more