Exposed code included private key for Intel Boot Guard, meaning it can no longer be trusted, according to a researcher.

Intel has confirmed the leak of the Unified Extensible Firmware Interface (UEFI) BIOS of Alder Lake, the company's code name for its latest processor — the 12th generation Intel Core processor — which debuted in late 2021. 

According to reports, the Intel UEFI code was first leaked late last week on 4chan, and later GitHub, and it contained 5.97GB of data. It was dated 9-30-22, likely when it was exfiltrated, analysts reported. "In addition, one thing should be noted that the key pairs required by Boot Guard during provisioning stage is also included in the leaked content," researchers from Hardened Vault who analyzed the leaked data explained. 

Researcher Mark Ermolov noted the same thing on Twitter on Oct. 8, adding, "... the Intel Boot Guard on the vendor's platforms can no longer be trusted." 

The researchers at Hardened Vault pointed out the code could be particularly useful for malicious actors who want to reverse engineer the code to find vulnerabilities. 

In a statement provided to Security Week, Intel acknowledged the breach, attributing it to a third-party and downplaying its potential security risk. "Intel does not believe this exposes, or creates, any new security vulnerabilities as we do not rely on obfuscation of information as a security measure," Intel said in a statement. "We are reaching out to customers, partners and the security research community to keep them informed of this situation." 

The Hardened Vault team said it hasn't been able to trace the data back to the leaker but suggested that the developer of the firmware solution, Insyde, might have more information to share. "But it is still impossible to confirm the person who leaked it," the team wrote. "The leak is part of Insyde solution which integrate Intel’s resources. Perhaps Insyde knows more than we do."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Intel Processor UEFI Source Code Leaked

How data-driven security can best safeguard your unique cloud operations.

The cloud is made up of extremely dynamic environments that undergo constant expansion, updating, and change. As such, securing these cloud environments requires an equally dynamic solution, uniquely differentiated from that of traditional, on-premises computing environments. Yet a recent study suggests that 32% of organizations use the same rules, processes, and tools for both on-premises and cloud security.

Using the same rules-based security approaches for the cloud is like trying to force a square peg into a round hole — it won't fit no matter how you spin it, yet far too many enterprises still try. Given their disappointing track record in securing corporate computing, rules-based systems cannot be expected to be effective in the cloud, which is both different and more challenging. The dynamic and vulnerable nature of the cloud requires enterprises to take a new approach: one that views security as a data problem whose solution provides both safety and agility.

**Accept Cloud Security for What It Is: Never the Same Day as Before**

Unprecedented data growth is forcing enterprises around the world to reconsider their data storage infrastructure, forgoing legacy architecture and migrating to cloud platforms. While the cloud promises new levels of efficiency and scale, one of its defining characteristics is constant change. The pace of software iteration is supercharged, with open source building blocks constantly churning, underlying platforms rapidly evolving, and operations horizontally scaling out and vertically tailing. As more computing moves to the cloud, the faster the potential attack surface increases, resulting in more risks and vulnerabilities. Long story short: running an operation in the cloud is an exercise in frantic change management.

The world of traditional business computing no longer exists. The cloud environment is far removed from on-premise's closed-off walls (and soft squishy center) guarded by multiple layers of defense. According to O'Reilly, 90% of organizations use the cloud, and Gartner estimates that over 95% of new digital workloads will be deployed on cloud-native platforms by 2025. Security professionals are facing a completely new landscape. And outdated rules-based approaches to security are only guaranteed to flood operations teams with contextless alerts, leading to poor visibility, guesswork, and fear of the unknown.

Protecting operations in the cloud is fundamentally different from protecting traditional, on-premises computing. The security industry needs to accept this fact and prioritize providing visibility and stability to its customers. By understanding the unique construction of each customer's cloud operations, the defining characteristics of their workload, and the specifics of their computing environment, security professionals can provide the foundation for customers to operate with confidence and agility as they adapt safely to each change. But such a foundation can only be achieved by data-driven techniques and comprehensive analysis.

**Monitoring and Analyzing Anomalies, Not Rules

Traditional monitoring relies on rules that trigger alerts based on known security-related issues, whether or not those issues are relevant to an organization's operations or workload. It's a somewhat backward paradigm: Rather than working to comprehend the organization's operations and maintaining their health, the rule-based paradigm focuses on understanding potential threats, based on general-purpose knowledge of the threat ecosystem. Not only does this approach require security expertise (which can be hard to find), but it also fails to make the security team an enabler that helps corporations be agile by maintaining stability in the face of changes.

When a doctor prescribes medication, a treatment that works for one patient might not work for another. Just as every patient is unique, so is every cloud environment. An organization's cloud operations are not a cookie-cutter concern, but rather a conglomeration of configurations, technologies, tools, and processes that have evolved over time, often with many detours and dusty corners. Therefore, there can be no one-size-fits-all solution to cloud security: What should be permitted, and what should be flagged as a threat or high-risk anomaly, must be based on what constitutes normal behavior in each unique cloud environment.

Fortunately, using modern data processing and machine learning techniques makes it possible to learn the salient, stable aspects of each customer's operations. These techniques mine the torrent of data about customers' cloud activities and separate out the irrelevant, ephemeral noise caused by the cloud's constant churn. From that foundation, the customer can understand the normal, healthy behavior of their operations and highlight any anomalies that might pose a threat, whether to the security or to the stability of their operations.

In particular, this approach can be highly effective in uncovering new threats before they become known, or identifying new threat variants as they appear — since exploit attempts will trigger anomalies, whether successful or not. This last benefit is of critical use in cases such as last year's Log4j vulnerability, where, over weeks and months, a succession of rapidly evolving exploits were reported by 44% of worldwide networks, as corporations struggled to remedy the vulnerability.

Taking a different approach to security in the cloud is not only a technical necessity but also a requirement from a personnel standpoint. Security teams are strapped, with alert fatigue and burnout running rampant. For even the most prepared teams, the operational and maintenance effort can be overwhelming, especially since the results are often dishearteningly lackluster. Any approach that significantly reduces the number of daily alerts can greatly improve morale and productivity. The benefits are even greater if the alerts comprise a handful of security-critical issues and data-driven anomalies, presented in an easy-to-understand context of normal operations.

It's time to let go of the past. Organizations need to say goodbye to traditional, manual rules-based security approaches and adjust for the cloud. Security should be a key concern throughout all stages of cloud software development, from build time to runtime. But cloud security should also not be a barrier that blocks agility. Rather, cloud security should be a foundation that helps maintain stability in the face of change. The best way to ensure this is via a data-driven approach to cloud security that fully accounts for the unique characteristics, structure, and dynamic behavior of each cloud environment.

**

It's Time to Make Security an Innovation Enabler

Skybox Security Cloud Edition ushers in a new era of proactive cybersecurity .

SAN JOSE, Calif., Oct. 11, 2022 — Skybox Security today announced the next generation of its award-winning Security Posture Management Platform – including the industry's first Software-as-a-Service (SaaS) solution for Security Policy and Vulnerability Management. Propelling its global customer base into the next era of proactive cybersecurity, major innovations advance its platform that continuously tests attack feasibility, exposure, remediation options, and compliance across hybrid environments.

"Today, we're delivering on our mission of building the world's leading Security Posture Management platform," said Skybox Security CEO and Founder Gidi Cohen. "Skybox equips customers with the hybrid network modeling, path analysis, and automation they need to reduce the risk of a significant data breach by 55%. Our latest innovations are significant for customers that deploy on-prem, as well as customers that will benefit from our new SaaS solution. The new Skybox Cloud Edition offering capitalizes on the speed, scale, innovation, and productivity benefits powered by the cloud to drive the pursuit of broader digital business opportunities."

**Expansion into Cyber Asset Attack Surface Management**

Challenging the status quo through a dynamic, fresh approach to Cyber Asset Attack Surface Management (CAASM), Skybox visualizes all assets through API integrations, identifies and prioritizes vulnerabilities using proprietary threat intelligence, sees gaps in security controls, and automatically provides remediation options. In addition, significant advancements to the proprietary Skybox network model enable customers to dynamically model operational technology, IT, and hybrid cloud environments – including all networking and security data related to a specific asset.

According to Gartner Research: "CAASM enables security teams to improve basic security hygiene by ensuring security controls, security posture, and asset exposure are understood and remediated. Organizations that deploy CAASM reduce dependencies on homegrown systems and manual collection processes, and remediate gaps either manually or via automated workflows. Organizations can visualize security tool coverage, support attack surface management (ASM) processes, and correct systems of record that may have stale or missing data."1

**Industry's First Solution To Automatically Map Vulnerabilities To Malware Type**

Skybox also introduced the industry's first Security Posture Management solution that connects Vulnerability Management with Threat Hunting. Building on its Exposure Management process that emphasizes publicly known vulnerabilities and identifies control gaps, Skybox now also associates vulnerabilities to malware by name, category, and distinct classes – including ransomware, Remote Access Trojans (RATs), botnets, cryptocurrency miners, trojans, and more.

"Executives and board members want to know if their cybersecurity teams are staying ahead of the latest celebrity malware such as TrickBot, REMCOS, FormBook, AZORult, Ursnif, Agent Tesla, and NanoCore," said Ran Abramson, Threat Intelligence Analyst, Skybox Research Lab. "Powered by Skybox threat intelligence, CISOs have automated analysis that can prove they retired millions of malware and exploits. No other cybersecurity solution can provide customers with our advanced vulnerability prioritization and threat trend reporting."

**Expanded Integrations Eliminate Complexity, Reduce Administrative Burden, and Provide More Effective Cybersecurity**

With over 150 integrations, Skybox Security is the only solution that builds an extensive model of a customer's unique hybrid environment, including all of the customer’s L3 devices. Expanded integrations include:

*   **Amazon Web Services (AWS):** Expanded cloud capabilities include support of AWS firewalls in distributed mode. Reduce risk while validating compliance by eliminating permissive, obsolete, shadowed, and redundant rules.
*   **Cisco Application Centric Infrastructure (ACI):** Adding new capabilities to its Cisco ACI integration, Skybox now delivers granular visibility into ACI Fabric tenants across spanning networking, micro-segmentation policies, and device attributes.
*   **Palo Alto Networks Prisma Cloud:** Furthering its commitment to shift-left security practices, vulnerabilities in container images across DevOps toolchains can now be identified and prioritized for remediation via the Skybox multi-factor risk scoring algorithm.

**Skybox Cloud Edition Accelerates Customer Value With Increased Flexibility, Scalability, Business Agility, and Resiliency**

Skybox Cloud Edition delivers the capabilities of the Skybox Security Posture Management Platform in a Software-as-a-Service (SaaS) offering to unlock additional business agility and resiliency benefits.

*   **First SaaS solution for Security Policy Management**: Leapfrogging the competition, Cloud Edition capabilities reduce software installation maintenance tasks. Streamlined licensing and deployment are designed to meet customer demand.
*   **Advanced Vulnerability and Exposure Management**: With the industry's most flexible deployment options for Vulnerability and Exposure Management (both on-premises and SaaS versions), customers can select the deployment model that aligns with their corporate and regulatory requirements.
*   **Limitless scalability**: Manage security policies, prioritize vulnerabilities, and remediate exposures across the most complex on-premises, cloud, operational technology (OT), and hybrid environments. Automate, verify, and operationalize risk reduction.
*   **Faster deployment options**: Cuts deployment time and reduces the need for procuring hardware, performing testing, and installing updates – enabling customers to unlock value faster. Customers with vast, global environments will reap huge benefits due to the size and diversity of their attack surface.
*   **Instant automatic updates**: Customers benefit immediately from the latest product innovations and platform updates. Upgrades are much less disruptive, with no need for change management resources. Seamless, automated upgrades are critical given the dynamic threat and regulatory landscapes.
*   **Guaranteed availability:** The solution is hosted in AWS for outstanding stability, performance, and guaranteed availability. Additionally, 24/7 monitoring of the tenants, across both the Network Operations Center (NOC) and Security Operations Center (SOC), maintains optimal network performance and performs real-time analysis for continuous threat mitigation.

**Customer Quotes**

"We had endless streams of vulnerability remedial work. Everything seemed extremely important. Hence why we moved to Skybox: Because it gave us exactly the prioritization model we needed." – Director of Cybersecurity, Manufacturing Organization

"The overall visibility that Skybox has given us of the network – that's something we didn't have before. You can't really put a number on that, but it's a massive impact." – Principal Network Engineer, IT Security Company

"They were getting burned out. So, this has changed at least one of my engineers' lives. He actually said it over and over, 'This is the best thing that's ever happened to me.' Had it been anyone else, I doubt we would have kept anyone in that position for long." – Information Security Manager, Financial Services Organization

"Assets that are critical are tracked in Skybox, and the risk is assessed. If there is a vulnerability, we can fix it immediately. It's reflected in Skybox, and we have evidence for future audits." – Information Security Manager, IT Security Company

**Additional Resources**

*   Skybox Security reduces the risk of data breach by 55%, Total Economic Impact™ Study reveals
*   Skybox Security featured in 6 Gartner® Hype CyclesTM, 2022

Skybox Cloud Edition is available now. To learn more about the Skybox Security Posture Management Platform, visit https://www.skyboxsecurity.com/products/security-posture-management-platform/.  
**About Skybox Security  
**Over 500 of the largest and most security-conscious enterprises in the world rely on Skybox for the insights and assurance required to stay ahead of dynamically changing attack surfaces. Our Security Posture Management Platform delivers complete visibility, analytics, and automation to quickly map, prioritize and remediate vulnerabilities across your organization. The vendor-agnostic solution intelligently optimizes security policies, actions, and change processes across all corporate networks and cloud environments. With Skybox, security teams can now focus on the most strategic business initiatives while ensuring enterprises remain protected.

Skybox Security Unveils Industry's First SaaS Solution For Security Policy and Vulnerability Management Across Hybrid Environments

Existing software security firms and new startups tackle the tasks of exposing dependencies and helping developers manage their use of open source components.

With open source code making up about 80% of the average application, application security professionals are urging developers to create pipelines that put software supply chain security front and center.

The push for more clarity about the security of open source components is driving the introduction of tools that go beyond software composition analysis (SCA) and static analysis to give companies better visibility into the makeup of their programs. One area to pay more attention to is the dependencies used to create applications. On Oct. 10, a group of application security specialists took the wraps off Endor Labs, a startup that aims to provide a variety of capabilities that focus on managing dependencies and help reduce the attack surface posed by the vast web of components that make up the typical application.

Current approaches can return tens of thousands of potential security issues, many of which are false positives and only 10% or 20% of which may actually be used by the application, says Varun Badhwar, co-founder and CEO of Endor Labs.

"It turns out that 80 to 90% of those reported vulnerabilities, while they exist in the package version itself, they do not apply to you because your developers are not using that code," he says. "You might have some component with 10,000 lines of code, and your developers are only calling 200 lines because they are using a single function."

Some research has put the estimate of attackable bugs at merely 3%.

**The Problem of Software Supply Chain**

Endor Labs is the latest company to tackle the security of the software supply chain. In March, Sonatype, a provider of software supply chain security tools, introduced more capabilities for the visualization of dependency trees to trace vulnerabilities back to the components that introduced them. And a year ago, a group of former Google employees started Chainguard, which focuses on the entire software supply chain, including asset management, vulnerability management, and software integrity. Other companies — Anchore, Snyk, Synopsys, and Veracode, to name a few — have made recent moves to better address the software supply chain as well.

The goal is for developers to adopt processes and tools that enumerate the dependencies in their applications, detect vulnerabilities in those components, and gain insight into the trustworthiness of the maintainers and projects, says Dan Lorenc, CEO and co-founder at Chainguard.

"We have attacks happening at each and every point along the software supply chain, from the way code gets built, to its deployment, to how it’s run and then packaged and shipped to end users," he says. "Because software supply chain security covers the entire development life cycle, it isn’t like other areas in security where point solutions can solve it."

At present, developers tend to create their code and then scan for vulnerabilities, only discovering poorly coded components long after they made the decision to use the code. Open source software typically makes up anywhere from 70% to 90% of the code included in Web and cloud applications, and the average application requires scores of dependencies, while JavaScript applications average more than 500 dependencies.

**Adding Visibility**

Current tools provide little value or input into the developer's selection process, so development teams need more visibility into the components making up their supply chains, Endor Lab's Badhwar says.

"Let's be honest — a developer's best friend today is Google," Badhwar says. "If a product manager comes to a developer and says, 'Build me feature X,' one of the first things the developer does is go to Google and search for a package or a dependency that accelerates their development."

Some developers may go as far as looking at the number of GitHub stars — using the package's popularity as a proxy for trustworthiness — and may even read about the software on the discussion forums of HackerNews, Reddit, or StackOverflow, he says.

Endor Labs expands the dependency management process into companies' DevOps pipeline and even down to the developer's IDE, giving developers and application security teams information on the security of the components. The platform also allows application security teams to set policies that will be enforced during the selection process, Badhwar says.

The approach helps push companies beyond their focus on software bills of material (SBOMs). Because government agencies require the information, the software manifests have taken off as software makers comply with regulations.

Yet while SBOMs are a helpful step along the path to more security software, they are generated at the end of the application release cycle, so they don’t actually help manage the risk, says Brian Fox, co-founder and chief technology officer at Sonatype.

Organizations instead need capabilities to effectively manage the life cycle of dependencies, starting from the far left side where developers select new dependencies, he says.

"It is only with a deep organizational understanding of your overall bill of materials that you can better arm your software for the next zero-day disclosure," Fox says. "Our data shows that organizations who actively manage their supply chains have dramatically better outcomes and response times than those who do not."

Dependency Management Aims to Make Security Easier

DigiCert ready to help smart home device manufacturers achieve Matter compliance rapidly and at scale.

(LEHI, Utah) – (October 11, 2022) — DigiCert, Inc., the world’s leading provider of digital trust, announced today that its Root Certificate Authority (CA) is approved by the Connectivity Standards Alliance (Alliance) for Matter device attestation. As the first Matter-approved root CA, also known as a Product Attestation Authority (PAA), DigiCert can now provide rapid time to market for smart home manufacturers looking to earn the Matter seal on their products.

A multi-year participant in Matter, DigiCert contributed its expertise to the security and attestation components of the standard and has the scalable technology to enable an efficient path to compliance.

“The introduction of Matter to the smart home industry is an exciting move that improves interoperability between devices and raises the bar for security, creating a more efficient and secure experience for consumers,” said DigiCert VP of IoT Security Mike Nelson. “DigiCert has been involved in building the Matter standard for several years, and we’ve already helped many leading companies evaluate their device attestation procedures using our test Certificate Authority. Now, with our PAA approved for production, we are ready to help customers save time in achieving Matter security compliance.”

Matter participants may gain the following benefits by partnering with DigiCert:

*   Accelerate time to market in achieving Matter compliance.
*   Save money by avoiding the costs of technology, maintenance, staffing and ongoing compliance.
*   Enjoy flexible deployment options, including on-premises, hosted or batch issuance.
*   Simplify management of device attestation certificates and product attestation intermediates through the DigiCert® IoT Device Manager.
*   Gain efficiencies using a scalable platform to sign and secure device updates.

Matter is an industry-led effort of the Alliance bringing together the world’s leading manufacturers to achieve secure, reliable and seamless use of smart home devices. Matter enables IP-based networking and communication across smart home devices, mobile applications and smart home ecosystems. Matter devices offer consumers assurances of secure use through a consortium-led standard for authenticating device identity that only allows Matter-certified devices to connect to the network.

“DigiCert has been an integral part of the development of the attestation policy for the Matter release and its inherent improvements in the security of the IoT space,” said Chris LaPre, Director of Technology at the Connectivity Standards Alliance. “Device attestation allows existing Matter devices to locally confirm new ones when they have been recognized by the local network, and quickly remove non-compliant devices when needed. Consumers are no longer under the burden of ensuring new devices are secure; it happens automatically.”

Manufacturers looking to gain efficiencies of scale, rapid time to market and Matter device attestation expertise may learn more at: https://www.digicert.com/iot/matter-iot-device-certification.

Additional information is available via the following:

Setting the New Standard for Trust in Smart Home with Matter

Becoming Matter Compliant: Why You Shouldn’t DIY PKI

Matter: The Standard of the Future

Matter Compliance: Understanding and Implementing Device Attestation Certificates

**About DigiCert, Inc.**  
DigiCert is the world’s leading provider of digital trust, enabling individuals and businesses to engage online with the confidence that their footprint in the digital world is secure. DigiCert® ONE, the platform for digital trust, provides organizations with centralized visibility and control over a broad range of public and private trust needs, securing websites, enterprise access and communication, software, identity, content and devices. DigiCert pairs its award-winning software with its industry leadership in standards, support and operations, and is the digital trust provider of choice for leading companies around the world. For more information, visit digicert.com or follow @digicert.

DigiCert Root CA Approved for Matter Device Attestation by Connectivity Standards Alliance

REDWOOD CITY, Calif., Oct. 11, 2022 /PRNewswire/ — Delinea, a leading provider of Privileged Access Management (PAM) solutions for seamless security, today released _Cloud Server Privilege Management for Dummies_, a new eBook immediately available in print and digital editions. The complimentary resource puts best practices for cloud server security front and center to simplify complexities around securing access to business-critical resources.

According to the 2022 Thales Cloud Security Report, 45% of businesses have experienced a cloud-based data breach or failed audit in the past twelve months, suggesting that almost half of organizations are highly vulnerable to cloud server security breaches. Server security is critically tied to securing accounts and their associated entitlements for logging into machines and running privileged commands and applications.

"While the pandemic was a call to action for many organizations to expedite their cloud initiatives, most were already moving towards multi-cloud and hybrid infrastructure," said Tony Goulding, Senior Director, Technical Product Marketing at Delinea and co-author of the new Dummies book. "What many had not been focusing on as part of their efforts was shifting from a reactive to proactive security posture when it comes to privileged access management of cloud resources. This book helps any organization protect distributed IT server infrastructure in hybrid- or multi-cloud environments to reduce risk."

As with other editions in the popular Dummies books series, _Cloud Server Privilege Management for Dummies_ helps guide IT professionals in clear language and with examples to help them tackle some of their biggest cloud server security challenges, including:

*   Getting visibility into assets and permissions to facilitate proactive risk mitigation with granular controls
*   Reducing lateral movement between cloud resources to minimize the possibilities of data exfiltration or encryption for ransom in case of breach
*   Enforcing least privilege with a zero trust approach to ensure authenticated, legitimate users only have access to what they need, when they need it

"Time and again we see that the biggest risks to organizations are typically related to over-privileged users, standing privileges on resources, and not understanding the shared responsibility model when it comes to cloud," said Chris Smith, Chief Marketing Officer at Delinea. "This Dummies book clearly lays out how to address all of those areas of concern in one free resource."

Delinea offers a range of complimentary informative resources to further help organizations secure their on-premises, multi-cloud, and hybrid infrastructure, including six additional Dummies books, educational publications, whitepapers, tools, blogs, and more.

Visit delinea.com/resources to download _Cloud Server Privilege Management for Dummies_ and more.

**About Delinea  
**Delinea is a leading provider of privileged access management (PAM) solutions that make security seamless for the modern, hybrid enterprise. Our solutions empower organizations to secure critical data, devices, code, and cloud infrastructure to help reduce risk, ensure compliance, and simplify security. Delinea removes complexity and defines the boundaries of access for thousands of customers worldwide. Our customers range from small businesses to the world's largest financial institutions, intelligence agencies, and critical infrastructure companies. Learn more about Delinea on LinkedIn, Twitter, and YouTube.

Delinea Releases 'Cloud Server Privilege Management for Dummies' eBook

Investment led by Section 32 will be used to scale the product and team.

MOUNTAIN VIEW, Calif., Oct. 11, 2022 — Stairwell, a company that empowers security teams to outsmart any attacker, today announced a $45M Series B capitalization. The funding round was led by Section 32, with additional investments from Sequoia Capital, Accel, Lux Capital, Gradient Ventures, and angel investors Eric Schmidt and Michael Ovitz. This brings Stairwell’s total funding to date to $69.5 million as it looks to scale its flagship product, Inception, to become the most powerful continuous intelligence, detection, and response solution available.

“New vulnerabilities are discovered daily, and continuous monitoring, threat hunting, and response are needed for around-the-clock efforts to secure the enterprise. Our goal is to plug these gaps, while simultaneously strengthening organizations’ overall security stack via capturing, storing, and analyzing all executable files across their environment,” said Mike Wiacek, CEO and Founder of Stairwell. “This Series B reflects the confidence investors feel in Inception and Stairwell’s mission to enable security teams to take back control of their data and stay one step ahead of even the most advanced attackers.”

Following deals with key customers and MSSP partner Cyderes earlier this year, this Series B will enable Stairwell to meet increased demand for new Inception features as malware attacks continue to rise. By scaling the Inception platform, Stairwell will create a more intuitive and integrated experience for increased customer success in securing their organizations against any emerging malware threats, including supply chain attacks.

“The platform Stairwell has built is making a huge impact for security teams, and the company is led by some of the sharpest minds in cybersecurity,” said Andy Harrison, Managing Partner at Section 32. “The power and advanced capabilities of the Inception platform are clear to customers and partners, and it's rare to find a company with such a strong combination of product, engineering, customer focus, and executive leadership.”

This funding will also play a critical role in the expansion of Stairwell’s team. Since the Series B round closed, Stairwell has increased headcount by 100%, with plans to add significantly more employees this year. These hires will include specialized engineers to bring more functionality to Inception as a whole. Notable recent appointments within the company include Brian Lee as Vice President of Marketing and Eric Byrd as Head of Enterprise Sales.

Lee has spent the last decade at Ogilvy working with some of the most famous technology brands in the world, from large Fortune 500 companies (Google, Samsung, Qualcomm, Cummins) to exciting, high-growth start-ups. His vision for Stairwell’s marketing arm is to drive holistic growth for the company, building an enduring brand complemented with a robust marketing machine to drive awareness using the latest technology, data, and techniques.

“As a marketer, the best asset you can have is a good company and product. That’s what initially drew me to Stairwell,” said Lee. “We have a differentiated, innovative product in a category growing in importance. Add to that the incredible pedigree of our team, top investors, and positive business momentum. I knew from my first conversation with Mike Wiacek that I had to be a part of this company’s trajectory as Vice President of Marketing.”

Byrd comes from Red Canary, where he led a team of Senior Enterprise Account Executives across the Northeast and Southeast regions of the United States in securing new customers for security solutions. At Stairwell, Byrd will lead the sales team in identifying Stairwell’s next customers who will make significant strides in their security goals by partnering with the company.

“I've been really lucky to work with many incredible teams, so I've learned what it takes to build a strong security business that continues to improve its capabilities for customers as you grow,” said Byrd. “Understanding what leading security teams expect from their partners has prepared me to deliver exceptional service for Stairwell’s customers so they can take their security teams to new heights.”

For more information on the roles Stairwell is currently hiring for, please visit www.stairwell.com/careers.

**About Stairwell  
**Stairwell helps organizations with security solutions that attackers can't evade. Its Inception platform empowers security teams to outsmart any attacker by providing continuous intelligence, detection, and response. The Inception platform is used by a number of Fortune 500 companies. Stairwell is comprised of security industry leaders and engineers from Google and is backed by Sequoia Capital, Accel, Section 32, Lux Capital, and Gradient Ventures. For more information, visit www.stairwell.com or connect with us on Twitter or LinkedIn.

Stairwell Announces $45M Series B Funding Round

Pen testing solutions to empower businesses to proactively address application security vulnerabilities amid surging threats.

CHICAGO, Oct. 11, 2022 /PRNewswire-PRWeb/ — Today, Outpost24 announced the introduction of its Penetration Testing as a Service (PTaaS) solutions to the North American market to better empower businesses to understand and address threats in their web application attack surface. Outpost24's PTaaS solutions provide companies with on-demand, continuous monitoring, ensuring organizations are fully protected against threats in their application attack surface.

Web application attacks accounted for roughly 70% of security incidents in 2021, making application security a top priority. While penetration testing provides an effective way to detect application flaws before they turn into a serious threat, in the always-on economy, traditional penetration testing is no longer enough. Traditional penetration testing solutions often require long and disruptive set-up times and usually only examine a specific and isolated point in time - insufficient when application code changes multiple times per day.

Outpost24's PTaaS is a modernized approach to penetration testing with continuous, real-time monitoring. Additionally, providing customers with direct access to a team of penetration testers and a knowledge base to address vulnerabilities, it allows IT and development teams to remediate quickly and efficiently, making it well-suited for agile organizations who need a more flexible approach to review and secure web application code at scale. 

"In an agile application development cycle, security is imperative - but it can also be a roadblock," said Eren Cihangir, Product Engineer, Outpost24. "Outpost24 is meeting a critical gap in the market by providing ongoing monitoring to secure applications as they evolve while also saving developers time so they can stay focused on their real priority: Innovation."

Outpost24 PTaaS includes annual or project-based packages depending on an organization's priorities, including:

*   SWAT: Outpost24's flagship PTaaS offering that combines continuous monitoring with manual penetration testing to ensure continuous  
    protection for the most prevalent software vulnerabilities

*   Snapshot: A time-boxed PTaaS offering that provides on-demand penetration testing and deep analysis of web applications with expert  
    validation, support, and re-testing services for 30 days For more information about Outpost24's PTaaS offerings, check out outpost24.com and contact us today.

**  
About Outpost24**  
The Outpost24 group is pioneering cyber risk management with vulnerability management, application security testing, threat intelligence and access management - in a single solution. Over 2,500 customers in more than 65 countries trust Outpost24's unified solution to identify vulnerabilities, monitor external threats and reduce the attack surface with speed and confidence. Delivered through our cloud platform with powerful automation supported by our cyber security experts, Outpost24 enables organizations to improve business outcomes by focusing on the cyber risk that matters.

Outpost24 Announces Expansion of Penetration Testing Offerings to North America

Australian IT services provider Dialog has announced a breach, making it the third telecom company in the area compromised in less than a month.

First it was Optus, followed by Telstra. Now, a third Australian telecom company has disclosed it was breached — this time it's Dialog, an information technology services provider with a sizable market share of Aussie customers in both the public and private sectors. 

Dialog, a subsidiary of SingTel, said its servers were compromised on Sept. 10, and although initial investigations showed no signs of exfiltrated data, on Oct. 7, a sample of the company's employee personal data was available on the Dark Web. 

Dialog said it is still investigating the incident further. 

Just days before, Australia's largest telecom carrier, Telstra, announced its own breach, of personal and sensitive employee information, going back to 2017. 

Telstra's major competitor, Optus, was also recently targeted in a massive cyberattack, which successfully stole the personal information of nearly 10 million customers across Australia. Optus, also a SingTel subsidiary, first announced the cyberattack on Sept. 21, which then drew the attention of the FBI. 

Days later, the cybercriminals withdrew their ransom demand of $1 million, explaining there were "too many eyes" on the data. But before the attackers had a change of heart, they leaked more than 10,000 customer records, reportedly as proof of what they had. 

The attackers later apologized for leaking the stolen info. 

**Telcos Historically Draw Advanced Attacks**

Telecommunications companies will always be an attractive target for cybercrime because of the vast amounts of data they gather, process, and store on their customers, Erfan Shadabi, a cybersecurity expert with Comforte AG tells Dark Reading. 

"However, they have an obligation to keep this sensitive customer data safe and out of the hands of the wrong people, obligations that are both ethical and regulatory in nature. The outcome of not doing this is exactly what these companies face now," he adds.

John Bambanek, principal threat hunter with Netenrich, agrees, adding that IT providers, managed service providers (MSPs), managed security service providers (MSSPs), and telcos have always been prime targets from advanced threat actors. 

"These companies have privileged access so its easy to go from point A to points B through Z immediately," Bambanek explains to Dark Reading. He adds that intelligence services like the National Security Agency (NSA) also regularly turn the focus of their operations to telecommunications service providers because of the wealth of sensitive data inside their systems. 

"Eventually, targeting priorities and techniques filter from the intelligence world into sophisticated cybercriminals such as ransomware groups," Bambenek says. "Ultimately, the math is the same. Why attack one target and have only one victim when you can attack one target and have many victims? More victims means more money."

High-Value Targets: String of Aussie Telco Breaches Continues

It's not too early for firms to start preparing for change.

The days and weeks that follow a security incident are never easy. Executing incident response investigations to determine what led to the event, while simultaneously grappling with potential operational disruptions, reputational damage, and dealing with concerns from customers and investors takes time.

Following a security incident, executive leaders and their security teams are faced with a host of questions: How and where did the attacker enter our network? Did data exfiltration occur? And most importantly: Has the attack been contained and vulnerabilities mitigated? The incident response process is a rigorous one and can take many weeks to successfully conclude. However, this process may be about to become even more complex, particularly for public companies.

Earlier this year, the US Securities and Exchange Commission (SEC) announced proposed amendments to its security incident disclosure requirements for public companies. If these requirements are formalized into law, one of the most notable proposed changes will require companies to disclose material security incidents within four business days of their occurrence — "material" meaning anything that could impact an individual's decision to buy, hold, or sell a company's stock.

Specifically, the proposal would require:  

*   Form 8-K disclosure updates reporting any material cyber incident to be filed within four business days
*   Periodic disclosures regarding the following: Updates about previously reported material cybersecurity incidents; company policies and procedures to identify and manage cybersecurity risks; management's role in implementing those policies and procedures; board of directors' cybersecurity expertise and risk oversight.

**An Array of Challenges**

These proposed SEC disclosure requirements present an array of challenges. First and foremost, very few incident investigations are completed within four days. In most situations, executive leadership teams and security teams won't fully grasp the extent of their "material" damages until much later. Currently, depending on the severity of an event, it can take weeks to fully contain, remediate, and measure the effects of the damage. Following this, it can take months for further forensic investigations.

Determining if the event rises to the level of material impact can realistically happen only after all of these steps are taken. However, if there's a four-day time limit imposed by the SEC, organizations will have to immediately consult with legal advisers to decide what needs to be disclosed publicly, and how to do so in the most pragmatic manner.

By adding this obligatory disclosure clause, the SEC could severely disrupt incident response. Most firms will not know if a material event has occurred within this timeline, and many will feel compelled to admit damages prior to the conclusion of an investigation. Firms undergo many nonmaterial cybersecurity events every year. A short disclosure timeline will only inspire panic and negative public scrutiny.

**Containment and Remediation**

The bigger threat, however, is the proposed law's implications on the containment and remediation phases of the incident response process. Once a security incident occurs, IT and security teams work tirelessly to repair systems and lock attackers out. The new SEC proposal could significantly interfere with this activity, requiring members of those teams to meet with directors, officers, law enforcement, legal counsel, members of the media, SEC investigators, investment analysts, and customers, all of which will take focus away from mitigating the incident itself.

This could lead to unpatched vulnerabilities or allowing attackers to further penetrate an organization's network. It may also jeopardize any investigations being conducted by law enforcement, who typically will ask to postpone any public disclosure so as not to compromise their work, and until after they have made any arrests.

While the four-day disclosure rule is the most significant proposed change, the requirement to provide updates on _previously_ disclosed material incidents is also noteworthy. Up until now, there has been no formal external reporting required for previous security incidents and events, except for the most high-profile breaches that have already made headlines. This element of the law would create a new scope of work for public companies, forcing them to upgrade their level of reporting and documentation — a new task that promises to be difficult to manage and expensive to execute.

While the comment period for the proposed new rules has already passed and we should expect to see final regulations published soon, there are a few measures organizations can implement to prepare themselves, should these proposals be implemented as originally published in the federal register:

*   Create a robust and comprehensive incident response process, one that outlines clear disclosure policies and procedures in the event of a security incident.
*   Have the right partners in place, specifically compliance consultants and legal counsel that understand security and data privacy.
*   Consider adding an executive leader to the security team focused on incident response to maintain operational command while the CISO is called away to liaise with SEC investigators, the press, customers, and investors.
*   Set aside budget for settlements and litigation.
*   Ensure your CISO or equivalent is covered under your officer and director insurance.

While we await the final verdict from the SEC, it is important that firms begin scoping out the resources they'll need to deploy in handling these new regulations, specifically the investor and government relations portions of the disclosure. Much like there are playbooks and plans for the actual security incident, there now also needs to be a plan in place for ensuring compliance with all disclosure requirements.

Source

DARKReading