The automated capabilities can discover misconfigurations, compliance violations, and risk or excessive privileges in Kubernetes clusters.

Ermetic has introduced new Kubernetes security posture management capabilities to its cloud-native application protection platform (CNAPP). Customers can take advantage of the automated features to discover and fix misconfigurations, compliance violations, and risk or excess privileges in Kubernetes clusters. Ermetic CNAPP provides a detailed inventory of the resources inside all Kubernetes clusters, performs continuous posture assessment and prioritization of risks, and offers remediation guidance, the company said.

The platform queries the Kubernetes API for each cluster, and uses agentless scanning and analysis of node configurations and containers. These findings are then combined with signals from the platform's cloud workload protection (CWP), infrastructure as code (IaC) scanning, cloud security posture management (CSPM), and cloud infrastructure entitlement management (CIEM) functionality to provide full visibility into threats, the company said. Customers can get a list of prioritized vulnerabilities within the context of cloud configuration, permissions, and network access. Customers can also enforce least privilege for users and services using the internal Kubernetes role-based access controls.

While Kubernetes is powerful for deploying and managing containerized applications across multiclouds, it can also be challenging for security teams to effectively track configuration changes, manage secrets, ensure proper role-based access control, and identify vulnerabilities. "Existing approaches to Kubernetes security typically provide a siloed view, which results in high false positive rates," Ermetic's chief product officer Sivan Krigsman said in a statement.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Ermetic Adds Kubernetes Security to CNAPP

**NEW YORK: March 1, 2023 –** Octillo, a women-owned cybersecurity, data privacy, and technology-focused law firm, is pleased to announce the launch of their 2023 Octillo Women’s Cybersecurity Scholarship program, administered by the Center for Cyber Safety and Education.

The Octillo Women's Cybersecurity Scholarship program builds upon one of Octillo’s core missions, to promote diversity, equity, and inclusion in the cybersecurity industry and support the next generation of female cyber professionals through mentorship and education. One $4,000 scholarship will be awarded to a woman pursuing or planning to pursue a degree focusing on cybersecurity, data protection, or a similar field at the undergraduate or graduate level.

“As the technological, data security, and privacy landscapes evolve, the need for cybersecurity professionals continues to grow,” says Octillo Managing Director, Kara Hilburger. “Women are still very much underrepresented in the cybersecurity and technology industries. Octillo is proud to be on the forefront, helping to break down some of these barriers to help women obtain the resources they need to pursue in this highly specialized field.”

Applications for the 2023 Octillo Women’s Cybersecurity Scholarship open on March 1st and close on May 1st at 11:59 PM ET. The recipient will be notified in June. For more information on eligibility and application requirements, visit: https://www.iamcybersafe.org/s/octillo-womens-cybersecurity-scholarship

**About Octillo:** Octillo is a woman-owned technology law firm and one of the few firms in the United States with a recognized focus solely on data security, privacy and technology compliance, incident response, and litigation. Guided by their core values of excellence, drive, and originality, Octillo attorneys counsel clients on matters pertaining to data security and privacy compliance, litigation and class action defense, technology contracts, incident response, government investigations, technology intellectual property, and emerging technologies. Octillo is a NetDiligence® Authorized Breach Coach – a recognition offered only to firms with a proven track record of competency and experience responding to data incidents. Octillo has offices from California to New York. Learn more at www.octillolaw.com.

**About the Center for Cyber Safety and Education:**The Center for Cyber Safety and Education (Center), formerly (ISC)² Foundation, is a non-profit charitable trust committed to making the cyber world a safer place for everyone. The Center breaks down barriers in exposure and access to the cyber profession and provides opportunities for individuals, groups, and organizations with the most need to benefit from the commitment of (ISC)2 to the profession. Learn more at www.iamcybersafe.org.

Octillo Launches Women's Cybersecurity Scholarship in Partnership With the Center for Cyber Safety and Education

Volume of SaaS assets and events magnifies risks associated with manual management and remediation.

**NEW YORK****,** **March 1, 2023** **/PRNewswire/ --** DoControl, the automated Software-as-a-Service (SaaS) security company, today released its 2023 SaaS Security Threat Landscape Report, which quantifies the volume, types, and exposure risk of business assets stored within the SaaS estates of medium companies (50 to 1,000 employees) and large companies (1,001 to 6,696 employees). The report found that large and medium companies had an average of 5.5 million and 1.5 million assets stored in SaaS applications respectively, illustrating the challenge IT and SecOps teams face daily in securing the intellectual property those assets contain.

SaaS applications, while both vital and ubiquitous within business technology stacks, expose companies of all sizes to significant security risks stemming from undetected data exfiltration. With large companies averaging 2,775,000 SaaS activities per week involving nearly 55,750 SaaS assets, manually monitoring every event and asset is functionally impossible. The notable shortage of security professionals and the burnout caused by competing priorities demonstrates why security automation is the only feasible approach in this landscape.

"While we all rely on SaaS applications to improve productivity and collaboration, few have stopped to consider the sheer number of assets that flow in and out of these tools each day," said Adam Gavish, CEO and Co-founder, DoControl. "Enterprises increasingly consider security when entering business transactions and engagements, which means the risks of a poor SaaS security posture can act as a spoiler for business outcomes. The goal of this report is to quantify and illustrate the chaos so businesses can better understand their risk exposure and act accordingly to regain control of their SaaS estate."

The vulnerabilities covered in the SaaS Security Threat Landscape Report are broken out into five different categories:

**Insider Threats** 

Whether accidentally or deliberately, insiders can exfiltrate confidential intellectual property and customer information, exposing companies to financial extortion and devastating brand damage. DoControl found that 81% of medium-sized companies and 78% of large companies have encryption files stored in Google Drive/Workspace. An organization may feel secure storing assets in various apps, but they need to be vigilant of assets leaving those domains. As 61% of companies have employees who have shared company-owned assets with their personal email, manually tracking sensitive assets may be more difficult than previously imagined.

**External Actors & Access** 

Control of a company's data or intellectual property can become tenuous when collaboration extends beyond the company's security perimeter and files are shared with external parties via SaaS applications. Medium-sized companies in DoControl's study had on average nearly 224k assets in SaaS applications that have been shared externally, with nine external actors per employee on average.

Compounding this issue is that over-provisioning access to SaaS files can result in those assets being distributed to external collaborators beyond those which they were originally intended. DoControl found large companies had an average of 94,455 publicly-shared assets stored in SaaS applications. Companies need to limit external sharing by implementing least privilege permissioning and by removing access when assets are no longer needed by the parties with whom they were shared.

**Third-Party to Fourth-Party Sharing**

One of the ramifications of not adequately limiting the data access granted to external parties is third-party to fourth-party sharing. Over the course of the first nine months of 2022, DoControl identified over 1,189 events within large companies where third-party actors shared assets with fourth-party actors. In many instances, trusted third-parties have legitimate reasons for sharing SaaS assets with fourth parties. These situations, however, should be managed by the originator of the SaaS assets. At large companies, 241 fourth-party domains on average have access to its SaaS assets. Without adequate SaaS data access controls, the originators often lose sight of assets shared externally, introducing an unacceptable level of risk.

**Outdated Permissions**

There are two manifestations of outdated permissions. The first is ongoing access to SaaS assets that are no longer supporting current business objectives. DoControl found 67% of all companies have employees with lingering access to assets stored in Google Workplace that are more than 5 years old.

The second form of outdated permission is access that persists after employees have parted ways with their employer. Out of all companies, 31% have former employees who have accessed assets stored in SaaS applications after they have parted ways with their employer. Unsurprisingly, large companies tend to have more former employees with access (20 on average) than medium companies (slightly more than six on average), but even one former employee – especially a disgruntled one – can present an unacceptable risk.

**Third-Party OAuth Applications**

Applications often allow integrations with third parties to make workflows more efficient, convenient, or productive. However, third-party applications can also pose a threat to companies, especially when given unnecessary read-write permissions. Granting unnecessary read/write access to applications that may not have strong enough native security controls can open the door to data exfiltration and supply chain-based attacks. The major collaboration application companies often support numerous third-party application integrations. Unfortunately, it's not uncommon for some of these third-party applications to be overprivileged.

At large companies, Google has an average of 81 third-party application integrations. On average, 27 of those Google integrations have data access and nine are overprivileged.

DoControl helps avoid the devastating consequences of data exfiltration and leakage. Its unique approach to managing SaaS data access remediates any situations highlighted in the SaaS Security Threat Landscape Report by providing centralized, automated, granular data access controls over the SaaS applications in companies' technology stacks. DoControl's no-code, automated workflows help IT and security teams manage their SaaS data access so companies can move forward with SaaS deployments confidently, and in a secure manner.

According to Gartner, 60% of organizations will use cybersecurity risk as a significant determinant in conducting third-party transactions and business engagements by 2025. To view more insights and begin your own enterprise audit across the five SaaS security benchmarks, download the full 2023 SaaS Security Threat Landscape Report.

**Additional Resources:**

*   Download the SaaS Security Threat Landscape Full Report
*   Download the SaaS Security Threat Landscape Executive Summary
*   Register for the Webinar
*   Read the Blog 

To learn more about DoControl, visit the website or request a demo.

**Methodology**

This report aggregates findings across a subset of companies for which DoControl performed an audit of SaaS data access control and exposure. We have compiled the findings from audits of a cross-section of companies ranging in size from 11 to 6,696 employees. In situations where DoControl saw significant differences in the findings by company size, it broke those results out into two groups — medium-sized companies (50 to 1,000 employees) and large enterprises (1,001 to 6,696 employees). In situations where the difference between the two groups was insignificant, DoControl reported just one overall statistic.

**About DoControl**

Founded in 2020 and headquartered in New York, DoControl is an automated data access controls platform for SaaS applications, improving security and operational efficiency with ease for enterprises. DoControl is backed by investors Insight Partners, StageOne Ventures, Cardumen Capital, RTP Global and global cybersecurity leader CrowdStrike's early stage investment fund, the CrowdStrike Falcon Fund. The company's leadership team combines product, engineering and sales experience across cybersecurity, enterprise and SaaS innovators. For more information, please visit www.docontrol.io. Follow us on Twitter and LinkedIn.

DoControl's 2023 SaaS Security Threat Landscape Report Finds Enterprises and Mid-Market Organizations Have Exposed Public SaaS Assets

New eXtended Detection and Response Solution is 450X more efficient than typical SOCs at converting telemetry and logs into actionable alerts.

**SAN JOSE, Calif. March 1, 2023** **–** Forescout Technologies Inc., the global leader in automated cybersecurity, today unveiled Forescout XDR, to help enterprises better detect, investigate, and respond to the broadest range of advanced threats, across the extended enterprise.

A typical SOC is flooded with 450 alerts per hour1, and analysts waste precious time trying to correlate low fidelity alerts and chasing false positives, often at the expense of focusing on legitimate attacks. Until now, a security operations center’s (SOC) field of view for threat detection and response has excluded critical devices that are increasingly common points of attack, including operational technology (OT), industrial control systems (ICS), building management systems (BMS), and medical and IoT devices. In addition, the technology stack that SecOps teams have had to rely on has made it difficult to respond to these threats in a rapid and comprehensive manner.

"The true value of an XDR solution lies in its ability to ingest telemetry and data from across the entire enterprise: cloud, campus, remote and datacenter environments, and every managed and unmanaged connected device. This is what the X in XDR is all about, after all," said **Justin Foster, CTO, Forescout.** "Traditional XDR products lack this capability, or they only leverage data from the vendor’s own EDR or a few other security tools. This significantly limits the flexibility, scalability and effectiveness that an XDR solution must provide."

Through the advanced application of data science and automation, Forescout XDR generates one high-fidelity alert that truly warrants analyst investigation, from every 50 million logs ingested, per hour2. Because Forescout XDR is vendor- and EDR-agnostic, this ingestion includes data from over 170 security, infrastructure, application, cloud/SaaS and enrichment sources, and dozens of leading vendors. And with over 70 sources of threat intelligence and 1500 verified detection rules and models, and data onboarding included, Forescout XDR customers can be operational within hours, actively detecting, investigating, and responding to threats.

"Forescout XDR, with the breadth and richness of its capabilities, particularly its dashboards and reporting, provides an out-of-the-box solution to SOC challenges that we spent 18-24 months trying to address," said **Samer Mansour, CISO, Panasonic Corporation of North America**. "It was easy to deploy, and fully operational in a matter of weeks. And with its tight integration to Forescout’s network security and visibility solutions, and our broader security tech stack, it gives us the ability to exert a lot more control across our IT and OT environments, and further elevate our overall security."

Seamless integration with Forescout’s industry-leading network access control solution, helps ensure that customers can:

1\.   Reduce the attack surface, and the risk of an attack in the first place, by preventing compromised or non-compliant devices from connecting to their networks. This proactive approach to XDR further elevates the effectiveness and performance of a modern SOC.

2.  Automate response workflows that can immediately touch every managed and unmanaged connected device, across the enterprise. This reduces an attack's blast radius in real-time, allowing proper mitigation or remediation measures to be completed. 

Because Forescout XDR has a multi-tenant architecture and supports local data storage while also being able to provide an aggregated global view of threats and SOC performance, it is ideally suited to large enterprises, multi-nationals, organizations with regional SOCs and managed security service providers (MSSPs).

**Pricing**

SaaS licensing is based on the total number of endpoints in the enterprise. As such, customers have the flexibility to leverage the data sources needed to fully support the use cases important to them, and help ensure better detection, without concern for escalating or fluctuating costs associated with cloud log storage.

**About Forescout**

Forescout Technologies, Inc. delivers automated cybersecurity across the digital terrain, maintaining continuous alignment of customers’ security frameworks with their digital realities, including all asset types- IT, IoT, OT, IoMT, and cloud environments. The Forescout Platform provides complete asset visibility, continuous compliance, network segmentation and a strong foundation for Zero Trust. For more than 20 years, Fortune 100 organizations and government agencies have trusted Forescout to provide automated cybersecurity at scale. Forescout arms customers with data-powered intelligence to accurately detect risks and quickly remediate cyberthreats without disruption of critical business assets. www.forescout.com

Forescout Addresses Modern SecOps Challenges With Launch of Forescout XDR

By authenticating and authorizing every application, and by maintaining data lineage for auditing, enterprises can reduce the chances of data exfiltration.

Ten or more years ago, most databases were on-premises only. There was no exposure outside the perimeter, and the only people who had access in an average company were a few database administrators. Then, enterprises and internal development teams began connecting them to a few applications, hardcoding the credentials into the software for convenience. But that handful kept growing. And now, no-code and low-code is essentially backing up the truck loaded with applications that have database access — and we're not always sure about the qualifications of the driver.

Low-code and no-code (LCNC) frameworks are speeding application development and enabling even non-technical users to quickly create software to suit their business needs. LCNC platforms have the potential to slash costs, reduce time-to-market, and disrupt industries; however, they could also be unwittingly laying the groundwork for future data disasters.

The first concern when it comes to LCNC platforms is a lack of visibility. There's often no knowledge about code quality, its vulnerabilities, or how well it's been tested. The non-IT pros who develop these applications aren't trained to maintain them, often create misconfigurations, and don't know the best practices on how to keep them from opening up security vulnerabilities such as data exfiltration.

**Why Zero Trust Alone Isn't Enough**

Increasingly, organizations are turning to the zero trust model to mitigate security risk. With this model, the goal is to enforce least privilege to users and applications. This calls for all users and applications to be authenticated, authorized, and continuously validated before being granted access to data.

Many enterprises rely upon privileged access management tools, which are important to helping achieve zero trust across much of the IT infrastructure. But these tools are blind to the context of the database. They are not equipped to grant privileges based on who or what is accessing the data, what they are accessing, and for what purpose. Because these controls only provide all-or-nothing access, no-code and low-code applications could end up exposing sensitive data.

The most under-discussed security issue around LCNC may be that even the apps IT has sanctioned often don't maintain a record of data lineage. There's often no knowledge of when these apps accessed databases, how much data was accessed, and what happened to that data. But every time an application accesses data, it needs to read and write data somewhere — even if it's temporary. And it often isn't, and the data pulled from a database for an app's use ends up living somewhere else too.

**Restoring Visibility to Reduce Risk**

These days, rather than on premises, data could reside in a database, data warehouse, or data pipeline. But without a framework to apply controls, there's no history or record — data is essentially in the enterprise wild.

This lack of data lineage records partially explains why it can take so long for organizations to notify affected parties after a data breach. It can take weeks, even months, to assess the impact of data exfiltration because today most organizations cannot tell you exactly which of their people and applications have access to their databases. Even fewer can point at which data within the databases those applications can access. It's becoming clear that unless organizations worldwide put a new level of data security governance in place, the LCNC paradigm will only accelerate the trend of data exfiltration.

However, security teams can have both LCNC and database security by following a few design principles:

*   Create a governance model that works across databases, data lakes, and data services
*   Enforce least privilege
*   Provide real-time visibility into which applications are accessing which data for what reason

By making sure every application is authenticated and authorized before it is provided fine-grained access, and by keeping a record of data lineage for future auditing, enterprises can reduce the risk of LCNC frameworks.

In the end, today's enterprises don't need to shrink away from using no-code and low-code technologies, but they do need to put data security governance controls in place. As each new app potentially gives rise to new vulnerabilities, rather than investing only in security tools that protect the perimeter or the vector, every company — whether a startup or a global enterprise — should invest in protecting the key source of value for the business operations: the data layer.

Visibility Is as Vital as Zero Trust for Low-Code/No-Code Security

**SAN FRANCISCO – March 1, 2023 –** Fastly, Inc. (NYSE: FSLY), the world’s fastest global edge cloud platform, today launched Fastly Managed Security Service, a premier 24/7 threat detection and response service dedicated to helping organizations significantly reduce the risk  of web application attacks and associated business costs due to lost transactions. Available to Fastly’s global Next-Gen WAF customers, Fastly Managed Security Service further demonstrates the company’s commitment to helping global marquee customers deliver innovative, secure digital experiences to their users.

Web applications continue to be popular targets for today’s attackers. In fact, according to the Verizon 2022 DBIR, web applications are the number one vector, and not surprisingly, they are also connected to the high number of Denial of Service attacks. This pairing, along with the growing use of stolen credentials (commonly targeting some form of web application) is consistent with what we’ve seen for the past few years. Existing security teams are spread thin and don’t always have the expertise or time to continuously monitor and detect these types of threats. Organizations can deploy Fastly Next-Gen WAF for accurate protection, and now they can further enhance this protection with Fastly’s Managed Security Service.

“Today’s defenders face an uphill battle against cyber adversaries due to an exploding attack surface and increasing volumetric attacks, particularly DDoS attacks. At the same time, security teams want to reduce complexity and prioritize their resources,”said Gino Lang, Vice President of Customer Security, Fastly. “By providing global 24/7 proactive protection, Fastly Managed Security Service delivers comprehensive visibility and the expert staff needed to quickly identify and mitigate potential threats. This frees up organizations to focus their security staff on other business priorities.” 

This latest announcement builds on the success of Fastly’s Response Security Service and other security offerings. “Fastly’s decision to extend its next-generation security capabilities to offer a managed security service is a natural evolution and reconfirms the company’s commitment to protecting organizations from today’s agile and persistent adversaries,” said Christopher Rodriguez, IDC Research Director, Security & Trust.

IDC recently recognized Fastly as a leader in the "IDC MarketScape: Worldwide Commercial CDN Services 2022 Vendor assessment", highlighting the company's ability to create fast, dynamic, and secure digital experiences.   

**About Fastly Managed Security Service**

Fastly Managed Security Service is a premium offering that provides Fastly Next-Gen WAF customers with continuous monitoring and proactive mitigation of web-application attacks, all backed by a 15-minute response time SLA for critical security incidents. We combine this with robust post-event reporting and regular, strategic security consultation in order to ensure the highest level of application protection to strengthen an organization’s overall security posture. 

Staffed 24/7 by Fastly’s global Customer Security Operations Center (CSOC), this service enables in-house teams to improve their overall security posture and focus on their core competencies, strategic initiatives, and high-impact projects.

Fastly’s Managed Security Service is now available to Fastly Next-Gen WAF customers. To learn more about how your organization can add this white glove experience to your security program, please contact \[email protected\]. For additional information about the new service, please visit here. 

**About Fastly**

Fastly’s powerful and programmable edge cloud platform helps the world’s top brands deliver the fastest online experiences possible, while improving site performance, enhancing security, and empowering innovation at global scale. With world-class support that achieves 95%+ average annual customer satisfaction ratings, Fastly’s beloved suite of edge compute, delivery, security and observability offerings has been recognized as a leader by industry analysts such as IDC, Forrester and Gartner. Compared to legacy providers, Fastly’s powerful and modern network architecture is the fastest on the planet, empowering developers to deliver secure websites and apps at global scale with rapid time-to-market and industry-leading cost savings. Thousands of the world’s most prominent organizations trust Fastly to help them upgrade the internet experience, including Reddit, Pinterest, Stripe, Neiman Marcus, The New York Times, Epic Games, and GitHub. Learn more about Fastly at https://www.fastly.com, and follow us @fastly.

Source: Fastly, Inc.

Fastly Launches Managed Security Service to Protect Enterprises From Rising Web Application Attacks

The cyberattackers might have potentially accessed customer information, the service provider warns.

A Feb. 23 ransomware attack is to blame for a disruption to Dish Network's internal communications capabilities, customer call centers, and Internet sites, the satellite service provider said in an SEC filing this week.

The threat actor behind the attack also accessed Dish Networks' IT systems and extracted data from it that could potentially include personal information, the company said — without clarifying whether that meant employee information, customer information, or both.

**Broad Impact on Dish Customers**

Dish TV and its streaming subsidiary Sling's services remain operational, as do its wireless and data networks. But the incident has affected the ability for customers to access their accounts, make payments, and reach the company's service desks, Dish said. 

"We're making progress on the customer service front every day, including ramping up our call capacity," Dish said in a note to customers on its main website, which earlier this week was inaccessible to many. "But it will take a little time before things are fully restored."

Dish has hired outside cybersecurity experts and advisers to help evaluate the situation and conduct a forensic investigation of the incident. If that analysis shows the breach impacted customer information. Dish said it will notify affected customers and take appropriate action.

Dish's disclosure about the ransomware attack comes days after the company first reported a cybersecurity incident as causing a systems issue. The service disruptions that the attack caused added to already broader Wall Street concerns about the company's ability to take advantage of 5G opportunities and other issues. It at least partially contributed to a 8% decline in Dish Network's share prices this week after a Wall Street analyst double downgraded the company's stock.

**Six Service Providers Hit So Far, and Counting**

At least six other major Internet services and utilities provides have experienced similar attacks since the beginning of 2023 according to Comparitech, which maintains a running tracker of ransomware attacks around the world. Rebecca Moody, head of data research at Comparitech, says that in addition to Dish, her company has confirmed ransomware attacks on South African ISP RSAWeb, Tonga Communications Corp., Águas e Energia do Porto in Portugal, Grupo Albanesi in Argentina, and US-based Encino Energy.

The attacks in 2023 come after a rash of hits on telecom service providers in the last few months. However, ransomware attacks on utilities providers of all types actually dropped last year — from 49 in 2021 to 38 in 2022, and the average ransom demand dropped from $27.2 million in 2021 to $14 million last year, according to Comparitech data. However, the average number of customer records impacted in these attacks saw a staggering surge — from 192,888 in 2021 to 9.8 million in 2022.

Moody says it's difficult to know for sure what the ransomware attacks on services firms in January and February 2023 portend for the rest of the year. "But if we compare these six attacks throughout January and February of this year to last year's figures \[of\] two attacks in total, it would suggest hackers have started this year with a renewed focus on utilities companies," she says.

**Network Segmentation & Damage Containment**

Moody says one fact that could be driving the trend is the huge effect these attacks can have on the victim company and the vast number of customers and businesses that rely on their services. "Regaining control of systems as quickly as possible will be a key priority, which hackers may see as an opportunity to secure a ransom demand," Moody says.

Neil Jones, director of cybersecurity evangelism at Egnyte, says the scope of the attack on Dish Networks suggests the threat actors behind it had broad access to its systems. "Generally, there's a strong correlation between the number of systems that are taken down in a cyberattack and the level of access that cyberattackers may have attained," Jones says.

In this instance, Dish's Internet sites, internal communications systems, customer call centers, and customers' bill payment systems were all affected. And early reports suggested that the attack also affected systems subsidiary Boost Mobile, he says. "This suggests that cyberattackers may have gained broad access to the conglomerate's systems and may have compromised their environment some time ago," Jones says.

A research-based report that Ivanti released earlier this year showed that in most ransomware attacks, threat actors exploited old bugs to gain initial access and maintain persistence on them.

Jones adds that the seemingly broad impact of the Dish Network breach shows why network segmentation is crucial to breach containment. Most organizations don't segment their networks as meticulously as they should resulting in many recent situations where a single breach impacted the victim's source code, financial data, and their customer data. "So, I'm confident that network segmentation will be more of an industry focus going forward," Jones says.

Dish Blames Ransomware Attack for Disruptions of Internal Systems, Call Center Services

Updated OffSec™ identity substantiates the company's commitment to expanding its cybersecurity content and resources to prepare infosec professionals for the future.

**NEW YORK****,** **March 1, 2023** **/PRNewswire/ --** Offensive Security (OffSec), the leading provider of hands-on cybersecurity education, today unveiled a refreshed brand identity including a new, shortened name, OffSec. This update reflects OffSec's commitment to helping cybersecurity professionals and organizations look beyond traditional training and certification to provide additional educational content and hands-on resources that help learners advance in their field and companies develop their security team members.

The abbreviated name reflects OffSec's move beyond offensive security topics with expansion into new areas such as defensive security, and new learning paths for today's most in-demand cybersecurity job roles. The OffSec brand also speaks to the company's expansion beyond training and beyond certification to a continuous learning model that supports the unique needs of organizations and individual learners alike. The company's new tagline, _The Path to a Secure Future™_, highlights OffSec's commitment to supporting security professionals and infosec teams in achieving cyber preparedness through a growing skills library focused on keeping pace with evolving cyber threats.

Offensive Security built its global reputation on training penetration testing with its flagship course, _Penetration Testing with Kali Linux_ and the OSCP certification. The company is the developer and maintainer of Kali Linux, the widely-popular open-source distribution used by infosec professionals worldwide. More recently, OffSec has since moved well beyond foundational pentesting topics and has added new content and certifications in Cloud Security, Web Application Security, Secure Software Development, Security Operations, and Exploit Development. The ever-growing OffSec Learning Library (OLL) currently includes nearly 6,000 hours of written content, 1,500 videos, 2,500 practical exercises, and 900 hands-on labs, with more being added all the time. The OLL features an unmatched depth and breadth of content, helping learners build indispensable skills by offering a comprehensive variety of role-specific content, from entry-level to advanced.

"OffSec broke the mold when we started with a new way of presenting information security training, and with the OffSec Learning Library we are so excited to do it again," Jim O'Gorman, Chief Content and Strategy Officer at OffSec said. "Our library approach allows us to continue to offer our industry-leading content, but in a more flexible non-linear approach allowing for a more customizable learning experience. Learners can engage with OffSec content in a course-based context, follow learning paths specific to job roles or skill sets, or pick and choose their own pathway through a multitude of learning units and modules. This approach allows everyone, regardless of skill level or experience, to have custom access to unparalleled cybersecurity learning content, all of which embody OffSec's highly-regarded and time-tested approach and methodology."

About the brand refresh, Scott Ablin, OffSec's Chief Marketing Officer said, "Since our inception, we've been at the forefront of cybersecurity education and offered training by the best practitioners. We defined the industry with our intense, hands-on, practical approach. As OffSec, we are expanding our content and learning paths to prepare learners for career advancement and organizations for current and future threats. We all know the cybersecurity threat landscape is continually changing, and our new brand symbolizes our commitment to keeping pace for individual professionals looking for education to advance their career and organizations who seek to recruit, retain, and upskill top talent."

**Elements of the refreshed identity include:**

**New Logo**:

The logo mark is now in a circular shape to mirror the "O" in OffSec. It has morphed from the familiar Offensive Security door icon to the shape of a path, symbolizing the onward voyage for infosec professionals and teams.

**New Brand Colors**:

Previously red and black, the rebranded logo mark is rendered in a teal-to-purple gradation, reflecting the process of educational change experienced by learners, a movement driven by a philosophy dedicated to transforming students into industry leaders.

**New Tagline:** _The Path to a Secure Future™_

OffSec defined the industry with its intensive, practical approach. Our methodology, content, and learning paths prepare organizations and learners for whatever lies ahead on their journey - whether it's securing their future by upskilling for an individual, or team development that provides organizations a more secure posture.

**New Website Address:**

Website visitors can learn more about the company, purchase a course or package, request a meeting, or explore free learning resources at offsec.com.

**About OffSec**

OffSec is the leading provider of continuous professional and workforce development, training, and education for cybersecurity professionals. Created by the community for the community, OffSec's one-of-a-kind mix of practical, hands-on training and certification programs, virtual labs, and open-source projects provide practitioners with the highly desired offensive skills to get a job, advance their careers and better protect their organizations. OffSec is committed to funding and growing Kali Linux, the leading operating system for penetration testing, ethical hacking, and network security assessments. For more information, visit offsec.com and follow @OffSectraining and @kalilinux on Twitter.

Offensive Security Is Now OffSec - Refresh Reflects Future of Cybersecurity Learning and Skills Development

An infamous Chinese cyber-hacking team has extended its SysUpdate malware framework to target Linux systems.

A pervasive cyber-espionage group known as Iron Tiger, believed to be out of China, has updated one of its malware frameworks to attack Linux-based systems.

Researchers at Trend Micro recently discovered that Iron Tiger (aka Emissary Panda or APT27) had added new features to its so called SysUpdate malware family, which allows it to infect Linux platforms in addition to Windows. SysUpdate abuses system services, grabs screenshots, browses and terminates processes, retrieves drive information, executes commands, and can find, delete, rename, upload, and download files as well as peruse a victim's file directory.

One other new feature the firm found with the newest version of SysUpdate: command-and-control communications via DNS TXT requests. "While DNS is not supposed to be a communication protocol, the attacker abuses this protocol to send and receive information," the researchers wrote in a blog post about their findings.

Iron Tiger was among a group of five cyber-espionage groups flagged in 2020 by BlackBerry as targeting Linux-based systems.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Linux Support Expands Cyber Spy Group's Arsenal

More cyberattackers are targeting organizations' cloud environments, but some cloud services, such as Google Cloud Platform's storage, fail to create adequate logs for forensics.

Major cloud platforms, such as Google Cloud Platform (GCP), fail to adequately log the event data that could facilitate the detection of compromises and the forensic analysis during post-compromise response, according to an analysis. 

Cloud security firm Mitiga stated in an advisory published on March 1 that the Google Cloud Platform allows customers to turn on storage access logs, but faced with an attacker that successfully compromises a legitimate user's identity, the logs fail to provide enough detail, creating forensic visibility gaps.

The security issues include failing to generate dedicated log information for critical actions related to exfiltration, failing to collect detailed information about changes to data, and a general lack of visibility that would give a picture of what happened, the advisory stated.

A variety of events, for example, are included under a single type of access — such as reading a file or downloading data — leaving analysts unclear as to what actually happened, says Veronica Marinov, an incident response investigator with Mitiga and author of the advisory.

"Google Cloud storage logging is missing granular log events," she says. "In the case of interacting with bucket objects, you can’t really differentiate between downloading the object, viewing its content, and just looking at the metadata of the said object."

As companies move their infrastructure and operations to the cloud, attackers have followed. For instance, the company faced an opportunistic attacker that moved laterally inside a cloud environment to successfully steal sensitive data, only to be stopped by rigorous permissions, according to a report earlier this week.

In its latest annual "Global Threat Report", cybersecurity services firm CrowdStrike noted that cloud exploitation incidents had increased by 95% in 2022, compared with the previous year, while cloud-conscious threat actors — which the firm defined as those who use "a variety of tactics, techniques, and procedures (TTPs) to exploit cloud environments" — nearly tripled. The increase in cloud-focused attacks means that companies need to focus on visibility and really understanding the changes being made to cloud environments, says Adam Meyers, head of intelligence at CrowdStrike.

"For years, cloud threats have been concerning, but it was pretty low tech, and they generally resulted in a cryptominer being deployed," he says. "Cloud is clearly in the sights of the threat actors now."

**Logs Need More Detail**

A key to understanding what happened during a compromise is having adequate visibility through detailed logging of events in cloud services. Forensics investigators rely on logs to determine what happened, what data may have been at risk, and what threat actors accomplished, Mitiga stated in the advisory.

While attackers often turn off logging as part of their compromise of cloud services, a knowledgeable attacker could also skip that and construct an attack chain that results in very little detail being revealed in Google Cloud Platform log files, Mitiga stated.

"Unfortunately, GCP does not provide the level of visibility in its storage logs that is needed to allow any effective forensic investigation, making organizations blind to potential data exfiltration attacks," Mitiga said in its advisory. "This prevents organizations from efficiently responding to incidents, as they have no chance to correctly assess what data has been stolen or whether it has been stolen at all."

Google Cloud acknowledged the issues, while stressing that it does not consider the lack of visibility to impact the security of its platform. The company maintained that there is no risk of data infiltration, that the issue is not a vulnerability, and that customer data is secure (all assertions also made by Mitiga). Google Cloud plans to further investigate the forensics gap, however.

"While improving log forensics hasn't been an issue raised by our customers, we are continually evaluating ways to improve customers' insight into their storage," the company said in a statement sent to Dark Reading. "The highlighted forensics gap in the blog is one of those areas we are examining."

Among Google Cloud's recommendations are turning on and configuring VPC Service Controls and organization restriction headers, to limit access and produce additional log events.

**Not Just Google**

The ability to access detailed logs is part of the shared-responsibility compact between cloud providers and customers. To take responsibility for their infrastructure in the cloud, organizations need to have detailed insight into activity. While the advisory specifically calls out GCP, other cloud providers have similar issues, Marinov says, without naming names.

"We had seen, in other cloud providers, cases where we can't really understand what happened only by seeing the logs," she says. "We are in touch with vendors on such specific gaps. Only after completing our responsible disclosure process are we able to share details with the media."

Amazon's Simple Storage Service (S3) buckets, for example, collect the right level of detail, the advisory stated: "It is important to note that this deficiency is not inherent to cloud services and could be easily addressed by providing more detailed information in the logs. An example can be seen with AWS S3 access logs, which distinguish each of the event types with its own event log name."

Mitiga did not say whether AWS's other services are among those the company is investigating for gaps in forensics information.

Source

DARKReading