CMS helps minimize the impact a cyberattack has on business operations, finances and reputation.

SAN FRANCISCO, June 6, 2022 /PRNewswire/ -- As organizations grow and evolve, so does the threat of cyberattacks. This creates the need to readily identify and protect critical security assets as part of an effective cyber strategy. To help clients strengthen their resiliency in this area, Optiv — the cyber advisory and solutions leader — today launched its new Cyber Recovery Solution (CRS) at the RSA Conference.

Optiv, the cyber advisory and solutions leader, has launched its Cyber Recovery Solution (CRS). Focused on protection and rapid recovery, CRS enables organizations to be resilient during data loss events and helps them get back to business faster.

Optiv's CRS helps organizations get back to business faster by providing strategic and tactical advisory and technology solutions for cyber readiness while enabling rapid recovery to a secure state. CRS identifies and prioritizes the protection of critical assets through automated workflows that backup business-essential data, systems, and applications and supports the implementation of a vaulted, data-isolated, air-gapped backup solution that reduces the risk of data loss.

**Key Benefits of CRS:**

*   **Business/technology alignment:** Identify, prioritize and build a cohesive connection between business and technology.
*   **Enhanced recovery:** Create custom playbooks, defined in advance of an incident, to enable rapid recovery to a secure state.
*   **Reduced risk of business impact:** Minimize the impact a cyberattack has on business operations, finances and reputation.
*   **Cyber resilience:** Build a framework that anticipates and efficiently responds to cyberattacks for better business continuity.

CRS is part of Optiv's holistic approach to cybersecurity and information technology, where business operations are connected with the technology that enables it. CRS is applicable to Zero Trust initiatives, Managed Extended Detection and Response (MXDR) capabilities, supports cyber insurance requirements and more. The application of CRS runs across all technology domains and security initiatives.

"Cyber resiliency is no longer just an IT problem. It's an opportunity for every organization, starting at the top, to implement tools like CRS to better identify threats while readily protecting its security posture," says David Martin, executive vice president and chief services officer at Optiv.

As part of CRS, Optiv works with clients to identify and classify mission-critical business processes, visualizes and prioritizes supporting systems, data and applications, and then develops step-by-step playbooks to quickly restore technology assets. This allows business operations to continue with minimal disruption when a cyberattack occurs. Organizations utilizing CRS can create a stronger cyber resilience framework.

"What matters most today is being able to reduce risk to your business from any threat, in any form" said Jessica Hetrick, senior manager, cybersecurity and enterprise resilience at Optiv. "CRS helps you proactively identify, prioritize and protect critical assets in your environment. This informs your ability to detect, respond and subsequently recover when a cyberattack happens — culminating in a truly resilient organization that can better withstand the most advanced cyber threats."

**Explore More About CRS:**

*   CRS Field Guide
*   CRS Infographic
*   CRS Service Brief
*   Video: CRS Explained

For the latest news and updates from Optiv, visit https://www.optiv.com/newsroom/. **Follow Optiv**  

https://www.optiv.com/explore-optiv-insights/blog

**Optiv Security:** **Secure greatness.™**

Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to more than 7,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.

Optiv Launches Cyber Recovery Solution Focused on Protection and Rapid Recovery

New SmallID offering brings cloud-native data privacy and protection to organizations of all sizes.

SAN FRANCISCO, June 6, 2022 /PRNewswire/ -- BigID, the leading data intelligence platform that enables organizations to know their enterprise data and take action for privacy, security, and governance, today announced the availability of SmallID: the first pay-as-you-go cloud data security platform.

Now more than ever, the world runs on data - and it's difficult to have a clear understanding of all data assets across the company.  On top of that, evolving data protection and privacy regulations means that accumulating data without proactively protecting introduces more risk than ever. 

SmallID brings cloud-native data privacy and protection to organizations of all sizes, making it easy to find and mitigate risk across their entire cloud environment. Customers can easily reduce their attack surface, identify high-risk data, and automatically discover dark data across the cloud - without impacting business.  

Customers can now use the first on-demand cloud data security platform to manage their cloud risk posture, by benefitting from years of ML innovation from BigID, packaged up in a lightweight, on-demand platform in SmallID.

With SmallID, customers can:

*   Automatically discover and classify their data by sensitivity, type, regulation, policy, and more
*   Drastically reduce their attack surface
*   Identify shadow data and dark data
*   Improve security posture across the cloud
*   Simplify regulatory compliance with a data-first approach

"Cloud-native organizations leave themselves vulnerable to bad actors and a host of other complex issues when they don't have insight into what kind of data they are collecting," said Tyler Young, Chief Information Security Officer at BigID. "SmallID is a huge step forward for organizations of all sizes to have on-demand cloud protection that reduces the attack surfaces through allowing teams to identify and mitigate risk across their entire cloud environment."

Visit BigID at RSAC 2022 to see SmallID in action, or try it for free today.

**Learn more:**

*   Visit BigID's Data Protection HQ at RSAC2022 - save your spot
*   Visit SmallID-sponsored Cloud Data Security Panels June 7 & 8, with CISO led discussions from Amplitude, Blackstone, Clearsky Cybersecurity, Datadog, Highspot, Optiv, Relativity, Servicenow, ServiceTitan, Wiz, and more
*   Visit Booth #4529 in the North Expo Hall

**About BigID**

BigID's data intelligence platform enables organizations to know their enterprise data and take action for privacy, protection, and perspective. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, a Business Insider 2020 AI Startup to Watch, and an RSA Innovation Sandbox winner. Find out more at https://bigid.com.

BigID Introduces Cloud Data Security On Demand

Randori’s attack-surface management software will be integrated into IBM Security QRadar extended detection and response (XDR) features.

RSA CONFERENCE 2022 – San Francisco – IBM plans to purchase attack-surface management firm Randori in a move that ultimately will expand IBM's extended detection and response (XDR) family of products to incorporate the "attacker's view" of the IT infrastructure.

The buy also will bolster IBM's X-Force with automated red-team functions and add to IBM's threat detection services within its Managed Security Services, the company said.

Randori, which is backed by Accomplice, .406 Ventures, Harmony Partners, and Legion Capital, offers visibility into on-premise and cloud exposure, including risk prioritization features. This is IBM's fourth acquisition of the year.

"Our clients today are faced with managing a complex technology landscape of accelerating cyberattacks targeted at applications running across a variety of hybrid cloud environments – from public clouds, private clouds and on-premises," said Mary O'Brien, general manager at IBM Security, in a statement. "In this environment, it is essential for organizations to arm themselves with attacker’s perspective in order to help find their most critical blind spots and focus their efforts on areas that will minimize business disruption and damages to revenue and reputation."

Financial terms were not disclosed. The deal is expected to close in the coming months, pending closing conditions and regulatory reviews.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

IBM to Buy Attack Surface-Management Firm Randori

But valuations have dropped — and investors are paying closer attention to revenues and profitability, industry analysts say.

Cloud security vendor Lacework's recent announcement that it will reduce head count as part of a restructuring plan — just months after it secured $1.3 billion in a record-setting funding round — may have shocked the high-flying cybersecurity sector, but industry analysts say the layoffs do not signal any broad, imminent industry slowdown.

General economic conditions appear to have made investors a bit more cautious, however: Private equity (PE) investments — which accounted for nearly 40% of merger and acquisition activity last year — are down compared with the same period in 2021, as are company valuations overall.

Even so, M&A and venture capital activity in the cybersecurity industry remains robust and shows little sign of a major slowdown. Just in the last few days, for instance, ReliaQuest announced plans to purchase Digital Shadows for $160 million; Netskope acquired WootCloud for an undisclosed sum; and Lookout acquired SaferPass. In late May, Broadcom announced its intent to buy VMware for $61 billion in a deal that, if approved, will bring VMware's Carbon Black security under Broadcom's roof.

**Multiple Drivers**

"There are multiple dynamics at play for M&A" activity in the cybersecurity space, says Fernando Montenegro, an analyst with Omdia. "The established vendor being acquired for their cash flow. The adjacent technology being acquired by a security vendor to enter a market. The technology tuck-in and/or 'acqui-hire' into an existing vendor," he adds. Expect VCs, private equity, and corporate development teams to be a little more cautious, but still active, he notes.

"The industry has had a strong pace of acquisitions and fundings over the years, and we expect that to continue," Montenegro says. "What is changing is that there appears to be much more focus on demonstrating actual capabilities and momentum while being mindful of run rate."

There's also the understanding that too-large funding rounds raise expectations on delivery that may be more difficult to attain in a tightening economic environment, he notes.

Richard Stiennon, chief research analyst at IT-Harvest, says Lacework's decision to downsize and restructure may, in a way, be the result of its own success. The company experienced hypergrowth of some 272% last year and went on a hiring spree. After that, the company might have thought it wise to pause and consolidate while it catches up with expectations on sales growth, Stiennon explains. "There is categorically no broad consolidation in cybersecurity and there will not be until threat actors give up and go home," he says. "We will always need new ways to counter new threats."

That said, the antivirus space for the first time is now truly consolidating, according to Stiennon. Thanks to Microsoft giving away good-enough security with Windows Defender and the availability of stronger endpoint protection capabilities from vendors such as CrowdStrike and SentinelOne, the traditional AV vendors are fading away, he says.

**Fast and Furious Pace**

Data that S&P Global Market Intelligence compiled earlier this year showed there were 42 cybersecurity transactions through March 18, 2022, with a median deal value of some $97 million. Google's $5.4 billion purchase of Mandiant was easily the biggest of those deals and accounted for most of the $6.77 billion in total transaction value of announced deals in the cybersecurity industry through that date. In comparison, there were 36 transactions over the same period in 2021, with a median deal value of $185 million. In all, in the first quarter of 2022 there were 59 deals compared with 49 last year. But total deal value at $9.3 billion was significantly smaller than last year's $17.6 billion, according to S&P Global Market Intelligence.

Rising interest rates, inflation, and concerns over potential economic headwinds appear to have driven down security vendor valuations compared with last year, says Garrett Bekker, an analyst with S&P Global Market Intelligence. Even so, investors appear willing to pay hefty multiples to acquire security firms and the appetite for buying them does not appear to have diminished significantly, he says. That's because most existing drivers remain in place, such as cloud adoption, the move to zero-trust access models, and the proliferation of ransomware and other malware.

One potential red flag is the slowdown in private equity investments so far this year, Bekker says. For the past two decades, there has been a steady increase in PE-funded mergers and acquisitions — from 40 in 2002 to 80 in 2010, and 209 in 2021 — or 37% of all transactions in the space, he says. There has been a near 20% drop-off in PE transactions in 2022 compared with the same period last year, Bekker says. 

"It's a fairly large drop-off," he notes. "We'll be looking to see whether that persists or is an aberration."

**Closer Scrutiny**

Speculation about potential recession and recent turmoil with tech equities is causing venture investors to scrutinize funding more carefully, says Joseph Blankenship, an analyst with Forrester Research. Many investors are also advising the firms they've invested in to slow their burn rate and concentrate on building revenue, with an eye toward profitability. "I do predict that the increased scrutiny, reduced risk appetite, and decreased funding will lead to fewer startups entering the cybersecurity market." It will also push existing firms to find faster exits.

"What we’re seeing now is a continuation of the M&A activity," Blankenship says, At the same time, he adds, buyers are looking to consolidate vendors and the technology portfolios from major cybersecurity vendors are more attractive than they've been previously.

Cybersecurity M&A Activity Shows No Signs of Slowdown

The buzz on the show floor during RSA Conference is about aligning the organization's security priorities with the right technology. Will Lin, managing director and founding member at Forgepoint Capital, weighs in on the biggest security priorities for 2022 — and what kind of tech senior-level executives are looking for.

At Forgepoint Capital, I have the unique, ongoing privilege of asking for help from the best and brightest in the cybersecurity space. Aggregating insights from a variety of expert sources provides a clear view of what works, what doesn’t, and where the industry is headed.

Our recent CISO Security Priorities Model report goes a step further and democratizes access to information on cybersecurity priorities and trends. For the report, we surveyed senior-level executives (CISOs, CIOs, CSOs, CTOs, CDOs, etc.) across different sectors and organization sizes.

The survey revealed several interesting patterns on cybersecurity spend, differences between small and midsize (SMB) business and large enterprise priorities, and the strategic direction organizations expect to take over the next several years. The goal of the report is to answer these three questions for 2022:

*   What are CISOs top security priorities?

*   What NIST cybersecurity framework priorities are CISOs focused on?

*   What areas of control are CISOs focused on?

Key insights from the report include:

*   **Large enterprises are focused on digital transformation and incident response, and SMBs are focused on people.** While some overlap exists in security concerns across organizations of all sizes, there are stark differences between priorities for large enterprises and SMBs. For example, CISOs at large enterprises report incident response as a top priority, while that was near the bottom of the list for SMBs. SMBs tend to prioritize human aspects of cybersecurity, such as talent development and security awareness instead.

*   **Cloud and digital transformation is now a CISO priority.** Cloud and digital transformation have traditionally been the domain of CTOs and CIOs. CISOs at large enterprises are now reporting cloud, business, and digital transformation as their top priority, so clearly that paradigm has shifted.

*   **CISOs are spending on areas where they can make a measurable impact.** Security budgets are growing — 76% of CISOs expect to see a security budget increase — and organizations are being very intentional with their spend. Decision-makers are prioritizing areas where they can see ROI and impact. In practice, that means focusing on areas where teams can move quickly, which tends to vary by industry. For example, security hygiene is a key focus for professional services, while healthcare is prioritizing software supply chain security and third-party risk.

*   **New areas of control are growing in popularity.** Traditional security control areas like network, endpoint, identity, and data remain important priorities for many enterprises. However, digital transformation is bringing new areas of control to the forefront. Specifically, DevSecOps (54%) and cloud, infrastructure, and APIs (62%) were leading areas of control organizations plan to prioritize.

*   **Vendors and organizations both aim to address key NIST functions.** According to the cybersecurity leaders we surveyed, the three most popular NIST cybersecurity framework priorities for 2022 are protect, detect, and identify. Interestingly, this overlaps with the focus of security vendors placing an emphasis on visibility in their products. While this overlap may be explained by mutual interest between enterprises and vendors, it could also suggest a lack of products that focus on response and recovery.

Additionally, some of the most interesting insights were the more nuanced tactical challenges facing CISOs. For example, while identity is still a top priority for many organizations, finding talent with the requisite skills across major cloud providers is proving to be a challenge for some. An AWS security engineer may not be familiar with GCP or Azure. Often, those real-world pain points are where innovation in the space can have a significant impact.

That’s just the tip of the iceberg when it comes to what we’ve learned in our survey of cybersecurity leaders. 

Here is Forgepoint Capital's full report.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

The CISO Shortlist: Top Priorities at RSA 2022

A single compromised Slack account can easily be leveraged to deceive other users and gain additional access to other users and multiple Slack channels.

When organizations moved to hybrid work at the beginning of the pandemic, Slack offered a crucial way for teams to collaborate efficiently regardless of physical location. But in most organizations, Slack is a relatively new solution, bringing the typical challenges of adopting new technologies — related to culture, functionality, expected user behavior, and, of course, security. For many organizations, Slack is now the primary communication channel, replacing email and knowledge management repositories. As a result, Slack increasingly contains more sensitive information than those traditional systems.   

Before diving into the challenges, let's be clear: Slack invests substantial resources into securing its infrastructure, platform, and the software itself. Nonetheless, like any other technology platform, Slack can serve as a basis for attacks by taking advantage of built-in features, insecure usage, or misconfigurations. And while established collaboration and communication platforms have an entire ecosystem of security solutions and best practices, Slack has only a small subset of these solutions and practices in place.

Slack offers an open and collaborative culture, so while years of phishing attacks created users suspicious of unusual emails, few suspect a message from a co-worker on Slack. Therefore, compromising a single account in Slack can easily be leveraged to deceive other users and gain additional access — not only to other users but to multiple channels. Most organizations leave many channels public to encourage participation and share knowledge as part of the Slack as a knowledge base approach. However, few consider who has channel access and therefore people share sensitive information — even secrets, such as passwords or API keys in channels. Shared as part of a conversation, very few people think about it being stored forever and accessible to any compromised account.

This open culture isn't the only problem. Slack also offers an extensive marketplace of applications and allows you to build additional applications outside of this marketplace. Third-party apps in SaaS platforms are a huge supply-chain risk, creating an attack vector for nearly every SaaS platform, including Slack. Many apps request extensive permissions, but even seemingly innocuous requests to “read from all public channels” allow broad access to a significant amount of data. Additional potential risks include content filtering, lateral movement, third-party communication (Slack Connect), and many more.

**Slack Detection and Response  
**As Slack becomes an increasingly dominant part of your organization's infrastructure, it will become a target for attacks and eventually be breached, just like any other technology that we use. That’s why organizations must be able to identify, contain, and respond to security incidents quickly to minimize the impact. Unfortunately, both the technology and practices required to do so for Slack are still limited. For example, Slack provides access to security logs only to customers using its enterprise tier. Without security logs, both detection and response are almost impossible. Other advanced security features, such as single sign-on, are unavailable in their standard and pro plans, leaving many mid to large organizations exposed.

Furthermore, many don't realize that Slack doesn't keep a history of anything that's been erased. If an attacker deletes messages, they are gone forever. This can turn into an effective ransomware attack, which is hard to respond to without upfront preparations, predominantly backups.  

**Should I Stop Using Slack?**  
No — Slack is a great platform that can help your business work more efficiently. It's important to be aware, though, that any platform we use is susceptible to risk and may be an attack vector. By understanding these risks, we can become more secure and resilient when facing attacks.

Here are five ways to minimize the impact of a potential Slack breach.

**1\. Private/public channels:** Define and enforce a clear policy about public and private channels. As a repository of sensitive data, your users need to think about where and how they share information.

**2\. Limit third-party permissions:** Restrict your third-party apps to the minimum permissions to reduce the impact of a third-party breach.

**3\. Backups****:** Back up your Slack. If Slack serves as a knowledge management repository, it's a critical asset in the organization. Automate Slack's export capabilities or use an outside vendor to create backups.

**4. Enable advanced security features****:** Require multifactor authentication and enable the security features in Slack's enterprise license, including additional encryption, compliance, and security management.

**5\. Collect logs:** Collect and retain Slack logs so you have the information you need to investigate an incident.

The time you spend now considering the potential challenges and security risks of a Slack breach will help you if it happens. The steps outlined above can help you reduce the impact, and the likelihood, of potential Slack breaches.

Are You Ready for a Breach in Your Organization's Slack Workspace?

Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

Step up to the plate for your chance to win a $25 Amazon gift card with a homerun caption for The Edge's June contest. We offer four convenient ways for you to send us your ideas for the above caption:

*   Email _\[email protected\]_ with the subject line "The Edge June 2022 Toon."
*   Via social media: Twitter, Facebook, and LinkedIn_._

The contest closes on Wednesday, June 29, 2022.

**Last Month's Winner**All it took was the seed of an idea to get Dark Reading readers' digging deep for cartoon caption contenders. Congratulations go to Allan Campbell, director of information management at AG Credit, for the caption appears below: 

    

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Name That Edge Toon: Hey, Batter Batter!

New studies show less than a third of organizations use software bills of materials (SBoMs), but momentum is building to boost that number.

While the drumbeat grows louder for widespread adoption of software bills of materials (SBoM) in IT environments, the reality remains that relatively few organizations consistently implement SBoMs to track the software components used within their application portfolios.

A recent study by ReversingLabs, conducted by Dimensional Research, found that less than a third of companies today use SBoMs. Among those, half said the process of generating and reviewing SBoMs involve manual steps – an onerous process when there are thousands of pieces of code potentially in the mix.

Still, security experts increasingly believe that SBoMs are a foundational step for understanding and managing software supply chain risks. Modern development practices have pushed most software engineering teams to avoid reinventing the wheel when building common functions into their software and instead use open source libraries and packages that have already been developed by the community. Doing so makes their work faster and more predictable, but if there’s no governance or visibility into which components they use, the risk from vulnerabilities can quickly grow unmanageable. 

SBoMs help development teams understand what code is operating under the hood of their applications and to pinpoint when underlying components are found to be vulnerable.

Given the low prevalence of SBoMs reported by the ReversingLabs survey participants, it should come as no surprise that nearly half of them also admit they’re unprepared to protect their software from supply chain attacks.

Application security advocates in industry groups, open source communities, and government agencies alike are all involved in efforts to increase the prevalence of SBoMs and, in turn, improve the state of software supply chain security. In the past several weeks, these groups have launched three different initiatives aimed at not only boosting the rate at which SBoMs are generated, but also the effectiveness in how organizations use them to protect their software.

**CISA Listening Groups**

Last week the Cybersecurity and Infrastructure Security Agency (CISA) announced a series of public listening sessions scheduled for July aimed at gathering members of the software and security communities to discuss how to improve SBoMs best practices and standards.

“CISA believes that the concept of SBOM and its implementation need further refinement,” the agency wrote in a Federal Register post. “Work to help scale and operationalize SBOM implementation should continue to come from a broad-based community effort, rather than be dictated by any specific entity.”

The listening session topics that CISA will facilitate include cloud and online applications, sharing and exchanging SBoMs, tools and implementation, and on-ramps and adoption.

**OpenSSF Action Plan**

Last month at the Open Source Software Security Summit in Washington, DC, the Linux Foundation and the Open Source Security Foundation (OpenSSF) unveiled a 10-point security mobilization plan for improving the state of open source and commercial software worldwide.

Among the recommended priorities was getting SBoMs in place everywhere by focusing on improving SBoM tooling, training, and advocacy across the industry to normalize SBoM creation and consumption.

“The more ubiquitous SBOMs are, the more valuable they can be to the industry. Generally, we believe that SBOMs should be produced automatically via well-vetted tools every time that software is built or distributed,” the document explained. “To get to the point where SBOMs are ubiquitous in software distributions, we need to remove all friction for adoption."

The Linux Foundation and OpenSSF are planning on targeting $3.2 million in investments in the first year of their work on this SBoM initiative.

**OWASP CycloneDX API Rollout**

In order to create an easily operationalized SBoM, software and security teams need a consistent and standardized way to communicate bill-of-materials information – including everything from licensing and copyright information to security-related metadata such as versioning.

The two major choices of standards on this front are SPDX (a Linux Foundation Project) and CycloneDX, a lightweight SBoM standards project by OWASP. The OpenSSF action plan will continue to refine and move forward the SPDX standard. Meantime, OWASP continues to move the ball forward with OWASP. Most notably, last month OWASP launched the draft version of a new BOM Exchange API that’s designed to standardize how bills of materials are published and retrieved independent of the software ecosystem.

“There are lots of products and tools being released that support the production and consumption of SBOMs in standard data formats, but we haven’t had a standard way to transfer SBOMs between systems,” says Patrick Dwyer, co-leader of the CycloneDX standard. “With the release of this API specification, products and tools can start transferring this data in a standard way, enabling greater out-of-the-box integration across the SBOM product and tool ecosystem.”

Gathering Momentum: 3 Steps Forward to Expand SBoM Use

A critical security bug could lead to remote device control, altered lab results, and more, putting patients in danger, agency warns.

Healthcare providers and lab workers using Illumina genetic sequencing instruments are advised to immediately patch the device software against a new vulnerability that the Food and Drug Administration says could put patients in danger. 

Affected devices include Illumina NextSeq 550Dx, MiSeqDx, NextSeq 500, NextSeq 550, MiSeq, iSeq, and MiniSeq next-generation sequencing instruments, the FDA said. 

The medical devices are used to test for genetic conditions and genetic sequencing, and the FDA said the bug, first detected on May 3, could be exploited by threat actors to take over the Illumina instruments. That would allow them to alter the operating system, access a customer's network, tamper with test results, or even steal data. The flaw affects the Local Run Manager software, the FDA added. 

So far, there are no reports of the bug being exploited, the FDA said in a cybersecurity alert to health care providers; however, the agency asks "users to report any adverse events or suspected adverse events experienced with Illumina’s next-generation sequencing instruments." 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

FDA: Patch Illumina DNA Sequencing Instruments, Stat

The latest iteration of CMD-based ransomware is sophisticated and tricky to detect – and integrates token theft and worming capabilities into its feature set.

A new CMD-based ransomware variant is still under development, but researchers warn that its poisonous combination of multiple layers of obfuscation and the sneaky integration of legitimate service links into its attack make it a potentially formidable threat. 

YourCyanide traces its roots back to the GonnaCope ransomware family first discovered in April, a new report from the Trend Micro threat hunting team explains. It doesn't actually encrypt anything yet (researchers say that's likely coming soon), but it does rename all targeted files, steal information, and pilfer access tokens from popular applications like Chrome, Discord, and Microsoft Edge. It also self-propagates.

YourCyanide includes a few new tactics, including using PasteBin, Discord, and Microsoft links to download its payload in stages, and hiding behind Enable Delayed Expansion functionality, the analysts note. 

"While YourCyanide and its other variants are currently not as impactful as other families, it represents an interesting update to ransomware kits by bundling a worm, a ransomware, and an information stealer into a single mid-tier ransomware framework," the the ransomware variant report says. "It is also likely that these ransomware variants are in their development stages, making it a priority to detect and block them before they can evolve further and do even more damage." 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Source

DARKReading