Many organizations are unwittingly exposing users of their code repositories to repojacking when renaming projects, a new study shows.

Millions of enterprise software repositories on GitHub are vulnerable to repojacking, a relatively simple kind of software supply chain attack where a threat actor redirects projects that are dependent on a particular repo to a malicious one instead.

The issue has to do with how GitHub handles dependencies when a GitHub user or organization changes the name of a project or transfers its ownership to another entity, researchers at Aqua Security said in a report this week.

**Name-Change Risks**

To avoid breaking code dependencies, GitHub creates a link between the original repo name and the new one so all projects that are dependent on the original repo get automatically redirected to the newly renamed one. However, if an organization fails to adequately protect the old username, an attacker could simply reuse it to create a trojanized version of the original repository so that any projects that relied on the repo will once again start downloading dependencies from it.

"When a repository owner changes their username, a link is created between the old name and the new name for anyone who downloads dependencies from the old repository," Aqua researchers said in a blog this week. "However, it is possible for anyone to create the old username and break this link."

Researchers at Aqua recently decided to investigate the prevalence of repositories on GitHub that are vulnerable to such repojacking, or dependency repository hijacking, as some security researchers refer to the threat.

**Widely Prevalent Issue**

What Aqua discovered was twofold: millions of such repositories — including those belonging to companies such as Google and Lyft — are present on GitHub; and tools are easily available to attackers to find these repos and hijack them. One of these tools is GHTorrent, a project that maintains a nearly complete record of all public events, such as commits and pull requests, on GitHub. Attackers can use GHTorrent to harvest the GitHub names of repositories that organization previously used. They can then register the repo under that old username, recreate the repository, and deliver malware to any project that uses it.

Any project that directly references a GitHub repository is vulnerable if the owner of the repository changes or deletes the username for their repository.

"We have presented a significant dataset that attackers can utilize to harvest the names of previous repositories belonging to organizations," says Yakir Kadkoda, security researcher at Aqua Nautilus.

"Organizations should not assume that their old organization names will remain undisclosed," warns Kadkoda. "It is crucial for them to claim and keep their old usernames on GitHub and scan GitHub URLs and references in their code to identify any repositories that could potentially be claimed by an attacker."

**Bypassing Protections**

Kadkoda says GitHub has attempted to address this issue by preventing the creation of usernames and repositories that were previously owned and now redirect to other projects. GitHub also implemented a mechanism several years ago to retire popular repository namespaces as a means of mitigating this threat. "However, several bypasses have been discovered in the past few years," he says. During Aqua's study, its researchers found several examples of repositories where the protection implemented by GitHub did not apply. "Therefore, users cannot fully rely on these defenses at this point," he says.

Aqua's blog pointed to a GitHub vulnerability that Checkmarx discovered last year as one example of the ways available to attackers to bypass GitHub's attempts to protect against repojacking. The flaw involved a mechanism called "popular repository namespace retirement" and affected all renamed usernames on GitHub, including over 10,000 packages on package managers such as Swift, Packagist, and Go. "Repojacking is a technique to hijack renamed repository URLs traffic and routing it to the attacker's repository by exploiting a logical flaw that breaks the original redirect," Checkmarx said in a report on the vulnerability. "A GitHub repository is vulnerable to repojacking when its creator decided to rename his username while the old username is available for registration."

Organizations can mitigate their exposure to the repojacking threat by scanning their code, repositories, and dependencies for GitHub links, Kadkoda says: "They should check if those links directly refer to GitHub projects or if there are redirects pointing to repositories under other usernames or repo names than the original links." In these instances, organizations should attempt to claim the available username to prevent attackers from doing so. "Additionally, organizations should always maintain their old usernames on GitHub," he says.

Millions of Repos on GitHub Are Potentially Vulnerable to Hijacking

While there's plenty of upside to rolling out deception technologies, it's not clear if 
cybersecurity leaders — or their organizations — are ready for them.

INFOSEC23 — London — Deception technologies can offer a better method to detect attackers in your network, but questions remain on how much security leaders know about their maturity and capabilities.

In a discussion at Infosecurity Europe, panelist Debi Ashenden, a professor in cybersecurity from Adelaide University, described deception technologies as relatively immature. She said deception had "come out of the idea of honeypots" and while organizations may be on the cusp of seeing deception technologies mature, the technology lacks good use cases or reference customers willing to discuss their experience with deception.

Gonzalo Cuatrecasas, CISO of Nordic industrial manufacturer Axel Johnson International, said when technology is embraced, "it's got to be mature enough to do \[the job it is intended for\], otherwise it is halfway tech that gets \[stuck\] in the middle."

**The Latest Cool Trend?**

Lewis Woodcock, senior director of cyber operations for shipping concern A.P. Møller – Mærsk, said the challenge is for customers to fully understand what their underlying goals are. "I worry deception technology is the latest cool trend, but organizations need to stop and think \[about\] what they are trying to achieve."

While Ashenden said deception technology can also be very resource-intensive and that many CISOs don't understand why they need it, Woodcock wondered what an action plan for dealing with an attacker would look like, once deception technology got activated. That's not an endgame that many organizations are prepared to address or manage.

Ashenden also said there are questions on where in the network or SOC to deploy deception technology and that more work is needed to determine how this emerging technology fits into the cybersecurity portfolio. Cuatrecasas added that deception users should "be prepared to make decisions, as what you find may be something that we do not know about."

**What You Need to Implement**

As for implementation tips, Woodcock said familiarity and experience with threat intel could simplify deception rollout and management. He also recommended having an environment that looks real to an attacker — as if the network is very locked down and one server is open — as it is a giveaway to the attacker about what is going on. "Know your objectives, how an adversary will perceive it, and how you will respond," he said.

Ashenden recommended discussing with senior management what the technology will achieve and what it offers the wider organization, not to mention a strong business rationale for buying and using.

Deception Technologies Have a Maturity Problem

Scammers are setting out lures for people looking for work. If a position sounds too good to be true, it probably is.

The economic downturn is already a devastating blow to job seekers everywhere. Now scammers are taking advantage of the situation by ramping up their methods of swindling people.

Job scamming is a threat to job seekers all over the world. For example, the Better Business Bureau (BBB) reported an increase in job scam complaints in the United States and Canada in the past several years. Singapore job seekers lost $660 million SGD ($495 million USD) in 2022 alone. And in the UK, 10,000 people were approached on LinkedIn and Facebook by "foreign spies and malicious actors" to steal information.

Phishing attacks and malware are the primary methods of scamming job seekers, according to a February Trellix report. Scammers create fake websites, often employing typosquatting. A fake site uses a real name like Indeed that's slightly misspelled (such as "Indeeed") or extends the URL in hopes the job seeker will not notice the base domain name. These sites appear legitimate but are used to steal passwords and financial information.

Another method of stealing sensitive information is to ask a job seeker to download a file or click on a link that contains malware. Some of the malware Trellix identified include the Trojans Emotet, Cryxos, and Agent Tesla.

Gabriel Friedlander, founder of security training site Wizer, says these job opportunities offer great pay and remote work flexibility as a lure to steal Social Security numbers or send fake checks for equipment purchases to get that person's bank information.

**Who's Most Vulnerable**

Job scams can affect people of any gender, race, ethnicity, or age. Because many people seek employment quickly to prevent income gaps, they may have their guards down and be more prone to being scammed.

Similar to a romance scam, people become emotionally invested in finding the right job, says Roger Grimes, KnowBe4's data-driven defense evangelist. Even those trained to seek out scammers can get caught up in a scheme, he ads.

"It's just human behavior," Grimes says. "We want to trust people, and you start to give them the benefit of the doubt."

**How to Fight Off Scams**

Legitimate job companies will never ask for money to purchase equipment, training, or background checks. Always be skeptical of companies like these, and you're far less likely to be scammed.

If things are moving too fast, it's most likely a fake job. Most jobs aren't offered after just one remote interview. Also, be wary of companies that want to move conversations outside of typical platforms like LinkedIn.

"Be reasonable," Friedlander says. "Does this job make sense? Is this too good to be true? Here's the thing with scammers, in general: Their problem is time. They have to close the deal fast. Everything is just rapidly happening because they have to close before they get detected."

The BBB recommends calling or going directly to a company website, especially if the job description is vague. Other tips include not clicking any links, downloading any files, calling numbers, or replying to email addresses that are given.

LinkedIn is rolling out new measures to ensure people are who they say they are. However, one of the verification tools requests government identification. This can be problematic for some people, including transgender or nonbinary individuals who have changed their names but are unable to do so on official documents.

**Learn From the Experience**

Once a job seeker has been scammed, they are less likely to keep pursuing job opportunities, one study noted. They tend to blame themselves or their lack of savviness to detect scams.

"The people that I've talked to that had been scammed, they feel utterly broken," Grimes says. "It can be really tough on them, just because they were trusting people."

Job seekers should stay guarded to ensure they aren't scammed again. But instead of being discouraged, they should use this to drive them forward in their job search.

"Once you know the magic, then you can't unsee it," Friedlander says. "That's all it is. You just need to be aware of the trick."

Job Seekers, Look Out for Job Scams

Under construction: The world's leading ransomware gang is workshopping ransomware for less obvious systems beyond Windows environments. Experts weigh in on how worried we should be.

The LockBit gang is building ransomware for new architectures, forgoing Windows and potentially posing entirely new problems for their victims along the way.

In a blog published June 22, researchers from Kaspersky describe having "stumbled on" a .ZIP file with a trove of LockBit malware samples inside. The samples appear to have derived from LockBit's previous encryptor variations targeting VMWare ESXi hypervisors.

The samples targeted FreeBSD and Linux — a growing trend among ransomware actors — plus various embedded technologies, including instruction set architecture (ISA) firmware for CPUs, like ARM, MIPS, ESA/390, and PowerPC, as well as Apple M1, an ARM-based system-on-chip (SoC) used in Mac and iPad devices.

The samples were clearly a work in progress, Kaspersky noted, since "for instance, the macOS sample was unsigned, so it could not be executed as is. Also, the string encryption method was simple: one-byte XOR."

Should they eventually make it to the wild, however, these new ransomware variants could prove useful to LockBit as it tries to stay relevant, says Jason Baker, threat intelligence analyst at GuidePoint Security. "In an increasingly crowded RaaS marketplace competing for talent and targets, this kind of differentiating behavior may ultimately benefit LockBit despite the additional costs and lower volume of targets."

**Can LockBit Deliver Embedded Ransomware?**

Especially after the breakup of Conti, LockBit arguably took up the mantle as the world's premier ransomware gang. Last month brought a notable decline in its activity, however. While the ransomware industry rose as a whole, LockBit claimed 30% fewer victims than the month prior.

Perhaps, in retrospect, it was dedicating extra time and resources to developing its new malware. Or, perhaps, the new malware is a response to its decline.

Either way, its new direction is a cause for concern for defenders. Security analysts already raised the alarm on Android SoCs in 2021, Apple M1 in 2022, and multiple vulnerabilities in popular AMI SoCs were revealed earlier this year.

"We're seeing increased reporting lately related to embedded devices being used for persistence," reports Adam Pennington, project leader for MITRE, though major attacks have not yet been demonstrated in the wild.

LockBit will face hurdles in breaking through this glass ceiling, explains Callie Guenther, cyber threat research senior manager at Critical Start. "Unlike traditional operating systems, embedded systems and IoT devices often have resource constraints, limited processing power, and specific hardware configurations. Ransomware designed for SoCs needs to be tailored to these limitations and adapted to the specialized environment," she points out.

"Furthermore," she continues, "SoCs often run specialized firmware or customized operating systems, which may require a different approach in terms of payload delivery, execution, and evasion techniques. Ransomware targeting SoCs may need to exploit specific vulnerabilities or weaknesses within the firmware or system architecture to gain control over the device and encrypt its data."

Baker speculates that the challenge may be part of the appeal for LockBit. "The most likely reason to target SoCs that are not being targeted by other groups, such as Apple silicon, is for the sake of brand strength and prestige. Larger, more advanced groups such as LockBit have the in-house expertise and resources to throw at this problem set, and developing a unique capability not available elsewhere would continue to highlight the group as a pioneer in the ransomware-as-a-service (RaaS) ecosystem," he says.

**Why Embedded Malware Is Difficult to Excise**

The reason to worry about ransomware for embedded technologies, Pennington explains, isn't merely that it's new and uncharted. It's also that these technologies are easier to overlook and sometimes harder to protect.

"Most enterprises heavily focus their security efforts on Windows, despite various other server and embedded operating systems occupying the exact same networks. Among other reasons, targeting these alternate platforms can be a really effective way to evade existing defenses," Pennington assesses.

He poses a scenario where "a ransomware or other actor infects a network, defenders clean up the type of systems where they have visibility and tools to see and manage systems, and then they discover months later that an implant has been left behind on something like a Linux-based security camera running on one of these other architectures."

To prevent attackers gaining this upper hand, Pennington says, "organizations need to consider a diverse set of operating systems and architectures when they secure themselves, and not just their Windows systems."

"Nearly everyone is running some number of systems with these types of OSs and chips," he emphasizes, "even if they don't realize it."

LockBit Developing Ransomware for Apple M1 Chips, Embedded Systems

Software-as-a-service has its benefits, but abandoned SaaS integrations and idle data sharing introduce risk to the enterprise.

Macro trends such as the shift to cloud services, a growing remote (or hybrid) workforce, and heavy reliance on third-party partners and contractors mean organizations are working with more software-as-a-service (SaaS) applications than ever. It also means that attackers are taking advantage of the ubiquity of SaaS as they target insecure default configurations and weakly secured identities.

Over the past year, attackers have attempted to intercept OAuth tokens, bypass multifactor authentication schemes, and exploit misconfigured systems and applications to gain unauthorized access to business-critical applications, such as GitHub, Microsoft 365, Google Workspace, Slack, and Okta — to name a few.

In the new "2023 State of SaaS Security" report, researchers from Valence Threat Labs identified various ways SaaS usage exposes organizations to attack. The report findings are based on organizations that have deployed Valence Security’s SaaS security platform.

The upshot? Organizations have to do a better job of tracking abandoned applications, files, and user accounts.

*   Over half — 51% — of an organization's SaaS third-party integrations are inactive.
*   Most — 90% — of an average organization's shared assets (files and folders shared with external collaborators) have not been accessed for at least 90 days.
*   On average, 1 in 8 employee accounts are dormant (with the user no longer with the company, for example).
*   On average, 10% of an organization's shared integrations and data belong to ex-employees.

**More SaaS = More Risk**

SaaS has also evolved to be an ecosystem of interconnected applications sharing data and identities; they are no longer standalone single-function applications. But all of that integration is a problem because applications have too many privileges, and data sharing is out of control.

*   100% of organizations grant full read/write access to email, files, and calendar to at least one third-party tool or service.
*   There are 21 integrations per organization with tenant-wide access to company and employee data.
*   Files are shared with personal accounts 30% of the time.
*   There are 54 shared resources (files, folders, SharePoint sites) per employee, and 193,000 shared resources per company, on average. Most are sitting idle.

SaaS has its benefits, but abandoned SaaS integrations and idle data sharing introduce risk to the enterprise. Organizations should regularly remove unused integrations and revoke sharing to reduce the attack surface. Data shares should be automatically revoked after a certain time period (such as 30 days), and user accounts should be deactivated when they leave the company. Life cycle management is critical to ensure that existing business processes are not impacted when an employee leaves the company and that their account gets deactivated, the report states.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Growing SaaS Usage Means Larger Attack Surface

Acquisition of NetSpyGlass extends Airgap Zero Trust Firewall™ innovation leadership with advanced network and asset intelligence for business-critical networks.

**SAN JOSE, Calif.****,** **June 21, 2023** **/PRNewswire/ --** Airgap Networks, the innovation leader in cybersecurity solutions for business-critical networks, has announced the acquisition of NetSpyGlass, an innovative network and asset intelligence solution provider.

The award-winning Airgap Zero Trust Firewall defends business critical infrastructure and secures core networks by providing identity, agentless microsegmentation, and secure access for every connected endpoint. Integrating the NetSpyGlass suite of asset intelligence capabilities into the Airgap architecture enables Airgap ZTFW™ customers to better detect, locate, and contain device anomalies in real time.

Improved visibility into core networks with diverse topologies and comprehensive asset discovery equips the Airgap Zero Trust Firewall with detailed insights into device status, attributes, and interactions. With this acquisition, Airgap empowers customers with data-driven decisions and a proactive response to potential risks and vulnerabilities in business-critical networks.

_"The acquisition of NetSpyGlass by Airgap Networks marks a crucial step forward in delivering an intelligent and innovative cybersecurity architecture to secure core networks and safeguard critical infrastructure,"_ said NetSpyGlass CEO and Co-Founder, Shyam Davuluru.

With an evolving threat landscape increasingly targeting business-critical assets, enterprises are struggling now more than ever to secure their real-world business networks.

"_The greater the accuracy of asset discovery in these systems, the shorter the response time,_" said the CEO and Co-Founder of Airgap Networks, Ritesh Agrawal. "_With the addition of NetSpyGlass, the Airgap ZTFW offers businesses the steering wheel to drive trust out of their core network at speed and scale. It's a game-changer for securing business-critical networks."_

**About Airgap**

Founded in 2019 and headquartered in Santa Clara, California, Airgap is the innovation leader in delivering network security for business-critical infrastructure. Airgap shrinks attacks surface, secures access to critical devices, and accurately discovers all assets in your environment. Airgap deploys in hours, is pay as you grow, and is trusted by the Global 500 to protect their most business-critical networks and assets.

For more information about how Airgap can help you improve security for your business-critical networks and devices, please visit us at www.airgap.io

Contact: Spring Sanchez, \[email protected\]

SOURCE Airgap Networks Inc.

Airgap Networks Acquires NetSpyGlass

Cybersecurity expert and proven entrepreneur to help protective DNS leader drive vision and scale through hypergrowth.

**WASHINGTON--(****BUSINESS WIRE****) --** DNSFilter today announced that Jon Oberheide, former Duo Security co-founder and CTO, has joined the company's board of directors. A strategic appointment to the board, Oberheide will support the company as it continues its mission to make the internet more secure via DNS, with a specific focus on long-term strategy and supporting scale through hypergrowth.

"DNSFilter has an incredible founding team, great chemistry, and proven technology—all things I look for when joining a board," said Oberheide. "And unlike other buzzy, flash-in-the-pan security acronyms, DNSFilter provides fundamental security controls that are easy to deploy and accessible to organizations of all sizes, from small businesses to larger Fortune 500 corporations. I'm excited to join the team and for the opportunity to help scale the company to new heights."

DNSFilter delivers Protective DNS and content filtering solutions powered by Machine Learning. The offering protects organizations from phishing, malware, and other advanced internet-based threats.

The appointment comes at a time of rapid growth and recognition for DNSFilter. The company has grown roughly 250% since January 2021, and now supports more than 26 million monthly users and over 2 trillion monthly DNS queries.

Last year, the company was highlighted as one of the most innovative and compelling technologies to address cybersecurity threats and vulnerabilities through the SINET16 Innovator award. DNSFilter was also named a 2022 Black Unicorn Award winner, which honors cybersecurity companies predicted to be worth $1 billion in market value in three to five years. In 2022, the company also acquired firewall and VPN platform provider Guardian to more effectively protect users information and secure organizations against web-based threats.

"As someone who has scaled a cyber company, I’m happy to have Jon in our corner to give us guidance as we continue to grow and build our offering," said Ken Carnesi, CEO, DNSFilter. "He's a proven entrepreneur that puts in time with the companies he advises, shares lessons learned, and offers prescriptive advice on getting to the next level. We're honored to have him on our board sharing strategic advice for our next stage of growth."

Oberheide is a board member, advisor, and investor focused on cybersecurity and enterprise SaaS companies. In 2009, he co-founded Duo Security, serving as the CTO. Cisco acquired the company for $2.35 billion in 2018. Over its 12-year journey, Duo Security scaled from zero to 30,000 customers, $500 million ARR and over one thousand full-time employees. Prior, Oberheide was a security researcher. He completed his bachelor's, master's and doctorate in cybersecurity from the University of Michigan.

To learn more about DNSFilter, visit https://www.dnsfilter.com/.

**About DNSFilter**

DNSFilter is redefining how organizations secure their largest threat vector: the Internet itself. DNSFilter is making the internet safer and workplaces more productive. In 2022 the threat protection leader blocked 9.1 billion threats, more than any other threat detection software globally. With 70% of attacks involving the Domain Name System (DNS) layer, DNSFilter provides Protective DNS powered by machine learning that uniquely identifies 61% more threats than competitors on an average of seven days earlier, including zero-day attacks.

Over 26 million monthly users trust DNSFilter to protect them from phishing, malware, and advanced cyber threats. DNSFilter’s brands include Webshrinker, it’s next generation web categorization software and Guardian, a consumer app focused on privacy protection. DNSFilter.com

Former Duo Security Co-Founder Jon Oberheide Joins DNSFilter Board of Directors

Full-cycle verification platform enhances its facial biometrics verification with innovative deepfake detection technology; shares new 2023 identity fraud trends.

**MIAMI****,** **June 22, 2023** **/PRNewswire/ --** Sumsub, the global verification platform providing customizable KYC, KYB, transaction monitoring, and AML solutions for the whole customer journey, today announces the launch of its enhanced deepfakes detection technology into Sumsub's liveness and deepfake detection solution.

According to Sumsub reports, **the number of deepfakes detected in Q1 2023 was 10% greater than all of 2022 combined**. Responding to this growing threat of identity fraud, the company made major updates to its in-house liveness solution – a facial biometrics tool and integral part of KYC flow for businesses. Now, the deepfake frauddetector integrates into Sumsub's liveness solution and is enhanced to align with the latest AI technology, making sure no fraudster passes the check.

_"We noticed the emerging deepfake trend long ago and started building solutions to fight this rapidly evolving type of_ fraud_," said_ **Vyacheslav Zholudev, co-founder and CTO of Sumsub**_. "As an anti-_fraud _provider, Sumsub strives to stay ahead of the game. We continuously develop innovative_ fraud _detection solutions to combat the advancing malicious technologies and prevent the potentially high damage to digital platforms, people, and communities. Our new advanced deepfake detector reinforces our core KYC product and commitment to further enhancing the AI-driven technologies built into our anti-_fraud_solution."_

Sumsub's proprietary liveness technology easily detects spoofing attempts while authenticating real users in seconds. The system ensures users are physically present by creating a 3D FaceMap which is continuously referenced for authorizing all future actions (transactions, logins, etc).

All businesses operating online are vulnerable to deepfakes, with fintech, payments, crypto, and gambling platforms at high risk. Sumsub's internal identity fraud statistics show deepfakes continuously replace 'simple' kinds of identity fraud, such as document printouts. The data also revealed:

*   In 2022, the leader in deepfake fraud was Spain with **49.7% of all global cases**, followed by Great Britain (9.3%), and the U.S. (4.2%).
*   In Q1 2023, the most deepfakes came from Great Britain and Spain with 11.8% and 11.2% of **global deepfake** fraud, respectively.

*   Followed by Germany (6.7%), and the Netherlands (4.7%).
*   The U.S. held 5th place, representing 4.3% of global deepfake fraud cases.

*   From 2022 to Q1 2023, **the proportion of deepfakes among all** fraud **types** increased in Canada by 4,500%, the U.S. by 1,200%, Germany by 407%, and the UK by 392%\*.
*   Last quarter, a high **proportion of deepfakes among all** fraud **types** was also noticed in Australia (5.3%), Argentina(5.1%), and China (4.9%).

_"As we face the ever-evolving trends in generative AI and AI-driven_ fraud_, we anticipate AI technologies to develop quickly, and more sophisticated_ fraud _to emerge, affecting even more industries. The use of synthetic_ fraud _is rising at an alarming rate and leading to the rapid spread of misinformation, as recently seen with the fake images of the explosion at the Pentagon, resulting in significant media hype. As AI advances, more tools become available to fraudsters, and Sumsub is here to fight all kinds of synthetic_ fraud_. Our team is working on a solution to detect a large scope of AI-generated_ fraud _beyond deepfakes,_" says **Pavel Goldman-Kalaydin, Head of AI/ML at Sumsub**.

To learn more about Sumsub's deepfake detection technology please visit: https://sumsub.com/blog/liveness-and-deepfake-detection/

**About** **Sumsub**

Sumsub is a full-cycle verification platform that secures the whole user journey. With Sumsub's customizable KYC, KYB, transaction monitoring and fraud prevention solutions, you can orchestrate your verification process, welcome more customers worldwide, meet compliance requirements, reduce costs and protect your business.

Sumsub has over 2,000 clients across the fintech, crypto, transportation, trading, e-commerce and gaming industries including Binance, Mercuryo, Bybit, Huobi, Unlimint, DiDi, Poppy, and TransferGo.

Sumsub Launches Advanced Deepfakes Detector

Award-winning XEM platform introduces advanced SBOM capabilities, expanded ARM support, and additional Risk & Compliance improvements.

Tanium, the industry’s only provider of converged endpoint management (XEM), today released major enhancements to the Tanium Software Bill of Materials (SBOM) that now include Common Vulnerability and Exposures (CVE) information. Tanium's SBOM identifies software components on endpoints, including open-source software embedded in libraries within native and third-party software, enabling organizations to prioritize and remediate software supply chain risks with unmatched speed and scale. In addition to several new Risk & Compliance features, Tanium also announced the expansion of support for ARM-Based endpoints to help IT teams minimize blind spots and drastically reduce the need for separate endpoint tools. 

Software supply chain attacks continue to spike due in part to the increasing reliance of organizations on numerous third-party suppliers and service providers. To keep a firm pulse on the threats facing today's most vulnerable and highly targeted organizations, Tanium has added SBOM to its Vulnerability Management solution to find, prioritize, and remediate emerging and zero-day vulnerabilities in the software components of applications, including open-source software embedded within application libraries, across all endpoints. 

"Over ninety-two percent of applications contain open-source libraries that may contain hidden vulnerabilities like Log4j, OpenSSL, or Struts, which are exploited by attackers," said Nic Surpatanu, chief product officer, Tanium. "Federal agencies, cyber insurance providers, and other organizations are increasingly requiring an SBOM for all utilized software. Tanium SBOM is the only solution on the market that allows organizations to identify and remediate software supply chain vulnerabilities in production. This empowers DevOps and SecOps to identify and mitigate risks across development, staging, and production environments."

In addition to confronting threats introduced by reliance on open-source software, today’s organizations also grapple with continually evolving processor architecture. In fact, the use of ARM-based servers grew sevenfold between 2019 and 2022 and ARM-based computers are expected to make up thirty percent of all personal computers by 2026. In 2022, Tanium rolled out support for endpoints running ARM-based processors from Apple and Amazon. With an eye towards futureproofing, Tanium has expanded its support to additional ARM-based endpoints running Oracle Linux, RedHat, and Windows 11. 

"We expect the use of ARM-based processors to continue to grow for the foreseeable future due to its better performance and lower energy usage compared to x86-based processors," said Vivek Bhandari, VP, product marketing at Tanium. "With these enhancements, Tanium continues to empower customers to find and bring missing endpoints under management and move away from point solutions towards a single, unified platform."

Today's announcement also coincides with a host of new Risk & Compliance enhancements that will amplify the efficiency and efficacy of vulnerability and risk management programs, while also reducing the need for disparate point solutions. These include:  

*   ESXi Support: New compliance and vulnerability assessments of ESX and ESXi hypervisors via vCenter APIs empower security teams to view and perform risk assessments on all virtual servers efficiently 
*   CISA Known Exploits and Vulnerabilities (KEV): Tanium’s vulnerability assessments now include CISA KEV information on the most dangerous and active exploits, eliminating the need for manual analysis, instantly prioritizing high-risk CVEs for remediation with its integrated remediation options.  
*   Exception Management: Tanium’s Risk and Compliance solution offers the ability to create exceptions for compliance and vulnerability findings with valid reason or expiration date, enabling organizations to focus on areas that need immediate attention.  
*   Benchmark Enhancements: A new page within Tanium Benchmark allows customers to quickly visualize the health of their key operations and security metrics.  

As organizations continue to embrace digital transformation, comprehensive endpoint visibility, control, and remediation at scale and in real-time are crucial to mitigate risks from cyber threats of today – and tomorrow. To learn more about these enhancements, join the Tanium Innovation and Technology Update Wednesday, June 28, 2023, 11:00 – 11:30 am PT. Register today.

Tanium Platform Advances Threat Identification Capabilities and Enhances Endpoint Reach

Small and midsized companies work to jettison some security tools to simplify operations and reduce cost, even as any economic downturn continues to remain at bay.

Enterprises are not the only organizations looking to consolidate their security tools and vendors in the face of a potential economic slowdown — small and midsized businesses are looking to reduce their costs and simplify their security as well.

The vast majority (86%) of SMB customers using managed security service providers (MSSPs), for example, are aiming to reduce their current portfolio of security tools, according to a survey published this week by OpenText. The majority of those businesses are driven primarily by an effort to reduce costs (28%) or to simplify complex security environments (26%), the survey found.

Consolidation does not just benefit the company, but can help the provider of security services as well, says Geoff Bibby, senior vice president at OpenText Cybersecurity, a cybersecurity conglomerate.

"Consolidation is two-fold," he says. "Businesses are going to service providers because they don't have the staffing or financial resources to purchase and manage multiple tools, and from the service-provider perspective, fewer tools — and fewer vendors — means simplified billing and greater ease of doing business."

Consolidation of vendors has become a major trend following the rush to adapt to the pandemic-era business landscape by moving more services to the cloud. By mid-2022 — when 83% of companies predicted a downturn in the coming year — three-quarters of companies planned to reduce the number of security vendors they used, up from 29% in 2020. The top strategies explored by companies were reducing non-essential spending (43%), re-evaluating vendors (30%), and decommissioning infrastructure (29%), according to Spiceworks Ziff Davis's "2023 State of IT" report.

Efforts to cut costs remain strong, despite a reprieve in the dark economic forecast. A majority of economists (59%) polled in May still predict that the US would enter a recession in the next 12 months, but poor-performance predictions have remained unfulfilled as employment numbers and the stock market continue to resist a downturn.

"This is the most anticipated recession that won't ever seem to arrive, and all of the data indicates that it might never arrive because none of the factors for recession seem to be there," says Jeff Pollard, vice president and principal analyst at market intelligence firm Forrester Research.

**Optimizing Vendors and Security Services**

Yet while economic risks certainly spurred concerns over IT and IT-security budgets, initiatives to both simplify and reduce the cost of security operations inside companies has a life of its own, Pollard says.

"If you go back ... to the heady days of growth just nine months ago or so, what I was consistently hearing from security leaders was: too many tools, too many products," he says. "And it wasn't based on an economic argument. It was based on simplification of technology and portfolio rationalization — they felt like they had too many security controls and too many security products."

Business intelligence firm Gartner sees a similar picture. Most midsized enterprises (MSEs) — firms with $50 million to $1 billion in revenue and up to 2,500 employees — are looking to reduce the number of vendors, but rather than focus on consolidation, the companies are looking to optimize their security operations, says Patrick Long, an analyst with Gartner.

Such optimization generally focuses on two approaches. Outsourcing to service providers allows companies to overcome a shortage of security workers, because there are currently 21 IT employees for every security-focused employee, he says. Another form of consolidating is through the products, adopting all-in-one suites from a single vendor, which helps reduce licensing costs and can result in more holistic security capabilities, he says.

Currently, two-thirds of MSEs (68%) are pursuing security-vendor reduction strategies, while the remaining third have delayed consolidation but will likely simplify their security within the next three years, Long says.

"They are optimizing their architecture and integration strategies, vendor management, workforce management, and their costs," he says, adding that "current economic conditions influence security vendor consolidation but is not the primary driver for consolidation."

**Integration Still a High Hurdle**

Reducing the number of security products is not easy. Licensing can often become a blocker, especially if a company signed long contract periods, and products from the same vendors do not always have seamless integration, says Forrester's Pollard. In addition, any adoption of an integrated product will require a security team to learn the new system, so efficiency gains can take a while to materialize, he says.

"When you buy a bundle and consolidate, in theory, the product will integrate well, but what I really hear from a lot of security leaders is that the cost savings, frankly, doesn't often materialize," Pollard says. "Because what you wind up having to do is learn a new product, a new solution, and people have to get trained on it, so you have to modify your processes."

Yet companies are making headway. Overall, companies that pursue consolidation have seen IT security costs decrease by more than 2%, with data security costs reduced by a quarter and identity management shrink by more than a third, says Ben Pippenger, chief strategy officer at Zylo, a SaaS management platform.

"There tends to be some redundancy within security categories," he says, pointing out the cloud identity and access management are among the top-15 most redundant software functions, with nearly five applications handling that capability in the average company.

"While security is an important business function, it's one that could still likely benefit from consolidation," he says.

Source

DARKReading