SecurityProNews https://www.webpronews.com/technology/securitypronews/ Breaking News in Tech, Search, Social, & Business Sat, 28 Sep 2024 11:04:35 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.2 https://i0.wp.com/www.webpronews.com/wp-content/uploads/2020/03/cropped-wpn_siteidentity-7.png?fit=32%2C32&ssl=1 SecurityProNews https://www.webpronews.com/technology/securitypronews/ 32 32 138578674 Meta Fined $101 Million for Storing Passwords in Plain Text https://www.webpronews.com/meta-fined-101-million-for-storing-passwords-in-plain-text/ Sat, 28 Sep 2024 02:02:17 +0000 https://www.webpronews.com/?p=608983 Ireland’s Data Protection Commission (DPC) has fined Meta €91 million ($101.5 million) for committing the cardinal of cybersecurity—storing passwords in plain text.

Some of the worst data breaches have occurred because passwords were stored in plain text. Unfortunately, Meta doesn’t seem to have gotten the memo, with the company admitting in 2019 that it had stored passwords for hundreds of millions of users in plain text. The only redeeming element is that the files in question were apparently not accessible to anyone outside of Facebook, according to the company’s statement at the time.

Catch our chat on Meta’s $101M fine for plain text password storage!

 

To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them.

While there’s no evidence the passwords were accessible externally, the fact the passwords were stored in plain text means there was always a risk they could have been exposed, by either a bad actor internally or via an external hack.

The DPC has reached its final decision after it began investigating Meta Platforms Ireland Limited (MPIL) in 2019. The investigation found that MPIL infringed on the GDPR in the following ways:

  • Article 33(1) GDPR, as MPIL failed to notify the DPC of a personal data breach concerning storage of user passwords in plaintext;
  • Article 33(5) GDPR, as MPIL failed to document personal data breaches concerning the storage of user passwords in plaintext;
  • Article 5(1)(f) GDPR, as MPIL did not use appropriate technical or organisational measures to ensure appropriate security of users’ passwords against unauthorised processing; and
  • Article 32(1) GDPR, because MPIL did not implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including the ability to ensure the ongoing confidentiality of user passwords.

As a result of the investigation, MPIL will be reprimanded and fined the $101.5 million.

This Decision of the DPC concerns the GDPR principles of integrity and confidentiality. The GDPR requires data controllers to implement appropriate security measures when processing personal data, taking into account factors such as the risks to service users and the nature of the data processing. In order to maintain security, data controllers should evaluate the risks inherent in the processing and implement measures to mitigate those risks. This decision emphasises the need to take such measures when storing user passwords.

The GDPR also requires data controllers to properly document personal data breaches, and to notify data protection authorities of breaches that occur. A personal data breach may, if not addressed in an appropriate and timely manner, result in damage such as loss of control over personal data. Therefore, when a controller becomes aware that a personal data breach has occurred, the controller should notify the supervisory authority without undue delay, in the manner prescribed by Article 33 GDPR.

“It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data,” said Graham Doyle, Deputy Commissioner at the DPC. “It must be borne in mind, that the passwords the subject of consideration in this case, are particularly sensitive, as they would enable access to users’ social media accounts.”

DPC’s Meta Decision – Credit DPC
]]>
608983
Microsoft Hosting Cybersecurity Event To Improve Windows Security https://www.webpronews.com/microsoft-hosting-cybersecurity-event-to-improve-windows-security/ Mon, 26 Aug 2024 01:37:19 +0000 https://www.webpronews.com/?p=606867 In the wake of the CrowdStrike outage that brought the internet to its knees, Microsoft is hosting an event aimed at ensuring such an incident never happens again.

CrowdStrike effectively bricked millions of Windows PCs when it pushed a flawed update, one that required physical access to a machine to roll back. While physical access is not a problem for desktop machines, it can pose a much bigger challenge for cloud companies and server farms.

The CrowdStrike incident was so devastating largely because the cybersecurity firm’s software runs at the kernel level, or the lowest level of the Windows operating system. Microsoft has already voiced its dissatisfaction with the situation, blaming an agreement with the EU for the current status quo, in which third-party companies have the same low-level access to Windows’ internals as Microsoft.

According to Aidan Marcuss, Microsoft Windows and Devices VP, Microsoft wants to improve the situation, and is hosting an event at its Redmond, Washington headquarters on September 10. CrowdStrike, as well as other “key partners” will be in attendance, with the goal being to find ways of securing Windows and improving resiliency.

On Sept. 10, 2024, Microsoft will host a Windows Endpoint Security Ecosystem Summit at our Redmond, Washington, headquarters. Microsoft, CrowdStrike and key partners who deliver endpoint security technologies will come together for discussions about improving resiliency and protecting mutual customers’ critical infrastructure. Our objective is to discuss concrete steps we will all take to improve security and resiliency for our joint customers.

The CrowdStrike outage in July 2024 presents important lessons for us to apply as an ecosystem. Our discussions will focus on improving security and safe deployment practices, designing systems for resiliency and working together as a thriving community of partners to best serve customers now, and in the future.

Microsoft says government representatives will also be in attendance.

In addition to ecosystem partners, Microsoft will invite government representatives to ensure the highest level of transparency to the community’s collaboration to deliver more secure and reliable technology for all. It is expected that the Windows Endpoint Security Ecosystem Summit will lead to next steps in both short- and long-term actions and initiatives to pursue, with improved security and resilience as our collective goal. We will share further updates on these conversations following the event.

Hopefully Microsoft and its partners are able to find ways of improving Window’s security, while also protecting the OS from CrowdStrike-style blunders.

]]>
606867
Palo Alto Soars: CEO’s Big Bets on Cybersecurity and AI Pay Off Big Time! https://www.webpronews.com/palo-alto-soars-ceos-big-bets-on-cybersecurity-and-ai-pay-off-big-time/ Tue, 20 Aug 2024 04:00:00 +0000 https://www.webpronews.com/?p=606621 Palo Alto Networks continues to solidify its position as a leader in cybersecurity, driven by strong financial results and strategic advancements. In the fiscal fourth quarter of 2024, the company reported earnings and revenue that surpassed Wall Street’s expectations, underscoring the effectiveness of its growth strategies and its ability to navigate an increasingly competitive landscape.

Strong Financial Performance and Strategic Shifts

Palo Alto Networks’ fiscal fourth-quarter results reflected its robust performance, with earnings rising 5% to $1.51 per share on an adjusted basis, and revenue climbing 12% to $2.2 billion. This marks a significant achievement in a challenging market environment. The company’s next-generation annual recurring revenue (ARR) from cloud computing products surged by 43%, reaching $4.22 billion, further cementing its leadership in the cloud security sector.

Nikesh Arora, CEO of Palo Alto Networks, attributed this success to the company’s commitment to innovation and its focus on the evolving needs of its customers. “We finished off the year with strong execution on our platformization strategy,” Arora stated, highlighting the importance of integrating diverse security solutions into a unified platform. This approach not only streamlines operations for customers but also positions Palo Alto Networks as a comprehensive solution provider in cybersecurity.

Competitive Landscape and Market Positioning

The cybersecurity industry is highly competitive, with companies like CrowdStrike and others vying for market share. Despite the fierce competition, Palo Alto Networks has managed to stay ahead, partly due to its ability to quickly adapt to market changes and customer needs. Arora emphasized the importance of maintaining customer trust, particularly in light of the challenges faced by competitors. “It’s crucial that we maintain the highest standards of trust,” he said, reflecting on the recent issues faced by CrowdStrike. “We’ve built systems that allow us to roll out updates cautiously, ensuring minimal disruption to our customers.”

Palo Alto Networks has also shifted its focus away from traditional metrics like billings guidance, opting instead to emphasize remaining performance obligations (RPO) as a key measure of growth. In fiscal Q4, RPO rose 20% to $12.7 billion, indicating a strong pipeline of contracted revenue that has yet to be recognized. This strategic shift allows the company to provide a more accurate picture of its future revenue streams and long-term growth potential.

Investing in AI and Cloud Security

One of the most significant areas of growth for Palo Alto Networks has been its investment in artificial intelligence (AI) and cloud security. The company has already invested $200 million in AI initiatives, which are expected to revolutionize the cybersecurity industry. “We’re not just selling ideas or concepts; we’re selling products that our customers are already using,” Arora said, pointing to the practical applications of AI in enhancing security measures.

The company’s cloud-based security platform, bolstered by acquisitions and continued innovation, has become a larger part of overall sales. This is particularly important as traditional firewall appliances, which have been a staple in cybersecurity, see a slowdown in sales. Palo Alto Networks’ ability to pivot towards cloud security and AI-driven solutions positions it well for continued growth in the coming years.

Financial Outlook and Future Prospects

Looking ahead, Palo Alto Networks has provided optimistic guidance for fiscal year 2025. The company expects total revenue to range between $9.10 billion and $9.15 billion, representing year-over-year growth of 13% to 14%. Non-GAAP operating margins are projected to be in the range of 27.5% to 28.0%, while adjusted free cash flow margin is expected to be between 37% and 38%. These projections underscore the company’s confidence in its ability to continue delivering strong financial results while maintaining a focus on innovation and customer satisfaction.

Additionally, Palo Alto Networks announced a $500 million share buyback program, further demonstrating its commitment to returning value to shareholders. “We have to provide return to investors in cash,” Arora noted, emphasizing the company’s strong cash flow generation and prudent financial management.

Leading the Cybersecurity Industry

Palo Alto Networks’ continued focus on innovation, customer trust, and financial strength has positioned it as a leader in the cybersecurity industry. As the company moves forward with its platformization strategy and AI-driven initiatives, it is well-equipped to navigate the challenges of an evolving market. With strong financial results and a clear vision for the future, Palo Alto Networks is poised to remain at the forefront of cybersecurity, delivering value to both its customers and shareholders.

In the words of CEO Nikesh Arora, “Cybersecurity is one of the most important industries in the world, and we’re committed to leading it—not just in terms of technology, but in the value we provide to our customers and shareholders.” As the company continues to execute on its strategic initiatives, it is clear that Palo Alto Networks is a force to be reckoned with in the cybersecurity landscape.

]]>
606621
Cyber Expert: “IT Outage May Be the Largest in History” https://www.webpronews.com/cyber-expert-it-outage-may-be-the-largest-in-history/ Fri, 19 Jul 2024 14:23:08 +0000 https://www.webpronews.com/?p=605848 Massive IT Disruption Hits Banks, Airports, Media Outlets Worldwide

A massive IT outage has caused widespread disruption across various industries globally, including banks, airports, supermarkets, and businesses. The outage, linked to a deployment issue by cybersecurity firm CrowdStrike, has left many critical services offline. Cyber expert Katherine Manstead has suggested this could be one of the largest IT outages in history.

The Scope of the Outage

The impact of the outage has been profound. Major banks and financial institutions have reported system failures, preventing customers from accessing their accounts and conducting transactions. Airports around the world, including those in Australia, the United States, and Europe, have experienced significant delays and cancellations due to the disruption of essential IT systems. Airlines have had to revert to manual check-in processes, causing long lines and frustration among travelers.

The media industry has not been spared either. The Australian Broadcasting Corporation (ABC) and several other media outlets experienced major network outages, affecting their ability to broadcast and publish news. This has underscored the widespread reliance on cybersecurity services like those provided by CrowdStrike.

CrowdStrike’s Role and Response

CrowdStrike, a leading cybersecurity firm known for its security monitoring and detection services, has been identified as the source of the problem. The company’s software, which is widely used by critical infrastructure organizations and major corporations, encountered an issue that led to the outages.

In a statement, CrowdStrike CEO George Kurtz acknowledged the gravity of the situation and assured customers that the issue had been identified and a fix was in progress. “We know what the issue is, and we are in the process of resolving it. Our priority is restoring trust and stability for all affected customers,” Kurtz said during an interview.

The company has deployed a fix and is working with IT teams around the world to implement it. However, Kurtz noted that the solution might not be a simple push-button fix. “This will require coordinated efforts with IT teams in various organizations to ensure systems are brought back online safely and efficiently,” he explained.

CrowdStrike provided a detailed technical update, advising organizations on specific steps to mitigate the issue. “We have identified and isolated the problem, and our engineering teams have reverted the problematic update. We recommend that impacted organizations follow the provided workaround steps to restore their systems,” the statement read.

Expert Analysis

Cyber expert Katherine Manstead emphasized the significance of the outage. “What we’re seeing is because of one particular security provider, CrowdStrike, which has the world’s biggest market share across the countries that are affected for security software solutions. This issue has cascaded across to Microsoft as well, where Microsoft is being used within the product suite for those organizations,” she said.

Manstead elaborated on the complexity of the situation, stating, “This is a prime example of how interconnected our digital infrastructure has become. A single point of failure in a widely used security solution can have ripple effects across multiple industries and geographies. It’s a stark reminder of the vulnerabilities inherent in our reliance on digital systems.”

The Path to Recovery

Organizations affected by the outage are working diligently to restore services. Airports, hospitals, banks, and media outlets are prioritizing the reactivation of critical systems to minimize disruption. Some progress has already been made, with certain services coming back online.

In Australia, several services have reported partial restorations. However, the situation remains fluid as IT teams continue to address the underlying issues. “We are seeing some services switched back on, but it will be a gradual process,” said Manstead.

CrowdStrike has advised organizations to communicate with their representatives through official channels to ensure they receive the most accurate and up-to-date information. “We are fully mobilized to ensure the security and stability of CrowdStrike customers,” the company stated in its latest update.

Manstead provided further insight into the recovery process, “It’s not going to be a simple or quick fix. Each organization will need to carefully follow the recommended steps to ensure their systems are fully restored without introducing new vulnerabilities. This will take time, and we should expect some variability in how quickly different sectors recover.”

Looking Ahead

The global IT outage serves as a stark reminder of the vulnerabilities in the interconnected digital world. As companies and critical infrastructure increasingly rely on sophisticated cybersecurity solutions, the potential for widespread disruption from a single point of failure grows.

Manstead highlighted the broader implications for cybersecurity practices, “This incident underscores the importance of having robust contingency plans and redundancy measures in place. Organizations need to regularly test their disaster recovery plans and ensure they can respond swiftly to such widespread disruptions.”

CrowdStrike’s swift response and ongoing efforts to resolve the issue highlight the importance of robust incident management and communication strategies in mitigating the impact of such events. As the world watches the recovery unfold, the incident will likely prompt a reevaluation of contingency plans and redundancy measures across industries to better prepare for future challenges.

“This is a wake-up call for the entire cybersecurity community,” Manstead concluded. “We need to learn from this event and work collaboratively to enhance the resilience of our digital infrastructure. The lessons we take away from this incident will be crucial in preventing similar disruptions in the future.”

]]>
605848
US Bans Kaspersky Products Citing ‘Undue and Unacceptable Risks’ https://www.webpronews.com/us-bans-kaspersky-products-citing-undue-and-unacceptable-risks/ Fri, 21 Jun 2024 00:07:52 +0000 https://www.webpronews.com/?p=605317 As expected, the US has banned Kaspersky products over concerns about the company’s close ties to the Kremlin and the security risk those products pose.

Reuters broke the news earlier today that the Biden administration was on the verge of banning the Russian firm’s products. The Department of Commerce has confirmed the ban, citing “undue and unacceptable risks.”

The Department finds that Kaspersky’s provision of cybersecurity and anti-virus software to U.S. persons, including through third-party entities that integrate Kaspersky cybersecurity or anti-virus software into commercial hardware or software, poses undue and unacceptable risks to U.S. national security and to the security and safety of U.S. persons. Consistent with 15 CFR 7.109(a), the Secretary now issues this Final Determination, which sets forth the Department’s decision, based on the risks presented in the Initial Determination and the subsequent responses and mitigation proposals from Kaspersky.

According to Wired, Commerce secretary Gina Raimondo emphasized that companies using Kaspersky products have done nothing wrong.

“You have done nothing wrong, and you are not subject to any criminal or civil penalties. However, I would encourage you, in as strong as possible terms, to immediately stop using that software and switch to an alternative in order to protect yourself and your data and your family.”

Kaspersky makes some of the most popular and well-reviewed cybersecurity and anti-virus software, used by individuals, corporations, and government entities. The ban will have profound implications on the cybersecurity landscape within the US, and will no doubt have a major impact on the company’s financial outlook.

]]>
605317
Check Point’s Cybersecurity Chief: AI is Our Secret Weapon Against Hackers! https://www.webpronews.com/check-points-cybersecurity-chief-ai-is-our-secret-weapon-against-hackers/ Fri, 07 Jun 2024 16:24:22 +0000 https://www.webpronews.com/?p=605099 In an exclusive interview with CNBC, Gil Shwed, the Founder and CEO of Check Point Software Technologies, provided insights into the current state of the cybersecurity market and the transformative role of artificial intelligence (AI) in product development. Despite a mixed demand environment, Shwed emphasized the importance of cybersecurity solutions and highlighted the innovative strides Check Point is making with AI to enhance data protection.

Navigating a Mixed Demand Environment

Discussing Check Point’s financial outlook, Shwed acknowledged the challenges faced by the broader enterprise software market. “The demand environment is mixed,” he admitted. While general enterprise solutions are facing challenges, the demand for cybersecurity solutions remains very strong.” Despite the cautious approach to guidance, Shwed expressed confidence in Check Point’s pipeline and prospects. “We are seeing a good pipeline and want to be cautious,” he explained, underscoring the company’s strategic prudence amidst market fluctuations.

Shwed elaborated on the factors contributing to the robust demand for cybersecurity solutions. “With the increasing frequency and sophistication of cyberattacks, organizations are more aware than ever of the need for comprehensive security measures,” he said. He pointed to recent high-profile breaches as driving factors behind this heightened awareness and subsequent demand. “Every time a major breach makes headlines, it serves as a wake-up call for businesses about the critical importance of cybersecurity,” Shwed added.

Despite the overall positive outlook for cybersecurity, Shwed emphasized the need for continuous adaptation and innovation. “The cyber threat landscape is constantly evolving, and we need to stay ahead of the curve,” he noted. This dynamic environment requires not only advanced technological solutions but also agile strategies to meet emerging challenges. “Our focus is on developing solutions that can adapt to new threats as they arise,” he said. This proactive approach ensures that Check Point remains a leader in the cybersecurity market.

Shwed also highlighted the importance of balancing short-term performance with long-term strategic goals. “While we are cautious about immediate revenue projections, our long-term strategy is centered around sustainable growth and innovation,” he explained. This balanced approach allows Check Point to navigate current market uncertainties while positioning itself for future success. “We are committed to investing in R&D and expanding our capabilities to meet the evolving needs of our customers,” Shwed affirmed.

In addition to technological advancements, Shwed emphasized the role of customer relationships in navigating the mixed-demand environment. “Building strong, trust-based relationships with our customers is crucial,” he said. “By understanding their specific needs and challenges, we can tailor our solutions to provide maximum value.” This customer-centric approach enhances satisfaction and drives loyalty and long-term partnerships. “Our goal is to be a trusted partner, helping our customers navigate the complex cybersecurity landscape,” Shwed concluded.

Overall, Shwed’s insights paint a picture of a company that is aware of its challenges and equipped with the strategies and innovations needed to thrive. As Check Point continues to navigate the mixed-demand environment, its focus on customer-centric solutions, continuous innovation, and strategic prudence will be key to its ongoing success. “We are optimistic about the future and confident in our ability to deliver cutting-edge cybersecurity solutions,” Shwed affirmed.

Leveraging AI with A.I. Copilot

One of the most exciting developments at Check Point is the rollout of A.I. Copilot, a tool designed to streamline and enhance cybersecurity operations through AI. “We started with A.I. Copilot at the beginning of the year,” Shwed shared. The tool utilizes natural language processing to perform complex tasks requiring significant time and expertise. “An investigation that could take days and changing permissions can all be organized with the interface,” he noted. This simplification of complex processes has been met with positive reception from customers. “We see good reception in the customer interface,” Shwed said, highlighting the practical benefits of AI integration.

Shwed elaborated on the transformative potential of A.I. Copilot in reducing the burden on cybersecurity teams. “A.I. Copilot automates many of the tedious and time-consuming tasks, allowing our security professionals to focus on more strategic and high-impact activities,” he explained. This automation is crucial in an industry where speed and efficiency can mean the difference between thwarting an attack and suffering a breach. “By automating routine tasks, we enable our teams to respond to threats more swiftly and effectively,” he added.

The AI-driven capabilities of A.I. Copilot also extend to predictive analytics and threat intelligence. “A.I. Copilot uses advanced algorithms to predict potential threats before they materialize,” Shwed said. This predictive capability allows organizations to take preemptive measures, enhancing their overall security posture. “Instead of reacting to threats as they occur, we can anticipate and mitigate them, which significantly improves our defensive strategies,” he emphasized.

Customer feedback has been overwhelmingly positive, with many highlighting the tool’s ease of use and effectiveness. “Our customers appreciate how intuitive and user-friendly A.I. Copilot is,” Shwed noted. “They’ve told us that the tool has significantly reduced their workload and improved their operational efficiency.” This positive feedback underscores the real-world impact of A.I. Copilot and its value in enhancing cybersecurity practices. “The ability to quickly organize and analyze data through a user-friendly interface is a game-changer for many of our clients,” Shwed said.

Moreover, Shwed highlighted the importance of improving and adapting A.I. Copilot. “We are committed to continuously enhancing A.I. Copilot’s capabilities based on user feedback and emerging threat landscapes,” he stated. This iterative approach ensures that the tool remains relevant and effective in the face of evolving cyber threats. “As new threats emerge, we are constantly updating A.I. Copilot to ensure it can handle the latest challenges,” he added.

The collaboration with Microsoft Azure and OpenAI has been instrumental in developing and deploying A.I. Copilot. “Working with industry leaders like Microsoft Azure and OpenAI provides us with the cutting-edge technology and infrastructure needed to support A.I. Copilot,” Shwed explained. This partnership ensures that A.I. Copilot is built on a robust and secure platform, offering reliable and scalable solutions to customers. “Our collaboration ensures that A.I. Copilot leverages the best AI technologies available while maintaining strict data privacy standards,” he noted.

A.I. Copilot significantly advances Check Point’s cybersecurity arsenal. By leveraging artificial intelligence, the tool simplifies complex tasks, enhances predictive capabilities, and improves operational efficiency. “A.I. Copilot is a testament to our commitment to innovation and excellence in cybersecurity,” Shwed affirmed. As Check Point continues to refine and expand the capabilities of A.I. Copilot, it stands poised to set new standards in the industry, ensuring robust protection for its clients in an increasingly digital world. “We are excited about the future and the potential of A.I. Copilot to transform cybersecurity operations,” Shwed concluded.

Collaboration with Microsoft Azure and OpenAI

Check Point’s collaboration with Microsoft Azure and OpenAI plays a crucial role in the development and deployment of their AI solutions. “We found the best engine that provides an environment private to our customers,” Shwed explained. Ensuring customer data privacy while leveraging powerful AI capabilities is a priority for Check Point. “Our collaboration ensures that customer data is not shared with others; we have our own universe,” he added. This approach underscores Check Point’s commitment to maintaining high standards of data security and privacy.

Shwed elaborated on the benefits of these partnerships, emphasizing the synergy between Check Point’s cybersecurity expertise and the advanced AI technologies from Microsoft and OpenAI. “Partnering with Microsoft Azure and OpenAI allows us to integrate cutting-edge AI into our cybersecurity solutions seamlessly,” he said. “Their technology provides the robust infrastructure and innovative AI models that enhance our capabilities.” This integration enables Check Point to deliver customers more efficient and effective security solutions.

The collaboration has also facilitated the development of customized AI models tailored specifically to Check Point’s security needs. “Working with OpenAI, we’ve developed bespoke AI models that address the unique challenges of cybersecurity,” Shwed noted. These models are designed to detect and respond to threats more accurately, reducing the likelihood of false positives and improving overall security outcomes. “Our custom AI models are a direct result of the collaborative efforts with OpenAI, leveraging their expertise to enhance our solutions,” he added.

Microsoft Azure’s cloud infrastructure provides the scalability and reliability needed to support Check Point’s AI-driven solutions. “Azure’s cloud platform ensures that our AI solutions can scale to meet the demands of our global customer base,” Shwed explained. This scalability is crucial for providing consistent and reliable service to clients, regardless of size or location. “Whether we’re protecting a small business or a large enterprise, Azure’s infrastructure supports our efforts to deliver top-notch security,” he emphasized.

The partnership also brings together a wealth of resources and knowledge, fostering innovation and continuous improvement. “Collaborating with industry leaders like Microsoft and OpenAI gives us access to the latest research, technology, and best practices,” Shwed said. This access allows Check Point to stay ahead of emerging threats and continuously enhance its security offerings. “The combined expertise of our partners enriches our development process and ensures that we are always at the forefront of cybersecurity innovation,” he added.

Customer feedback on the integrated solutions has been overwhelmingly positive, highlighting the enhanced security and efficiency provided by the collaborative efforts. “Our customers have reported significant improvements in their security operations since integrating our AI-driven solutions,” Shwed stated. The collaboration has enabled Check Point to offer solutions that meet and exceed customer expectations. “By leveraging the strengths of our partners, we’ve been able to deliver security solutions that are both powerful and user-friendly,” he noted.

In conclusion, the collaboration with Microsoft Azure and OpenAI represents a significant strategic advantage for Check Point. By integrating advanced AI technologies and leveraging robust cloud infrastructure, Check Point can offer enhanced cybersecurity solutions that address the evolving threat landscape. “Our partnerships with Microsoft and OpenAI are key to our mission of providing comprehensive and effective security solutions,” Shwed affirmed. As these collaborations continue to evolve, Check Point is well-positioned to lead the industry in innovation and excellence. “We look forward to furthering our partnerships and continuing to deliver cutting-edge solutions to our customers,” Shwed concluded.

Embracing the Platform Strategy

Shwed also addressed Check Point’s strategic shift towards a platform-based approach despite some investor skepticism. “Last quarter, the platform strategy accounted for 10% of revenue; this quarter, it’s 13%,” he revealed. While the term ‘platformization’ has faced resistance from some investors, Shwed defended its importance. “It is very important to level the cybersecurity,” he stated. Integrating various technologies into a cohesive platform provides more effective and comprehensive security solutions. “When we get all of the technologies to collaborate, we have third parties with everything working together,” he explained. This holistic approach is designed to address multiple attack vectors, enhancing overall security.

Shwed elaborated on the necessity of a platform strategy in the current cybersecurity landscape. “Today’s cyber threats are more complex and interconnected than ever before,” he noted. “A fragmented approach with disparate tools and technologies is insufficient to combat sophisticated attacks.” By unifying these tools within a single platform, Check Point ensures that all aspects of cybersecurity are covered. “Our platform approach allows for seamless integration and communication between different security components, creating a more robust defense mechanism,” he added.

This platform strategy also facilitates better threat intelligence and faster response times. “With a unified platform, we can aggregate data from various sources and analyze it more efficiently,” Shwed explained. “This comprehensive view enables us to detect threats earlier and respond more quickly.” The ability to correlate data across different security layers provides deeper insights and more effective threat mitigation. “Our customers benefit from a holistic security posture that adapts to emerging threats in real time,” he emphasized.

Customer feedback has been a significant driver of the platform strategy’s development. “We’ve listened to our customers and their need for integrated solutions,” Shwed said. Many organizations struggle with managing multiple security vendors and tools, leading to inefficiencies and gaps in coverage. “Our platform strategy simplifies their security architecture, reducing complexity and operational overhead,” he added. This customer-centric approach has helped Check Point build stronger relationships and trust within the industry.

The platform strategy also supports scalability and flexibility, essential for businesses of all sizes. “Whether you’re a small business or a large enterprise, our platform can scale to meet your specific security needs,” Shwed pointed out. This adaptability ensures that organizations can tailor their security measures to their unique requirements without compromising on protection. “Our platform provides the flexibility to integrate additional technologies and adapt to new threats as they arise,” he said.

Moreover, Shwed highlighted the economic advantages of a platform approach. “By consolidating multiple security functions into a single platform, we can offer more cost-effective solutions,” he explained. This consolidation reduces customers’ total cost of ownership, making advanced cybersecurity more accessible. Our goal is to provide high-quality security solutions that deliver value without breaking the bank,” he emphasized.

In embracing the platform strategy, Check Point fosters greater cybersecurity community collaboration. “We are partnering with other technology providers to enhance our platform’s capabilities,” Shwed noted. This collaborative effort ensures that Check Point’s platform remains at the cutting edge of innovation. “By working together, we can leverage each other’s strengths and provide the best possible protection for our customers,” he added.

In conclusion, the platform strategy represents a pivotal shift in Check Point’s approach to cybersecurity. By integrating various technologies into a cohesive, scalable, and cost-effective platform, Check Point addresses the complexities of modern cyber threats more effectively. “Our platform strategy is about unifying our tools and technologies to provide comprehensive security solutions,” Shwed affirmed. As Check Point continues to refine and expand its platform, it is poised to lead the industry in delivering robust and adaptive cybersecurity measures. “We are committed to advancing our platform strategy and helping our customers stay ahead of the curve in cybersecurity,” Shwed concluded.

The Future of Cybersecurity

Looking ahead, Shwed emphasized the ongoing evolution of cyber threats and the need for innovative solutions to stay ahead. “The landscape is changing, and threat actors are evolving,” he said. Continuous investment in AI and platform strategies is crucial to avoid these threats. “We should keep coming back and investing in partnerships with customers and organizations to benefit from collective knowledge and resources,” he added. This forward-looking perspective reflects Check Point’s commitment to leading the industry in cybersecurity innovation.

Shwed highlighted the importance of artificial intelligence in shaping the future of cybersecurity. “AI is a game-changer for cybersecurity,” he asserted. “It allows us to predict and respond to threats more quickly and accurately than ever.” The integration of AI not only improves threat detection but also enhances response times, enabling organizations to mitigate risks before they escalate. “By leveraging AI, we can stay one step ahead of cyber criminals and protect our customers more effectively,” Shwed emphasized.

Collaboration and information sharing within the cybersecurity community will be critical in the future. “No single entity can tackle these threats alone,” Shwed noted. “Collaboration is key to staying ahead of cybercriminals.” By sharing insights and best practices, organizations can enhance their collective defenses and respond more effectively to emerging threats. “We need to work together to create a stronger, more resilient cybersecurity ecosystem,” he said. This collaborative approach is essential for building a united front against increasingly sophisticated cyber adversaries.

Shwed also pointed to the growing significance of regulatory compliance and data privacy in cybersecurity. “Regulations are becoming stricter, and organizations must ensure they comply with these evolving standards,” he explained. Ensuring data privacy and regulatory compliance will continue to be a priority for businesses globally. “Our solutions are designed to help organizations meet these requirements and safeguard their data against unauthorized access,” Shwed stated.

Emerging technologies such as quantum computing are also on the horizon, presenting opportunities and challenges for cybersecurity. “Quantum computing has the potential to revolutionize many fields, including cybersecurity,” Shwed remarked. “However, it also poses new risks that we need to prepare for.” Developing quantum-resistant encryption and other advanced security measures will be crucial as this technology becomes more prevalent. “We are already exploring ways to protect against the potential threats posed by quantum computing,” he added.

The human element remains a vital component of effective cybersecurity strategies. “Technology alone cannot solve all our problems,” Shwed emphasized. “We need skilled professionals who can understand and respond to threats in real-time.” Investing in cybersecurity education and training is essential to ensure a pipeline of talented individuals ready to tackle the challenges of tomorrow. “Our commitment to developing the next generation of cybersecurity experts is unwavering,” Shwed said.

In conclusion, the future of cybersecurity is marked by continuous evolution, innovation, and collaboration. Check Point’s focus on integrating advanced technologies such as AI, fostering partnerships, and staying ahead of emerging threats positions it as a leader in the industry. “The challenges are significant, but so are the opportunities,” Shwed concluded. “By working together and leveraging our collective expertise, we can create a safer and more secure digital world.” As the cybersecurity landscape continues to evolve, Check Point is committed to being at the forefront of these developments, ensuring robust protection for its customers. “We are optimistic about the future and confident in our ability to deliver cutting-edge cybersecurity solutions,” Shwed affirmed.

]]>
605099
April Windows Update Is Interfering With VPN Connections https://www.webpronews.com/april-windows-update-is-interfering-with-vpn-connections/ Thu, 02 May 2024 21:16:15 +0000 https://www.webpronews.com/?p=604133 Microsoft is warning that some users are experiencing problems connecting to VPN services after the April security update (KB5036893).

Users began having issues after applying the latest update, and Microsoft has confirmed the issue. The company says the April security updates appear to be the problem, and it is working on a solution.

Windows devices might face VPN connection failures after installing the April 2024 security update (KB5036893) or the April 2024 non-security preview update.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

The issue appears to be widespread and appears to impact virtually all of Microsoft’s lineup.

Client: Windows 11, version 23H2; Windows 11, version 22H2, Windows 11, version 21H2, Windows 10, version 22H2, Windows 10, version 21H2.

Server: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008.

]]>
604133
96% of Third-Party Cloud Container Apps Have Known Vulnerabilities https://www.webpronews.com/96-of-third-party-cloud-container-apps-have-known-vulnerabilities/ Mon, 04 Mar 2024 02:01:35 +0000 https://www.webpronews.com/?p=512280

A whopping 96% of third-party cloud container apps have known vulnerabilities, highlighting ongoing cloud security challenges.

Cloud computing is often touted as more secure than traditional options. Unfortunately, this is only true if all parties involved make security a prime objective.

According to Palo Alto Networks’ Unit 42 team, some 96% of third-party container apps have known vulnerabilities. In addition, 63% of third-party code templates contain insecure configurations.

The news is especially concerning given the rise of supply chain attacks. Hackers are increasingly targeting widely used, third-party software, services, containers and plugins. Successfully compromising a single vendor who’s product is used by thousands of customers can have a far greater impact than compromising a single target.

Unit 42 highlights the danger of supply chain cloud attacks:

In most supply chain attacks, an attacker compromises a vendor and inserts malicious code in software used by customers. Cloud infrastructure can fall prey to a similar approach in which unvetted third-party code could introduce security flaws and give attackers access to sensitive data in the cloud environment. Additionally, unless organizations verify sources, third-party code can come from anyone, including an Advanced Persistent Threat (APT).

Organizations that want to stay secure must start making DevOps security a priority:

Teams continue to neglect DevOps security, due in part to lack of attention to supply chain threats. Cloud native applications have a long chain of dependencies, and those dependencies have dependences of their own. DevOps and security teams need to gain visibility into the bill of materials in every cloud workload in order to evaluate risk at every stage of the dependency chain and establish guardrails.

]]>
512280
Oracle CIO: Every Enterprise Has the Security it Deserves https://www.webpronews.com/oracle-cio-security-2/ Wed, 29 Nov 2023 14:25:45 +0000 https://www.webpronews.com/?p=495340 “Every Enterprise has the security it deserves,” says Oracle Chief Information Officer Mark Sunday. “It begins at the very top. It truly begins with the board, CEO, and the Executive Committee to set the culture and to ensure that the people, process, technology, and the governance processes are in place to ensure the security of customers, companies, and employees information.”

Mark Sunday, CIO of Oracle, discussed the increasing need for enterprises to take a holistic, comprehensive, and automated approach towards information security in an interview with Michael Krigsman of CXOTALK:

Security is Increasingly a Big Part of the Discussion

It’s really been interesting to see the dramatic change in the awareness around security. Quite frankly, the threats have gotten much greater. Security is increasingly a big part of the discussion. If I look at the one area that my organization has increased year on year on year, it’s what we’re investing in security. We’re the norm in that. We’re not the exception. Then also the increased sophistication of the threats, the increased sophistication of the tooling, and so forth required, is putting more and more focus on this. It really becomes job one.

I think that boards have now become aware and that they are accountable to assure that the people, the processes, the technology, that all the steps that one needs to do in order to ensure the integrity, confidentially, privacy, and security, of not only a customer’s data, the company’s data, but in fact the employees data as well.

Security is Not Just the Role of the CIO

Security is getting its place at the table, whether it’s within the IT organizations, at the corporate level, or at the board level. Security has always been something that’s been out there, something that we’ve had to take into account, but more recently there have certainly been more high profile incidents that have highlighted just what the impact of security can have. But also it’s been highlighted that you need to have the focus that security is not just the role of the CIO, not just the role of the CISO, but it’s everyone’s responsibility.

It begins with making people aware of what they need to do, what the threats and the vulnerabilities are, and what their role is in defending against that. Security needs to be built into every line of code we write, every configuration we enable, every computer that we manage the configuration asset the patching level on and the updates on. It affects essentially most roles within the organization.

Every Enterprise Has the Security it Deserves

Just given the scale, size, complexity, and the opportunity for human error, you really need to take a holistic, comprehensive, and automated approach towards how you deal with configuration management, change management, and vulnerability management. All of these are key aspects. It’s very difficult if it’s done you know manually. You have to look at a comprehensive program that allows you to simplify, standardize, centralize, and automate all the aspects of how you deal with those things that you know could expose your company to security and privacy concerns.

Every Enterprise has the security it deserves. It begins at the very top. It truly begins with the board, CEO, the Executive Committee, to set the culture and to ensure that the people, process, technology, and the governance processes are in place to ensure the security of customers, companies, and employees information.

Oracle CIO Mark Sunday: Every Enterprise Has the Security it Deserves

Related Articles:

Huge Volume of IoT Data Managed via AI Creates Real Value, Says Oracle VP

Oracle CEO: Applications Market Changes Significantly As It Moves to Cloud

Oracle CEO: Three Big Things in the Gen 2 Cloud… Security, Security, Security

]]>
588577
Washington AG: T-Mobile Uncooperative in Security Probe https://www.webpronews.com/washington-ag-t-mobile-uncooperative-in-security-probe/ Fri, 16 Jun 2023 12:30:00 +0000 https://www.webpronews.com/?p=524289 Washington State Attorney General Bob Ferguson says T-Mobile has been refusing to provide the documentation needed for a security probe.

T-Mobile suffered a massive data breach in 2021, one that impacted some 76 million Americans and led to a $350 million settlement. Law enforcement has been investigating the incident, but the Washington AG says the carrier has not been cooperating, according to GeekWire.

“Throughout this investigation, T-Mobile has either provided insufficient responses, or refused to respond outright, to the State’s Civil Investigative Demands (CIDs), all while continuing to suffer repeated data breaches,” alleges the AG’s office in the filing.

As the filing mentions, T-Mobile has continued to suffer breaches since the 2021 incident, including one disclosed in January 2023 and another in May 2023. To make matters worse, hackers claim to have accessed T-Mobile’s systems more than 100 times in 2022 alone.

Of the top three carriers in the US, T-Mobile easily has the worst security track record over the last couple of years. Withholding documents from law enforcement officials investigating one of these incidents is certainly not a good look for the magenta carrier.

]]>
524289
US Has No National Cyber Director and the White House Is Silent About It https://www.webpronews.com/us-has-no-national-cyber-director-and-the-white-house-is-silent-about-it/ Wed, 14 Jun 2023 23:30:15 +0000 https://www.webpronews.com/?p=524083 The US has yet to fill the role of National Cyber Director in the four months since Chris Inglis resigned, and it’s worrying some lawmakers.

According to Axios, Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wis.) sent a letter to President Biden questioning why Inglis’ replacement had not been selected, and urging the President to nominate acting director Kemba Walden.

Despite the letter, the White House has been noticeably silent on the issue.

“I’m really puzzled; I just don’t know what’s going on,” King told Axios. “This is an important job, and it’s an important moment and they have a highly qualified, able acting director.”

It’s unusual for such an important role to go unfilled, especially when there’s bipartisan support for an existing candidate. The silence is especially telling given how much emphasis the Biden administration has placed on cybersecurity.

Sen. King believes the silence may speak to internal pressure or objections that may be in play.

“The lack of an appointment itself indicates that there’s some reluctance, when there’s an obvious nominee waiting in the wing,” King said. “I’m not going to speculate on what the cause is, but all I’m going to say is that it’s a dangerous lapse, and it’s resolvable.”

]]>
524083
Microsoft Details macOS Vulnerability That Could Bypass SIP https://www.webpronews.com/microsoft-details-macos-vulnerability-that-could-bypass-sip/ Tue, 13 Jun 2023 20:37:19 +0000 https://www.webpronews.com/?p=524022 Microsoft has provided details on a new macOS vulnerability, one that could be used to bypass System Integrity Protection (SIP).

SIP is a key component in macOS security, ensuring the system cannot run unauthorized code or applications. According to Microsoft, a bug in the macOS migration process could be used to bypass SIP altogether.

The company outlined its findings in a blog post:

A new vulnerability, which we refer to as “Migraine” for its involvement with macOS migration, could allow an attacker with root access to automatically bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device.

Microsoft’s entire blog post outlining the steps they took to find and evaluate the vulnerability is a very lengthy read. However, there are several potential ramifications:

  • A SIP exploit can be used to create undetectable malware.
  • SIP exploits provide a path “for attackers to gain arbitrary kernel code execution.”
  • SIP exploits can allow hackers to enable rootkits and bypass anti-tampering measures.
  • Such exploits can be used to bypass Transparency, Consent, and Control (TCC) policies.

Microsoft has already notified Apple, and a fix was included in the May 18, 2023 security update. Needless to say, all users should update immediately.

]]>
524022
Cybersecurity Issues: The World’s Largest Data Breaches https://www.webpronews.com/largest-data-breaches/ Tue, 13 Jun 2023 13:58:05 +0000 https://www.webpronews.com/?p=523774 Data breaches are surprisingly common, even in today’s age when cyber security seems to be at its best. In fact, in just the first ten months of 2022, over 15 million global data records have been exposed, leaked, lost, or stolen worldwide. Countries across the globe have suffered from data breaches. China has lost over 350 million data records, Australia over 50 million, and the United Kingdom nearly 150 million. However, nearly two thirds of all global data loss has occurred in the United States, totaling to almost 65% of all records lost. 

States With the Most Data Breaches

On an individual state basis, California, Oregon, Maryland, Georgia, and Virginia have suffered the most losses. However, nearly every state across the U.S. has suffered losses in the millions, some even in the billions. In an attempt to tackle this problem, experts have identified the major causes of data loss in the United States. One reason is human error, as many companies or organizations suffer from employees that are prone to accidental deletion or misclicks, or simply have a lack of training. Another cause is malware. Phishing is far too common in the online space, as is spoofing and ransomware. The final main cause is unexpected events, such as hardware failure, software glitches, or external natural disasters.

Looking at Data Breaches on a Global Scale

Although countries around the globe, much like the United States, suffer from data loss, countries aren’t the only entities that are affected. In fact, 45% of retailers have reported an increased size, severity, and scope of cyber attacks against their data. In addition, between 2021 and 2022, over 5,000 global businesses experienced and confirmed data loss within their company. This is a widespread issue, as important industries like finance, healthcare, public administration, manufacturing, and transportation are all heavily affected by this crisis. Some examples of these data breaches are the finance incident in Ukraine or the transportation incident in Japan. In Ukraine in 2018, 100GB of data was exfiltrated from a loan services company. In 2022 in Japan, Toyota lost 300,000 customers’ emails to hackers.

Data loss is not a new concept to our global society, as we have destroyed or lost plenty of historical data over the years. Perhaps the most famous and devastating data breach in history was the burning of the Library of Alexandria, losing an estimated 571.4GB of data in one fell swoop. Other examples include, but are not limited to, the destruction of the Royal Library of Ashurbanipal or the loss of the Maya Religious Codices. 

Conclusion

It is clear that data loss remains both a global and historical certainty, regardless of whether that loss is physical or digital. There is no way of ensuring that data is never lost, leaked, or stolen, but it is beneficial to be prepared for the possibility of these tragedies. In a world that is largely based online and the value of digital assets increases, the risk for these cybersecurity breaches also increases. Whether it is personal data or company data, cyber security affects us all, and is an important factor to consider when moving forward with data storing and sharing.

The World's Largest Data Breaches ]]>
523774
Mullvad Browser Review: Does the Browser Deliver on Privacy? https://www.webpronews.com/mullvad-browser-review-does-the-browser-deliver-on-privacy/ Mon, 22 May 2023 17:27:41 +0000 https://www.webpronews.com/?p=523839 Mullvad Browser was released in early April, the latest entry in the web browser market, and one focused on protecting the privacy and security of its users.

Mullvad is well known for its VPN service, being one of the few VPNs worth the money and the one WPN consistently recommends. The company has a long record of transparency, passing third-party audits, and generally providing exactly the security and privacy it promises.

The company has built on that success with its very own web browser, developed in partnership with the Tor Project, to help people take their online security and privacy to the next level. The company explained the thinking behind the partnership:

The Tor Network offers great protection for privacy and the Tor Browser is, in our view, the best privacy-focused browser you can choose. The problem is, for those who prefer to run a VPN instead of the Tor Network, there hasn’t been a good browser alternative. Until now.

When we reached out to the Tor Project, our goal was to give VPN users the browser quality of the Tor Browser – paired with the benefits of using a VPN. And all to give people more alternatives for privacy. So, here we are. The result: a Tor-developed browser produced to minimize fingerprinting and tracking. Without using The Tor Network. To free the internet from big data gathering.

So what is Mullvad, and how does it stack up to the competition?

What Is Mullvad?

At its core, Mullvad Browser is a heavily modified version of Firefox. This is a good thing for a couple of reasons:

  1. Basing Mullvad Browser on Firefox is good for the internet. With the rise of Chrome and browsers based on Chrome’s engine, there is a real threat of the web becoming another duopoly, with web browsers split between Chrome-based and Apple Safari-based. Using Firefox as Mullvad Browser on Firefox is a small step toward supporting web browser diversity.
  2. Although it’s not nearly as popular as it once was, Firefox is still popular enough that most people are familiar with its settings, making it easy to dive into Mullvad Browser.
  3. Given the sheer number of Chrome vulnerabilities, basing Mullvad Browser on Firefox is a wise choice, especially for an application specifically designed for security and privacy.

How Does It Work?

Advertising and data mining companies try to build a profile of an internet user based on numerous categories, including their device hardware, operating system, web browser, and more. This process is known as “fingerprinting.”

To protect user privacy, a web browser must help thwart the fingerprinting process. The Electronic Frontier Foundation (EFF) explains that this can be done in two different ways, either with a fingerprint that is:

  • so common that a tracker can’t tell you apart from the crowd (as in Tor Browser), or
  • randomized so that a tracker can’t tell it’s you from one moment to the next (as in Brave browser).

Needless to say, given the partnership with the Tor Project, Mullvad Browser uses the first option. Based on the EFF’s test results, the browser does quite well at offering the level of protection it promises.

Mullvad Browser EFF Privacy Score

Mullvad Browser has Private Browsing enabled by default. That means that no data is saved from one session to the next. While this can be inconvenient since it means you will be logged out of any sites you logged into the previous session, it also means that trackers won’t be able to learn anything from you based on saved cookies.

While Firefox may not send a lot of telemetry back to Mozilla, it does still send some information designed to help Mozilla improve Firefox’s performance. Mullvad disables all telemetry by default.

Mullvad Browser Security Settings

Mullvad Browser also includes the excellent uBlock Origin extension to help block ads and trackers.

Using the browser with a VPN completes the security and privacy protection, although users do not have to use Mullvad’s VPN. The browser is designed to work with any VPN.

Mullvad explains the difference between using Mulvad Browser with a VPN and using a Tor browser:

The short explanation: if you use the Mullvad Browser, you are using a Tor-developed browser without using the Tor Network. Instead, the Mullvad Browser is intended to run with a VPN. That’s the main difference. Sure, there are a few calibration differences between the two browsers – but the differences are there for only that reason; to handle the browsers’ different ways of connecting to the internet.

Should You Use Mullvad Browser?

For anyone interested in protecting their online privacy and security, Mullvad Browser should be an important tool in their repertoire.

Could you duplicate Mullvad Browser’s features in other browsers? For the most part, yes. But Mullvad has done all the work for you, delivering a solid application that lives up to what it promises…much like their VPN.

Will most individuals use the browser as their primary? Probably not. For many users, remaining logged into their favorite sites is probably too much of a convenience to use Mullvad Browser — or any browser in private mode — full-time.

Nonetheless, when doing anything online when privacy is paramount, Mullvad Browser is hard to beat. It offers near Tor-like privacy and anonymity in a convenient, easy-to-use application that virtually anyone will be comfortable with.

Availability

Mullvad Browser is available on Linux, Windows, and macOS. The Linux version can be downloaded via the Mullvad website or installed via Flatpak.

Rating

Anyone concerned with online privacy and security should download and install Mullvad Browser immediately.

5 out of 5 stars

]]>
523839
Microsoft Is Scanning the Contents of Password-Protected Zip Archives https://www.webpronews.com/microsoft-is-scanning-the-contents-of-password-protected-zip-archives/ Tue, 16 May 2023 15:53:03 +0000 https://www.webpronews.com/?p=523689 Microsoft is scanning password-protected and encrypted zip archives for malware, according to reports from security researchers.

Andrew Brandt, Principle Researcher at SophosLabs, took to Mastodon to report the issue:

Well, apparently #microsoft #Sharepoint now has the ability to scan inside of password-protected zip archives.

How do I know? Because I have a lot of Zips (encrypted with a password) that contain malware, and my typical method of sharing those is to upload those passworded Zips into a Sharepoint directory.

This morning, I discovered that a couple of password-protected Zips are flagged as “Malware detected” which limits what I can do with those files – they are basically dead space now.

As Brandt points out, the practice has major repercussions for security researchers and malware analysts’ ability to share the files their work depends on:

While I totally understand doing this for anyone other than a malware analyst, this kind of nosy, get-inside-your-business way of handling this is going to become a big problem for people like me who need to send their colleagues malware samples. The available space to do this just keeps shrinking and it will impact the ability of malware researchers to do their jobs.

Hopefully, Microsoft will adjust their policy to allow exceptions for security researchers.

In the meantime, the news should serve as a caution to users who rely on password protection to keep their files private and secure on Microsoft’s cloud platform.

]]>
523689
Microsoft’s May 2023 Patch Tuesday Fixes 38 Vulnerabilities https://www.webpronews.com/microsofts-may-2023-patch-tuesday-fixes-38-vulnerabilities/ Wed, 10 May 2023 15:46:40 +0000 https://www.webpronews.com/?p=523614 Microsoft has fixed a total of 38 vulnerabilities with its May 2023 Patch Tuesday, including one zero-day and eight likely to be exploited.

According to Hacker News, six of the vulnerabilities are rated Critical and 32 are Important. The most important is CVE-2023-29336, which is being actively exploited in the wild, although just how much is still unknown:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

All users should update immediately to protect their systems.

]]>
523614
City of Dallas Crippled by Ransomware Attack https://www.webpronews.com/city-of-dallas-crippled-by-ransomware-attack/ Fri, 05 May 2023 12:30:00 +0000 https://www.webpronews.com/?p=523476 The City of Dallas has confirmed it has suffered a ransomware attack, one that has taken out critical services.

Dallas issued a media advisory detailing the attack, as well as the impacted services;

Wednesday morning, the City’s security monitoring tools notified our Security Operations Center (SOC) that a likely ransomware attack had been launched within our environment. Subsequently, the City has confirmed that a number of servers have been compromised with ransomware, impacting several functional areas, including the Dallas Police Department Website. The City team, along with its vendors, are actively working to isolate the ransomware to prevent its spread, to remove the ransomware from infected servers, and to restore any services currently impacted. The Mayor and City Council was notified of the incident pursuant to the City’s Incident Response Plan (IRP). The City is currently working to assess the complete impact, but at this time, the impact on the delivery of City services to its residents is limited. Should a resident experience a problem with a particular City service, they should contact 311. For emergencies, they should contact 911.

Ransomware gangs have increasingly been targeting cities, hospitals, and local governments, with many of them providing softer targets than multi-billion dollar corporations and major government agencies.

]]>
523476
Google Obtains US Court Order Against Cryptbot https://www.webpronews.com/google-obtains-us-court-order-against-cryptbot/ Fri, 28 Apr 2023 21:41:23 +0000 https://www.webpronews.com/?p=523315 Google obtained a temporary court order from the US to disrupt the distribution of Cryptbot, a Windows-based malware responsible for infecting and stealing information from over 670,000 computers in 2022.

The malware was first discovered in December 2019 by Bleeping Computer, nested inside modified Inter VPN Pro software on a false website.

In a press release, Google’s Mike Trinh and Pierre-Marc Bureau stated:

“Last year, we shared details about our success in holding operators of the Glupteba botnet responsible for their targeting of online users. We noted that our work was not done and that we would continue raising awareness around issues and working to disrupt groups looking to take advantage of users. Today, we’re sharing another milestone in that work.”

The court order, granted by a federal judge in the Southern District of New York, gives Google the authority to “take down current and future domains that are tied to the distribution of Cryptbot.”

Google finds itself an unwitting accomplice to the spread, as CryptBot uses unofficially modified versions of Google Earth Pro and Google Chrome hosted on phishing websites. CryptoBot has pillaged authentication credentials, social media account login info, and cryptocurrency wallets from Google Chrome.

To combat the threat, Trinh and Bureau provided basic but evergreen pointers when considering any software download:

Download from well-known and trusted sources: Only download software from the official website or app store and take Chrome Safe Browsing warnings seriously.

Read reviews and do your research: Before downloading any software, do research on the product, and read reviews from others who have already downloaded and used the software.

Keep your operating system and software up-to-date: Make sure to regularly update your device’s operating system and software to the latest version. Updates often include security patches and bug fixes that can help protect from threats.

These actions come shortly after Google’s December 2021 legal efforts to shut down the command-and-control infrastructure associated with a botnet called Glupteba. However, the malware resurfaced a mere six months later, with Nozomi Networks reporting “a tenfold increase in TOR hidden service being used as C2 servers since the 2021 campaign.”

Time will tell if Google’s efforts to halt CryptBot’s spread yield productive efforts or if the malware proves to be another Hydra multiplying with each strike.

]]>
523315
Microsoft Expanding Efforts to Bring Women Into Cybersecurity https://www.webpronews.com/microsoft-expanding-efforts-to-bring-women-into-cybersecurity/ Mon, 24 Apr 2023 15:28:01 +0000 https://www.webpronews.com/?p=523172 Microsoft is expanding its efforts to bring more women into the cybersecurity field with its Cybersecurity Skills Initiative.

Cybersecurity is one of the fastest-growing segments of the IT industry, but supply is struggling to meet demand.

“The past few years have seen cybercriminals target the media, businesses, and governments, and the volume is staggering,” writes Kate Behncken – Corporate Vice President, Microsoft Philanthropies. “As we cited in our Digital Defense Report last year, the volume of password attacks has risen to an estimated 921 attacks every second – a 74% increase in just one year. Cyberattacks often have devastating impacts – the average cost of a cyber breach has reached $4.35 million.

“At the same time, we are facing a global cybersecurity skills crisis. Demand for cybersecurity skills has grown by an average of 35% over the past year. And in some countries, like Brazil, demand has grown as much as 76%. We simply don’t have enough people with the skills to defend against cybersecurity attacks, putting people, businesses, and governments around the world at risk.”

To help meet the ever-growing need, the company is expanding its program to additional countries, with a focus on training underrepresented groups. Like much of the tech industry, cybersecurity traditionally has a much smaller percentage of women than other fields.

“In addition to expanding the skilling program to more countries, we are also focusing on helping historically underrepresented populations enter the cybersecurity workforce,” continues Behncken. “Specifically, the opportunity for women to work in cybersecurity is huge. Today, women make up only 25% of the global cybersecurity workforce so it’s more important than ever to encourage and empower women to pursue these careers.”

Behncken goes on to highlight several specific initiatives:

  • WOMCY, a nonprofit focused on cybersecurity opportunities for women in Latin America
  • Women4Cyber, a foundation aimed at increasing women’s role in cybersecurity in Europe
  • The International Telecommunications Union – a UN agency – supporting their [Women in Cyber Mentorship Program](Women in Cyber Mentorship Program) with a special focus on Africa, Asia, and the Middle East
  • WiCyS, a global community of women, allies, and advocates dedicated to recruiting, training, and advancing women in cybersecurity
  • The company is also working with organizations in Poland, such as the Kosciuszko Institute, to help train women — including Ukrainian refugees — in cybersecurity.
]]>
523172
WhatsApp, Signal, and Others Pen Objection to UK Online Bill https://www.webpronews.com/whatsapp-signal-uk-bill/ Tue, 18 Apr 2023 14:59:29 +0000 https://www.webpronews.com/?p=523084 WhatsApp, Signal, and other encrypted messaging services are voicing their concern about a UK bill that “could break end-to-end encryption.”

End-to-end encryption (E2EE) is a fundamental feature of many communication platforms, ensuring that only the intended participants can read and access a conversation. The UK government has expressed its support for strong encryption, but its Online Safety Bill stands at odds with that position, threatening to eliminate E2EE.

In response, the leading names in online messaging have penned an open letter objecting to the bill:

To anyone who cares about safety and privacy on the internet.

As end-to-end-encrypted communication services, we urge the UK Government to address the risks that the Online Safety Bill poses to everyone’s privacy and safety. It is not too late to ensure that the Bill aligns with the Government’s stated intention to protect end-to-end encryption and respect the human right to privacy.

The companies then go on to highlight the stakes, as well as the threat the current bill poses:

Around the world, businesses, individuals and governments face persistent threats from online fraud, scams and data theft. Malicious actors and hostile states routinely challenge the security of our critical infrastructure. End-to-end encryption is one of the strongest possible defenses against these threats, and as vital institutions become ever more dependent on internet technologies to conduct core operations, the stakes have never been higher.

As currently drafted, the Bill could break end-to-end encryption, opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone’s ability to communicate securely.

The Bill provides no explicit protection for encryption, and if implemented as written, could empower OFCOM to try to force the proactive scanning of private messages on end-to-end encrypted communication services – nullifying the purpose of end-to-end encryption as a result and compromising the privacy of all users.

In short, the Bill poses an unprecedented threat to the privacy, safety and security of every UK citizen and the people with whom they communicate around the world, while emboldening hostile governments who may seek to draft copy-cat laws.

The letter then tackles the claims that strong encryption can co-exist with surveillance, pointing to third-party criticism of the UK bill:

Proponents say that they appreciate the importance of encryption and privacy while also claiming that it’s possible to surveil everyone’s messages without undermining end-to-end encryption. The truth is that this is not possible.

We aren’t the only ones who share concerns about the UK Bill. The United Nations has warned that the UK Government’s efforts to impose backdoor requirements constitute “a paradigm shift that raises a host of serious problems with potentially dire consequences”

Even the UK Government itself has acknowledged the privacy risks that the text of the Bill poses, but has said its “intention” isn’t for the Bill to be interpreted this way.

The UK’s Online Safety Bill is simply the latest attempt by lawmakers and regulators to have the best of both worlds, which, unfortunately, is not mathematically possible. As the letter states, it is simply a mathematical impossibility for encryption to simultaneously be strong and allow surveillance…regardless of how admirable the reasons for that surveillance may be.

Ultimately, weakening encryption for any reason weakens it for all and will have profound repercussions for online security.

]]>
523084