Researchers discover 3-year-old critical firmware vulnerability, running in popular cloud servers used to power hyperscalers and cloud providers alike.

Several popular Quanta Cloud Technology (QCT) server models that power hyperscale data center operations and cloud provider infrastructure are vulnerable to a critical firmware vulnerability that puts them at risk of attacks that take full control over the server — and that can spread across numerous servers on the same network.

The QCT models are vulnerable to the so-called "Pantsdown" vulnerability (CVE-2019-6260), a flaw discovered in 2019 affecting baseboard management controller (BMC) technology on a number of firmware stacks used in modern servers, according to new research published today by Eclypsium.

BMCs are minicomputers placed within servers that include their own power, firmware, memory, and networking stack. They're there to give remote administrators control over the server to manage low-level hardware settings, update host operating systems, and manage virtual hosts, applications, or data on the system. Often servers are managed through BMCs via the use of Intelligent Platform Management Interface (IPMI) controlled groups that share the same password, making it trivial to jump across systems once they compromise one BMC. That kind of concentrated privilege makes BMCs extremely juicy targets for attackers when flaws like these arise.

That attractiveness to the bad guys was on full display back in January when Eclypsium found threat actors using BMC implants in the wild via iLOBleed attacks that successfully targeted thousands of HPE servers. In that case, attackers even took steps to prevent BMC updates and falsify update success to administrators.

It's a problem that security researchers have warned about for the better part of a decade — for example, back in 2013 Metasploit creator HD Moore was drawing attention to them with some pivotal research that showed hundreds of thousands of servers running online were vulnerable to BMC flaws.

The Pantsdown flaw present on QCT servers in this most recent research and proof-of-concept has a CVSS score of 9.8 and is targeted by numerous exploits seen floating around in the wild in the past.

"This vulnerability can provide an attacker with full control over the server including the ability to propagate ransomware, stealthily steal data, or disable the BMC or the server itself," Eclypsium researchers said in a blog post about the report. "Additionally, by gaining code execution in the BMC, attackers could steal the BMC credentials, which could allow the attack to spread to other servers in the same IPMI group."

The researchers said they conducted their tests and developed the proof-of-concept against QCT servers after refreshing them with the most updated firmware package publicly accessible on QCT's download site.

"On inspection, we found that the server contained an Aspeed 2500 BMC (AST2500(A2)) and was running a version of AMI-based BMC software vulnerable to Pantsdown," they said, explaining they disclosed the flaw in October 2021 to Quanta. "At the time of writing, QCT has informed us that they have addressed the vulnerability and new firmware is available privately to their customers, but will not be made publicly available."

**Watch That BMC Firmware**

The proof-of-concept attack Eclypsium researchers developed had them patching Web server code while it ran in memory on the BMC and replacing it with malicious code to trigger a reverse shell when a user refreshes a webpage or connects to the server. They noted that this particular proof-of-concept requires an attacker to have root access on the physical server, but that these permissions are routinely provided by default when users rent a bare-metal instance of a server.

"Additionally, an attacker could gain root access by exploiting a web-facing application and escalating privileges or simply taking advantage of any services already running with root privileges," the research team added.

They say that this particular piece of research further emphasizes the need for organizations to regularly verify the integrity of their BMC firmware.

Quanta Servers Caught With 'Pantsdown' BMC Vulnerability

Supply chain and ransomware attacks increased dramatically in 2021, which explains why so many data breaches in Verizon's "2022 Data Breach Investigations Report" were grouped as system intrusion.

Breaches due to system intrusion have ratcheted up dramatically since 2019, according to Verizon’s "2022 Data Breach Investigations Report." While system intrusion, which includes hacking, malware, and ransomware, was the most common type of data breach in 2021, it didn’t even make the top three in 2019.

The researchers analyzed 23,896 security incidents, of which 5,212 were confirmed data breaches. Similar incidents are grouped together into “patterns.”

To clarify, DBIR looks at eight patterns:

*   **Basic Web application attacks:** Attacks against Web applications where the attacker is after the data.
*   **Denial-of-service attacks:** Network and application-layer attacks compromising the availability of networks and systems.
*   **Lost and stolen assets:** Assets that went missing, either maliciously or by mistake.
*   **Miscellaneous errors:** Unintentional actions compromised an asset’s security.
*   **Privilege misuse:** Involves unapproved or malicious use of legitimate privileges.
*   **Social engineering:** Tricking an individual into compromising the security of a device or data.
*   **System intrusion:** Attacks depending on malware (including ransomware) or hacking to compromise systems.
*   **“Everything else.”**

The second and third most common types of data breach in 2021 were basic Web application attacks and social engineering. In 2020, social engineering was the most common, followed by Web application attacks and then system intrusion. The top three in 2019 were Web application attacks, social engineering, and miscellaneous errors. System intrusions were the fourth most common pattern observed in Verizon’s dataset, the researchers said.

    

**Where the Threats Are**

System intrusions tend to be one of the more complex breaches because they consist of multiple different actions, such as social engineering, malware, and hacking. One reason for the spike for system intrusion may be the fact that supply chain and ransomware attacks increased dramatically this year, the researchers say. The most common actions -- how attackers are carrying out their activities -- for data breaches (grouped under system intrusions) included use of command-and-control servers to execute commands, stolen credentials, malware deploying backdoors, and ransomware. The five most common attack vectors were third-party software, software updates (SolarWinds, anyone?), desktop sharing software, email, and Web applications. 

In contrast, Web application attacks in Verizon's dataset consist of two groups of actions: ways to access the server and the payload itself. Ways to access the server include actions such as stealing credentials, exploiting vulnerabilities, and brute-forcing passwords. While the majority of the attacks focus on the Web application, breaches in this group, attackers also relied on backdoors, remote injection, and accessing desktop sharing software to compromise the server. 

The system intrusions in Verizon's dataset primarily targeted manufacturing (14.4%) and public-sector (13.9%) organizations. For Web applications, manufacturing remained the primary target, at 16.1%, and financial services was the second most popular target, at 15.8%. The list looks different for social engineering, where retail organizations (16.6%) were the most common target, followed by professional (13.8) organizations. 

While most breaches were the result of attacks by external adversaries, 14% of breaches were due to errors such as misconfigured cloud storage and exposed cloud servers. People are fallible – and it’s not just about configuration errors, as the report notes that 82% of breaches involved the human element. “Whether it is the use of stolen credentials, phishing, misuse, or simply an error, people continue to play a very large role in incidents and breaches alike,” researchers wrote.

Most Common Threats in DBIR

New threat hunting and risk identification service provides organizations with an enterprise-wide baseline of their threat landscape and risk exposure.

San Jose, Calif., 24 May 2022 – Forescout Technologies, the leader in automated cybersecurity, today announced the launch of Forescout Frontline, a new threat hunting service utilizing a team of highly-trained cybersecurity analysts to support cybersecurity teams by proactively identifying risks, enabling accelerated incident response, and maturing security posture. Forescout is offering this complimentary service for organizations that lack the internal resources and visibility to defend themselves from cybersecurity attacks, including ransomware and advanced persistent threats (APT).

“Cybersecurity attacks are on the rise. Simultaneously, cybersecurity teams are perennially understaffed and under resourced. This has created a perfect storm,” said Shawn Taylor, vice president of threat defense. “Organizations are under immense pressure to cope with the scale and speed of attacks and the havoc caused by the adversaries. Forescout is launching this new service to help organizations defend against attacks by providing a complete and holistic view of their assets.”

Many organizations use multiple security tools across multiple teams to help identify threats and risks. However, insights may be limited due to siloed views of IT, IoT, IoMT or OT assets. Typically, a variety of these asset types exist across an organization’s digital terrain and are often interconnected, which means cybersecurity risk must be identified and tackled holistically.

Delivered by Forescout Frontline analysts, the Threat Hunting and Risk Identification Service overcomes staffing resources and asset visibility challenges to uncover threats and identify risks that may otherwise remain undiscovered. Forescout Frontline will help organizations:

Discover, validate and prioritize a wide variety of cyber threats and vulnerabilities across all assets, including IT, IoT, IoMT and OT

Analyze the context and risk associated with all findings

Leverage the comprehensive insights to develop effective risk mitigation and remediation strategies

A State of Florida Agency, which supports several key Florida departments, engaged Forescout Frontline to understand each instance of Log4j, a zero-day vulnerability in a popular Java logging framework, across the organization’s 220 sites in 16 diverse divisions. In less than a day and a half, Forescout Frontline delivered insights into thousands of assets with vulnerabilities such as Log4j and Windows-based PrintNightmare. Additionally, hundreds of Critical CVSS-rated vulnerabilities affecting infrastructure devices such as switches and routers were found. Finally, actionable intelligence concerning critical embedded IoT TCP-IP stack-based instances such as NUCLEUS: 13 and RIPPLE 20, insecure communications, and other risks were also discovered. Leveraging this free service shrunk time to mitigation and remediation of these security gaps and improved overall security posture.

“When Log4J broke, we knew it was a critical issue, but we lacked a full picture of the risk within our extended enterprise. The \[Forescout threat hunting\] report was way more thorough than I expected, with in-depth information and actionable intelligence. Not just on Log4j but on other critical vulnerabilities as well, and not just in general terms but exactly where they exist in our environment.” – Information Security Manager, State of Florida Agency

Forescout Frontline levels the cybersecurity playing field by operationalizing the vulnerability research and threat intelligence produced by Forescout’s Vedere Labs and enhancing it with the Forescout Continuum Platform to provide threat hunting services across multiple dimensions. Forescout Frontline analysts include former public sector and private sector threat hunters with training in threat detection and incident response.

To learn more about Forescout Frontline visit here and for further insight into how a State of Florida agency benefitted from this new service visit here.

**About Forescout**

Forescout Technologies, Inc. delivers automated cybersecurity across the digital terrain, maintaining continuous alignment of customers’ security frameworks with their digital realities, including all asset types – IT, OT, IoT, IoMT. The Forescout Continuum Platform provides complete asset visibility, continuous compliance, network segmentation and a strong foundation for Zero Trust. For more than 20 years, Fortune 100 organizations and government agencies have trusted Forescout to provide automated cybersecurity at scale. Forescout arms customers with data-powered intelligence to accurately detect risks and quickly remediate cyberthreats without disruption of critical business assets.

Managing cyber risk, together.

Forescout Launches Forescout Frontline to Help Organizations Tackle Ransomware and Real Time Threats

Gartner's security service edge fundamentally changes how companies should be delivering data protection in a cloud and mobile first world.

Do you live life on the edge? If you're a rock climber, skydiver, or striving to be a TikTok dance influencer, the answer might be yes. Putting yourself out there requires risk but can be rewarding. Why? When you are able to confidently look risk in the eye and say "I win," that dopamine hit makes you feel invincible! So, do you feel the same way about your data protection? Letting your data protection live on the edge might sound risky, but in reality it's a step in the right direction, and it dramatically transforms how you think and deliver data security.

Before we get too far into it, let's actually explore what the "edge" means. If you're familiar with Gartner's latest collection of letter-soup offerings for the security industry, you probably know where this is going. Secure access service edge (SASE) and its better half, security service edge (SSE), are frameworks that define how organizations should think about cloud security platforms. In short, organizations are being encouraged to double down on SSE, which unifies all security services into a zero-trust cloud platform. SSE follows the user over any connection, drives down risk with always-on protection, and ditches the cost and complexity of point products like SWG, DLP, VPN, CASB, firewalls, and sandboxes. It's the next big thing, but how does this change data protection?

Let's start with the traditional view of data protection, which has been driven by DLP and CASB vendors over the last several years. The discussion focuses on how users interact with data, how the data is handled (sometimes dangerously), and how the internal threat to your data should be controlled. It's the standard data-protection pitch you've probably heard multiple times. Well, here are the real questions: What about the _external_ threat? Which has the most potential to damage your organization: internal or external threats? I often talk to customers that know they are losing data due to accidental user error but have come to accept it as background noise. Those same customers, when a data breach happens, spring into action with the force of a thousand caffeinated SOC employees. See my point? Now, please don't get me wrong — the internal threat shouldn't be neglected, but it's clear that the best strategy should masterfully combine both external and internal data threat protection. This is why SSE is such a powerful concept — if delivered correctly.

Since SSE focuses on incorporating data protection into a larger zero-trust, cyber-threat story, we should understand what that means. Like any great architecture, it starts with a strong foundation. In the case of SSE, that foundation without a doubt is inline proxy inspection, which enables SSL inspection. Want to keep data from leaking to the Internet? Want full visibility to find and classify sensitive data? Want to stop data exfiltration during a breach? They all require full, scalable SSL inspection. Inline inspection sets up everything else, which is why it's so important to get that part right. But there's a big caveat here — your inline security cloud needs to prove that it can deliver when the going gets tough. If it can't perform or scale, everyone across the organization will immediately know there's a problem.

After that, stopping external and internal threats with SSE becomes easy. First, start with SWG to block risky destinations and content. This prevents external threats like phishing and ransomware from targeting your users and data. Add to that a helping of sandbox and AI/ML to quickly stop zero-days and advanced threats. Now, move to DLP, which is the core building block of great data protection. Define this to find and control your sensitive content and then send it hunting across your data in motion and at rest in your clouds (with CASB). Since you're already inline, and everything is unified, you only have one policy, which reduces complexity and alert noise. You get full control over user and cloud app activity, and can ensure data isn't accidentally or maliciously lost. Once you've tackled the basics, you can move on to other aspects of data protection, like browser isolation for BYOD or UEBA to quickly zero in on suspicious activity. Best of all, services can be easily added as you grow.

Hopefully, you're beginning to see that the right SSE platform can drastically change how you deliver data protection. It applies a more holistic approach to securing data, and equally focuses on external and internal threats, while drastically reducing cost, complexity, and overall risk. So as you look to evolve your data protection strategy, remember to live life on the edge! And maybe keep those TikTok videos to yourself.

**About the Author**

    

Steve Grossenbacher is Director of Product Marketing at Zscaler, where he currently focuses on data protection. Prior to Zscaler, Steve held marketing, competitive, sales engineering and support positions at McAfee and Xerox Engineering Systems. With more than 20 years of experience in the network and security industry, he has helped companies navigate the ever-changing world of IT and currently helps organizations securely transform their networks to a cloud-first architecture

Is Your Data Security Living on the Edge?

A sprawling, multiyear operation nabs a suspected SilverTerrier BEC group ringleader, exposing a massive attack infrastructure and sapping the group of a bit of its strength.

Business email compromise (BEC) attacks have caused billions of dollars in losses to businesses globally in recent years — but now international law-enforcement has notched up another victory in the battle against them.

Interpol on Wednesday announced that "Operation Delilah" has resulted in Nigerian police arresting the suspected head of SilverTerrier, aka TMT, which is a massive BEC operation that has been active since at least 2015, impacting thousands of businesses and individuals across four continents. The 37-year-old Nigerian man, who the Interpol did not name, was apprehended at the Murtala Muhammed International Airport in Lagos as he attempted to re-enter the country after fleeing ahead of the police in 2021.

The arrest marks the culmination of a year-long investigative effort that was led by the Interpol's Africa desk and involved law-enforcement agencies from multiple countries. Three security vendors — Palo Alto Networks, Group-IB, and Trend Micro — also supported the effort by providing information on the BEC effort and its operators to the investigating entities. And Interpol also flagged CyberTOOLBELT as providing "ad hoc support" to the investigative effort.

**Notching Up Arrests**

The latest arrest brings to 15 the total number of individuals who have been arrested in recent years for their alleged involvement in BEC scams out of Nigeria — a hotbed of activity for this type of threat for years. In January, Nigeria's police, acting on information from Interpol, arrested 11 individuals for allegedly defrauding or attempting to defraud some 50,000 organizations worldwide via BEC scams. Six of the individuals were identified as belonging to SilverTerrier. At the time of the January arrests, law enforcement authorities recovered one laptop that contained a staggering 800,000 usernames and passwords that appeared to belong to victim organizations.

    

The suspect. Source: Group-IB

That 10-day operation was code-named "Falcon II"; it was preceded by another in November 2020 dubbed "Falcon I," when three alleged SilverTerrier members were arrested for their involvement in BEC scams that compromised 500,000 organizations worldwide.

Pete Renals, principal researcher for Unit 42 at Palo Alto Networks, says researchers from the company have been tracking the Nigerian individual who was arrested recently since at least 2017. He notes that while this person is suspected to be a ringleader, it's hard to say what exactly the individual's role was within SilverTerrier because of the sheer number of people who are part of the group and the amorphous nature of their malicious activities. 

"It is difficult to draw boundaries around subgroups or affix certain roles to actors, as these groups are often time-bound, fluid in organization, and the individual role of a specific actor usually evolves over time," Renals says.

**A Massive Operation**

That said, Unit 42's research shows that the arrested individual likely owned the infrastructure that served as the command- and-control (C2) for malware such as ISRStealer, a keystroke logging tool; Pony, a password stealer; and the LokiBot information stealer, Renals notes. 

The security vendor says it also identified more than 240 domains that the threat actor had registered under various aliases. Fifty of those domains were used as C2 infrastructure for malware the threat actors used in their BEC campaigns. 

Significantly, the arrested individual provided a street address that belonged to a major US financial institution in NY when registering the domains, Palo Alto Networks said. The same individual also shared social-media connections with at least three of the BEC operators who were previously arrested as part of Operation Falcon II.

The string of arrests since late 2020 has highlighted the growing ability of international law enforcement authorities, cybersecurity vendors, and other stakeholders to work together in tracking down major BEC operators. Even so, BEC remains a major cyberscourge to organizations worldwide. 

According to statistics maintained by the FBI, BEC attacks caused a staggering $43 billion in actual and attempted losses worldwide between June 2016 and last December. In that time frame, there were some 241,200 BEC incidents involving victims in all 50 US states and 177 countries. Approximately 116,400 individuals and organizations in the US reported being targeted by a BEC scam during that period, causing over $14.7 billion in losses.

Renals says the sheer scope of BEC activity has made it challenging to stop. "The BEC threat landscape is extremely active and constantly evolving," he says. "As a threat type, it has grown over the years to become the most prevalent and costly form of malicious cyber activity targeting our organizations."

While Nigeria has been the center of BEC activity in recent years, there have been similar scams originating from other countries as well, he says. "We also see BEC schemes originate from Malaysia and India, and we see facilitation of BEC schemes in most developed nations to include money mules laundering the money from the attacks," Renals says.

Interpol's Massive 'Operation Delilah' Nabs BEC Bigwig

Open source software community initiative utilizes blockchain technology.

**Sunnyvale & San Diego, Calif., May 25, 2022** — (swampUP 2022) – JFrog Ltd. (“JFrog”) (NASDAQ: FROG), the Liquid Software company and creators of the JFrog DevOps Platform, today introduced Project Pyrsia, an open-source software community initiative that utilizes blockchain technology to secure software packages (A.K.A Binaries) from vulnerabilities and malicious code. Available for sign-ups immediately, Project Pyrsia is an open-source-based, decentralized, secure build network and software package repository aimed at helping developers establish chain of provenance for their software components, creating greater confidence and trust.

“Open-source is everywhere, and while it has always been seen as a seed for innovation and modernization, the recent rise of software supply chain attacks has made every organization vulnerable,” said Shlomi Ben Haim, Co-Founder and CEO, JFrog. “Led by developers and for developers, JFrog is proud to work with the community on developing Project Pyrsia so everyone can continue to embrace open source with confidence, while protecting the software supply chain.”

Open-source software is a critical element of nearly every technology we use today – from our operating systems and browsers to the applications and services on which we depend to run our lives. Yet there’s no question the volume, sophistication and severity of software supply chain attacks has increased in the last year. In recent months the JFrog Security Research team tracked over 20 different open-source software supply chain attacks – two of which were zero-day threats. While open-source components are designed to make development more efficient, not knowing where your software comes from makes it hard-to-spot risks–seeding doubt and uncertainty about its safety.

Thus, JFrog and other open-source technology leaders, including Docker, DeployHub, Futureway, and Oracle – worked together to establish the Project Pyrsia network for validating the source and security of open-source software packages. With Pyrsia, developers can confidently use open-source software knowing their components have not been compromised, without needing to build, maintain, or operate complex processes for securely managing dependencies.

“At JFrog we believe open-source security will only be successful if we provide the community with the same tools and services that are available to enterprises,” said Stephen Chin, VP of Developer Relations, JFrog. “The combination of an open-source, customizable architecture, and a robust, active community makes Pyrsia the most transparent and trustworthy way to obtain secure software packages. We’re grateful for the help of our industry partners and the community for joining us in securing open source so it can remain a true fountain of innovation.”

Pyrsia aims to seamlessly integrate with the package management systems developers are already using today, so they can certify their software components without foregoing compatibility, security, or efficiency. Utilizing standards like Sigstore’s Cosign and Notary V2 allows developers to quickly access their containers leveraging the Pyrsia network. Using digital signatures, developers receive an immutable chain of evidence for their code, providing peace of mind from knowing the exact source of their packages.

To help guide developers on the process of using Pyrsia for validating software components, a select few entities will build and publish images that will be available for everyone’s use -otherwise known as ‘bootstrapping’ the project. Organizations interested in supporting Pyrsia can volunteer their resources to help establish the project’s first distributed network. From there, Project Pyrsia’s decentralized framework will help provide:

· An independent, secure build network for open-source software

· Trustworthiness of software packages

· Completeness of known open-source software dependencies

For more information on Project Pyrsia or to sign-up to be a contributor visit https://pyrsia.io/. You can also learn more about the project in this blog or chat directly with JFrog Community leaders and Project Pyrsia experts during swampUP 2022 taking place in San Diego, May 25 – 26. For more information and to register visit https://swampup.jfrog.com/.

**Supporting Quotes from Industry Partners**

_“The DeployHub team’s focus is firmly rooted in securing the supply chain, and there is no better place to start than fully auditing the build and package step. To that end, Pyrsia is the first open-source project to introduce improvements in this area via a ‘consensus build network.’ Disruption in this area is long overdue. DeployHub is proud to be part of this innovative team.” – Steve Taylor, CTO DeployHub, Inc._

_“At Docker we feel this is an exciting time for the community to work together on innovation around the supply chain and its core, critical components for build and packaging. We are excited to join and work together with the community on Project Pyrsia. There is a huge opportunity to build new kinds of infrastructure over the core container primitives that will foster innovation and better developer experiences.” – Justin Cormack, CTO, Docker_

_“Open-source project Pyrsia is developing a third-party attested, decentralized, distributed software package network that delivers secure, transparency and integrity for the open-source software package supply chain. Futurewei is committed to collaborating with open-source communities to accelerate the innovations for digital transformation via open-source, open standard, and open ecosystems. As open-source software becomes more pervasive, securing the open-source software supply chain becomes a critical issue. We are thrilled to be a founding member of Project Pyrsia and delighted to have the opportunity to collaborate with other members to accelerate Pyrsia for a secure and trusted open-source software supply chain ecosystem – bringing value to the open-source community.”– David Lai, Director, Cloud Infrastructure and Platform Architecture Open-Source Ecosystem Partnerships, Futurewei Technologies, Inc._

JFrog Launches Project Pyrsia to Help Prevent Software Supply Chain Attacks

Experience Centre features emerging Mastercard products and solutions for securing digital payments on a global scale, including those developed locally in Vancouver.

**MAY 25, 2022**

  
Today, Mastercard unveiled the "Experience Centre” at its _Global Intelligence and Cyber Centre of Excellence_ (“Centre of Excellence”) in Vancouver, BC, where local, national and international tech communities are invited to collaborate on cyber security innovation. The Experience Centre also features emerging Mastercard products and solutions that are already securing digital payments on a global scale, including those developed locally in Vancouver.

“Rapid advancements in digital technology have changed the way we shop, pay, work and interact, but with increased convenience comes increased risk,” said Sasha Krstic, President of Mastercard Canada. “Building on the world-class innovations developed at our Centre of Excellence in Vancouver, this new Experience Centre offers a venue for much-needed industry collaboration to anticipate and neutralize ever-expanding cyber threats to our global digital economy.”

Announced in 2020, Mastercard’s _Global Intelligence and Cyber Centre of Excellence_ is leading innovation in cyber and intelligence (C&I), artificial intelligence (AI) and the Internet of Things (IoT). Research from the Centre is already enhancing Mastercard solutions, combining the Centre’s biometric security algorithms with existing cyber capabilities is creating new approaches to enhance online security. In just two-and-a-half years, the Centre of Excellence is making quick progress against its long-term goals, such as:

*   **filing more than 30 local patents** that will secure cyberspace by building confidence in our connected devices, reducing the presence of malicious bots, bad human actors, and establishing a seamless experience for online interactions; and
*   **creating and maintaining more than 230 quality tech jobs to date,** ranging from software engineers to data scientists to product and program managers, with many more roles to fill.

“We are achieving this unprecedented level of cyber security innovation by attracting top talent from across Canada and the world to work smarter, better and faster in a creative, inclusive environment embedded in Vancouver’s vibrant tech community,” said Sasha Krstic. “Mastercard’s Centre of Excellence is not only making digital payments safer for consumers and businesses everywhere, it’s helping cement Canada’s role as a global powerhouse in cyber security innovation.”

  
Investing in Canadian Innovation

Mastercard has significantly expanded its technology footprint in Canada over the past five years. In 2020, Mastercard announced **a $510 million CAD investment** **to establish the _Global Intelligence and Cyber Centre of Excellence_ in partnership with the Government of Canada** to achieve their shared vision of building a better, more secure digital economy for everyone by leveraging Canadian innovation. This builds on the acquisitions of Vancouver-based NuData Security and Toronto-based Ethoca.

As part of its ongoing commitment to strengthening Canadian innovation, **Mastercard has proudly invested more than $6.3 million in strategic partnerships and knowledge-sharing** across Canada’s entire tech ecosystem through the _Global Intelligence and Cyber Centre of Excellence_ to-date. These investments are designed to:

*   scale C&I research and development (R&D) and bring Canadian innovations to market faster, making the global digital economy more secure;
*   nurture next-gen Canadian talent and expand STEAM opportunities for underrepresented groups, as true cyber security demands that diverse talent drive inclusive innovation; and
*   provide small businesses and entrepreneurs with the same cyber security tools and protection as larger enterprises so Canada’s economy can continue to thrive.

  
Strategic partnerships and community investments announced by Mastercard include:

*   **Digital Main Street:** creating engagement tools that help Canadian “mom and pop” businesses become more cyber aware, as well as 10 post-graduate internship spaces at the Mastercard _Global Intelligence and Cyber Centre of Excellence_ over five years;
*   **Canadian Federation of Independent Business (CFIB):** creating gamified, mobile-first cyber training for small- and medium-sized businesses;
*   **Pow Wow Pitch:** sponsoring a new tech stream in the Indigenous Entrepreneurship Program;
*   **Mitacs:** creating 50 internships at Mastercard’s _Global Intelligence and Cyber Centre of Excellence_ for graduate students across Canada over five years;
*   **University of New Brunswick:** funding the Mastercard Research Chair in IoT and a new Cyber Security Research Lab;
*   **Rogers Cybersecure Catalyst:** accelerating cyber security training and young leader development at Toronto Metropolitan University;
*   **Science World:** developing STEAM training for girls in grades 2 to 9 through the “Tech-Up” program; and
*   **Girls4Tech:** expanding cyber programming for Canadian girls.

  
“Vancouver and Canada more broadly are brimming with talent and expertise in a range of STEM fields, including cyber and intelligence,” said Mansur Mirani, VP of the Mastercard Global Intelligence and Cyber Centre of Excellence in Vancouver. “Investments across our tech ecosystems, especially in diverse communities, unlocks additional potential in our knowledge economy that will keep Canada on the forefront of global cyber security innovation for generations to come.”

Mastercard Launches Cybersecurity “Experience Centre”

Company will detail enhancements to Vulnerability Management, Detection and Response solution next month.

FOSTER CITY, Calif., May 25, 2022 /PRNewswire/ -- Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, today announced it is holding the Qualys Security Conference (QSC) San Francisco in tandem with RSAC on June 7-8.

At the event, Qualys will unveil significant updates to the company's Vulnerability Management, Detection and Response (VMDR) solution. The new enhancements redefine how enterprises manage cybersecurity risk with an unprecedented capability to prioritize and remediate at scale.

Through keynotes, live demonstrations, customer presentations, training sessions and networking, the Qualys customer community will dive into the profound impact of the digital journey and converse on best practices and case studies on risk management and security automation.

The week will feature talks from Qualys experts, customer success stories and a feature keynote at the Cloud Security Alliance CxO Trust Summit:

**Qualys QSC San Francisco Featuring VMDR Live  
**QSC San Francisco will be held in person at the Palace Hotel in San Francisco. To view the full schedule and to register for the event, visit the website.

**Highlights include:**

*   **Sumedh Thakar, President and CEO:** Security Automation for the Digital Journey
*   **Nagi Prabhu, Chief Product Officer:** Bringing the Unified Power of the Qualys Cloud Platform to Address Today's Security Challenges
*   QSC customer presentations from **First American Financial** and others.
*   **VMDR LIVE:** Redefining Cybersecurity Risk Management with VMDR
    *   Introducing VMDR 2.0 with TruRisk
    *   Fireside chat with Brian Penn, **Aflac**
    *   Join VMDR Live virtually at www.qualys.com/vmdr-live.
*   **Qualys Cocktail Reception:** Come network with Qualys experts, customers and industry practitioners on Tuesday, June 7 at 6:00 pm PT at the Palace Hotel.
*   **Training Sessions:** On Wednesday, June 8, Qualys will lead two training courses, including an introduction to Qualys VMDR and How to Manage and Secure Your Container Assets.

**Qualys at RSAC  
**Attendees with RSAC credentials are welcome to join the following RSAC events to network with industry peers and learn more about Qualys:

*   **CxO Trust Summit at RSAC****: Jonathan Trull, CISO at Qualys:** Measuring the Maturity of Your Cloud Security Program. June 6, 8:30 am – 3 pm PT, RSAC – Moscone Center South, level 3
*   **DevOps Connect – DevSecOps @RSAC****:** Connect with the Qualys DevOps team to learn more about VMDR and our cloud-based IT, security and compliance solutions. June 7, 8:30 am – 4 pm PT, RSAC – Moscone Center South

**About Qualys**  
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of disruptive cloud-based Security, Compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings.

The Qualys Cloud Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organizations. For more information, please visit www.qualys.com.

Qualys to Unveil VMDR 2.0 at Qualys Security Conference in San Francisco

Corelight Investigator aids threat hunting and investigation through intelligent alert aggregation, built-in queries and scalable search

SAN FRANCISCO, May 25, 2022 /PRNewswire/ -- Corelight, the leader in open network detection and response (NDR), today announced Corelight Investigator, a SaaS-based solution that extends the power of open-source driven network evidence to SOC teams everywhere. Investigator delivers advanced capabilities for transforming network and cloud activity into evidence in a fast, intuitive platform that is easy to deploy and use.

Based on insights learned from savvy defenders in the Zeek open source community, Corelight Investigator provides not only advanced analytics and open access to the best network evidence, but the ability to do custom evidence enrichment unique to each environment. With Corelight Investigator, security teams can quickly accelerate threat hunting and investigations by mapping threat activity across the MITRE ATT&CK® framework and reduce alert volume with intelligent alert scoring.

"We believe that evidence is at the heart of cybersecurity for any organization," said Brian Dye, CEO of Corelight. "We have the privilege of working with defenders of critical infrastructure that can afford data lake architectures and in-house analytics teams to execute their evidence-driven cyber strategy. Corelight Investigator brings the design patterns of those elite defenders to the broader enterprise by combining advanced analytics and threat hunting capability with the power of Zeek, the industry de-facto standard for network evidence."

**Full network visibility with next-level analytics  
**Corelight Investigator brings complete visibility of the network, both on-premise and in the cloud, with evidence that spans months and years, not days and weeks. Customers can leverage machine learning, behavioral analysis, threat intelligence and signatures, mapped to the MITRE ATT&CK framework, to enable broad coverage of network-centric threats.

This evidence leads to specialized detections and enables the threat hunting necessary for advanced, persistent, and personalized attacks. In addition, it supports custom enrichment of network evidence - such as asset information, vulnerabilities, or per-asset context - and links threat hunting and incident response through custom alerts, queries, and dashboards.

"Unlike competitive 'closed' solutions, Corelight Investigator brings a new level of openness to the SaaS NDR market that enables customers to fully understand the logic behind machine learning based detections, and freely integrates these alerts with their existing tools for the broadest coverage," said Clint Sand, senior vice president of product for Corelight.

**Powered by open source and novel research  
**"Along with the advanced analytics that Corelight Labs provides, another advantage of Corelight Investigator is its ability to harness the analytical power of the open source Zeek and Suricata communities. That provides broad-based threat coverage including rapid zero-day response capabilities," said Vern Paxson, co-founder and chief scientist for Corelight. "The open-source nature of Zeek helps us illuminate _why_ a detection happened, as well as rich information about its surrounding context."

Corelight Investigator customers can access richly detailed, interlinked Zeek logs including access to DNS responses, file hashes, SSL as well as logs created by Corelight Labs - which continually creates new analytics for evolving threats and vulnerabilities using cross-customer visibility with the speed of SaaS – for both investigating those alerts and enabling threat hunting.

"As attacks continue to evolve and grow in sophistication, security teams need NDR solutions that provide not only timely and accurate detections, but the supporting context to respond quickly and effectively," said John Grady, senior analyst with ESG. "Corelight meets these requirements by bringing rich network evidence from its decades-long open source Zeek heritage, combined with novel analytics from an array of inferences, making it a powerful contender in the space."

**University of Missouri powers network visibility with Corelight Investigator  
**For many organizations, it is not possible to staff a full security or development team dedicated to parsing the expansive volumes of network traffic. This is true for the research and support services team at the University of Missouri that needed a solution that could provide full network visibility without the management overhead and other fine-tuning often required with competing solutions.

"We are a large university and we need to have full network visibility," said Aaron Scantlin, security analyst at University of Missouri. "It was simple to set up, which means the rest of my time is spent doing advanced analysis and other work."

In addition, Corelight Investigator quickly identifies threats on the network so the team can take immediate action as well as provides access to the raw data for additional investigation.

"Corelight Investigator ingests events so that we can query them in a snap," said Scantlin. "It improves our security posture by providing instant access to events we need to act on."

**Pricing and availability  
**Corelight Investigator joins the Corelight Sensor product portfolio and will be generally available in June. Corelight customers and prospects can contact sales directly for pricing information. More information Corelight Investigator can be found on the Corelight website.

**About Corelight  
**Corelight provides security teams with network evidence so they can protect the world's most critical organizations and companies. Corelight's global customers include Fortune 500 companies, major government agencies, and large research universities. Based in San Francisco, Corelight is an open-core security company founded by the creators of Zeek®, the widely-used network security technology. For more information, www.corelight.com.

Corelight Announces New SaaS Platform for Threat Hunting

Cylance co-founder Ryan Permeh has joined full time as an operating partner.

**WEST PALM BEACH, Fla.** – May 25, 2022 – SYN Ventures, the only VC firm founded and led exclusively by former Fortune 500 CISOs and C-level security leaders, today announced the closing of its $300M Fund II. The closing comes less than 12 months since the launch of its debut fund and continues the firm’s focus on early-stage cybersecurity, industrial security, national defense, privacy, regulatory compliance, and data governance start-ups.

In addition to the closing of Fund II, the firm announced that Co-founder and former Chief Scientist of Cylance, Ryan Permeh, has joined full time as an Operating Partner.

“As cybersecurity has come to the forefront of every human on the planet, the pace of innovation is exploding for both our industry and adversaries,” said Jay Leek, Managing Partner at SYN Ventures. “Adding Ryan, one of the most successful and connected entrepreneurs in our industry, to our team is incredible validation of our investment thesis and mission of protecting all companies big or small, the United States and our allies.”

SYN investments include Adlumin, Boldend, Halcyon, Metabase Q, Netography, Pangea, Phosphorus, Query.ai, SecZetta, Sevco Security, ShiftLeft, SynSaber, TrackerDetect, Revelstoke, Transmit Security, and others. The team combines over 100 years of operational security experience with investing acumen and a trusted network of dozens of CISOs that actively help entrepreneurs accelerate the growth of their companies to better protect against the ever-evolving threat landscape. Some of the firm’s CISO advisors include Cradlepoint CISO, Ben Carr; Chipotle CISO, Dave Estlick; Vista Equity Partners Managing Director and CISO, Adrian Peters; USAA CSO, Jason Witty, and more.

“Joining Jay, Patrick and the SYN team is an exciting next chapter in my career. After decades in executive leadership roles starting at McAfee, I’ve been blessed to work with the people and technologies that have been instrumental in the emergence of cybersecurity as an industry,” said Permeh. “As an entrepreneur, I couldn’t have done what I did without fantastic venture partners, including Jay and Patrick, to bring my vision to life and scale a company to become one of the first unicorns in the industry. Security is in my blood, and I’m excited to share my experience and expertise to help the next generation of entrepreneurs disrupt the industry and evolve the fabric of security.”

**About SYN Ventures**

SYN Ventures is a venture capital firm focused on investing in disruptive and innovative security companies in the cybersecurity, industrial security, national defense, privacy, regulatory compliance, and data governance industries. The firm’s dedicated security team has a proven track record with over 100 years of security investing and operational experience. SYN also has a highly distinguished network of seasoned security advisors and CISOs. For more information on SYN Ventures, please visit https://www.synventures.com/

Source

DARKReading