Lazarus Group used a known Zimbra bug to steal data from medical and energy researchers.

A recent round of compromises that exploited unpatched Zimbra devices was an effort sponsored by the North Korean government and intended to steal intelligence from a collection of public and private medical and energy sector researchers.

Analysts with W Labs explained in a new report that due to an overlap in techniques — and thanks to a misstep by one of the threat actors — they were able to attribute "with high confidence" the recent round of cyber incidents against unpatched Zimbra devices as the work of Lazarus Group, a well-known threat group sponsored by the North Korean government. Lazarus operated this campaign and other similar intelligence-gathering efforts through the end of 2022.

The researchers named the campaign "No Pineapple" after an error message generated by the malware during their investigation. The threat actors quietly exfiltrated about 100GB of data, without waging any disruptive cyber operations or destroying information.

"The campaign targeted public and private sector research organizations, the medical research, and energy sector as well as their supply chain," the W Labs report added. "The motivation of the campaign is assessed to be most likely for intelligence benefit."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

DPRK Using Unpatched Zimbra Devices to Spy on Researchers

New malware demonstrates how threat actors are pivoting toward payment platform attacks, researchers say.

A new Android banking Trojan called PixPirate is targeting more than 100 million Brazilian Pix instant payment accounts.

The Pix payment platform was created and is operated by the Brazil Central Bank, and it's used to make instant mobile payments across Latin America using a variety of banks.

Researchers with the Cleafy TIR Team — who have been tracking the PixPirate Brazilian banking Trojan since late 2022 — released a report this week detailing PixPirate's intention to steal credentials and deploy its noteworthy automatic transfer system (ATS) used to make automatic fraudulent money transfers. Additionally, by abusing accessibility services, PixPirate also has the flexibility to steal credentials and launch ATS attacks across multiple bank user interfaces using the Pix platform.

The malware also can intercept and delete SMS messages, push malvertising efforts, and contains code protection that attempts to evade detection, the report said.

"PixPirate represents one of the emerging malware that will try and leverage the double edge blade mechanism related to instant payments," the Cleafy team added. "The introduction of ATS capabilities paired with frameworks that will help the development of mobile applications, using flexible and more widespread languages (lowering the learning curve and development time), could lead to more sophisticated malware that, in the future, could be compared with their workstation counterparts."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

New Banking Trojan Targeting 100M Pix Payment Platform Accounts

**SILICON VALLEY, Calif. & SAN SEBASTIÁN, Spain--(****BUSINESS WIRE****)--** Opscura Inc., an innovator in industrial control system (ICS) cybersecurity, announced today it has received $9.4M in Series A funding as it scales to engage further U.S. partners and customers seeking to protect and connect their critical operations. Founded in Spain as Enigmedia, the new global entity Opscura is also launching a new brand, global management team, and product upgrades in addition to the capital infusion led by Anzu Partners, with investments from Dreamit and Mundi Ventures.

Opscura’s technology adds a unique layer to the industrial cybersecurity ecosystem as manufacturers require greater efficiencies to protect thousands of vulnerable legacy devices they cannot take offline, and as the rapid build-out of new renewable energy critical infrastructure continues. To reduce the pervasive risks of ransomware, unauthorized access, and data theft, Opscura’s patented cloaking technology obscures deeper operational technology (OT) Level 2 network and Layer 2 data without disrupting operations.

“We have been impressed with the power and simplicity of Opscura’s security solution as part of our Schneider Electric Exchange™️ Technology Partner program,” says Francesc Juan, CTO Spain of Schneider. “Opscura addresses multiple ICS use cases, and unlike other offerings, simplifies the processes, people, and technology work involved in protecting critical infrastructure in deeper OT layers.”

Worldwide integrator partners such as Telefonica deploy Opscura to their customer segments that need simplified, yet robust, OT security for Zero Trust environments. Opscura works collaboratively within the ICS security ecosystem, and its technology is complementary to solutions from Claroty, Nozomi, Fortinet, and more. Customers across various industries, including renewable energy, transportation, manufacturing, government, and chemical also rely on Opscura to solve industrial cybersecurity, compliance, and digital transformation challenges.

“Throughout our extensive diligence process, we were impressed with Opscura’s foundational approach to ICS and their ability to deliver a frictionless solution that ensures continuity of operations. We believe it has great potential to efficiently and effectively address the myriad unmet security needs that exist in critical brownfield OT networks,” said John Ho, Partner at Anzu Partners. “We look forward to supporting the Opscura team as they continue to scale the company, validate the technology’s capabilities across multiple ICS use cases, and demonstrate how to fully deliver the zero trust model in an OT context.”

Opscura’s funding reflects a shift in the appetite for diversified cybersecurity innovation from the government and investors. Spain, including the Basque region where Opscura’s R&D team is based, continues to invest in EU-wide cybersecurity growth. Opscura has earned multiple grants to continue its novel research into ultra-low latency encryption and data communications across industrial devices.

"The mission to reduce risk for industrial operators has no geographical boundaries, and we are excited to see Opscura's Spanish and U.S. technical talent collaborate to solve ICS security challenges,” said Rajeev Singh-Molares, Founding & Managing Partner at Mundi Ventures. “Opscura solves the immediate concern of protecting vulnerable industrial assets such as PLCs, and it has novel IP that can prepare companies as quantum progresses and data security compliance needs evolve.”

“Opscura is much needed in the ICS security ecosystem, with its focus on protecting and connecting at deeper levels of the network,” said Mel Shakir, Partner at Dreamit Ventures, Securetech. “Their collaborative approach across OT, IT and automation partners will expedite market traction.”

Opscura co-founders Gerard Vidal and Carlos Tomás will take on the Chief Technology Officer and VP Engineering roles, respectively, as part of a new global management team led by new Chief Executive Officer, David Hatchell. The Opscura executive team also includes Chief Product Officer Michael Garrison Stuber, Chief Customer Officer and Chief Information Security Officer Brian Brammeier, and Strategic Advisor Allison J. Taylor, who formerly served as interim Chief Marketing Officer.

“It’s time to take on the most pressing national cybersecurity problems and move the entire ICS ecosystem forward,” said David Hatchell, CEO at Opscura. “Together with our partners and talented technical teams, Opscura can help customers move beyond device visibility to protect our critical industrial assets and data.”

Opscura team members will be attending DISTRIBUTECH International in San Diego from February 7-9, 2023, and S4x23 in Miami from February 13-16, 2023. If you are interested in scheduling a meeting at either event, please reach out to \[email protected\]. For more information on the executive team and Opscura’s ICS security technology, visit https://www.opscura.io.

**About Opscura:** 

Opscura protects and connects industrial networks with easy-to-use innovations that are safe to use deep within operational infrastructure. Validated by global partners such as Schneider Electric, Opscura reduces operational risks by protecting vulnerable legacy industrial assets and data, eliminating deep-level attacker footholds, and enriching threat visibility data. Brownfield and greenfield global customers rely on Opscura for OT cloaking, isolation, and Zero Trust authentication, together with simplified IT-OT connectivity. Learn more about Opscura’s Spanish Basque region roots and follow us through https://www.opscura.io.

Industrial Cybersecurity Innovator Opscura Receives $9.4M in Series A Funding as Critical Operations Transform

The global assault on vulnerable VMware hypervisors may have been mitigated by updating to the latest version of the product, but patch management is only part of the story.

Organizations using older versions of VMWare ESXi hypervisors are learning a hard lesson about staying up-to-date with vulnerability patching, as a global ransomware attack on what VMware has deemed "End of General Support (EOGS) and/or significantly out-of-date products" continues.

However, the onslaught also points out wider problems in locking down virtual environments, the researchers say.

VMware confirmed in a statement Feb. 6 that a ransomware attack first flagged by the French Computer Emergency Response Team (CERT-FR) on Feb. 3 is not exploiting an unknown or "zero-day" flaw, but rather previously identified vulnerabilities that already have been patched by the vendor.

Indeed, it was already believed that the chief avenue of compromise in an attack propagating a novel ransomware strain dubbed "ESXiArgs" is an exploit for a 2-year-old remote code execution (RCE) security vulnerability (CVE-2021-21974), which affects the hypervisor's Open Service Location Protocol (OpenSLP) service.

"With this in mind, we are advising customers to upgrade to the latest available supported releases of vSphere components to address currently known vulnerabilities," VMware told customers in the statement.

The company also recommended that customers disable the OpenSLP service in ESXi, something VMware began doing by default in shipped versions of the project starting in 2021 with ESXi 7.0 U2c and ESXi 8.0 GA, to mitigate the issue.

**Unpatched Systems Again in the Crosshairs**

VMware's confirmation means that the attack by as-yet unknown perpetrators that's so far compromised thousands of servers in Canada, France, Finland, Germany, Taiwan, and the US may have been avoided by something that all organizations clearly need to do better — patch vulnerable IT assets — security experts said.

"This just goes to show how long it takes many organizations to get around to patching internal systems and applications, which is just one of many reasons why the criminals keep finding their way in," notes Jan Lovmand, CTO for ransomware protection firm BullWall.

It's a "sad truth" that known vulnerabilities with an exploit available are often left unpatched, concurs Bernard Montel, EMEA technical director and security strategist for security exposure management firm Tenable**.**

"This puts organizations at incredible jeopardy of being successfully penetrated," he tells Dark Reading. "In this case, with the … VMWare vulnerability, the threat is immense given the active exploitation."

However, even given the risks of leaving vulnerable systems unpatched, it remains a complex issue for organizations to balance the need to update systems with the effect the downtime required to do so can have on a business, Montel acknowledges.

"The issue for many organizations is evaluating uptime, versus taking something offline to patch," he says. "In this case, the calculation really couldn’t be more straightforward — a few minutes of inconvenience, or days of disruption."

**Virtualization Is Inherently a Risk**

Other security experts don't believe the ongoing ESXi attack is as straightforward as a patching issue. Though lack of patching may solve the problem for some organizations in this case, it's not as simple as that when it comes to protecting virtualized environments in general, they note.

The fact of the matter is that VMware as a platform and ESXi in particular are complex products to manage from a security perspective, and thus easy targets for cybercriminals, says David Maynor, senior director of threat intelligence at cybersecurity training firm Cybrary. Indeed, multiple ransomware campaigns have targeted ESXi in the past year alone, demonstrating that savvy attackers recognize their potential for success.

Attackers get the added bonus with the virtualized nature of an ESXi environment that if they break into one ESXi hypervisor, which can control/have access to multiple virtual machines (VMs), "it could be hosting a lot of other systems that could also be compromised without any additional work," Maynor says.

Indeed, this virtualization that's at the heart of every cloud-based environment has made the task of threat actors easier in many ways, Montel notes. This is because they only have to target one vulnerability in one instance of a particular hypervisor to gain access to an entire network.

"Threat actors know that targeting this level with one arrow can allow them to elevate their privileges and grant access to everything," he says. "If they are able to gain access, they can push malware to infiltrate the hypervisor level and cause mass infection."

**How to Protect VMware Systems When You Can't Patch**

As the latest ransomware attack persists — with its operators encrypting files and asking for around 2 Bitcoin (or $23,000 at press time) to be delivered within three days of compromise or risk the release of sensitive data — organizations grapple with how to resolve the underlying issue that creates such a rampant attack.

Patching or updating any vulnerable systems immediately may not be entirely realistic, other approaches may need to be implemented, notes Dan Mayer, a threat researcher at Stairwell. "The truth is, there are always going to be unpatched systems, either due to a calculated risk taken by the organizations or due to resource and time constraints," he says.

The risk of having an unpatched system in and of itself may be mitigated then by other security measures, such as continuously monitoring enterprise infrastructure for malicious activity and being prepared to respond quickly and segment areas of attack if a problem arises.

Indeed, organizations need to act on the assumption that preventing ransomware "is all but impossible," and focus on putting tools in place "to lessen the impact, such as disaster recovery plans and context-switched data," notes Barmak Meftah, founding partner at cybersecurity venture capital firm Ballistic Ventures.

However, the ongoing VMware ESXi ransomware attack highlights another issue that contributes to an inherent inability for many organizations to take the necessary preventative measures: the skill and income gaps across the globe in the IT security realm, Mayer says.

"We do not have enough skilled IT professionals in nations where wealthy companies are targets," he tells Dark Reading. "At the same time, there are threat actors across the globe who are able to make a better living leveraging their skills to extort money from others than if they took legitimate cybersecurity work."

Mayer cites a report by the international cybersecurity nonprofit (ICS2) that said to secure assets effectively, the cybersecurity workforce needs 3.4 million cybersecurity workers. Until that happens, "we need to ramp up training these workers, and while the gap still exists, pay those with the skills around the world what they are worth, so they don’t turn to being part of the problem," Mayer says.

Ongoing VMware ESXi Ransomware Attack Highlights Inherent Virtualization Risks

Emerging risks and trends need to be monitored, but cybersecurity challenges can be fixed with a focus on the fundamentals.

With reports that more than half of US states have banned or restricted access to TikTok on government devices, many cybersecurity professionals are asking, "How can you take a well-intentioned policy from vision to execution?" The answer is operational governance.

Cybersecurity tends to focus on preventing ransomware and advanced persistent threats. This is essential work, but it can overshadow the foundation of an effective cybersecurity program. Fundamentally, cybersecurity is about enforcing corporate policies. Yet enforcement falls flat far too often because organizations lack visibility into what is happening on their network.

Many policies are intended to prevent attacks, but other traditional examples include preventing access to gambling websites and other illicit content. Governance, risk, and compliance (GRC) programs are intended to demonstrate compliance for audits or to assess the security posture of another organization during a corporate merger or acquisition.

TikTok is just one recent example of banning access to an app. New York City public schools have banned ChatGPT. And there are ongoing concerns that a rogue employee could install cryptomining software on a corporate network. Of course, preventing and detecting these risks and threats has become substantially harder since cloud computing, mobile devices, and the Internet of Things have radically transformed the network perimeter.

The network perimeter has been atomized by decades of digital transformation, which means it has become dispersed, ephemeral, encrypted, and diverse. Mobile and remote workers are accessing data and applications scattered across multicloud, hybrid-cloud, and on-premises infrastructure. Legacy application appliances have been retrofitted to interoperate with cloud environments. IT/OT convergence is enabling applications to access physical environments as easily as IT networks.

**A Paper Tiger: Policy Without Enforcement**

As organizations have moved to adopt zero-trust security, network security and identity-based access controls have been lagging behind endpoint and detection and response (EDR) deployments. Unfortunately, identity-based threats can elevate endpoint privileges to disable EDR agents and to access the network, where threat actors can hide between the gaps of disconnected technologies and the teams that manage them.

Furthermore, many endpoint and network devices, such as IoT devices, serverless platforms, routers, switches, and SCADA systems are incapable of running EDR agents in the first place. And all of this assumes that the cybersecurity team is aware of every endpoint connected to the network and has a way to control them, which is not always the case.

Entire classes of devices may be left unprotected, so having an effective network security architecture beyond access control and access brokering is even more important. However, the chaotic nature of network traffic makes visibility difficult. Traditional solutions usually don't support the cloud, and cloud-based approaches tend to focus on specific cloud environments. Detecting and stopping attacks is incredibly difficult, given the opacity and gaps.

One major concern with TikTok and other apps is the potential for unauthorized access to the network and devices through excessive permissions or embedded spyware, which may be used for espionage. To address these concerns, it is important to categorize the types of infrastructure and the traffic that needs to be monitored. By mapping out the infrastructure and analyzing real-time data, it is possible to identify and alert on policy violations and to integrate these alerts into existing workflows.

**Invent the Universe: Comprehensive Visibility and Real-Time Verification**

The famed astrophysicist Carl Sagan once quipped, "If you wish to make an apple pie from scratch, you must first invent the universe." The same goes for enforcing cybersecurity. Without comprehensive visibility of the network and real-time verification of governance policies, it can be difficult to know if they are being enforced. This is especially true when relying on outdated technologies or host-based monitoring, which may not provide a comprehensive view of network activity.

For example, I recently spoke with a company that discovered one of its factory machines — which was in production and should have been isolated from other networks — was browsing TikTok and Facebook. This was a clear indication that policy enforcement had failed, leaving the machine compromised.

And just as you cannot bake without precisely measuring your ingredients and knowing the temperature of the oven, you cannot enforce cybersecurity policy without comprehensive and real-time visibility into endpoint devices and network traffic. Visibility is a foundation of cybersecurity, which is why so many compliance frameworks, such as SOC 2 and ISO 27001 include the creation of an asset inventory among their first requirements.

It can be easy to be drawn in by the allure of shiny new solutions — and certainly cybersecurity professionals do need to monitor emerging risks, threats and trends like these recent TikTok bans — but I would contend that the majority of cybersecurity challenges can be fixed with a focus on the fundamentals: enforcing corporate policy with the visibility needed to do so.

With TikTok Bans, the Time for Operational Governance Is Now

A tax variable in the software implementing the Dingo Token allows the creators to charge 99% in fees per transaction, essentially stealing funds, an analysis finds.

The originator of the Dingo Token — a cryptocurrency with a purported market capitalization of $11 million — has included a backdoor in the code to charge each transaction a fee of up to 99% of the worth of the token.

That's according to cybersecurity firm Check Point Software, which has issued an advisory warning potential investors of what the company calls "a scam." 

While the documents describing the Dingo Token claimed that the scheme charged 10% per transaction, Check Point researchers found 47 transactions where the total fee per transaction had been increased to 99%. The creator had also set the fee to 99% for future transactions, essentially stealing the funds of any traders of the cryptocurrency, according to the analysis published this week.

The Dingo Token creator has already transferred previously collected funds to other accounts, leaving no money for anyone holding Dingo tokens, says Oded Vanunu, head of products vulnerabilities research at Check Point Software.

"The function was called many times by the owners to prevent users from selling their holdings," he says.

Cryptocurrencies are heavily based on mathematics but also on good marketing, a dose of libertarian ideals, and an influx of gray market cash. Overall, hundreds of cryptocurrencies have been created, and not all will be legitimate, nor will they be free of fraud. In a 2019 report, for example, Alameda Research uncovered significant fraud in many crypto exchanges. That's ironic, given that two years later the firm and its sister company, cryptocurrency exchange FTX, had both declared bankruptcy, and their executives, including FTX and Alameda co-founder Sam Bankman-Fried, have been charged with numerous financial crimes.

While those efforts may have started as legitimate businesses, the Dingo Token scheme likely started as fraud from the start, Check Point stated in its analysis.

"We examined the Dingo smart contract and quickly found it seemed like a scam," the company stated. "The project website contains no real information about the owners of the projects."

**A Quick Jump in Popularity**

While the Dingo Token is far down the lists of popular cryptocurrencies — No. 774, at the time Check Point released its advisory — transactions using the currency had jumped 8,400% in the past year, according to the cybersecurity firm. The meteoric rise in popularity, along with the fact that the description of the cryptocurrency was limited, raised suspicions, leading to Check Point analyzing the digital smart contract on which the token is based.

The analysis uncovered systematic theft of traders' funds, using a variable called "TaxFee" to set the amount to take from each transaction. 

"We don’t believe that it was a mistake due to the nature of crypto-scam projects," Vanunu says. "In this case, \[the\] _setTaxFeePercent_ function code...operates as a backdoor, \[allowing\] the owner to change the fee dynamically, which is not best practice for legitimate projects."

The fake cryptocurrency scheme may be the most technical attack yet, but fraud is increasingly a hazard for cryptocurrency investors and users, surging after a hiatus following numerous cryptocurrencies plunging in value by more than 60%. In 2022, for example, the FBI warned that cryptocurrency scams had once again targeted businesses and consumers, this time with fake investment apps that led to the theft of more than $40 million.

**Know Your Code**

The Dingo Token incident highlights the fact that companies need to conduct due diligence on any cryptocurrency in which they plan to use or allow customers to use. Security gaps, such as the backdoor code used by Dingo Token, need to be identified and cryptocurrency investors need more education on the risks, Vanunu says.

"We recommend that users only use known exchanges and buy from a known token that has several transactions behind it," he says. "In the near future, we believe that more preventative solutions will be available for users to deal with these cyber threats."

The Dingo Token creators did not respond to a request for comment sent to their contact email address by publication time. Check Point believes the creators are gone, but more scams will likely appear to take its place.

"It is important for consumers to be careful with the tokens they buy," the company stated in the analysis, adding that "cryptocurrency is a volatile market. Scammers will always find new ways to steal your money using cryptocurrency, and new forms of crypto are constantly being minted."

Backdoor in Dingo Cryptocurrency Allows Creator to Steal (Nearly) Everything

**WESTMINSTER, Colo.****,** **Feb. 7, 2023** **/PRNewswire/ --** Global cybersecurity pioneer Coalfire announced today major innovations to its Compliance Essentials solution, including advanced automated evidence collection plug-ins, enabling faster time to compliance and greater visibility for clients. In partnership with anecdotes, one of the world's leading security technology engineering firms, Compliance Essentials now enables customers to manage compliance workflows and risks, automatically collect evidence, and execute audits all within the platform – making it one of the most comprehensive compliance and risk management automation solutions in the market.

Introduced in 2022, Compliance Essentials is the next-generation compliance management solution that bundles audit services with its leading Software-as-a-Service (SaaS) compliance platform. Compliance Essentials' newly enhanced automation capabilities enable clients to reduce manual evidence collection by up to 50% and cut internal compliance costs by up to 40%.

"We have true continuous compliance with this solution," said Prabhath Karanth, global head of security & trust at TripActions. "Having anecdotes' automation within Compliance Essentials allows organizations to identify control effectiveness and demonstrate to both leadership and customers the status of our maturing security program."

"The transformation to continuous compliance takes a giant step forward with evidence automation seamlessly integrated into our solution," said Coalfire Chief Product Officer Vineet Seth, who was recently named to anecdotes' advisory board. "Working with the elite anecdotes engineering team, Coalfire Compliance Essentials now pulls evidence automatically from 35+ plug-ins spanning all cloud service providers, including AWS, Azure, and Google Cloud, and maps with more than 40 regulatory frameworks."

"We are excited to unveil a game-changing solution for compliance management from Coalfire with this union of exceptional service and technology providers," said anecdotes CEO Yair Kuznitsov. "The partnership promises to revolutionize how compliance teams operate, bringing a brighter future for compliance programs and setting a new standard in the industry."

In addition to enhanced automation features, Coalfire is also introducing a new risk management module within Compliance Essentials that centralizes an organization's risk management program. The module enables customized risk scoring with robust workflows, empowering organizations to track, manage, and address risks.

Seth added, "Our breakthrough compliance automation solution sets a new standard for organizations with complex environments and multiple compliance frameworks on the path to continuous, automated compliance."

**About Coalfire**

The world's leading organizations – including the top five cloud service providers and leaders in financial services, healthcare, and retail – trust Coalfire to elevate their cyber programs and secure the future of their business. Number one in compliance, FedRAMP®, and cloud penetration testing, Coalfire is the world's largest firm dedicated to cybersecurity, providing unparalleled technology-enabled professional and managed services. To learn more, visit Coalfire.com.

**About anecdotes**

anecdotes is the leading technology provider for Compliance leaders. Powered by data, the anecdotes Compliance Operating System (OS) transforms security Compliance from a box-ticking exercise into a powerful driver of growth. With a variety of applications powered by verified data, Compliance leaders as well as advisory firms and auditors, can turn manual, time-consuming, and siloed tasks into an automated, continuous, and strategic Compliance program. That's why some of the world's fastest growing brands - Unity, TripActions, Amplitude, Babylon and more - use anecdotes. For more information, visit anecdotes.ai.

Coalfire Compliance Essentials Optimized for Automated Evidence Collection

**TEL AVIV, Israel****,** **Feb. 7, 2023** **/PRNewswire/ --** ARMO, creator of open-source Kubernetes security platform Kubescape, announced today that it has integrated ChatGPT's generative AI into ARMO Platform. With ARMO Custom Controls powered by ChatGPT, users can quickly build custom controls based on Open Policy Agent (OPA) to solve their unique security needs. They can then run them to ensure their Kubernetes clusters and CI/CD pipelines are secure, correctly configured and compliant with security policies.

Open Policy Agent (OPA) provides a standard for security policies, which can be constructed using the Rego declarative language. However, Rego is not a widely known language and using it can be complicated and confusing.

ARMO Custom Controls pre-trains ChatGPT with security and compliance Regos and additional context, utilizing and harnessing the power of AI to produce custom made controls requested via natural language. The user gets the completed OPA rule produced by ChatGPT, as well as a natural language description of the rule and a suggested remediation to fix the failed control — quickly, simply and with no need to learn a new language.

Users can then run the new AI-generated control locally to use it live, and will soon be able to save and run it as an ARMO Platform custom control. Custom controls can also be submitted as pull requests to Kubescape's public regolibrary, contributing them to the community so that all Kubescape users can benefit from them.

"We realized that Kubernetes custom controls are a perfect use-case for generative AI," said Shauli Rozen, co-founder and CEO of ARMO. "By giving ChatGPT some important background and context first, ARMO Platform users can harness it to create custom controls and policies in seconds, complete with descriptions and suggested remediations. Users can focus on securing their Kubernetes environments and not on learning new code languages and tools. We look forward to building on new technology like ChatGPT as part of ARMO's mission to make Kubernetes security simple, easy and transparent."

To try ARMO Custom Controls powered by chatGPT, sign up to ARMO Platform for free.

Read more here 

**About ARMO**

ARMO, the creator of Kubescape, is on a mission to create an end-to-end Kubernetes security platform, powered by open source. We cover all Kubernetes security issues without adding to engineers' burden. Our products enforce organizational security and compliance policies without slowing down the business.

ARMO focuses solely on open source based CI/CD & Kubernetes security, allowing organizations to be fully compliant and secure from code to production. Our solution makes security simple and frictionless for DevOps and is embraced by security.

ARMO Platform is the enterprise solution based on Kubescape. It's a multi-cloud Kubernetes and CI/CD security single pane of glass. Features include: risk analysis, security compliance, misconfiguration and image vulnerability scanning, RBAC visualization.

Kubescape is an open-source Kubernetes security platform. It includes risk analysis, security compliance, and misconfiguration scanning. Targeted at the DevSecOps practitioner or platform engineer, it offers an easy-to-use CLI interface, flexible output formats, and automated scanning capabilities. It saves Kubernetes users and admins precious time, effort, and resources.

ARMO Integrates ChatGPT to Help Users Secure Kubernetes

**WILMINGTON, Del.****,** **Feb. 7, 2023** **/PRNewswire/ --** Intel 471, the premier provider of cyber threat intelligence solutions across the globe, today announced the release of its suite of Attack Surface Protection solutions, specifically designed to scale and grow with the needs of security teams worldwide.

The Intel 471 Attack Surface Protection suite is comprised of three offerings enabling organizations to identify, manage, and protect their digital footprint from the ever increasing and sophisticated cyber threats. Specifically:

*   **Attack Surface Discovery** – maps an enterprise's digital footprint at a single point in time using data from over 200 different OSINT sources, perform scans, probe for vulnerabilities and weaknesses, and identify Shadow IT assets
*   **Attack Surface Management** – builds on Attack Surface Discovery adding continuous monitoring of your attack surface, scan comparisons, automated alerts, and APIs to implement orchestration.
*   **Attack Surface Intelligence** – super charges Attack Surface Management by adding Intel 471 threat intelligence from the cyber underground, which exposes an entire class of threats to your attack surface.

Intel 471 Attack Surface Protection solutions are built upon the company's acquisition of SpiderFoot, a best-in-class open-source intelligence platform purposefully built to assist security professionals in the automation of asset discovery, attack surface monitoring or security assessments. SpiderFoot's CEO, Steve Micallef now serves as Intel 471's vice president of Attack Surface Technology and has been instrumental in developing our Attack Surface Protection solutions. 

"With digital transformation driving an ever-expanding attack surface, enterprises must have best-in-class solutions to identify, monitor, alert and protect their digital footprint and extended third-party attack surface.  As the premier provider of cyber threat intelligence, our solutions are tailored to grow and scale to meet enterprises' business requirements," said Mark Arena, CEO of Intel 471. "Our strategic acquisition of SpiderFoot and the release of our Attack Surface Protection solutions expand our portfolio to meet the specific and individualized attack surface needs of customers worldwide."

**About Intel 471**

Intel 471 empowers enterprises, government agencies, and other organizations to win the cybersecurity war using near-real-time insights into the latest malicious actors, relationships, threat patterns, and imminent attacks relevant to their businesses.

The company's TITAN platform collects, interprets, structures, and validates human-led, automation-enhanced results. Clients across the globe leverage this threat intelligence with our proprietary framework to map the criminal underground, zero in on key activity, and align their resources and reporting to business requirements. Intel 471 serves as a trusted advisor to security teams, offering ongoing trend analysis and supporting your use of the platform. Learn more at https://intel471.com/.

Intel 471 Announces Powerful and Scalable Attack Surface Protection Solution Suite

**MADISON, Wis.****,** **Feb. 7, 2023****/PRNewswire/ --** Infosec Institute, a leading cybersecurity education provider and part of Cengage Group, today announced the launch of a new security awareness training series titled, "Work Bytes" for Infosec IQ, a security awareness and training platform that empowers employees with the knowledge and skills to reduce their cyber risk. Work Bytes fills the void often seen with other cybersecurity training – the content is concise and entertaining, but most importantly it helps employees retain the information they've learned, ensuring a more knowledgeable and security-aware workforce.

Set in the backdrop of a hilarious office comedy, Work Bytes features a colorful cast of creative characters, including vampires, pirates, aliens, and zombies. These fantastical and unlikely co-workers encounter and navigate today's most common and complex cybersecurity threats from phishing emails to social engineering scams.

Cybersecurity threats are more prevalent than ever, and the reality is that employees are the biggest risk factor within an organization, but they can also be an organization's biggest asset with the right training. In fact, 82% of data breaches involve a human element. Aside from the major reputational damage that accompanies a data breach, business continuity post-breach is also greatly affected with experts predicting that by 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.

"Cybersecurity threats are constantly evolving so the way companies train employees to recognize, navigate and deter these threats must change, too," said Jim Chilton, GM for Infosec and CTO of Cengage Group. "Lengthy, time-consuming, and stale trainings result in low engagement and a low retention of information which poses a massive risk for businesses. Our award-winning team has researched, developed, and brought to market a fresh content training series that educates, entertains, and engages today's learners so that they don't just 'check the box,' but begin building a strong, always-vigilant cybersecurity culture."

The Work Bytes training series is just the latest addition to Infosec IQ's content library where it joins five other award-winning training series including the highly acclaimed "Choose Your Own Adventure® Security Awareness Games."  One of the key benefits of Infosec IQ and its training platform is the opportunity to choose the type of content that resonates most with a company's culture and employee base. Offering personalized and tailored cybersecurity training ensures security knowledge and awareness – because cybersecurity needs everyone.

For more information on Infosec IQ and the Work Bytes series visit https://www.infosecinstitute.com/iq/work-bytes/ or watch the trailer here.

**About Infosec**

Infosec, part of Cengage Group, is a leading cybersecurity education provider helping IT and security professionals advance their careers and empowering employees to be cyber-safe at work and home. Its mission is to equip individuals and organizations with the knowledge and skills to confidently outsmart cybercrime. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent and teams, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness and phishing training.

SOURCE Infosec Institute, part of Cengage Group

Source

DARKReading