The authentication bypass flaw in FortiOS, FortiProxy and FortiSwitchManager is easy to find and exploit, security experts say.

Concerns over a critical authentication bypass vulnerability in certain Fortinet appliances heightened this week with the release of proof-of-concept (PoC) exploit code and a big uptick in vulnerability scans for the flaw.

The bug (CVE-2022-40684) is present in multiple versions of Fortinet's FortiOS, FortiProxy and FortiSwitchManager technologies. It allows an unauthenticated attacker to gain administrative access to affected products via specially crafted HTTPS and HTTP requests, and potentially use that as entry point to the rest of the network.

Bharat Jogi, director of vulnerability threat research at Qualys says researchers at the company have observed mass scans being carried out by various threat actors to identify Internet facing vulnerable systems for compromise.

"They are compromising these systems to create a super\_admin user which provides them with complete access and control," Jogi says. "Once this level of access is achieved, they have the ability to delete any trace of their successful exploitation attempt, making it difficult for organizations to track compromised assets in their environment."

If this flaw is successfully exploited, an attacker would have complete access to the organization's internal systems that were previously protected by Fortinet's firewalls, he says. "Having a compromised firewall is like laying out a red carpet for threat actors to stroll right into your organization's environment," Jogi notes.

**Added to CISA's Known Exploited Vulnerabilities Catalog**

The US Cybersecurity and Infrastructure Security Agency (CISA) earlier this week added the vulnerability to its Known Exploited Vulnerabilities catalog. Federal executive branch agencies—which are required to remediate vulnerabilities in the catalog within specific deadlines—have until Nov. 1 to address it. Though the deadline applies only to federal agencies, security experts have previously noted how it is a good idea for all organizations to monitor the vulnerabilities in the catalog and follow CISA's deadline for implementing fixes.

Fortinet privately notified customers of the affected products about the vulnerability last Friday, along with instructions to immediately update to patched versions of the technology the company had just released. It advised companies that could not update for any reason to immediately disable Internet-facing HTTPS administration until they could upgrade to the patched versions. 

"Due to the ability to exploit this issue remotely, Fortinet is strongly recommending all customers with the vulnerable versions to perform an immediate upgrade," Fortinet said in its private notification, a copy of which was posted on Twitter the same day.

Fortinet followed up with a public vulnerability advisory on Monday describing the flaw and warning customers of potential exploit activity. The company said it was aware of instances where attackers had exploited the vulnerability to download the configuration file from affected systems and to add a malicious super\_admin account called "fortigate-tech-support".

Since then, penetration testing from Horizon3.ai has released proof-of-concept code for exploiting the vulnerability along with a technical deep dive of the flaw. A template for scanning for the vulnerability has also become available on GitHub.

Exacerbating the concerns is the relatively low bar for exploiting the flaw. "This vulnerability is extremely easy for an attacker to exploit. All that is required is access to the management interface on a vulnerable system," Zach Hanley, chief attack engineer at Horizon3.ai, tells Dark Reading

**Increase in Scanning Activity for the Flaw**

Qualys isn't the only company observing increased vulnerability scanning for the flaw. James Horseman, exploit developer at Horizon3.ai says public data from GreyNoise—which tracks Internet scanning activity hitting security tools—shows the number of unique IPs using the exploit has grown from the single digits a few days ago, to over forty as of Oct. 14.

"We expect the number of unique IPs using this exploit to rapidly increase in the coming days," Horseman says. It is not hard for attackers to find vulnerable systems, he adds: A Shodan search for instance shows more than 100,000 Fortinet systems worldwide. 

"Not all of these will be vulnerable, but a large percentage will be," Horseman says.

Johannes Ullrich, dean of research at the SANS Institute, says he has observed scans associated with an older FortiGate vulnerability (CVE-2018-13379,) hitting SANS' honeypots in the days following disclosure of the new bug. He says there are two theories why that might be happening.

One of them is that an attacker may have tried to catch as many devices as possible that had not yet been patched for the old vulnerability. Given the attention the new vulnerability has gotten it is likely the old vulnerability will get patched as well now, he says.

"Or the attacker was trying to find Fortinet devices to exploit using the new vulnerability once it is available," he theorizes. "The old vulnerability scanner they had sitting on the shelf may still work to identify Fortinet devices."

**A Popular Attacker Target**

Concerns over vulnerabilities in Fortinet products are not new. The company's technologies—and those of others selling similar appliance—have been frequently targeted by attackers trying to gain an initial foothold on target network. 

Last November. The FBI, CISA and others issued an advisory warning of Iranian advanced persistent threat actors exploiting vulnerabilities in Fortinet and Microsoft products. A similar alert in April 2021 warned of attackers exploiting flaws in FortiOS to break into multiple government, commercial, and technology services.  

"These vulnerable devices are often edge devices, so an attacker could potentially use this vulnerability to gain access to an organization's internal networks to launch further attacks," Hanley says.

Fortinet itself has recommended that organizations that are able to, must update to the newly patched versions of FortiOS, FortiProxy and FortiSwitch Manager. For organizations that cannot immediately update, Fortinet has provided guidance on how to disable the HTTP/HTTPS interface or limit IP addresses that can reach the administrate interface of the affected products.

Hanley says organizations sometimes may not be able to patch due to the potential downtime associated with updating a device. "However, an organization should be able to apply \[the\] workaround to prevent this vulnerability from being exploited on unpatched machines by following Fortinet’s guidance."

Qualys' Jogi adds, "It is also crucial to review any attempts of exploit to identify systems that may have already been compromised. If an organization is unable to patch their systems, then they must disable the system admin interface immediately."

Concerns Over Fortinet Flaw Mount; PoC Released, Exploit Activity Grows

Such exploits sell for up to $10 million, making them the single most valuable commodity in the cybercrime underworld.

Over the past few years, there's been an increase in the number of attackers targeting Apple, especially with zero-day exploits. One major reason is that a zero-day exploit might just be the most valuable asset in a hacker's portfolio — and hackers know it. In 2022 alone, Apple has discovered seven zero-days and has followed up these discoveries with the required remedial updates. But it doesn't seem like the cat-and-mouse game will die anytime soon.

In 2021, the number of recorded zero-days overall was more than double the figures recorded in 2020, showing the highest level since tracking began in 2014, according to a repository maintained by Project Zero. MIT Technology Review attributed this rise to the "rapid global proliferation of hacking tools" and the willingness of powerful state and non-state groups to invest handsomely in the discovery and infiltration of these operating systems. Threat actors actively search for vulnerabilities, find a way to exploit them, then sell the information to the highest bidder.

**The Zero-Day Battles**

Suffering repeatedly from these infiltrations is the tech giant, Apple. After recovering from 12 recorded exploitations and remediation in 2021, Apple was welcomed into the new year of 2022 with two zero-day bugs in its operating systems and a WebKit flaw that could have leaked users' browsing data. Barely one month after releasing 23 security patches to fix those issues, another flaw was discovered — one that would allow attackers to infect users' devices when they process certain malicious Web content.

Fast-forward to August 17 and Apple revealed it had found two new vulnerabilities in its operating system: CVE-2022-32893 and CVE-2022-32894. The first vulnerability gives remote code execution (RCE) access to Apple's Safari Web browser kit, used by every iOS and macOS-enabled browser. The second, another RCE flaw, gives attackers complete and unrestricted access to the user's software and hardware. Both vulnerabilities affect most Apple devices — especially the iPhone 6 and later models, iPad Pro, iPad Air 2 onwards, iPad 5th generation and newer models, iPad mini 4 and newer versions, iPod touch (7th generation), and macOS Monterrey. Recognizing the risk level of such a threat, Apple recently released security updates to remediate these "actively exploited" vulnerabilities. This would be the fifth and sixth zero-day vulnerability exploited in Apple's systems just this year.

A couple weeks later, speculations about another zero-day exploit arose. One research team, in particular, said it found an ad on the Dark Web offering a supposedly weaponized version of an Apple vulnerability for over €2 million. While these speculations remain unconfirmed, soon after Apple released security updates for its seventh actively exploited zero-day vulnerability of 2022: CVE-2022-32917. According to the advisory, attackers could leverage this flaw to create applications that execute arbitrary code with kernel capabilities.

Zero-day exploits sell for up to $10 million, Digital Shadows' Photon Research Team reports, positioning them as the single most expensive commodity in the cybercrime underworld. With a bounty like that, the market for these exploits are bound to expand and further exacerbate cyber threats.

**Apple Isn't Alone in the Zero-Day Wild**

Apple is not alone in this struggle. In recent months, tech giants like Microsoft, Adobe, and Google have also had to patch zero-day vulnerabilities that have been actively exploited in the deep Web. A June article on Dark Reading noted that there had been "a total of 18 security vulnerabilities exploited as unpatched zero-days in the wild," and the number has since risen to 24. From all indications, attackers won't slow down anytime soon, especially as new variants of already patched zero days continue to surface.

As adversaries continue to find loopholes across systems and security architectures, enterprise leaders must keep prioritizing proactive defenses to stay ahead of attacks. One way to be proactive, according to Craig Harber, CTO at Fidelis Cybersecurity, is for organizations to map cyber terrains by gaining full visibility into their entire systems.

"Discovery is a ballet of strategy, inventory, and evaluation. Organizations need the ability to continuously discover, classify, and assess assets — including servers, enterprise IoT, laptops, desktops, shadow IT, and legacy systems," he notes.

Apple's Constant Battles Against Zero-Day Exploits

New York AG fines Shein and Romwe parent company for failure to protect customer data and downplaying the 2018 compromise of 46 million shopper records.

In the wake of a June 2018 breach in which more than 46 million shopper records were compromised, the New York Attorney General's Office fined Zoetop Business Company $1.9 million. Zoetop's operation includes fast-fashion brands Shein and Romwe. 

Attorney General Letitia James said in a statement that Zoetop not only failed to protect customer data, but also lied about the scope of the breach, which ultimately affected 39 million Shein accounts and 7 million Romwe accounts. Of those victims, James' office estimates 800,000 are New York residents. 

“Shein and Romwe's weak digital security measures made it easy for hackers to shoplift consumers’ personal data,” James said about the Zoetop fine. "Shein and Romwe must button up their cybersecurity measures to protect consumers from fraud and identity theft. This agreement should send a clear warning to companies that they must strengthen their digital security measures and be transparent with consumers; anything less will not be tolerated.”

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Fast Fashion Retailer Data Breach Draws $1.9M Fine

The default email encryption used in Microsoft Office's cloud version is leaky, which the company acknowledged but said it wouldn't fix.

Researchers have discovered what they call a vulnerability in Microsoft 365, tied to the use of a broken or risky cryptographic algorithm. It could be exploited to infer some or all the content of encrypted email messages, they warned — but Microsoft has declined to address the issue.  

Third-party researchers tell Dark Reading that the real-world risk from the issue depends on an organization's profile. 

**A Flawed Crypto Approach**

Microsoft 365 (formerly Office 365) offers a method of sending encrypted messages (Office 365 Message Encryption, or OME) using Electronic Codebook (ECB), a mode of operation known to expose certain structural information about messages.

WithSecure principal security consultant Harry Sintonen wrote in an Oct. 14 posting that if an attacker had access to enough emails using OME, it's possible to access leaked information by analyzing the frequency of repeating patterns in individual messages and then matching those patterns with those in other encrypted emails and files.

"This could impact anyone using OME, if the attachment in question has the properties that make it decipherable in this way," he tells Dark Reading. "Of course, for the extraction to be possible, the adversary first needs to get access to the actual encrypted email message."

Sintonen explains that even if the files did not have a larger structure that could directly be revealed, there is still possibility of fingerprinting files.

"If a file has some repeating blocks, you could construct a fingerprint from the relation of these repeating blocks," he says. "You can then scan the encrypted email messages for these fingerprints. If found, you know that this email message included the specific file."

He adds that it's also possible to leverage artificial intelligence (AI) to find similar fingerprints to find content that is related, perhaps part of a set of similar files.

**Microsoft: No Fix Forthcoming**

In January 2022, Sintonen shared his research findings with Microsoft. Microsoft acknowledged the problem and compensated Sintonen as part of its vulnerability rewards program but decided against fixing it.

"The report was not considered meeting the bar for security servicing, nor is it considered a breach," the computing giant responded. "No code change was made and so no CVE was issued for this report."

Bud Broomhead, CEO at Viakoo, a provider of automated IoT cyber-hygiene, says he thinks Microsoft choosing not to fix it either means that there is a new message encryption capability soon to be released, or that the "fix" would need to be a complete rewrite of this capability.

"It could also be that usage of this feature \[is\] of low enough or limited enough that Microsoft would decline to fix it," he adds. "Even if Microsoft declines to fix this, it should at least remove or restrict the use of message encryption within Office 365 until a better solution is available to users."

And indeed, companies can mitigate the problem by not using the OME feature — but even that does not eliminate the risk entirely.

"If they have been using OME encryption and this issue is determined to be a problem, they have no other recourse than ceasing to use the problematic service — OME — and replace it with another, secure solution," Sintonen says.

This, however, doesn’t remedy the fact that large amounts of poorly encrypted email messages may linger in various parts of the Internet and could be analyzed by actors who gain access to them.

**Senders, Recipients at Risk?**

Broomhead notes that for many years the fear has been that encrypted data that was previously exfiltrated may someday be decrypted and exploited.

"For threat actors who have harvested large amounts of encrypted Microsoft Office 365 email messages, that day may be today," he says, adding that he thinks it's clearly "a bug of high severity."

"Both senders and recipients are at risk — especially with people outside the organization, the desire to use encryption may have been to protect trade or other organizational secrets," Broomhead says.

That said, the need to have a large number of encrypted emails to use this vulnerability narrows the victimology — by definition it would be larger organizations who felt the need to encrypt large numbers of email messages. And, highly sensitive information usually already has additional layers of data protection, Mike Parkin, senior technical engineer at Vulcan Cyber, points out.

"Those who require truly secure email have other options they can use," Parkin says. "For example, using GPG encryption and sending the encrypted message as an attachment."

He says that as a result, most business users won't be affected by the level of data leakage here, unless they are in the habit of sending highly sensitive, and time sensitive, information through Microsoft 365.

"It's sufficient to keep most expected threats at bay but wouldn't be adequate versus a well-resourced state or state-sponsored threat actor," he says. "High-value communications require highly secure cryptographic algorithms and protocols. In practice, the encryption\[s\] available in Office 365 are enough for most users."

On the flip side, Parkin notes that people can come to rely on basic encryption keeping their information safe, and anything that gives a potential threat actor insight into that secure communication is problematic.

"Ideally, encrypted traffic shouldn't reveal anything about the contents of the message beyond the sender and receiver information required to get it point to point," he says.

Microsoft 365 Message Encryption Can Leak Sensitive Info

Acuity Insurance reports ongoing increased insurance risk for individuals and businesses.

**SHEBOYGAN, Wis., Oct. 13, 2022 /PRNewswire/** — In recognition of Cybersecurity Awareness Month, Acuity Insurance — the sole regional insurance provider rated A+ by both AM Best and Standard & Poor's, with over $6 billion in assets — is reporting an increased need for cyber liability insurance across both personal and business policyholders. From June 2021 to June 2022, Acuity Insurance saw cyber liability insurance claims on its commercial insurance policies increase by more than 50%. For personal policies, Acuity saw more than a 90% increase in cyber claims being reported in 2021 compared with 2020.

"Our lives, homes and businesses are more connected than ever before," said Steve Maliborski, general manager of commercial products at Acuity Insurance. "Being connected leads to a greater risk of cyberattacks, which aren't covered under standard homeowners or business insurance policies."

Acuity experts caution that everyone is at risk — whether you are a small business owner or an individual — as cyberattacks continue to pose a serious financial threat. From 2019 to 2021, cyberattacks were up 50% from the previous year, according to recent research. Wire fraud and gift card scams are two of the most common types of cyberattacks impacting both businesses and individuals, Acuity found.

"Scams involving social engineering are some of the easiest to fall for, as fraudsters exploit a person's trust to obtain money or personal information, which can then be used for unauthorized withdrawals of money," said Bob Hertel, director of personal lines product development at Acuity Insurance. "Cyber insurance can protect you from financial loss caused by wire transfer fraud, phishing attacks, cyber extortion, cyberbullying and more."

While all cybercrimes have a financial impact, fraudulent wire transfers often come with greater losses. Banks are typically not responsible for funds lost as a result of a fraudulent wire transfer inadvertently authorized by the customer. Whether it's a wrongful money transfer by a business or an individual, cyber insurance will help mitigate some of the financial loss caused by these scams.

Although many individuals and companies look to keep their insurance costs as low as possible, adding a cyber endorsement will cost you far less than any cybercrime loss would. At Acuity, the personal lines identity fraud expense and cyber protection endorsement cost just $35 per year, while the average commercial line policy starts at approximately $260 per year.

While the best defense is prevention, you can have peace of mind knowing you are properly covered. Acuity's personal and commercial cyber protection policies contain resources to help minimize cyber risks and protect individuals and businesses. For more information, visit www.acuity.com.

**About Acuity**

Acuity Insurance, headquartered in Sheboygan, Wisconsin, insures over 125,000 businesses, including 300,000 commercial vehicles, and nearly a half-million homes and private passenger autos across 30 states. Rated A+ by AM Best and S&P, Acuity employs over 1,500 people.

**SOURCE:** Acuity Insurance

Acuity Reports Increase in Cyber Liability Insurance Claims as Cybercrime Skyrockets

Once overloaded, our brains can't process information effectively, performance decreases, and even the simplest of tasks seem foreign.

It is safe to say that we all have a memory that makes us smile or gives us a good laugh. Or a memory that reminds you of how far you or a friend have come and gone over the years, especially in a profession as complex as cybersecurity.

This memory brings me back to a week-long red team/blue team exercise: a "friendly" defend-the-castle scenario between classmates. By friendly, I mean we set out to obliterate our networks (in good fun, of course). The week started great. Our team had a few easy wins and gained shell access on several target systems (deleting System32 is a great way to annoy your opponents). But as the week went by, things started to fall apart. Everything made sense, and then it didn't. Data began to blur together, and tasks felt repetitive. Someone threw out an idea, while someone else wanted to argue. There came the point where I caught myself slumped over, staring at my keyboard. Not a single thought could process in my head. Finally, I hear, "Hey, this looks strange." During this phase of the exercise, hearing that statement was like music to our ears.

Our team seemed to snap out of our daze in unison and huddled around our teammate's monitor. He explained what he saw, and we reviewed the packet capture together. "How long have you been monitoring this IP address?" one classmate asked. "For a few hours!" he responded. "That's your IP. You were monitoring you, monitoring them." The room fell silent for a few moments then we all laughed (including him).

I think about that memory often. Mind you, this was a knowledgeable person whom I highly respected. But I could see it on his face that he was burned out. This brings up a great lesson to remember in any profession, especially cybersecurity — our minds can do amazing things, but we must be aware of cognitive overload. When our working memory is overloaded, we can no longer process information effectively, we experience decreased performance, we can make detrimental mistakes and judgments, and even the simplest of routine tasks can seem foreign.

For example, I was on a mission where I parsed billions of network events. The amount of information was enough to make my head hurt. It was like trying to find the needle in the haystack. I was reading the information on my screen, but I wasn't absorbing the content in ways that I usually would. Fields and metadata of each event became indistinct, like looking at the last line of an eye exam chart. My thinking capacity was full, and unlike computers, we cannot add more RAM or plug in an external hard drive to our brains.

Cognitive overload goes even further in that it can affect our emotional well-being. When we are emotionally well, we can produce positive thoughts and adapt to challenging situations. This is imperative when facing the dynamic cybersecurity domain where the stakes are incredibly high. I have had days where I simply felt defeated. My head would fill with negative thoughts that caused even more stress:

_"__Maybe I am not good enough.__"_

_"__I don’t know what I am doing.__"_

_"__I am going to get in trouble.__"_

All these things weren't true, but they were true to me at the time. I couldn't sleep at night, and my thoughts followed me to work. The trickle-down effect that stems from cognitive overload is vicious and unrelenting.

**Tips for Avoiding Overload**

Here are some of the most important things I have learned over the years as a cybersecurity professional about reducing cognitive overload. 

*   Know when to ask for help. Be concise and specific, or you'll never get the help you need.  
*   Speak up for yourself. Voice your opinions about important topics, such as heavy workloads or outdated procedures.  
*   Sometimes, looking at tasks with fresh eyes is the best answer. On several occasions, I have found myself seeing what I _wanted_ and not what was in front of me.  
*   Try to focus on one task at a time. Wandering thoughts are a natural part of how our brains work and can quickly cause us to draw our attention in different directions.  
*   It is hard to see the entire picture when you are standing in it. Take the time to self-reflect and attend to your needs.

Whether in the military or private sector, I have always been surrounded by selfless people. I didn't understand the significance at the time, but that red team/blue team exercise helped shape the way I work.

That day, my classmate taught me a valuable lesson — that monitoring yourself (pun intended) is essential to a healthy and successful career, and no, I don't mean using a packet analyzer. When we see ourselves clearly, we have the ability to do great things like accelerating change in our organizations and advancing the cybersecurity profession as a whole.

Care and Feeding of the SOC's Most Powerful Tool: Your Brain

Electric Vehicle Charging Station Leader Certified in Accordance with ISO/SAE 21434 "Road Vehicles – Cybersecurity Engineering".

BACHENBÜLACH, Switzerland, Oct. 11, 2022 /PRNewswire/ -- Juice Technology AG, producer of electric charging stations and software and the market leader in portable chargers for electric vehicles (EVs), today announced that it has received international certification in accordance with the ISO/SAE 21434 "Road vehicles – Cybersecurity engineering" standard.

"Adoption of the ISO standard is the consistent continuation of our three-level concept for security in electromobility, which we presented at our Juice World Charging Day 2021," said Christoph Erni, founder and CEO of Juice Technology AG. "We are once again a step ahead of our competitors and continue our focus on cyber security. Even though this cyber security standard isn't mandatory for suppliers to automotive manufacturers yet, sooner or later it will become a must for the entire industry. We are adopting it today to continue our focus as a strong partner for OEMs."

Increasing interoperability between vehicles, charging stations, energy management systems and network operators conceals a growing risk of outages because disruptions to electronic systems can spread across individual subsystems. Prevention is therefore the easiest way to reduce cyber risks. For charging infrastructure, this means that security aspects must already be firmly established in the design and development phase. This "security by design" approach begins with procurement of the hardware components, continues in software design and includes all communication processes. Generally accepted coding standards, code analysis tools and code reviews contribute to the reduction of risks. Tried and tested practices ensure more effective quality assurance here.

Measures which are defined in the new ISO standard 21434 offer greater security for product developers, OEMs and their suppliers. As an OEM supplier, Juice not only carries out production in automotive-certified factories but also now has the latest certification in cyber security engineering.

The ISO/SAE 21434 standard was published in August 2021 and relates to components, spare parts and accessories for production vehicles. It covers all phases in the life cycle of a vehicle – from development through production, operation and maintenance to recycling. Although infrastructure outside the vehicle is not actually covered by the standard, charging infrastructure, as an inextricably linked part of e-vehicle infrastructure, is directly affected by it.

For more information about the technical features of Juice Technology solutions visit: https://juice.world/en/technical-highlights.

**About Juice Technology**

Juice Technology AG is a globally active producer of charging solutions for electric vehicles. The company's comprehensive product portfolio, featuring AC and DC charging stations ranging from lightweight portable devices to large fast chargers, makes it one of the very few full-range vendors in the industry. Juice has dominated the market for portable 22-kW charging stations since 2014. To find out more about the company, its products and solutions, go to www.juice-world.com. You can also follow us on LinkedIn, Facebook, Instagram and Twitter.

Juice Technology Receives ISO Certification for Charging Station Cyber Security

BELLVUE, Wash., Oct. 11, 2022 /PRNewswire/ -- ControlMap, Inc., the security and compliance automation platform, announced today the launch of the Trust Portal — a unique interface for users to share valuable security information, data, and status with customers. With this new feature, ControlMap supports its mission to help organizations boost their revenue and win new opportunities, especially for the MSP/MSSP community.  

"Since launching the Trust Portal, we've been able to serve our customers and their own vendors and clients better," said Pallav Tandon, CEO of ControlMap. "Our position as a leading compliance platform gives us a unique perspective into the types of tools growing compliance teams need, which is where we've put our focus. We're thrilled to launch this new feature to make our platform more user-friendly and share-friendly."

With the implementation of the Trust Portal, ControlMap will be supporting users of the platform with several new functions, including:

*   The ability to upload compliance framework & audit reports in just a few clicks
*   Add security reports, assessments, and links directly to the portal
*   Showcase real-time controls to existing stakeholders
*   Securely share the portal with prospects and create a public page for prospects to request documentation

In short, the Trust Portal creates compliance alignment across organizations, departments, and teams. For security professionals looking to easily share information without the hassle of cumbersome documents, the Trust Portal provides a seamless solution.

**About ControlMap**

ControlMap was established in 2019 and has helped hundreds of organizations improve their security posture through cybersecurity operations management. The ControlMap SAAS platform is designed to help organizations achieve IT compliance with ease, confidence & reliability. It's the easiest, most complete & turnkey Cybersecurity Compliance Assurance Platform designed for anyone who is starting, looking to scale, or automating their Infosec Compliance & Audit processes.

Learn more at www.controlmap.io

ControlMap Announces the Launch of the Trust Portal, Creating Transparency in Cybersecurity Compliance

Trend Micro research reveals supply chains are key source of risk.

DALLAS, Oct. 11, 2022 /PRNewswire/ -- Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today revealed that 86% of global healthcare organizations (HCOs) that have been compromised by ransomware suffered operational outages.

Most (57%) global HCOs admit being compromised by ransomware over the past three years, according to the study. Of these, 25% say they were forced to completely halt operations, while 60% reveal that some business processes were impacted as a result.

On average, it took most responding organisations days (56%) or weeks (24%) to fully restore these operations.

Ransomware is not only causing the healthcare sector significant operational pain. Three-fifths (60%) of responding HCOs say that sensitive data was also leaked by their attackers, potentially increasing compliance and reputational risk, as well as investigation, remediation and clean-up costs.

Respondents to the study also highlight supply chain weaknesses as a key challenge. Specifically:

*   43% say their partners have made them a more attractive target for attack
*   43% say a lack of visibility across the ransomware attack chain has made them more vulnerable
*   36% say a lack of visibility across attack surfaces has made them a bigger target

The good news is that most (95%) HCOs say they regularly update patches, while 91% restrict email attachments to mitigate malware risk. Many also use detection and response tools for their network (NDR) endpoint (EDR) and across multiple layers (XDR).

However, the study also highlights potential weaknesses, including:

*   A fifth (17%) don't have any remote desktop protocol (RDP) controls in place
*   Many HCOs don't share any threat intelligence with partners (30%), suppliers (46%) or their broader ecosystem (46%)
*   A third (33%) don't share any information with law enforcement
*   Only half or fewer HCOs currently use NDR (51%), EDR (50%) or XDR (43%)

Worryingly few respondents are able to detect lateral movement (32%), initial access (42%) or use of tools like Mimikatz and PsExec (46%)

"In cybersecurity we often talk in abstractions about data breaches and network compromise. But in the healthcare sector, ransomware can have a potentially very real and very dangerous physical impact," said Bharat Mistry, Technical Director at Trend Micro.

"Operational outages put patient lives at risk. We can't rely on the bad guys to change their ways, so healthcare organisations need to get better at detection and response and share the appropriate intelligence with partners to secure their supply chains."

**About Trend Micro**  
Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. www.TrendMicro.com.

SOURCE Trend Micro Incorporated

Quarter of Healthcare Ransomware Victims Forced to Halt Operations

Enterprises seeking asset visibility and security enabled to simplify the procurement process of Armis.

SAN FRANCISCO, Oct. 11, 2022 /PRNewswire/ -- Armis, the leading asset visibility and security company, today announced its availability on Google Cloud Marketplace. This relationship will further enable Armis customers to securely accelerate their digital transformations by scaling solutions, utilizing committed spend, consolidating purchases, and simplifying the overall procurement process of Armis through Google Cloud Marketplace.

According to industry research, CIOs expect their technology budgets to grow by 4.5 percent by the end of this year, a notable increase on the 10-year average of 4.1 percent growth. Cloud computing, cybersecurity, digital transformation, and software updates ranked at the top of the CIOs' priority lists when identifying the drivers of this increased spending.

Google Cloud Marketplace lets users quickly deploy software packages to their Google Cloud environment, with no manual configuration required.

"Google Cloud Marketplace is simplifying the way in which business and security leaders discover, purchase, and manage much-needed cloud solutions, helping to bridge the gap between IT decision-makers and solutions providers, such as Armis," said Jimmy Harkin, VP, Strategic Development at Armis. "We recognized an opportunity to provide customers with much-needed asset visibility through Google Cloud Marketplace. This helps support and secure customers' digital transformation initiatives as these businesses scale. We're extremely excited to be available on Google Cloud Marketplace and are eager to help more organizations seeking our unique expertise."

The Armis Asset Intelligence Platform is an innovative asset intelligence platform providing unified asset visibility and superior security across all asset types, including IT, IoT, OT, IoMT, cloud, and cellular-IoT — both managed and unmanaged. Delivered as an agentless SaaS platform, Armis seamlessly integrates with existing IT and security stacks to quickly deliver the contextual intelligence needed for improving an organization's security posture, without disrupting current operations or workflows. Armis helps customers protect against unseen operational and cyber risks, increase efficiencies, optimize use of resources, and safely innovate with new technologies to grow their business.

"As organizations expand and digitally transform their businesses, they require solutions that help manage the risks associated with managed and unmanaged assets," said Dai Vu, Managing Director, Marketplace & ISV GTM Programs, Google Cloud. "With the Armis platform now available on Google Cloud Marketplace, customers will have great access to cloud solutions and the experts they need to keep their business operations secure as they move along their transformation journey."

The availability of Armis on Google Cloud Marketplace demonstrates the evolution of the relationship between Armis and Alphabet's independent growth fund, CapitalG, which has been an investor in Armis since 2019.

To learn more and purchase Armis on Google Cloud Marketplace, please visit: https://console.cloud.google.com/marketplace/product/armis-public/armis-cloud-marketplace-platform?pli=1

**About Armis**

Armis, the leading asset visibility and security company, provides the industry's first unified asset intelligence platform designed to address the new extended attack surface that connected assets create. Fortune 100 companies trust our real-time and continuous protection to see with full context all managed, unmanaged assets across IT, cloud, IoT devices, medical devices (IoMT), operational technology (OT), industrial control systems (ICS), and 5G. Armis provides passive cyber asset management, risk management, and automated enforcement. Armis is a privately held company and headquartered in California.

Source

DARKReading