Daily Archives: January 11, 2021

Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor

As the investigation into the SolarWinds supply-chain attack continues, cybersecurity researchers have disclosed a third malware strain that was deployed into the build environment to inject the backdoor into the company's Orion network monitoring platform. Called "Sunspot," the malignant tool adds to a growing list of previously disclosed malicious software such as Sunburst and Teardrop. "This

Digital Inheritance

What happens to our digital presence when we die or become incapacitated? Many of us have or know we should have a will and checklists of what loved ones need to know in the event of our passing. But what about all of our digital data and online accounts? Consider creating some type of digital will, often called a "Digital Inheritance" plan.

Researchers Find Links Between Sunburst and Russian Kazuar Malware

Cybersecurity researchers, for the first time, may have found a potential connection between the backdoor used in the SolarWinds hack to a previously known malware strain. In new research published by Kaspersky researchers today, the cybersecurity firm said it discovered several features that overlap with another backdoor known as Kazuar, a .NET-based malware first documented by Palo Alto

Steps for PCI DSS Gap Analysis

Complying with Standards drawn by the Payment Card Industry Security Standards Council can be complicated and time-consuming. But, with a PCI DSS Gap Analysis, the process becomes a lot easier, streamlined, and less exhaustive. PCI Gap Analysis is the first step towards the Compliance process. The assessment provides details on your current security posture against what […]… Read More

The post Steps for PCI DSS Gap Analysis appeared first on The State of Security.

HP Elite Dragonfly G2 and Max take off at CES 2021

HP’s new Elite Dragonfly G2 and Dragonfly Max laptops include new remote work enhancements.

Device HP Elite Dragonfly G2 HP Elite Dragonfly Max
CPU Up to 11th-gen Intel Core i7 vPro processor Up to 11th-gen Intel Core i7 vPro processor
GPU Intel Iris Xe graphics  Intel Iris Xe graphics
Display
  • 13.3-inch, 1920 x 1080p, 400 nits, low power
  • 13.3-inch, 1920 x 1080p, 1000 nits, HP Sure View Reflect
  • 13.3-inch, HDR400, 3840 x 2160, 550 nits
13.3-inch, 1920 x 1080p, IPS, 1000 nits, HP Sure View Reflect privacy screen
Memory Up to 32GB LPDDR4 Up to 32GB LPDDR4
Storage Up to 2TB Up to 2TB
Battery TBD 56.2Wh
Ports 1x USB 3.1 Gen 1, 2x USB-C (Thunderbolt 3), 1x HDMI 1.4b, 1x nano SIM 1x USB 3.1 Gen 1, 2x USB-C (Thunderbolt 3), 1x HDMI 1.4b, 1x nano SIM
Weight Starting at 1kg (2.2lbs) Starting at 1.13kg (2.49lbs)
OS Up to Windows 10 Pro Windows 10 Pro
Price TBD TBD

Elite Dragonfly G2

HP Elite Dragonfly G2

When the first Elite Dragonfly hit the market, its lightweight and attractive design swooned commercial and personal users alike. The Elite Dragonfly G2 retains its predecessor’s design language and tacks on a ton of new features.

The chassis is still made using magnesium alloy and weighs under a kilogram. But under the hood, the Dragonfly G2 now uses Intel’s 11th-gen Tiger lake vPro processors. It also expands memory support to 32GB, double that of the previous generation. The touchpad is now backlit and the keyboard spill-resistant.

Users can configure their device with a 13.3-inch 400 nits 1080p display or a 550 nits 4K display. For those who work in bright environments, HP also offers a 1080p display option that can reach 1000 nits with HP’s privacy screen that shields the display from prying eyes. All displays are covered using Corning’s Gorilla Glass 5 and are compatible with the HP Pen.

Hardware aside, the Elite Dragonfly G2 now supports on-lap detection, intrusion detection, and enhanced sound and AI noise cancellation.

There are some sidegrades as well—for example, the manual webcam shutter slider. Instead, the Elite Dragonfly G2 features a dedicated key on the keyboard to turn the webcam on and off. The webcams still boast an IR sensor for Windows Hello sign in.

Designed as an always-connected device, the Dragonfly G2 accompanies a 4G and 5G radio alongside Wi-Fi to ensure that the Zoom meeting is never interrupted.

Elite Dragonfly Max

HP Elite Dragonfly Max

The Dragonfly Max has all the benefits of the Dragonfly G2 and then some. In addition to the updated performance and features, the Dragonfly Max also comes with a sharper 5MP webcam. It also features four microphones to capture sound from multiple directions and participants. It also features HP Eyease, a blue light filter typically found on HP’s business monitors.

The extra functionalities do come at the cost of a slight weight increase. Moreover, the Dragonfly Max has only a single 1080p display option.

Availability

The HP Dragonfly G2 is coming to Canada in late January. The Dragonfly Max will follow in April. Pricing will be announced closer to the launch date. Since they’re the best HP has to offer, both in terms of function and style, don’t expect them to be cheap.

The post HP Elite Dragonfly G2 and Max take off at CES 2021 first appeared on IT World Canada.

Donald Trump’s presidency ended today, claims altered US State Department website

The biographies of outgoing US President Donald Trump and his Vice President Mike Pence were mysteriously changed on the official US State Department website at some point on Monday. Visitors to www.state.gov were unable to view facts about the country's top politicians, as somebody appeared to have mysteriously wiped them - only to be replace them with a solitary line detailing the end of their term.

Minimize Risk and Impact with a Security Platform Approach

Much has been written about the Sunburst attack, a supply chain attack using the SolarWinds Orion application. Many organizations are still diligently working to understand the potential exposure to their organization from this devastating attack. And many are starting to think about how they can get to a future state where the risk of these type of attacks are minimized. So how do you get your organization to address problems like this, and make preparations to better handle these types of attacks more effectively in the future?

Piecemeal Security Paradigm

Despite an increase in security investments, most organizations are experiencing longer threat dwell times within their security ecosystem — 280 days on average1. Why is that? A core challenge is that organizations often find themselves dealing with incompatible point solutions, delivering patchwork coverage for their environment and undermining any efforts to build effective cyber risk management. The telemetry data logged by each security tool often is analyzed in isolation — often lacking the fidelity to detect more subtle and hidden attacks. Then, the alerts generated are decided upon in isolation — often concluding too little malicious intent or risk exposure for teams to act quickly or at all due to limited resources. When teams act within this piecemeal security paradigm, too often response happens one control point at a time without efficient coordination – wasting time and often failing to complete defense against the breach.

Shatter the Piecemeal Security Paradigm

Cisco believes a platform approach will help build fortified defenses to deal with the ever more devastating threat landscape. Cisco SecureX is a cloud-native, built-in platform experience that gives your security infrastructure – Cisco and 3rd party solutions – a makeover from a series of disjointed solutions into a fully integrated defense that will liberate you from being stuck in the piecemeal security paradigm.

Our platform approach with SecureX will deliver the broadest Extended Detection and Response (XDR) capabilities to intelligently detect and confidently respond. And unlike others offering XDR solutions, SecureX offers turnkey interoperability with your infrastructure, including 3rd party security tools. From initial access to impact and the mitigations to execution, lateral movement, or exfiltration in between. Cisco can connect many layers of machine learning-enhanced analytics across multiple data sources to accurately identify malicious intent and risk exposure. Then, Cisco pinpoints the root cause by simplifying investigation with visual forensics and connecting playbook-driven automation across the most control points to reduce threat dwell time. This is how you shatter the piecemeal paradigm to become more effective in defending against attacks such as Sunburst.

Critical Building Blocks 

SecureX is built into the Cisco Secure portfolio, so if you have Cisco Secure products, you are entitled to it. Let’s talk about some core control points that are critical to helping implement a strong defense.

  • Cisco Secure Cloud Analytics: delivers critical network detection and response capabilities. One of the key capabilities is that it will help you quickly discover SolarWind Orion servers in your network. Once you have patched the servers, you will need to assess whether any malicious or suspicious activity has already taken place in your network. Secure Cloud Analytics is capable of detecting a range of suspicious activities that are commonly seen in an advanced cyberattack to steal data, like C&C connections, lateral movement, and data exfiltration. Now that you have searched for and identified potentially compromised servers and had a look at detections that alert on malicious behaviors in the network that might be associated with the attack, you can go ahead and define a set of actions that will further protect your organization, and also allow for an automated response.
  • Cisco Secure Endpoint: Gain visibility into endpoints to locate Sunburst infected hosts, and our endpoint detection and response capabilities deliver insight into the “SolarWinds Supply Chain Attack” event notice to inform of the attack and provide retrospective detection alerts based on ongoing threat intelligence and hunting efforts. And customers that are using SecureX threat hunting will of course be notified where IOCs indicate the presence of the Sunburst backdoor. Additionally, you can assess exposure to Sunburst using Cisco Endpoint Security Analytics (CESA). Find out what endpoint accessed what domain, as well as what software processes and protocols were used, enables immediate visibility to what endpoints are exposed—for both on-net and off-net endpoints—within minutes.
  • Cisco Umbrella: is a cloud-delivered security service that converges multiple functions in the cloud, blocks users from connecting to malicious, command & control domains, IPs, and URLs associated with this attack, whether users are on or off the corporate network. On December 18, 2020, Cisco Umbrella released an update to the threat reports providing visibility into threats you may have been exposed to over a given period of time and whether they are blocked or allowed. This specific update enables all customers to review the last 12 months of Umbrella DNS events for traffic that may indicate the presence of the SolarWinds Orion / Sunburst backdoor. The Umbrella team also provided instructions on how customers can use these new capabilities to quickly assess their environment.
  • Cisco Secure Workload: assists in the identification of compromised assets and the application of network restrictions to control network traffic through central automation of distributed firewalls at the workload level. This flexible approach means a consistent firewall policy can be quickly applied to control inbound and outbound traffic at each workload without the need to re-architect the network or modify IP addressing and is compatible with any on-premises infrastructure or public cloud provider.  It can identify compromised assets via three methods: (1) presence of installed package; (2) presence of running process (either name or hash); and (3) presence of loaded libraries (DLLs). Once compromised assets have been collated, network traffic can be restricted based on the least privilege model. In the current situation, it may be advised to provide zero privileges to all identified Orion Platform assets. In the future, as patched versions of Orion are deployed, privileges may be slightly increased, but only to cover the exact communications Orion requires for operation, and nothing more.
  • Cisco Talos Incident Response: provides a full suite of proactive and emergency services to help you respond and recover from attacks.  With this service, you will have access to the world’s largest threat intelligence and research group. Talos Incident Response is currently engaged and supporting many customers concerning Sunburst.

Simplify Incident Response

Despite good intentions, security investments without a platform approach too often leads to a piecemeal security paradigm that will not effectively defend against attacks such as Sunburst. True, control points such as Network Detection and Response, Endpoint Security, Firewall, etc., are important, but being able to effectively implement extended detection and control across these control points is critical.

With the Cisco Secure platform approach, you will be able to quickly pinpoint the root cause of an attack such as Sunburst by simplifying investigation with visual forensics and connecting playbook-driven automation across multiple control points to reduce threat dwell time.  Explore our integrated approach to find out how you can identify and contain 70% more malicious intent and risk exposure with 85% less dwell time.

  1. Source: Ponemon Institute research featured in IBM’s Cost of a Data Breach Report 2020

Ubiquiti: Change Your Password, Enable 2FA

Ubiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear.

In an email sent to customers today, Ubiquiti Inc. [NYSE: UI] said it recently became aware of “unauthorized access to certain of our information technology systems hosted by a third party cloud provider,” although it declined to name that provider.

The statement continues:

“We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted). The data may also include your address and phone number if you have provided that to us.”

Ubiquiti has not yet responded to requests for more information, but the notice was confirmed as official in a post on the company’s user support forum.

The warning from Ubiquiti carries particular significance because the company has made it fairly difficult for customers using the latest Ubiquiti firmware to interact with their devices without first authenticating through the company’s cloud-based systems.

This has become a sticking point for many Ubiquiti customers, as evidenced by numerous threads on the topic in the company’s user support forums over the past few months.

“While I and others do appreciate the convenience and option of using hosted accounts, this incident clearly highlights the problem with relying on your infrastructure for authenticating access to our devices,” wrote one Ubiquiti customer today whose sentiment was immediately echoed by other users. “A lot us cannot take your process for granted and need to keep our devices offline during setup and make direct connections by IP/Hostname using our Mobile Apps.”

To manage your security settings on a Ubiquiti device, visit https://account.ui.com and log in. Click on ‘Security’ from the left-hand menu.

1. Change your password
2. Set a session timeout value
3. Enable 2FA

Image: twitter.com/crosstalksol/

According to Ubiquiti’s investment literature, the company has shipped more than 85 million devices that play a key role in networking infrastructure in over 200 countries and territories worldwide.

This is a developing story that may be updated throughout the day.

Network Security and Containers – Same, but Different

Introduction

Network and security teams seem to have had a love-hate relationship with each other since the early days of IT. Having worked extensively and built expertise with both for the past few decades, we often notice how each have similar goals: both seek to provide connectivity and bring value to the business. At the same time, there are also certainly notable differences. Network teams tend to focus on building architectures that scale and provide universal connectivity, while security teams tend to focus more on limiting that connectivity to prevent unwanted access.

Often, these teams work together — sometimes on the same hardware — where network teams will configure connectivity (BGP/OSPF/STP/VLANs/VxLANs/etc.) while security teams configure access controls (ACLs/Dot1x/Snooping/etc.). Other times, we find that Security defines rules and hands them off to Networking to implement. Many times, in larger organizations, we find InfoSec also in the mix, defining somewhat abstract policy, handing that down to Security to render into rulesets that then either get implemented in routers, switches, and firewalls directly, or else again handed off to Networking to implement in those devices. These days Cloud teams play an increasingly large part in those roles, as well.

All-in-all, each team contributes important pieces to the larger puzzle albeit speaking slightly different languages, so to speak. What’s key to organizational success is for these teams to come together, find and communicate using a common language and framework, and work to decrease the complexity surrounding security controls while increasing the level of security provided, which altogether minimizes risk and adds value to the business.

As container-based development continues to rapidly expand, both the roles of who provides security and where those security enforcement points live are quickly changing, as well.

The challenge

For the past few years, organizations have begun to significantly enhance their security postures, moving from only enforcing security at the perimeter in a North-to-South fashion to enforcement throughout their internal Data Centers and Clouds alike in an East-to-West fashion. Granual control at the workload level is typically referred to as microsegmentation. This move toward distributed enforcement points has great advantages, but also presents unique new challenges, such as where those enforcement points will be located, how rulesets will be created, updated, and deprecated when necessary, all with the same level of agility business and thus its developers move at, and with precise accuracy.

At the same time, orchestration systems running container pods, such as Kubernetes (K8S), perpetuate that shift toward new security constructs using methods such as the CNI or Container Networking Interface. CNI provides exactly what it sounds like: an interface with which networking can be provided to a Kubernetes cluster. A plugin, if you will. There are many CNI plugins for K8S  such as pure software overlays like Flannel (leveraging VxLAN) and Calico (leveraging BGP), while others tie worker nodes running the containers directly into the hardware switches they are connected to, shifting the responsibility of connectivity back into dedicated hardware.

Regardless of which CNI is utilized, instantiation of networking constructs is shifted from that of traditional CLI on a switch to that of a sort of structured text-code, in the form of YAML or JSON- which is sent to the Kubernetes cluster via it’s API server.

Now we have the groundwork laid to where we begin to see how things may start to get interesting.

Scale and precision are key

As we can see, we are talking about having a firewall in between every single workload and ensuring that such firewalls are always up to date with the latest rules.

Say we have a relatively small operation with only 500 workloads, some of which have been migrated into containers with more planned migrations every day.

This means in the traditional environment we would need 500 firewalls to deploy and maintain minus the workloads migrated to containers with a way to enforce the necessary rules for those, as well. Now, imagine that a new Active Directory server has just been added to the forest and holds the role of serving LDAP. This means that a slew of new rules must be added to nearly every single firewall, allowing the workload protected by it to talk to the new AD server via a range of ports – TCP 389, 686, 88, etc. If the workload is Windows-based it likely needs to have MS-RPC open – so that means 49152-65535; whereas if it is not a Windows box, it most certainly should not have those opened.

Quickly noticeable is how physical firewalls become untenable at this scale in the traditional environments, and even how dedicated virtual firewalls still present the complex challenge of requiring centralized policy with distributed enforcement. Neither does much to aid in our need to secure East-to-West traffic within the Kubernetes cluster, between containers. However, one might accurately surmise that any solution business leaders are likely to consider must be able to handle all scenarios equally from a policy creation and management perspective.

Seemingly apparent is how this centralized policy must be hierarchical in nature, requiring definition using natural human language such as “dev cannot talk to prod” rather than the archaic and unmanageable method using IP/CIDR addressing like “deny ip 10.4.20.0/24 10.27.8.0/24”, and yet the system must still translate that natural language into machine-understandable CIDR addressing.

The only way this works at any scale is to distribute those rules into every single workload running in every environment, leveraging the native and powerful built-in firewall co-located with each. For containers, this means the firewalls running on the worker nodes must secure traffic between containers (pods) within the node, as well as between nodes.

Business speed and agility

Back to our developers.

Businesses must move at the speed of market change, which can be dizzying at times. They must be able to code, check-in that code to an SCM like Git, have it pulled and automatically built, tested and, if passed, pushed into production. If everything works properly, we’re talking between five minutes and a few hours depending on complexity.

Whether five minutes or five hours, I have personally never witnessed a corporate environment where a ticket could be submitted to have security policies updated to reflect the new code requirements, and even hope to have it completed within a single day, forgetting for a moment about input accuracy and possible remediation for incorrect rule entry. It is usually between a two-day and a two-week process.

This is absolutely unacceptable given the rapid development process we just described, not to mention the dissonance experience from disaggregated people and systems. This method is ripe with problems and is the reason security is so difficult, cumbersome, and error prone within most organizations. As we shift to a more remote workforce, the problem becomes even further compounded as relevant parties cannot so easily congregate into “war rooms” to collaborate through the decision making process.

The simple fact is that policy must accompany code and be implemented directly by the build process itself, and this has never been truer than with container-based development.

Simplicity of automating policy

With Cisco Secure Workload (Tetration), automating policy is easier than you might imagine.

Think with me for a moment about how developers are working today when deploying applications on Kubernetes. They will create a deployment.yml file, in which they are required to input, at a minimum, the L4 port on which containers can be reached. The developers have become familiar with networking and security policy to provision connectivity for their applications, but they may not be fully aware of how their application fits into the wider scope of an organizations security posture and risk tolerance.

This is illustrated below with a simple example of deploying a frontend load balancer and a simple webapp that’s reachable on port 80 and will have some connections to both a production database (PROD_DB) and a dev database (DEV_DB). The sample policy for this deployment can be seen below in this `deploy-dev.yml` file:

Now think of the minimal effort it would take to code an additional small yaml file specified as kind:NetworkPolicy, and have that automatically deployed by our CI/CD pipeline at build time to our Secure Workload policy engine which is integrated with the Kubernetes cluster, exchanging label information that we use to specify source or destination traffic, indeed even specifying the only LDAP user that can reach the frontend app. A sample policy for the above deployment can be seen below in this ‘policy-dev.yml’ file:

As we can see, the level of difficulty for our development teams is quite minimal, essentially in-line with the existing toolsets they are familiar with, yet this yields for our organizations immense value because the policy will be automatically combined and checked against all existing security and compliance policy as defined by the security and networking teams.

Key takeaways

Enabling developers with the ability to include policy co-located with the software code it’s meant to protect, and automating the deployment of that policy with the same CI/CD pipelines that deploy their code provides businesses with speed, agility, versioning, policy ubiquity in every environment, and ultimately gives them a strong strategic competitive advantage over legacy methods.

If you’re now interested, this is just the beginning of what can be achieved with Cisco Secure Workload. For more information, and to learn many additional benefits of Cisco Secure Workload, please visit: https://www.cisco.com/go/secureworkload

Learn more about Cisco Secure Workload

 

New Surface PCs enable virtualization-based security (VBS) by default to empower customers to do more, securely

VBS and HVCI-enabled devices help protect from advanced attacks

Escalation of privilege attacks are a malicious actor’s best friend, and they often target sensitive information stored in memory. These kinds of attacks can turn a minor user mode compromise into a full compromise of your OS and device. To combat these kinds of attacks, Microsoft developed virtualization-based security (VBS) and Hypervisor-protected code integrity (HVCI, also commonly referred to as memory integrity). VBS and HVCI use the power of hardware capabilities like virtualization to provide better protection against common and sophisticated malware by performing sensitive security operations in an isolated environment.

Today, Microsoft announced that the new Surface Pro 7+ for Business will ship with these Windows enhanced hardware security features enabled out of the box to give customers even stronger security that is built-in and turned on by default. The Surface Pro 7+ for Business joins existing recently shipped devices like the Surface Book 3, Surface Laptop Go, and the Surface Pro X in enabling VBS and HVCI by default.

Surface enables added security features by default to combat common threats

Surface devices are used by customers across a variety of mission critical scenarios – from collaborating in Office on important documents to Microsoft Teams calls with coworkers across the globe. Providing robust protection against the latest malware and ransomware is a critical goal for Surface as customers expect that their devices and data can withstand common attacks. To meet this customer need, Surface has worked diligently across multiple hardware platforms to enable VBS and HVCI by default on capable new Surface models, including the Surface Book 3 and Surface Laptop Go, to provide the latest security protections consistently across different form factors and price points available to customers.

VBS and HVCI create and isolate a region of memory from the normal operating system using hardware virtualization capabilities. This security capability can stop most escalation of privilege attacks. The security subsystems running in the isolated environment provided by the hypervisor can help enforce HVCI protections, including preventing kernel memory pages from being both writeable and executable.

VBS provides significant security gains against practical attacks including several we saw last year, including human-operated ransomware attacks like RobbinHood and sophisticated malware attacks like Trickbot, which employ kernel drivers and techniques that can be mitigated by HVCI. Our research shows that there were 60% fewer active malware reports from machines reporting detections to Microsoft 365 Defender with HVCI enabled compared to systems without HVCI.  The Surface Book 3 shipped in May 2020 and the Surface Laptop Go shipped in October 2020, and users may not have noticed they are running VBS and are therefore better protected based on the work done under the hood.

The simple choice for device security

Endpoint security has always been at the core of Surface devices. Our engineering team has been using a unified approach to firmware protection and device security since 2015 through complete end-to-end ownership of hardware design, in-house firmware development, and a holistic approach to device updates and management.

For Surface, our Unified Extensible Firmware Interface (UEFI) is written in-house, continuously maintained through Windows Update, and fully managed through the cloud by Microsoft Endpoint Manager. This level of control enables enterprises to minimize risk and maximize control at the firmware level before the device even starts Windows 10. IT organizations now have the ability through the cloud to disable a camera or disable the ability to boot from USB all at the pre-boot firmware level. The result is a reduced attack vector that is critical to endpoint protection. Microsoft is making this UEFI* available broadly via open source through Project Mu on GitHub.

To protect the firmware and initial boot of your device, Surface enables Secure boot to ensure an authentic version of Windows 10 is started and make certain the firmware is as genuine as it was when it left the factory. Surface also ensures that each commercial device includes a security processor (TPM 2.0) to provide advanced encryption capabilities such as BitLocker to secure and encrypt your data and Windows Hello to enable passwordless sign-in. Each of these built-in security options helps protect your device from malicious software attacks.

With the necessary hardware and OS settings configured during manufacturing, the simple choice for customers looking for devices with advanced Windows security enabled is a Windows PC. Today, the Surface Pro 7 + for Business, Surface Book 3, Surface Laptop Go, and Surface Pro X already ship with VBS and HVCI enabled by default. Future Surface models on capable silicon will ship with these capabilities also enabled by default. Most recent Surface devices and Windows PCs from many other OEMs that have virtualization support are also capable of using these features. Customers can turn on the Memory integrity feature in the device security settings, which also automatically checks if devices are capable.

The post New Surface PCs enable virtualization-based security (VBS) by default to empower customers to do more, securely appeared first on Microsoft Security.

Veracode Wins Best AppSec Feature Set and Customer Support Awards From TrustRadius

TrustRadius recently awarded Veracode with a 2021 Best Application Security Feature Set Award and Best Application Security Customer Support Award. These honors are given to companies that have gone above and beyond to delight their users.

To win the Best Feature Set Award, each nominated organization had to receive 10 TrustRadius reviews in the past year that featured specific mention of their product???s feature set. Winners also had to rank in the top three positions of their category in terms of what percentage of positive responses they earned this year. Additional vetting via textual review analysis was also performed by the TrustRadius research team ??ヲ And Veracode came out on top!

Best feature set ???

Veracode offers a comprehensive selection of SaaS-based application security (AppSec) analysis methods and supports over 24 programming languages as well as a wide array of frameworks. We also provide visibility into the application status across all common testing types in a single view. By having visibility into the health of your applications, you are able to focus on fixing ??? not just finding ??? vulnerabilities.

The Best Application Security Feature Set Award is a great honor and a true testament to our products and services. ???At Veracode, we strive to provide our customers with the latest and most innovative tools and technology,??? said Elana Anderson, CMO of Veracode.

Veracode also won the 2021 Best Application Security Customer Support Award. This award was given to Veracode for its ability to provide efficient and effective support for a wide variety of projects. Since Veracode AppSec is SaaS-based, it needs to be able to support a more robust set of code functionalities than on-premises platforms ??? and it does so with ease.

???We are committed to providing developers and security teams with a comprehensive SaaS application security platform that integrates into their workflows along with highly responsive customer support. Receiving these awards is a testament to our effort to provide unparalleled software security solutions and support,??? said Elana Anderson.

By reviewing the recipients of TrustRadius awards and learning more about their products and services, AppSec buyers can make more informed decisions.

As the CEO of TrustRadius, Vinay Bhagat, stated, ???We are excited to announce our first-ever ???Best of??? Award winners. Let???s face it: not all products are created equal, and neither are all technology buyers. That???s why at TrustRadius we???re always looking for new ways to help buyers make great decisions. By highlighting products that have first-class feature sets, we can help more buyers navigate to products that will meet their unique needs.???

To learn more about the winners of the TrustRadius awards, and for more information on Veracode???s AppSec feature set and customer support, check out the TrustRadius blog,ツ?Best of Security Software 2021.

Global cyber-espionage campaign linked to Russian spying tools

Kaspersky investigators uncover evidence that may support US claims Moscow was behind attack

A Moscow-based cybersecurity company has reported that some of the malicious code employed against the US government in a cyber-attack last month overlaps with code previously used by suspected Russian hackers.

The findings by Kaspersky investigators may provide the first public evidence to support accusations from Washington that Moscow was behind the biggest cyber-raid against the government in years, affecting 18,000 users of software produced by SolarWinds, including US government agencies.

Related: What you need to know about the biggest hack of the US government in years

Continue reading...

Changes in WhatsApp’s Privacy Policy

If you’re a WhatsApp user, pay attention to the changes in the privacy policy that you’re being forced to agree with.

In 2016, WhatsApp gave users a one-time ability to opt out of having account data turned over to Facebook. Now, an updated privacy policy is changing that. Come next month, users will no longer have that choice. Some of the data that WhatsApp collects includes:

  • User phone numbers
  • Other people’s phone numbers stored in address books
  • Profile names
  • Profile pictures and
  • Status message including when a user was last online
  • Diagnostic data collected from app logs

Under the new terms, Facebook reserves the right to share collected data with its family of companies.

EDITED TO ADD (1/13): WhatsApp tries to explain.

Ransomware Gangs Scavenge for Sensitive Data by Targeting Top Executives

In their attempt to extort as much money as quickly as possible out of companies, ransomware gangs know some effective techniques to get the full attention of a firm’s management team. And one of them is to specifically target the sensitive information stored on the computers used by a company’s top executives, in the hope […]… Read More

The post Ransomware Gangs Scavenge for Sensitive Data by Targeting Top Executives appeared first on The State of Security.

From risk mitigation to business enabler: The role of CISOs in 2021

CISOs faced a number of challenges in 2020, not the least of which was COVID-19 and the mass migration from onsite to remote work. Maybe for the first time, corporate leadership saw just how vital the security team is to ensuring the company runs, and runs smoothly, thus making 2020 the year when the CISO and cybersecurity teams went from the background to the very forefront of enabling organizational productivity.

In 2021, CISOs and their security teams can expect to continue to show how vital their role is from risk mitigation to ROI – as they tackle the combined challenges of supply chain hacks, ransomware, WFH, the rollout of 5G, and more.

The impact of supply chain hacks

Capping off the end of the year (and what a year!), CISOs enter 2021 trying to make sense of the SolarWinds hack and how it could impact their own organization. As CNET explained, “It's a big coup for hackers to pull off a supply-chain attack, because it packages their malware inside a trusted piece of software.” Government agencies are the first targets we know about, but it appears dozens of other companies have been impacted. Those affected will spend the next several weeks and months figuring out how someone could go undetected for nearly a year in their system, and sorting out the damage.  

To read this article in full, please click here

Russian Hacker Gets 12-Years Prison for Massive JP Morgan Chase Hack

A U.S. court on Thursday sentenced a 37-year-old Russian to 12 years in prison for perpetrating an international hacking campaign that resulted in the heist of a trove of personal information from several financial institutions, brokerage firms, financial news publishers, and other American companies. Andrei Tyurin was charged with computer intrusion, wire fraud, bank fraud, and illegal online