As city officials continue to investigate, it's unclear which systems were affected and whether it was a ransomware attack.

Source: Mira via Alamy Stock Photo

Cleveland City Hall has been forced to close its doors due to a cyber incident that has disrupted the city's computer systems.

The city has not confirmed which systems were shut down, but the Department of Public Safety (911, police, fire, and emergency medical service), the Department of Port Control (Cleveland Hopkins and Burke Lakefront airports), and the Department of Public Utilities (water, water pollution control, and Cleveland Public Power) all remain operational. 

The cyber incident's nature and scope also have not been confirmed as an investigation is conducted. Only essential staff were required at City Hall on June 10, as officials continue to focus on securing and restoring services.

"According to the city officials, the incident was declared when they spotted abnormal activity on their network on Saturday. They immediately followed the pre-existing incident response plans (IRP)," said Ilia Sotnikov, security strategist and VP of user experience at Netwrix, in an emailed statement to Dark Reading. "We don't know the scope of the impact yet, but we can already say that the city has done a lot of right things to minimize the damage."

Those "right things" include shutting down affected services and isolating services that are high risk, as well as monitoring threats with early detection processes.

The City of Cleveland continues to provide updates through social media channels and is available during daytime hours to residents by calling 311.

**About the Author(s)**

Cleveland City Hall Shuts Down After Cyber Incident

Accused cybercriminal has special skills that helped Conti and LockBit ransomware evade detection, according to law enforcement.

Source: Andrew Unangst via Alamy Stock Photo

Police have arrested a 28-year-old Ukrainian man for his work as a freelance developer for the Russian ransomware groups Conti and LockBit.

The accused is an expert in developing cryptors, software that hides malware from antivirus detection, and according to a Ukrainian police report (translated with Google Translate), he frequently worked for Conti and LockBit in exchange for cryptocurrency. Law enforcement was able to identify his cryptors in successful ransomware attacks in Belgium and the Netherlands.

The crimes could land the accused in prison for up to 15 years, according to the announcement.

The splashy arrest is part of Operation Endgame, an ongoing international law enforcement campaign against cybercrime. Dutch officials said the suspect was taken into custody on April 18 with assistance from the multinational cooperation.

According to Dutch officials (also translated with Google Translate), "The police were tipped off by the NCSC (National Cyber Security Center) and, after further investigation, discovered that the Ukrainian man infected the computer networks of a company in the Netherlands with Conti's malware in 2021; a hacker group that offers ransomware for sale."

**About the Author(s)**

LockBit &amp; Conti Ransomware Hacker Busted in Ukraine

Obtaining — and maintaining — a complete inventory of technology assets is essential to effective enterprise security. How do organizations get that inventory?

Security professionals know that they need to be aware of the assets within their environments if they are to keep their organizations secure. After all, without a comprehensive view into asset inventory, it's impossible to perform effective risk assessment and prioritization of security efforts, vulnerability and attack surface management, and incident response.

The problem is, obtaining that accurate picture has remained elusive. It's a challenge that has increased in complexity and scale, often requiring chasing down information held within siloed teams, and in many ways lacks effective automation. In a recent Dark Reading report, "Effective Asset Management Is Critical to Enterprise Cybersecurity," experts outline the efforts needed to identify and manage business-technology assets to effectively protect an organization.

"Organizations struggle with gaining good visibility," says Tom Eston, offensive security expert and VP of consulting at cybersecurity services provider Bishop Fox.

Eston has witnessed the damage that can occur to an enterprise with a weak understanding of their networked assets. Much of the struggle Eston describes is due to the scale involved in obtaining a comprehensive asset inventory.

"There are just so many assets today," he says. "There are personal devices, company devices, and everything is now networked."

Eston shares an incident about when the physical security department at a client installed a number of inexpensive video cameras on their company network — and then forgot about them.

"No one knew these devices were installed. No one," he recalls. "They got popped."

Such challenges are at the top of CISOs' minds across every industry and for companies of all sizes. Jason Rader, VP and CISO at solutions integrator Insight Enterprises, agrees with Eston; he has had similar experiences.

"You can't secure what you can't see," he says.

The need for continuous digital transformation in the enterprise means asset management is a challenge that isn't going away. The underlying investments organizations make in software — both on-premises and cloud services — and the networked devices that entail such efforts will continue to create a complex, sprawling landscape of business-technology assets that, if not correctly identified and managed, will leave organizations vulnerable.

Download the report to learn how to gain control of your attack surfaces — not only how to know and discover the assets they have in place, but also to understand the security posture of these devices. This includes everything: on-premises software, endpoints, servers, the Internet of Things, operational technology and industrial-control system (OT/ICS) technologies, virtualized workloads, and cloud services.

**About the Author(s)**

An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.

Asset Management Holds the Key to Enterprise Defense

An RCE vulnerability that affects the Web scripting language on Windows systems is easy to exploit and can provide a broad attack surface.

Source: Vladimir Stanisic via Alamy Stock Photo

A threat group is exploiting a critical, easily exploitable PHP bug for remote code execution (RCE) in living-off-the-land style ransomware attacks that target businesses and individuals running both Windows and Linux systems.

TellYouThePass is a ransomware group active since 2019 that attacks victims using known vulnerabilities, particularly those found within open source Web development languages, including the widely exploited Apache Log4j (CVE-2021-44228) and the Apache ActiveMQ Server RCE bug tracked as CVE-2023-46604, according to a blog post published this week by Imperva Threat Research.

Lately the group has been exploiting a critical RCE vulnerability found within the PHP scripting language discovered earlier this month and tracked as CVE-2024-4577. "We noticed a few campaigns, including WebShell upload attempts and several attempts to place ransomware on a target system," the researchers said.

Similar to Java, PHP is a commonly used language in Web development, making any flaws that affect it a broad attack surface for attackers. If the Log4j flaw is any indication, these types of vulnerabilities can set off a viral stream of attacks that can plague organizations and their respective security posture for years.

**Critical Flaw With Public Exploit**

CVE-2024-4577 is an argument-injection vulnerability that stems from errors in character-encoding conversions in PHP, particularly impacting the "Best Fit" feature on Windows systems. "It poses significant risks, potentially allowing malicious actors to execute arbitrary code on vulnerable servers," according to analysis of the flaw by Beagle Security.

Researchers at watchTowr released a proof-of-concept (PoC) exploit script for CVE-2024-4577 on their GitHub page on June 7, demonstrating that the bug was not difficult to exploit.

Apparently TellYouThePass got the memo and has pounced on the flaw to execute arbitrary PHP code on the target system, according to Imperva. Specifically, the group is "leveraging the code to use the 'system' function to run an HTML application file hosted on an attacker-controlled Web server via the mshta.exe binary," according to the post. Mshta.exe is a native Windows binary that can execute remote payloads; thus, the attack vector shows the group operating in a living-off-the-land style.

**How TellYouThePass Attacks**

First identified by security researchers in 2019, TellYouThePass and its ransomware has taken "various forms over the years," according to Imperva. Most recently, variants of the malware have taken the form of .NET samples delivered using HTML applications.

"The initial infection is performed with the use of an HTA file (dd3.hta), which contains a malicious VBScript," according to the post. "The VBScript contains a long base64 encoded string, which when decoded reveals bytes of a binary, which are loaded into memory during runtime."

Further analysis of the executable reveals that the ransomware is a .NET variant that upon initial execution sends an HTTP request to the command-and-control (C2) server containing details about the infected machine as a notification of infection. "The callback masquerades as a request to retrieve CSS resources likely designed to evade detection," according to Imperva.

Once executed, the ransomware enumerates directories, kills processes, generates encryption keys, and encrypts files within each enumerated directory that has a defined file extension. Its final act is to publish a ReadMe message in the Web root directory that provides victims the info they need to respond to the attack.

**Avoiding Compromise via CVE-2024-4577**

The issue affects PHP versions 8.1. before 8.1.29; 8.2. before 8.2.20; and 8.3. before 8.3.8 when using Apache and PHP-CGI on Windows. PHP versions 8.1.29, 8.2.20 and 8.3.8 patch the flaw.

There are other ways that organizations can mitigate exploit of the PHP flaw as well as avoid ransomware attacks in general. Patching affected systems would be the first obvious mitigation of CVE-2024-4577; however, as seen with Log4j, sometimes it's difficult to update every system that is affected by a flaw in a Web scripting language.

One way to minimize exploitation of the flaw is to disable running PHP with CGI mode enabled, according to an analysis of the flaw posted online by DEVCORE. "Since PHP CGI is an outdated and problematic architecture, it's still recommended to evaluate the possibility of migrating to a more secure architecture such as Mod-PHP, FastCGI, or PHP-FPM," according to the post.

Some general best practices to avoid being compromised by ransomware include having strong awareness of all the various assets and applications present in an environment and patching any vulnerabilities affecting them, according to Imperva. Organizations also should use Web firewall technology that can stop attacks once they are discovered, as well as a reliable anti-virus program as a first line of defense against malware campaigns like TellYouThePass.

**About the Author(s)**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

TellYouThePass Ransomware Group Exploits Critical PHP Flaw

Alignment between these domains is quickly becoming a strategic imperative.

Source: Panther Media GmbH via Alamy Stock

COMMENTARY

With an increasingly complex threat landscape and the progression of threat-actor tactics, effective cybersecurity is non-negotiable. At the same time, staffing challenges and an uncertain economy have made it increasingly challenging to manage your attack surface and keep would-be threat actors at bay.

That's not for lack of effort — or expenditure. Gartner forecasts that the world will spend $215 billion on risk management and cybersecurity in 2024. That's a 14% increase over 2023. Gartner expects that expenditures for IT will reach a whopping $5.1 trillion in 2024.

Amid all this, companies are striving for disruptive innovation and progress while keeping a close eye on budgets. Many workers are feeling spread thin, with more data and endpoints than ever and not enough qualified talent to be found. As a chief information officer (CIO), I can attest that I've seen this crunch particularly within the global IT space. This is not a good moment for IT to be stressed out and overworked. The stakes are simply too high.

So, how can organizations mitigate threats while maintaining momentum?

It's time to finally break down the silos between IT and security. That starts by fostering alignment between the CIO and chief information security officer (CISO).

**Streamlined, Secure — or Both?**

Individually, CISOs and CIOs are powerful forces with a lot on their plates — and a lot on the line. Together, they could be unstoppable. However, historically, organizational structures have relegated CISOs and CIOs to separate domains with distinct — and occasionally contradictory — objectives.

**Access, Please: The CIO Imperative**

For many CIOs, it's common to be focused on streamlining and efficiency, especially given staffing challenges. Additionally, CIOs and IT teams work to ensure continuous access to optimized tools that help employees get their jobs done. Sixty-one percent of IT professionals admit that negative technology experiences directly impact their morale, underscoring the palpable connection between tech efficiency and employee engagement.

Lack of access to the right tools can contribute to "shadow IT." Conversely, streamlined, efficient operations enhance speed and elevate the digital employee experience.

**Standing Guard: The CISO Imperative**

Meanwhile, my peers in the CISO role dial in to ensure organizations are as secure as possible. This is a critical and constantly moving target, as threat actors continue to find new avenues of attack. Effective cybersecurity prevents all manner of problems, ranging from the inconvenient (unexpected downtime) to the catastrophic (a major breach).

I have an enormous amount of respect for the CISO role, as should everyone impacted by security. (And that's all of us.) In 2022, the average cost of a single data breach was $4.5 million — not counting ransomware costs. Meanwhile, nearly 87% of businesses grapple with a shortfall in IT security staff. This talent crunch severely threatens organizations’ defenses against evolving cyber threats.

**Exploring the Overlap**

Both CIO and CISO roles seek to optimize business outcomes, though we often take differing approaches. "Streamlined" and "secure" are frequently mutually exclusive, particularly if your organization lacks the right tools.

There are several areas impacting both IT and security. Just two include:

*   Influx of devices and data: It's anticipated that more than 180 zettabytes of data will be floating around by 2025. If you thought we were already facing a data firehose, you haven't seen anything yet. The more data produced, the more streamlined operations must be to manage relevant data effectively — and the more importance must be placed on data protection.
    

*   Shifting work environments posing challenges: The mix of remote, hybrid, and in-person work environments — plus the increasing reliance on personal devices used to access company data — makes things more challenging for both IT and security.
    

Problems like these aren't theoretical — they’re real. According to Duke University research, "more than 80 percent of U.S. companies indicate their systems have been successfully hacked in an attempt to steal, change or make public important data." Meanwhile, the digital employee experience is more critical than ever in the battle to attract, engage, and retain top talent — so any tools and policies must be user friendly and secure.

I like to think of these challenges as shared opportunities. 

**Unlock the Collaborative Potential of CIOs and CISOs**

This is where alignment comes in. IT and security may have been siloed, but that could change. The past few years have shown change is not only possible but essential for survival. 

Breaking down the silos between your IT and security leaders doesn't diminish their roles, it elevates them.

Collaborative IT and security leaders, and their teams, enjoy the benefits of:

*   Financial optimization through consolidation: Streamlining vendor and technology portfolios for optimized spending and resource utilization.
    

*   Elevated employee engagement: Eradicating shadow IT and fortifying digital business for heightened engagement and security. 
    

*   Heightened enterprise resilience: Bolstering cybersecurity measures to curtail risks and fortify the organizational backbone.
    

Fostering alignment between these teams will vary, but there are a few universal principles to keep in mind:

*   Loop in your applicable executive(s), e.g., your CEO, from the start. They should be on board with and involved in facilitating this alignment.
    

*   Clarify objectives and define roles. Seek commonalities with your counterpart to identify overlap and gaps. 
    

*   Make yourself open for regular communication and collaboration — and find out if there are cross-training initiatives available.
    

*   In collaboration with applicable executives, adopt a unified approach to performance metrics, reporting mechanisms, risk management, data governance, and compliance.
    

*   Work together when making decisions on technology adoption, resource allocation, and budgeting.
    

*   Tooling should be a shared responsibility to ensure coverage and observability are always meeting key performance indicators (KPIs).
    

The endgame with these tactics is a more efficient operation to make life easier for both parties. Worth noting: Intelligent hyperautomation can be a massive benefit in streamlining processes and amplifying operational efficiency.

IT and security alignment is a strategic necessity. This collaborative effort fosters mutual accountability and improves overall security by eliminating data silos that hinder response times and hide crucial insights.

**About the Author(s)**

Chief Information Officer, Ivanti

Robert Grazioli is chief information officer (CIO) of Ivanti, responsible for all of its global IT systems and SaaS Operations, including the integration of Ivanti acquisitions over the past two years. Bob originally joined Ivanti in June 2020 as vice president of SaaS operations. Bob brings more than 25 years of global experience spanning the financial services and the software industry. He has been involved in some of the biggest software acquisitions in the industry over the past 10 years and has been responsible for some of the largest SaaS offerings in the industry. In addition, Bob has oversight of Customer Zero, taking Ivanti’s SaaS operations to the next level through leveraging our own learnings to benefit the needs of our customers.

Why CIO &amp; CISO Collaboration Is Key to Organizational Resilience

The threat group behind breaches at Caesars and MGM moves its business over to a different ransomware-as-a-service operation.

Source: Papilio via Alamy Stock Photo

Last spring's spectacular implosion of mainstay ransomware-as-a-service (RaaS) operation BlackCat/AlphV left its affiliates burned — gamed out of millions they were owed for past scams and left without infrastructure to support their future cybercrime aspirations. What ensued was a recruiting war for the best affiliates into the RaaS groups left standing.

The RansomHub RaaS group appears to have scored a major victory by attracting the Scattered Spider threat group into its affiliate ranks, according to new research from GuidePoint Security. A detailed analysis reveals that Scattered Spider, a notoriously aggressive threat group behind the 2023 ransomware attacks on Caesars Entertainment and MGM Resorts, has been carrying out ransomware attacks using RansomHub starting earlier this year.

**RansomHub RaaS Recruiting Campaign**

The timing jibes with ads posted on the Dark Web by RansomHub promising prospective affiliates juicy 90/10 ransom splits with the group, as well as the promise to allow the cybercriminals to get paid first and payout the group later, to avoid "exit scams" like the one BlackCat pulled last March, according to Jason Baker, senior threat consultant with GuidePoint Security.

"Scattered Spider affiliates may also have been attracted to RansomHub based on the movement of peers or positive word-of-mouth," Baker tells Dark Reading.

Since those ads began, RansomHub has seen remarkable growth, Baker adds.

"RansomHub began claiming victims publicly on its data leak site in February, and has since posted over 75 victims in an alarmingly quick rise to prominence amid its peers, who generally operate at a slower pace in early months of operations," he says. As the group continues to attract talented cybercriminals who can earn a dishonest buck with RansomHub, the RaaS outfit is likely to continue to expand its operation, Baker predicts.

"If RansomHub operations are enjoying some level of success in revenue generation, and/or if other sophisticated affiliates have begun working with RansomHub, it could make the group a more attractive destination amidst other options," Baker says.

RansomHub Brings Scattered Spider Into Its RaaS Nest

Greater collaboration between financial and law enforcement officials is needed to dismantle cybercrime scam centers in Cambodia, Laos, and Myanmar, which rake in tens of billions of dollars annually — and affect victims worldwide.

Forced-Labor Camps Fuel Billions of Dollars in Cyber Scams

CVE-2024-30080 is the only critical issue in Microsoft's June 2024 Patch Tuesday update, but many others require prompt attention as well.

Source: SuPatMaN via Shutterstock

Microsoft has issued fixes for a total of 49 vulnerabilities in its Patch Tuesday security update for June, including a critical bug in Microsoft Message Queuing (MSMQ) technology that could open vast swathes of companies to remote code execution (RCE) and server takeover.

The issue (CVE-2024-30080, CVSS score of 9.8 out of 10) is remotely exploitable, with low attack complexity, requires no privileges, and takes no user interaction; and it carries high impacts on confidentiality, integrity, and availability, according to Microsoft. Attackers can use it to completely take over an affected server by sending a specially crafted malicious MSMQ packet. To check vulnerability, confirm users should whether the 'Message Queuing' service is running and if TCP port 1801 is open on the system. The bug affects all versions of Windows starting from Windows Server 2008 and Windows 10.

Its impact could be felt in the threat landscape sooner rather than later, so patching quickly is a must: "A couple of quick Shodan searches reveal over a million hosts running with port 1801 open and over 3500 results for 'msmq'," said Tyler Reguly, associate director security R&D at Fortra, in an emailed statement. "Given this is a remote code execution, I would expect to see this vulnerability included in exploit frameworks in the near future."

This is the only bug that Microsoft has rated as critical this month, but there are several others in the update that merit prompt attention as well, according to security analysts.

**High-Priority Microsoft Bugs for June 2024**

Among the high-priority bugs to put at the top of the patching list are: CVE-2024-30103, a remote code execution (RCE) vulnerability in Microsoft Outlook in which the Preview Pane is an attack vector; CVE-2024-30089, a vulnerability in Microsoft Streaming Services that gives attackers a way to gain system level access; CVE-2024-30085, a privilege escalation bug in Windows Cloud Files Mini Filter Driver that Microsoft has identified as more likely to be exploited; and CVE-2024-30099, an elevation-of-privilege (EoP) vulnerability in Windows Kernel Driver that attackers can abuse to take over an affected system.

In all, Microsoft categorized 11 of the 49 vulnerabilities in this month's update as flaws that threat actors were more likely to exploit because of factors like low attack complexity and the fact that adversaries need no special privileges or user interaction to take advantage of them.

**RCE Bugs to Prioritize**

This month's collection of noteworthy RCE bugs include CVE-2024-30101, a use-after-free bug in Microsoft Office that requires active user interaction for an attack to succeed; CVE-2024-30104 in Microsoft Office; and the previously mentioned CVE-2024-30103 in Microsoft Outlook, which an attacker can trigger via the Preview Pane in an email.

The latter is potentially especially dangerous because an attacker can use it to bypass Outlook registry block lists and enable the creation of malicious DLL files.

"This Microsoft Outlook vulnerability can be circulated from user to user, and doesn't require a click to execute," Morphisec researchers said in a blog. "Rather, execution initiates when an affected email is opened. This is notably dangerous for accounts using Microsoft Outlook’s auto-open email feature."

Microsoft itself has assessed the flaw as something that attackers are less likely to exploit.

**High Number of Elevation-of-Privilege Bugs**

Somewhat unusually, there were more EoP flaws this time around than there were RCE bugs, accounting for nearly half of the CVEs patched.

Satnam Narang, senior staff research engineer at Tenable, pointed to CVE-2024-30089, the bug in Microsoft Streaming Services, as one of the privilege escalation flaws that organizations need to prioritize the most.

"These types of flaws are notoriously useful for cybercriminals seeking to elevate privileges on a compromised system," Narang said. "When exploited in the wild as a zero-day, they are typically associated with more advanced persistent threat (APT) actors or as part of targeted attacks."

CVE-2024-30089 is one of two EoP vulnerabilities in Streaming Service that Microsoft disclosed this month. The other is CVE-2024-30090, which also gives attackers a way to gain system-level privileges but is harder to exploit.

In prepared comments, Kev Breen, senior director threat research at Immersive Lab, identified CVE-2024-30085 as another EoP flaw that will likely draw attacker interest. The bug in Windows Cloud Mini Files Driver allows for system level privileges on a local machine.

"This type of privilege-escalation step is frequently seen by threat actors in network compromises, as it can enable the attacker to disable security tools or run credential dumping tools like Mimikatz," for lateral movement and further compromise, he said. Microsoft's description of the flaw suggests it is identical to CVE-2023-36036, a zero-day bug in Cloud Files Mini Filter that attackers actively exploited last year, Breen said.

CVE-2024-30099 is another EoP vulnerability that Microsoft has listed in its more category of more exploitable bugs. What makes the bug especially noteworthy is that it exists in the NT OS kernel. The vulnerability allows an attacker that can trigger — and win — a race condition within the kernel to take over an affected system. However, the Windows Message Queuing Service must be enabled for an attacker to be successful.

"This vulnerability should be on everyone's patch list due to it being so central to the operating system," said Ben McCarthy, lead cyber security engineer at Immersive Labs, in emailed comments.

There are several other kernel-related EoP vulnerabilities that organizations would do well to prioritize, McCarthy noted. These include CVE-2024-35250, CVE-2024-30084, CVE-2024-30064, CVE-2024-30068, and CVE-2024-35250.

"These sorts of vulnerabilities are often what attackers will try to weaponize after the patch day," he said. "So, it is always wise to patch kernel-related vulnerabilities because successful exploitation of these vulnerabilities mean they get complete access to a computer's resources and run as SYSTEM privileges."

**About the Author(s)**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Critical MSMQ RCE Bug Opens Microsoft Servers to Complete Takeover

Lacework has been looking for a buyer for some time. The deal gives Fortinet a boost in the cloud security space.

Fortinet announced Monday its plans to acquire cloud security firm Lacework to enhance its secure access service edge (SASE) offerings with cloud-native security services.

Lacework integrates cloud-native application protection platform services to safeguard what's happening inside the cloud infrastructure. The data-powered cloud security platform collects and analyzes data from across cloud environments so that customers can manage and secure their cloud workflows. The platform identifies and shares details about abnormal or unexpected activities that could indicate a security problem. Lacework offers artificial intelligence and machine-learning technology, data collection capabilities, a data lake, and code security tools, wrote John Maddison, chief marketing officer at Fortinet, in a blog post announcing the acquisition.

Fortinet plans to integrate capabilities from Lacework's cloud-native application protection platform into its SASE portfolio. According to Maddison, combining Lacework with Fortinet's firewall and Web application and API protection (WAAP) capabilities will allow customers to protect what's happening inside the cloud application, as well as what's happening between the application and outside the network.

Back in 2021, Lacework was valued at $8.3 billion. Earlier this year, there were reports that Wiz was in talks with Lacework for a small fraction of the company's valuation. The terms of Fortinet's deal, expected to be completed in the second half of the year, were not disclosed.

**About the Author(s)**

Fortinet Plans to Acquire Lacework

PRESS RELEASE

PARAMUS, NJ – JUNE 11, 2024  – Checkmarx, the industry leader in cloud-native application security for the enterprise, has released Checkmarx Application Security Posture Management (ASPM) and Cloud Insights to provide organizations with unmatched visibility into their application security posture stretching from code to cloud. Available on the Checkmarx One AppSec platform, ASPM and Cloud Insights empower enterprises developing cloud-native applications to dramatically reduce application and business risk by delivering end-to-end insights into their application security posture, helping them better correlate, prioritize and triage remediation efforts.

“Developers and AppSec teams are looking to consolidate the vulnerabilities and insights they get from security scanners and tools so they can identify and work on what are truly the most important to remediate in order to prevent issues in cloud runtime.  With the increase in complexity inherent with cloud-native applications, and the various solutions required to detect vulnerabilities in every aspect of the applications, development and application security teams are simply lost,” said Kobi Tzruya, Chief Product Officer at Checkmarx. “Checkmarx Cloud Insights revolutionizes the way that teams approach application security by bringing runtime context back into the development life cycle, where Checkmarx helps them prioritize. Now developers can focus on what matters most, allowing them to make the most effective remediation efforts in less time.”

Checkmarx ASPM correlates and prioritizes security signals from every application security solution in the enterprise development environment, to improve visibility, reduce risk, and better manage overall application security posture. ASPM is built on Checkmarx’ award-winning Fusion correlation engine and Application Risk Management, which already extracted unique insights from our consolidated AppSec platform, such as identifying reachable vulnerabilities. It now adds a new capability to Bring Your Own Results (BYOR) to expand coverage beyond Checkmarx’ award-winning solutions by importing SARIF and OSCF results from any third-party solution, including those from Checkmarx partners such as Zimperium, Onapsis and others.

With Checkmarx Cloud Insights, developers and AppSec leaders benefit from:

*   Correlation and integration of Checkmarx data with data from cloud service providers (CSPs) and cloud-native application protection platforms (CNAPP).
    
*   New ways to prioritize remediation, including through open-source libraries called in the runtime environment (via integration with Sysdig) and by internet-facing network exposure when deployed in the cloud environment (through partnerships with Wiz and Amazon Web Services.) The information is integrated within Checkmarx Application Risk Management.
    
*   The ability to track remediation of a vulnerability through the software development life cycle (SDLC) by way of the attack path. For example, if a vulnerability is found in a running application, Cloud Insights:
    
    *   Identifies the repository and the developer to speed the process of remediation
        
    *   Pinpoints the container image to verify that the fix is reflected there
        
    *   Lists the running container clusters to enable verification that the running application was rebooted with fixed images and is no longer in the running environment.
        
    
*   Improved developer experience with the delivery of prioritized risk intelligence that focuses developers on remediating vulnerabilities that are most critical, are most at risk of exploitation or represent the greatest risk.
    

 “Checkmarx One is the leading enterprise application security platform. By opening it to third-party results, our joint customers can easily extend their coverage and get a unified view within Checkmarx ASPM. We’re excited to partner with Checkmarx, which brings Zimperium’s leading mobile security threat insights directly into the Checkmarx Application Security Posture Management (ASPM) platform,” said Nitin Bhatia, Chief Strategy Officer at Zimperium. “This collaboration empowers an organization to manage and secure their entire mobile application landscape more effectively, ensuring comprehensive protection against emerging threats.”

For more information on the Checkmarx One platform, ASPM and Cloud Insights, visit this page.

**About Checkmarx**

Checkmarx has been trusted by enterprises worldwide to secure their application development from code to cloud. Our consolidated platform and services balance the dynamic needs of enterprises by improving security and reducing TCO, while simultaneously building trust between AppSec, developers, and CISOs. At Checkmarx, we believe it’s not just about finding risk, but remediating it across the entire application footprint and software supply chain with one seamless process for all relevant stakeholders. We are honored to serve more than 1,800 customers, including 40 percent of all Fortune 100 companies.

Follow Checkmarx on LinkedIn, YouTube, and Twitter/X.

You May Also Like

Source

DARKReading