Patches are available for three bugs, but with technical details and PoCs now available, threat actors can craft targeted attacks.

Organizations running business-critical applications on SAP's Application Server for ABAP platform technology may want to read and heed details of a technical paper presented at Trooper's cybersecurity conference in Germany this week.

The paper, from research firm SEC Consult, provides technical details and proof-of-concept (PoC) code for four critical vulnerabilities in the server-side implementation of the Remote Function Call (RFC) communications interface in all releases and versions of SAP's NetWeaver Application Server ABAP and ABAP platform (AS ABAP).

**ABAP Kernel Affected By At Least One Of the Flaws**

The vulnerabilities give attackers a way to remotely execute arbitrary code on affected systems, access critical data, move laterally to other SAP systems on the same network, and execute other malicious actions. At least one of the flaws exists in the ABAP kernel, meaning a very large number of SAP products are affected.

"Remote unauthenticated attackers may exploit the identified issues to take full control of vulnerable application servers. This could result in a full compromise of confidentiality, integrity, and availability of data," SEC Consult said in a note to customers warning about the issues; it also shared the warning with Dark Reading.

Researchers at SEC Consult discovered and reported the vulnerabilities to SAP over the last two years. They identified the first one at the end of 2020 and the last one earlier this year. SAP issued patches for each of the identified issues soon after SEC Consult reported them to the company. Even so, SEC Consult waited till now to disclose technical details of the flaws to ensure SAP had enough time to properly address the issues.

"The identified vulnerabilities affected many different SAP products as the ABAP kernel was affected," says Johannes Greil, head of the SEC Consult Vulnerability Lab. "Hence profound work needed to be done to mitigate and test/verify the fixes for all of those products."

With technical details and proofs of concept (PoCs) for the flaws now becoming available, threat actors have information to craft targeted attacks, he says. So unpatched systems could pose a risk for organizations. "Our advice is — if it was not already done — to implement the patches and necessary configuration changes immediately as the issues are of critical risk," Greil notes. "Because of the high business risk, we also informed many customers already a few months ago in March 2023 and urged them to patch."

**Details On the Four Bugs**

The four vulnerabilities that SEC Consult discovered and reported to SAP are CVE-2021-27610, CVE-2021-33677, CVE-2021-33684, and CVE-2023-0014.

CVE-2021-27610 is an authentication bypass vulnerability in AS ABAP that allows adversaries to escalate privileges on affected systems. The vulnerability gives attackers a way to establish their own communication with a vulnerable system and reuse leaked credentials to impersonate user accounts and claim a trusted identity. Successful exploitation can lead to full system compromise, SEC Consult said.

SEC Consult described CVE-2021-33677 as an information disclosure vulnerability in the AutoABAP/bgRFC Interface that allows an adversary to remotely enumerate user accounts and get the vulnerable service to execute specific requests to targeted hosts and ports. CVE-2021-33684 is a memory corruption bug that an attacker can exploit to remotely crash processes, gain remote code execution, and corrupt data. CVE-2023-0014, the most recent of the four flaws that SEC Consult reported to SAP, is a design issue that enables lateral movement in SAP system environments.

Greil describes most of the vulnerabilities as critical, especially CVE-2023-0014 and CVE-2021-27610, which, when combined, allow for easy lateral movement. "The current one from 2023 is especially important because it is more effort to patch because of additional necessary configuration changes," Greil says. Some deeper technical SAP understanding would be necessary to perform lateral attacks and exploiting the attack chain because the SAP technology stack and naming conventions differ from the usual IT security protocols, he notes. "The buffer overflow is also of high risk because it is exploitable before authentication. But we did not verify remote code execution," Greil says.

The vulnerabilities exist in a wide range of business-critical SAP products including SAP ERP Central Component (ECC), SAP S/4HANA, SAP Business Warehouse (BW), SAP Solution Manager (SolMan), SAP for Oil & Gas (IS Oil&Gas), SAP for Utilities (IS-U), and SAP Supplier Relationship Management (SRM).

Researchers Detail 4 SAP Bugs, Including Flaw in ABAP Kernel

New program provides organizations a way to show customers and partners their cybersecurity posture meets rigorous standards of CREST accreditation.

**EAST GREENBUSH, N.Y., June 28, 2023 —** The Center for Internet Security, Inc. (CIS®) today announced the launch of a joint initiative with CREST, an international not-for-profit accreditation and certification body, to help advance security and resilience to achieve better global cybersecurity.

As cyber threats continue to escalate to unprecedented levels globally, CIS and CREST are launching the CIS Controls Accreditation program to provide organizations a way to show customers and partners that their cybersecurity posture meets the best practice guidance as set forth in the CIS Critical Security Controls (CIS Controls) underpinned by the rigorous standards of CREST accreditation.

Establishing, maintaining, and proving an organization’s security posture remains a high priority for business, government, and regulatory bodies. CIS Controls Accreditation is an exclusive opportunity for CIS SecureSuite Members (Controls, Consulting & Services, and Product Vendor) and CREST Members to offer consulting services to end user organizations who wish to demonstrate that their implementation of security best practices is guided and externally assessed in accordance with the training and validation defined by two renowned authorities in cybersecurity. 

"The ability to digest all the data and controls from various devices and systems is essential in this massive shift to evidencing security," said Tom Brennan, Executive Director, CREST Americas Region. "Together, CIS Controls and CREST accreditations give our joint members an accelerated path to meet risk and compliance requirements in addition to providing a methodology for continuously monitoring their security posture. By using CREST on top of the CIS Controls, security professionals can monitor security from infrastructure that can be observed, tested, and enhanced."

The CIS Critical Security Controls are a set of globally-recognized and widely-used best practices that provide a prioritized path to improve an enterprise’s cybersecurity posture. This is the first initiative pairing the CIS Controls with a program to deliver accredited consulting.

"CIS is pleased to partner with CREST to provide end user organizations a selection of recognized consultants to advise on the implementation of and assessment against the CIS Controls," said Curtis Dukes, CIS Executive Vice President and General Manager, Security Best Practices. "We see this as a significant step forward in our efforts to secure enterprises and safeguard against current and emerging threats.

The joint CIS and CREST offering is available to members of both organizations here.  

**About CIS**

The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit, responsible for the CIS Critical Security Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. election offices. To learn more, visit 

CISecurity.org or follow us on Twitter: @CISecurity.

**About CREST**

CREST is an international not-for-profit, membership body representing the global cyber security industry with the goal to help create a secure digital world for all. CREST focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration and proving security posture. Through rigorous quality assurance of its members and delivering professional certifications to the cyber security industry. CREST accredits over 350 member companies, operating across dozens of countries, and certifies thousands of professionals worldwide across governments, regulators, academic institutions, training partners, professional bodies and other stakeholders around the world. For more information, please visit us at https://www.crest-approved.org/

Center for Internet Security, CREST Join Forces to Secure Organizations Globally

Stellar leverages cyber physical system detection and response (CPSDR) to prevent unexpected system changes from impacting operational reliability and availability.

**IRVING, Texas & TAIPEI, Taiwan --** (BUSINESS WIRE) — TXOne Networks, a leader in industrial cybersecurity, announced its Stellar solution for defending operational stability. Employing TXOne Networks’ unique approach to security, Cyber-Physical System Detection and Response (CPSDR), Stellar supports the priorities of security and operations without either team having to sacrifice capability or performance. Already protecting customers in semiconductors, manufacturing, oil and gas, automotive, pharmaceuticals and other many other industries, Stellar is the first solution to offer seamless detection and prevention capabilities with complete oversight for legacy and new OT devices. With intuitive management and informed automation, implementation is quick and simple while remaining non-impacting to resource-restricted devices.

The behavioral patterns of the OT devices and cyber-physical systems on plant floors are automatically established and continuously monitored. Even a single abnormal interaction demands scrutiny that common cybersecurity approaches borrowed from information technology (IT) are often not designed to recognize or address. Stellar, however, analyzes the baseline “fingerprints” of each individual device to reveal _any_ unexpected behavior that threatens reliable and stable operations. The TXOne Networks solution then prevents the unexpected change and generates alerts to complete wider analysis. In this way, Stellar is not limited to combatting known threats; rather, by leveraging TXOne Networks’ OT-native CPSDR capabilities, Stellar’s stability-driven approach addresses unexpected system changes before operations can be impacted.

Stellar consists of an agent that works with an organization’s OT devices and a centralized management console that streamlines management and policy control. A comprehensive OT-context-focused database, which TXOne Networks maintains in partnership with leading device original equipment manufacturers (OEMs), informs the accurate identification and preservation of more than 8,000 OT/industrial control system (ICS) applications, certificates and devices.

To balance the priorities of security and operations teams, Stellar delivers complete protection of operational environments and the OT devices that they comprise of, including:

*   Multi-method threat prevention to secure OT/ICS devices from malware and abuse threats

*   Operations behavior anomaly detection to prevent malware-free attacks

*   Operation lockdown to safeguard operational integrity, reduce the chance of downtime and reduce the requirements for outages (especially valuable for “non-patchable” systems)

*   Trusted control of USB devices to protect against their unauthorized access

"An increasing number of organizations today recognize OT operations as pivotal hubs for generating business value," stated Terence Liu, the Chief Executive Officer of TXOne Networks. "Numerous prominent industry leaders across diverse sectors are already entrusting our Stellar Endpoint security solution to safeguard their critical assets. With the introduction of the CPSDR feature in Stellar 3.0, enterprises can uphold operational stability and proactively mitigate unforeseen threats."

Learn more about Stellar. Follow TXOne Networks on Blog, Twitter, and LinkedIn.

**About TXOne Networks**

TXOne Networks offers cybersecurity solutions that ensure the reliability and safety of industrial control systems and operational technology environments. TXOne Networks works together with both leading manufacturers and critical infrastructure operators to develop practical, operations-friendly approaches to cyber defense. TXOne Networks offers both network-based and endpoint-based products to secure the OT network and mission-critical devices using a real-time, defense-in-depth approach. www.txone.com

TXOne Networks' Stellar Solution Safeguards Operational Stability for Organizations in Various Industries

Key findings from the research also show three of the four new malware threats on this quarter's top-ten list originated in China and Russia, living-off-the-land attacks on the rise, and more.

**SEATTLE – June 28, 2023 –** WatchGuard® Technologies, a global leader in unified cybersecurity, today announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analyzed by WatchGuard Threat Lab researchers in Q1 2023. Key findings from the data show phishers leveraging browser-based social engineering strategies, new malware with ties to nation states, high amounts of zero day malware, living-off-the-land attacks on the rise, and more. This edition of the report also features a new, dedicated section for the Threat Lab team’s quarterly ransomware tracking and analysis.

"Organizations need to pay more active, ongoing attention to the existing security solutions and strategies their businesses rely on to stay protected against increasingly sophisticated threats," said Corey Nachreiner, chief security officer at WatchGuard. "The top themes and corresponding best practices our Threat Lab have outlined for this report strongly emphasize layered malware defenses to combat living-off-the-land attacks, which can be done simply and effectively with a platform for unified security run by dedicated managed service providers."

Among its most notable findings, the Q1 2023 Internet Security Report reveals:

*   **New browser-based social engineering trends –** Now that web browsers have more protections preventing pop-up abuse, attackers have pivoted to using the browser notifications features to force similar types of interactions. Also of note from this quarter’s top malicious domains list is a new destination involving SEO-poisoning activity.
*   **Threat actors from China and Russia behind 75% of new threats in the Q1 Top 10 list –** Three of the four new threats that debuted on our top ten malware list this quarter have strong ties to nation states, although this doesn’t necessarily mean those malicious actors are in fact state-_sponsored_. One example from WatchGuard’s latest report is the Zusy malware family, which shows up for the first time in the top 10 malware list this quarter. One Zusy sample the Threat Lab found targets China’s population with adware that installs a compromised browser; the browser is then used to hijack the system’s Windows settings and as the default browser.
*   **Persistence of attacks against Office products, End-of-Life (EOL) Microsoft ISA Firewall –** Threat Lab analysts continue to see document-based threats targeting Office products in the most widespread malware list this quarter. On the network side, the team also noticed exploits against Microsoft’s now-discontinued firewall, the Internet Security and Acceleration (ISA) Server, getting a relatively high number of hits. Considering this product has long been discontinued and without updates, it is surprising to see attackers targeting it.
*   **Living-off-the-land attacks on the rise –** The ViperSoftX malware reviewed in the Q1 DNS analysis is the latest example of malware leveraging the built-in tools that come with operating systems to complete their objectives. The continued appearance of Microsoft Office- and PowerShell-based malware in these reports quarter after quarter underscores the importance of endpoint protection that can differentiate legitimate and malicious use of popular tools like PowerShell.
*   **Malware droppers targeting Linux-based systems –** One of the new top malware detections by volume in Q1 was a malware dropper aimed at Linux-based systems. A stark reminder that just because Windows is king in the enterprise space, this doesn’t mean organizations can afford to turn a blind eye to Linux and macOS. Be sure to include non-Windows machines when rolling out Endpoint Detection and Response (EDR) to maintain full coverage of your environment.
*   **Zero day malware accounting for the majority of detections –** This quarter saw 70% of detections coming from zero day malware over unencrypted web traffic, and a whopping 93% of detections from zero day malware from encrypted web traffic. Zero day malware can infect IoT devices, misconfigured servers, and other devices that don’t use robust host-based defenses like WatchGuard EPDR (Endpoint Protection Detection and Response).  
*   **New insights based on ransomware tracking data –** In Q1 2023, the Threat Lab tallied 852 victims published to extortion sites and discovered 51 new ransomware variants. These ransomware groups continue to publish victims at an alarmingly high rate; some are well-known organizations and companies in the Fortune 500. (Stay tuned for more ransomware tracking trends and analysis as part of WatchGuard’s quarterly Threat Lab research in future reports!)

Consistent with WatchGuard’s Unified Security Platform® approach and the WatchGuard Threat Lab’s previous quarterly research updates, the data analyzed in this quarterly report is based on anonymized, aggregated threat intelligence from active WatchGuard network and endpoint products whose owners have opted to share in direct support of WatchGuard’s research efforts.   
New for this Q1 2023 analysis, the Threat Lab team has updated the methods used to normalize, analyze, and present the report findings. While previous quarterly research results have primarily been presented in the aggregate (as global total volumes), this quarter and going forward the network security results will be presented as “per device” averages for all reporting network appliances. The full report includes additional detail around this evolution and the rationale behind the updated methodology, as well as details on additional malware, network, and ransomware trends from Q1 2023, recommended security strategies, critical defense tips for businesses of all sizes and in any sector, and more.

For a more in-depth view of WatchGuard’s research, read the complete Q1 2023 Internet Security Report here.

**About WatchGuard Technologies, Inc.**

WatchGuard® Technologies, Inc. is a global leader in unified cybersecurity. Our Unified Security Platform® approach is uniquely designed for managed service providers to deliver world-class security that increases their business scale and velocity while also improving operational efficiency. Trusted by more than 17,000 security resellers and service providers to protect more than 250,000 customers, the company’s award-winning products and services span network security and intelligence, advanced endpoint protection, multi-factor authentication, and secure Wi-Fi. Together, they offer five critical elements of a security platform: comprehensive security, shared knowledge, clarity & control, operational alignment, and automation. The company is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.

For additional information, promotions and updates, follow WatchGuard on Twitter (@WatchGuard), on Facebook, or on the LinkedIn Company page. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at www.secplicity.org. Subscribe to The 443 – Security Simplified podcast at Secplicity.org, or wherever you find your favorite podcasts.

_WatchGuard is a registered trademark of WatchGuard Technologies, Inc. All other marks are property of their respective owners._

WatchGuard Threat Lab Report Reveals New Browser-Based Social Engineering Trends

More than 950,000 job postings for tech positions in Q4 2022.

**London, June 28, 2023 –** While Europe continues to deal with regional economic issues including the effects of inflation and the ongoing conflict in Ukraine, businesses in multiple industries still need technology workers, research by CompTIA, the nonprofit association for the technology industry and workforce, finds.

Employer job postings for technology positions in 11 countries totaled more than 950,000 in Q4 2022, the most recent available data, according to CompTIA's latest "European Tech Hiring Trends" report.

“Skilled tech workers are very much in high demand across the continent, creating new employment opportunities for people who are looking to enter the technology workforce for the first time and for those who are seeking new challenges,” said Graham Hunter, executive vice president, global sales, CompTIA. “This report also shows how critical professional certification programs are to the tech industry and companies in a wide variety of industries.”

Tech employment opportunities are available at every career stage. Among all tech job postings, 35% of employers sought candidates with 0 to 2 years of work experience. The search for tech workers in their early career stage was even more pronounced in Romania (57% of all tech job postings) and Ireland (54%). Across all 11 countries employers specified 3 to 10 years of experience for 10% of job postings and 11 or more years for 13% of openings.

Job postings were widely dispersed geographically, with the largest numbers in Germany (411,743), France (217,480) and Poland (60,532).

Companies in the information and communication industry listed the most job postings, but hiring interest was also strong among firms in professional, scientific and technical services, manufacturing, administrative and support services, and financial and insurance sectors.

Positions in software development, programming and web development had the highest volume of job postings in Q4 2022 (353,293). Demand was also strong for systems analysts and cybersecurity professionals (284,215), IT support specialists and technicians (113,427) and network and systems administrators and technicians (113,394).

The report’s breakdown of data by individual countries highlights both the commonalities and uniqueness of tech employment in each market.

Software development and programming topped the list of job role categories in 10 of 11 countries included in the report, with Germany (142,956), France (72,653) and Poland (32,921) taking the top three spots. Italy was the exception, where employers focused their talent search on cybersecurity professionals and systems analysts.

The "European Tech Hiring Trends" report is based on CompTIA's analysis of employer job posting data aggregated by Lightcast from Q4 2022 and some prior periods. The full report is available at https://www.comptia.org/content/research/european-tech-hiring-trends.

**About CompTIA**The Computing Technology Industry Association (CompTIA) is the world’s leading information technology (IT) certification and training body. CompTIA is a mission-driven organization committed to unlocking the potential of every student, career changer or professional seeking to begin or advance in a technology career. Each year CompTIA, directly and through its global network of partners, provides millions of people with training, education and certification. To learn more visit https://www.comptia.org/

Employer Demand for Technology Workers Across Europe Remains on Firm Footing

The new brand is launched alongside new product security platform capabilities such as a vulnerability management (VM) co-pilot and incident response investigation management, providing automation and workflows for the many teams involved in product security.

**TEL AVIV, Israel****,** **June 28, 2023** **/PRNewswire/ --** Cybellum, creator of the award-winning Product Security Platform for device manufacturers, unveiled today a new brand identity and new platform capabilities reinforcing its commitment to the product security community.

The new brand channels the company's focus on the multiple teams involved in today's product security operations.

Now more than ever, product security is a multi-team effort - from vulnerability management to software quality assurance, SBOM management, incident response, and compliance, each part of the workflow is governed by a different team, requiring a specialized, yet unified approach. The new brand, together with the new platform capabilities enables teams across the organization to automate and simplify the many security tasks they have, making the process more efficient and collaborative at the same time.

Some of the new platform capabilities include:

*   A new interface focusing on multi-team collaborative product security - from asset management and software assurance to incident response and cyber-compliance
*   Corporate Management dashboards provide visibility into the organization's product security readiness
*   New SBOM management capabilities including one-click SBOM and VEX report generation for entire products, so you no longer need to manually aggregate information from underlying components
*   The Vulnerability Management (VM) CoPilot focuses your team on the most pressing and relevant vulnerabilities by automating exploit analysis
*   A new Malware detection engine secures device software from malicious code, enhances supply chain cybersecurity, and facilitates compliance
*   A revamped Policy Engine with greater customization flexibility automates requirement validation, accelerating compliance with regulations and your own policies
*   A refined Incident Response module facilitates threat intelligence monitoring, automates relevancy assessment, and streamlines the investigation workflow for rapid remediation of post-market incidents

All of these new capabilities are built into the company's Product Security Platform, a centralized management platform for keeping connected devices cyber secure.

"Product security is still an evolving field, and Cybellum is committed to the success of the teams involved," says Shlomi Ashkenazy, Cybellum's Head of Brand. "Throughout the past year, we learned from our customers what are the main gaps they have in their product security process, and worked to close them."

"To us, working hand in hand with the product security community is the most important aspect of what we do," added Shlomi, "This new chapter in Cybellum's brand story echoes the vision and aspirations of that community, and further aligns the Cybellum story and mission with the challenges and needs of our customers."

**About Cybellum**

Cybellum is where teams do product security.

Device manufacturers such as Jaguar Land Rover, Supermicro, Danaher, and Faurecia use Cybellum's Product Security Platform and services to manage the main aspects of their cybersecurity operations across business units and lifecycle stages. From SBOM to Vulnerability Management, Compliance Validation, and Incident Response, teams ensure their connected products are fundamentally secure and compliant – and stay that way.

To learn more visit www.cybellum.com

Cybellum Unveils New Brand, Amplifying Commitment to Team-Centric Product Security

Innovative risk-based model enables better security measures.

**TEL AVIV, Israel****,** **June 28, 2023** **/PRNewswire/ --** OTORIO, the leading provider of operational technology (OT) cyber and digital risk management solutions, today announced a significant advancement in OT security with the availability of its Attack Graph Analysis technology, integrated into the company's powerful Cyber Digital Twin (CDT) model. By leveraging the capabilities of the CDT, organizations can now gain dynamic visual network topology and advanced risk assessment, enabling the proactive management of vulnerabilities in their OT infrastructure. This announcement follows the company's recent securing of a patent from the U.S. Patent and Trademark Office (USPTO) for its risk management model and attack graph analysis algorithm.

Even organizations with skilled OT security personnel face challenges when protecting operational environments due to their complexities and the shortcomings of existing OT security solutions. Limited visibility and partial data can result in an unclear asset inventory, and businesses often don't understand their actual exposure to attacks by only focusing on endpoint vulnerabilities. These factors make it difficult to accurately assess OT security posture.

OTORIO's Cyber Digital Twin and Attack Graph Analysis overcome these challenges. The CDT consists of an automated, secure, and logical representation of the operational network, its entities, and their interrelationships. It acts as a sandboxed model of the operational environment, enabling safe breach and attack simulations (BAS) as well as data-driven impact analysis.

Once the relationships between the entities have been established, the CDT algorithm generates an Attack Graph: a visualization of all network assets, vulnerabilities, and connections that show segmentation gaps and potential attack vectors targeting critical assets and processes. By calculating risk across all assets, threats, and scenarios, it enables businesses to continuously assess, monitor, and proactively protect their critical OT systems. Attack Graph Analysis empowers organizations to prioritize their security efforts by providing actionable insights into the most critical vulnerabilities and potential attack vectors. By identifying and visualizing the high-risk areas within their OT infrastructure, businesses can allocate resources more efficiently and stay ahead of emerging threats.

The CDT and Attack Graph Analysis technology are built on three key pillars:

*   Automation -- OTORIO streamlines security processes, reducing human error and enabling rapid response. It provides an automated, user-friendly report with action items and priorities, eliminating the need for manual analysis.
*   Explainability - The Attack Graph Analysis ensures transparency and enables users to better understand their security posture from a risk and business impact standpoint.
*   Actionability - The visually intuitive Cyber Digital Twin and Attack Graph Analysis reports provide recommendations tailored to network needs. This comprehensive approach equips organizations with effective security strategies, enabling proactive vulnerability management.

"Our Cyber Digital Twin and patent-protected Attack Graph Analysis are game-changing solutions for OT security, and we're thrilled to provide them to our customers," said Ben Reich, Chief Platform Architect at OTORIO. "We are bringing a new level of precision and effectiveness to OT security by empowering organizations to proactively manage risk, ensure operational resilience, and protect their critical assets from evolving cyber threats."

**About OTORIO** 

OTORIO has pioneered an industrial-native OT security platform that enables its customers to achieve an integrated, holistic security strategy for industrial control systems (ICS) and cyber-physical systems (CPS). Together with its partners, OTORIO empowers operational security practitioners to proactively manage cyber risks and ensure resilient operations.

The company's platform provides automated and consolidated visibility of the entire operational network, enabling companies to take control of their security posture, eliminate critical risks, and deliver immediate business value across the  organization. OTORIO's global team combines the extensive mission-critical experience of top nation-state cyber security experts with deep operational and industrial domain expertise. To learn more, visit OTORIO.com.

Logo - https://mma.prnewswire.com/media/2004395/4139581/Otorio\_Logo.jpg

SOURCE OTORIO

OTORIO Rolls Out Advanced Attack Graph Analysis for OT Security

The company introduces a solution to restore trust in customers' existing cyber defense techstack.

**LAWRENCE, Kan.****,** **June 28, 2023** **/PRNewswire/ --** Invary, a cybersecurity pioneer focused on detecting hidden malware and preventing costly ransomware attacks, has raised pre-seed funding to launch its innovative solution. The investment was led by Flyover Capital, with additional participation from NetWork Kansas GROWKS Equity program, and the KU Innovation Park.

The pre-seed funding round will fuel the launch of Invary's flagship Runtime Integrity offering, designed to uncover and neutralize hidden threats that elude modern threat detection systems. This unique service debuts this summer, and will empower organizations to fortify their security postures and proactively safeguard their digital environment against high impact attacks.

Additionally, Invary's free Runtime Integrity Score (RISe) service is available now, allowing customers to spot-check their system's integrity and identify hidden malware.

The Invary leadership team brings decades of operational expertise in Trusted Computing research and reunites entrepreneurs with a successful history of collaboration. The company is spearheaded by CEO Jason Rogers, who has extensive experience building secure cloud-scale platforms, and scaling engineering & operations at category leader Matterport through IPO. The team's security credentials are further bolstered by founder Dr. Perry Alexander, a distinguished authority in Trusted Computing research and his protege and former student, Dr. Wesley Peck, the CTO of Invary, who obtained his PhD under Dr. Alexander's guidance.

The highly dynamic nature of today's threat landscape poses a significant challenge to the security posture of all organizations, including those with advanced defenses like XDR, SIEM and CNAPP solutions. The primary flaw within these defense layers stems from their assumption that the operating system remains uncompromised. This leaves a critical gap in the overall security infrastructure that threat actors can discreetly exploit to prepare a ransomware attack or data breach. This oversight is incredibly problematic because a staggering 72% of cyberattacks occur in production according to Datadog's latest State of Application Security report. 

Invary plugs this security gap at runtime by mandating continuous validation of the operating system - making it an indispensable component of a "trust nothing" Zero Trust architecture. Built on an exclusive intellectual property grant from the NSA, Invary's technology provides proven and superior protection for the digital environment, pinpointing compromise with high confidence, eliminating superfluous, noisy monitoring data.

Jon Broek, CEO of Tenfold Security, a leader in cloud security services, said, "Invary Runtime Integrity gives us an unfair advantage over the competition when deployed with our security solutions for cloud and virtual machines. It also provides a key component of keeping our customers secured end to end and preventing things like ransomware that are highly targeting our core customers in higher education."  

"We are thrilled to have secured this pre-seed funding, as it validates the need for  Invary's novel technology to shore up existing cyber defenses against high impact hidden threats," said Jason Rogers, CEO of Invary. "With the support of our investors, customers and partners, we are well-positioned to advance our mission of fortifying the security ecosystem by reinforcing Zero Trust principles."

The IT team at LMH Health said, "One of the key challenges in combating destructive ransomware is the hidden malware within operating systems that often serves as the foundation for such attacks. Invary Runtime Integrity gives visibility into a part of the system overlooked by most other security tools. We are able to gain confidence that the operating system has not been compromised, but if there are cases where anomalies are detected, a wealth of information is provided to help determine if they are benign, intentional or potentially malicious." 

"Ensuring the safety of our customers and cyber community is our #1 priority. Our pre-seed funding enables us to realize this dedication by continuously improving Invary's Runtime Integrity Service while also making our agent open source. We're proud to enhance operating system security for all by accelerating the industry's progress toward truly comprehensive Zero Trust Architectures," said Dr. Wesley Peck, CTO of Invary. 

The successful completion of the pre-seed funding round underscores Invary's commitment to pushing the boundaries of Runtime Security. With this significant investment, Invary is poised to accelerate its growth, enhance its technology and expand its reach in preventing data breaches and ransomware attacks.

For more information about Invary and its Runtime Integrity solutions, please visit www.invary.com.

**About Invary**

Invary is the leader in operating system runtime validation and security. The company's technology detects hidden, high impact threats to the operating system that are missed by other foundational defense systems including XDR, SIEM and CNAPP platforms. By securing the integrity of the operating system as a first class citizen in the "trust nothing" entity list of Zero Trust architectures, Invary becomes an indispensable part of modern cyberdefense. Based on an exclusive IP grant from the NSA and proven technology that has been deployed in real-world, critical infrastructure, Invary's proprietary technology ensures malware, ransomware and other hidden, high impact threats commonly found in operating systems are exposed — before they can cause downtime and expand the blast radius of attack.

Invary Raises $1.85M in Pre-Seed Funding to Close Critical Gap in Zero Trust Security

New report offers valuable resource to help organizations evaluate the safety and reliability of open-source packages.

**TEL AVIV, Israel** **and** **BOSTON****,** **June 28, 2023** **/PRNewswire/ --** Mend.io, a leader in application security, released findings today from its latest report, the Mend.io Open Source Reliability Leaderboard. Powered by data from Renovate, Mend.io's popular open-source dependency management tool, the Leaderboard presents the top packages in terms of reliability across three of the most widely used languages.

"The Leaderboard helps shift the AppSec view from detection to prevention, a valuable perspective for reducing the risk imposed by our increasingly vulnerable software supply chain," said Rhys Arkins, vice president of product management, Mend.io. "Success hinges on having the knowledge necessary to prevent possible open-source vulnerabilities from ever being installed in the first place. For that to happen, companies need to know not only what packages are in use at their companies, but how safe they are."

The Leaderboard allows the Mend.io team to leverage and share a valuable resource. There is no better arbiter of package reliability than Renovate, which has gathered crowd-sourced data on over 25 million dependency updates. By analyzing what packages are consistently releasing good updates, the Leaderboard presents an accurate picture of a package's overall reliability for software engineers trying to balance functional risk with security risk. 

The full report showcases detailed rankings for npm, PyPi, and Maven.

**Key findings:**

**Group runs bring down overall package reliability.** 

Any fan of the TV show _Survivor_ can tell you that in competition, groups are often hurt by their weakest link, and the same holds true when it comes to group updates. A group of ten packages is ten times more likely to encounter a failure. 

**Release frequency has no effect on average success rates.**

You would think that more-frequent releases would improve reliability through faster bug fixes and an engaged maintainer community, but such was not the case.

**The Best of the Best**

Looking across the overall categories, the top three most reliable packages for each language are: 

**Npm:**

1.  prettier-eslint
2.  np
3.  jest-cli

**Maven:**

1.  org.apache.maven.scm:maven-scm-provider-gitexe
2.  com.github.ekryd.sortpom:sortpom-maven-plugin
3.  org.apache.maven.plugins:maven-release-plugin

**PyPi:** 

1.  Pulumi
2.  Botocore-stubs
3.  types-python-dateutil

**About the Report**

The report examines data from Renovate, an automated dependency management tool that leverages crowd-sourced data on over 25 million dependency updates.

Download a full copy of the report here.

**About Mend.io**

Mend.io, formerly known as WhiteSource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open-source and custom code, and open-source license risks. With a proven track record of successfully meeting complex and large-scale application security needs, Mend.io is the go-to technology for the world's most demanding development and security teams. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open-source automated dependency update project. For more information, visit www.mend.io, the Mend.io blog, and Mend.io on LinkedIn and Twitter.

SOURCE Mend.io

Mend.io Launches Inaugural Open Source Reliability Leaderboard

Virtual kidnapping is just one of many new artificial intelligence attack types that threat actors have begun deploying, as voice cloning emerges as a potent new imposter tool.

An incident earlier this year in which a cybercriminal attempted to extort $1 million from an Arizona-based woman whose daughter he claimed to have kidnapped is an early example of what security experts say is the growing danger from voice cloning enabled by artificial intelligence.

As part of the extortion attempt, the alleged kidnapper threatened to drug and physically abuse the girl while letting her distraught mother, Jennifer DeStefano, hear over the phone what appeared to be her daughter's yelling, crying, and frantic pleas for help.

But, those pleas ended up being deepfakes.

**Deepfakes Create Identical Voices**

In recounting details of the incident, DeStefano told police she had been convinced the individual on the phone had actually kidnapped her daughter because of how identical the alleged kidnapping victim's voice was to her daughter's.

The incident is one in a rapidly growing number of instances where cybercriminals have exploited AI-enabled tools to try and scam people. The problem has become so rampant that the FBI in early June issued a warning to consumers that criminals manipulating benign videos and photos are targeting people in various kinds of extortion attempts.

"The FBI continues to receive reports from victims, including minor children and non-consenting adults, whose photos or videos were altered into explicit content," the agency warned. "The photos or videos are then publicly circulated on social media or pornographic websites, for the purpose of harassing victims or sextortion schemes." Scams involving deepfakes have added a new twist to so-called imposter scams, which last year cost US consumers a startling $2.6 billion in losses, according to the Federal Trade Commission.

In many instances, all it takes for attackers to create deepfake videos and audio — of the kind that fooled DeStefano — are very small samples of biometric content, Trend Micro said in a report this week highlighting the threat. Even a few seconds of audio that an individual might post on social media platforms like Facebook, TikTok, and Instagram is all that a threat actor requires to clone that individual's voice. Helpfully for them, a slew of AI tools is readily available — with many more on the way — that allow them to do voice cloning relatively easily using small voice biometrics harvested from various sources, according to Trend Micro researchers.

"Malicious actors who are able to create a deepfake voice of someone's child can use an input script (possibly one that's pulled from a movie script) to make the child appear to be crying, screaming, and in deep distress," Trend Micro researchers Craig Gibson and Josiah Hagen wrote in their report. "The malicious actors could then use this deepfake voice as proof that they have the targeted victim's child in their possession to pressure the victim into sending large ransom amounts."

**A Plethora of AI Imposter Tools**

Some examples of AI-enabled voice cloning tools include ElevenLabs' VoiceLab, Resemble.AI, Speechify, and VoiceCopy. Many of the tools are only available for a fee, though some offer freemium versions for trial. Even so, the cost to use these tools is often well less than $50 a month, making them readily accessible to those engaged in imposter scams.

A great deal of videos, audio clips, and other identity-containing data is readily available on the Dark Web that threat actors can correlate with publicly available information to identify targets for virtual kidnapping scams like DeStefano experienced and other imposter scams, Trend Micro noted. In fact, specific tools for enabling virtual kidnapping scams are emerging on the Dark Web that threat actors can use to hone their attacks, the researchers say in emailed comments to Dark Reading.

AI tools such as ChatGPT allow attackers to fuse data — including video, voice, and geolocation data — from disparate sources to essentially narrow down groups of people they can target in voice cloning or other scams. Much like social network analysis and propensities (SNAP) modeling allows marketers to determine the likelihood of customers taking specific actions, attackers can leverage tools like ChatGPT to focus on potential victims. "Attacks are enhanced by feeding user data, such as likes, into the prompt for content creation," the Trend Micro researchers say. "Convince this cat-loving woman, living alone who likes musicals, that their adult son has been kidnapped," they say, as one example. Tools like ChatGPT allow imposters to generate in a wholly automated way the entire conversation that an imposter might use in a voice cloning scam, they add.

Expect also to see threat actors use SIM-jacking — where they essentially hijack an individual's phone — in imposter scams such as virtual kidnapping. "When virtual kidnappers use this scheme on a supposedly kidnapped person, the phone number becomes unreachable, which can increase the chances of a successful ransom payout," Trend Micro said. Security professionals can also expect to see threat actors incorporate communication paths that are harder to block, like voice and video in ransomware attacks and other cyber-extortion schemes, the security vendor said.

**Cloning Vendors Cognizant of the Cyber-Risks**

Several vendors of voice cloning themselves are aware of the threat and appear to be taking measures to mitigate the risk. In Twitter messages earlier this year, ElevenLabs said it had seen an increasing number of voice-cloning misuse cases among users of its beta platform. In response, the company said it was considering adding additional account checks, such as full ID verification and verifying copyright to the voice. A third option is to manually verify each request for cloning a voice sample.

Microsoft, which has developed an AI-enabled text-to-speech technology called Vall-E, has warned of the potential for threat actors to misuse its technology to spoof voice identification or impersonate specific speakers. "If the model is generalized to unseen speakers in the real world, it should include a protocol to ensure that the speaker approves the use of their voice and a synthesized speech detection model," the company said.

Facebook parent Meta, which has developed a generative AI tool for speech called VoiceBox, has decided to go slow in how it makes the tool generally available, citing concerns over potential misuse. The company has claimed technology uses a sophisticated new approach to cloning a voice from raw audio and an accompanying transcription. "There are many exciting use cases for generative speech models, but because of the potential risks of misuse, we are not making the Voicebox model or code publicly available at this time," Meta researchers wrote in recent recent post describing the technology.

Source

DARKReading