The vulnerability affects certain versions of the Veeam Service Provider Console that can only be fixed by updating with the latest patch.

Source: Postmodern Studio via Alamy Stock Photo

NEWS BRIEF

Data protection vendor Veeam released an update to address a critical vulnerability affecting the Veeam Service Provider Console (VSPC) that, if exploited, could lead to remote code execution (RCE).

Tracked as CVE-2024-42448 with a CVSS score of 9.9, the vulnerability was discovered by Veeam during internal testing. 

Veeam found another vulnerability in the process, CVE-2024-42449, with a high CVSS score of 7.1, which could leak an NTLM hash of the VSPC server service account and delete files off the machine.

Both of the vulnerabilities affect VSPC 8.1.0.21377 and all earlier versions of 7 and 8 builds.

"These service providers often trust their third-party vendor tools to manage client data and ensure business continuity," Elad Luz, head of research as Oasis Security, wrote in an emailed statement to Dark Reading. "When these vendors, like Veeam, have vulnerabilities that allow remote code execution, it exposes critical backup infrastructure to potential exploitation. In industries where data security is paramount, such as finance, healthcare, and legal services, the risk is amplified as these sectors hold sensitive data that is attractive to cybercriminals."

As there are no mitigations available for these vulnerabilities, Veeam recommends users of the supported versions of VSPC update to the latest cumulative patch.

**About the Author**

Skilled writer and editor covering cybersecurity for Dark Reading.

Veeam Urges Updates After Discovering Critical Vulnerability

The notorious spyware from Israel's NSO Group has been found targeting journalists, government officials, and corporate executives in multiple variants discovered in a threat scan of 3,500 mobile phones.

Source: Coredesign via Shutterstock

Researchers have discovered seven new Pegasus spyware infections targeting journalists, government officials, and corporate executives that started several years ago and span both iPhone and Android devices, demonstrating that the range of the notorious spyware may be even greater than once thought.

Researchers from iVerify discovered multiple devices compromised by Israeli company NSO Group's spyware via attacks initiated between 2021 and 2023 that affect Apple iPhone iOS versions 14, 15, and 16.6, as well as Android, they revealed in a blog post published on Dec. 4. The infections were discovered in May during a threat-hunting scan of 3,500 devices from iVerify users who opted in to the checks.

Specifically, the investigation uncovered multiple Pegasus variants in five unique malware types across iOS and Android. The researchers detected forensic artifacts in diagnostic data, shutdown logs, and crash logs found on the devices.

"Our investigation detected 2.5 infected devices per 1,000 scans — a rate significantly higher than any previously published reports," Matthias Frielingsdorf, Verify co-founder and iOS security researcher, wrote in the post. Each of the infections "represented a device that could have been silently monitored, its data compromised without the owner's knowledge," he wrote.

Related:Wyden and Schmitt Call for Investigation of Pentagon's Phone Systems

"The discovery supported our thesis about the prevalence of spyware on mobile devices — it was hiding in plain sight, undetected by traditional endpoint security measures."

**Pegasus Spyware Reach Underestimated?**

The findings also demonstrate that security researchers, in general, may have underestimated the reach of mobile spyware, particularly Pegasus, Rocky Cole, co-founder and COO of iVerify, tells Dark Reading.

Pegasus, developed by NSO Group — an adversary that iVerify tracks as "Rainbow Ronin" — is a particularly nasty piece of spyware that allows the controller to exploit OS vulnerabilities and leverage zero-click attacks to access and extract whatever they want from an exploited mobile device. Attackers can intercept and transmit messages, emails, media files, passwords, and detailed location information without a user's knowledge or interaction.

Pegasus gained initial notoriety in 2021 when security researchers found that it was being used by state-sponsored actors in illegal surveillance against journalists, politicians, human rights advocates, and other persons of interest to government intelligence agencies. Since then, numerous other infections have surfaced that show how governments have wielded the spyware, with journalists in particular in the crosshairs.

Related:Name That Edge Toon: Shackled!

Now iVerify's discovery suggests that state-sponsored actors not only are using mobile spyware in a narrow way to surveil the most high-profile of targets, but also could be spying on people within typically targeted populations who wouldn’t seem likely to be on their radar, Cole says.

"Previously considered a rare and highly targeted threat, Pegasus was found to be more prevalent and capable of infecting a wider range of devices, not just those belonging to high-risk users," he says.

Moreover, as iVerify’s investigation uncovered multiple Pegasus infections across several iOS versions, some dating back years, it's clear that traditional security measures often fail to detect such threats. This suggests that mobile device users themselves must be included in the detection of malware so they have "the power to understand and defend against threats that were previously invisible," Frielingsdorf wrote.

**Hunt Your Own Device Threats**

Cole says that best practices for preventing spyware infections before they occur include regularly updating devices to the latest OS as soon as possible, as spyware often exploits unpatched vulnerabilities. And though EDR may not pick up every infection, it can be a useful tool for organizations to use alongside more proactive device-specific threat-hunting to "help detect and respond to threats in real time," he says.

Related:Microsoft Boosts Device Security With Windows Resiliency Initiative

Organizations also should educate employees, Cole adds, especially those in high-risk roles, about the risks and best practices for mobile security as an essential protection against spyware infections.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Pegasus Spyware Infections Proliferate Across iOS, Android Devices

The evolving regulatory environment presents both challenges and opportunities for businesses.

Michael McLaughlin, Co-Leader, Cybersecurity and Data Privacy Practice Group, Buchanan Ingersoll & Rooney

December 4, 2024

4 Min Read

Source: filmfoto via Alamy Stock Photo

COMMENTARY

In 2024, the cybersecurity regulatory landscape underwent significant changes, as major economies worldwide introduced new rules to combat increasingly sophisticated cyber threats, such as advanced ransomware and AI-driven attacks. For businesses, navigating this evolving landscape is not merely a compliance issue but a strategic imperative that demands careful attention and adaptation.

**Understanding the Current Regulatory Landscape**

In the United States, the cybersecurity regulatory framework has evolved to address the growing complexity of cyber threats. This framework consists of a combination of federal laws, agency regulations, and state-specific requirements, each targeting different aspects of cybersecurity and data protection. At the federal level, the National Cybersecurity Strategy outlines a comprehensive approach, emphasizing the redistribution of cybersecurity responsibilities from individuals and small businesses to larger organizations with more resources. 

Several key regulations shape the landscape. The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) mandates that critical infrastructure entities report significant cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of discovery, enhancing the federal government's ability to respond to these threats. The Securities and Exchange Commission (SEC) has implemented rules requiring publicly traded companies to disclose material cybersecurity risks and incidents promptly, ensuring investors receive timely information. The Health Infrastructure Security and Accountability Act (HISAA) proposes mandatory cybersecurity standards for healthcare organizations, focusing on electronic protected health information (e-PHI) and system resilience. State breach notification laws further add complexity, requiring organizations to notify affected individuals and state authorities following a data breach, with varying requirements across states.

**Increasing Cybersecurity Budgets and Strategies**

In response to heightened regulatory demands and sophisticated cyber threats, organizations are significantly increasing their cybersecurity budgets. While awareness of cyber-risks is widespread, many companies still face gaps in implementation and preparedness. The rise of ransomware-as-a-service and other complex attack vectors has prompted businesses to invest in robust cybersecurity infrastructure, including advanced threat detection systems, multifactor authentication, enhanced incident response capabilities, and zero-trust architectures. By integrating cybersecurity as a core business function, organizations can better protect their digital assets and maintain operational resilience.

Furthermore, businesses are recognizing the importance of C-suite collaboration in cybersecurity initiatives. Chief information security officers (CISOs) are increasingly involved in strategic planning and board reporting, ensuring that cybersecurity considerations are integrated into broader business strategies. This alignment is crucial for developing comprehensive cybersecurity strategies that are informed by regulatory requirements and industry best practices.

**Expectations for the Legal Landscape in Cybersecurity**

The legal landscape for cybersecurity is poised for continued evolution, with increasing emphasis on transparency, accountability, and compliance. The Supreme Court's overturning of the Chevron deference in Loper Bright Enterprises v. Raimondo grants courts greater authority to interpret laws, potentially leading to more challenges against agency regulations, including cybersecurity rules. This landmark decision is likely to result in more prescriptive language in federal legislation regarding agency authorities.

This shift underscores the need for businesses to stay informed about legal developments and adapt their compliance strategies accordingly. Organizations must be prepared to navigate a more dynamic regulatory environment, where judicial scrutiny may alter the consistency and scope of regulatory guidance. Legal frameworks will increasingly focus on ensuring that businesses not only comply with existing regulations but also demonstrate proactive measures to mitigate cyber-risks, including adopting best practices for data protection, incident reporting, and risk management.

**Insights From Government and Federal Roles**

In the United States, public-private partnerships play a crucial role in securing the digital ecosystem and enhancing cybersecurity. Timely dissemination of threat intelligence by the government enables organizations to quickly update security protocols and deploy countermeasures, thereby protecting sensitive data and infrastructure from breaches. In the military context, such intelligence is vital for both defensive and offensive operations, ensuring the protection of networks and supporting strategic cyber operations against adversaries.

Intelligence sharing also underpins effective legal and diplomatic responses to cyber threats. It provides law enforcement agencies with the evidence needed to indict cybercriminals, serving as a deterrent to future attacks. By presenting clear evidence of malicious activities, nations can engage in diplomatic negotiations to resolve cyber conflicts. Economic sanctions, informed by shared intelligence, can target entities or individuals involved in cyberattacks, applying economic pressure to curtail state-sponsored cyber behavior.

**Preparing for a Cyber-Secure Future**

To effectively navigate the cybersecurity regulatory landscape, businesses must prioritize cybersecurity as a strategic business function. This involves aligning cybersecurity initiatives with business objectives, understanding regulatory and statutory requirements, and demonstrating the return on investment in cybersecurity measures.

Organizations should leverage industry benchmarks to assess their cybersecurity posture and identify areas for improvement. Moreover, businesses must remain vigilant to the evolving threat landscape and continuously update their cybersecurity strategies to address emerging risks. This includes investing in advanced technologies, conducting regular risk assessments, and fostering a culture of cybersecurity awareness across the organization.

**Conclusion**

The evolving regulatory environment presents both challenges and opportunities for businesses. By investing in robust cybersecurity measures and aligning them with business objectives, ensuring effective incident response plans are in place and regularly exercised, and continuously keeping pace with industry-specific threats, organizations can build a resilient digital future that is prepared to withstand the challenges of an ever-changing cyber landscape.

**About the Author**

Co-Leader, Cybersecurity and Data Privacy Practice Group, Buchanan Ingersoll & Rooney

Michael McLaughlin is the Cybersecurity and Data Privacy Practice Group co-leader at Buchanan, Ingersoll & Rooney, a leading national law firm, where he helps clients navigate the complexities of cybersecurity, data privacy, and the related regulatory landscape. Previously, Michael served in the United States Navy as a Naval Intelligence Officer, and has held multiple postings worldwide, including senior counterintelligence adviser for United States Cyber Command and chief of counterintelligence and human intelligence for the Cyber National Mission Force, where he directed all counterintelligence, human intelligence, and law enforcement operations, investigations, and support to the Department of Defense's global cyberspace operations.

Navigating the Changing Landscape of Cybersecurity Regulations

Proposals from Google and Apple drastically reduce the life cycle of certificates, which should mean more oversight — and hopefully better control.

Source: ArtemisDiana via Alamy Stock Photo

Shortening the life cycle of Transport Layer Security (TLS) certificates can significantly reduce the vulnerability of websites and hardware devices that require these certificates. TLS certificates are exchanged between Web server and Web client (or server to server) to establish a secure connection and safeguard sensitive data. The majority of today's digital certificates have a time-to-live of 398 days — that's a 365-day certificate with a 33-day grace period, equaling 398 actual days before the certificate expires. If the proposals from Google and Apple are approved, however, that life cycle could drop to 100 days (90 days plus a grace period) or even 47 days (30 days plus a grace period).

It is not unusual to find certificates as short as 10 days or less in DevOps environments, says Jason Soroko, a senior fellow and CTO at Sectigo. Shorter lives are set because the number of days a certificate is live increases the possibility that data will be lost if the certificate is compromised. An expired certificate can lead to denying a browser connection, effectively interrupting the breach and stopping data exfiltration.

**Automated Updates Make Change Easier**

Despite the marked change in how often digital certificates will renew, not much will change operationally for organizations that currently rely on security information and event management (SIEM); security orchestration, automation, and response (SOAR); or some other method for automating the renewal of such certificates, a common setup. In fact, Soroko says, certificate life cycle management (CLM) logs feed into the organization's SIEM and SOAR systems to ensure that the certificates are updated before they expire, which creates business continuity.

Many small to midsize businesses (SMBs) that employ a service provider to manage their networks and network security might already be getting automated certificate updates through CLM services. Organizations using managed service providers or managed security service providers should ask them whether such updates are in place. CLM manages contracts from initiation through renewal. Using CLM software to automate processes can help limit organizational liability and improve compliance with legal requirements.

The only groups that could be significantly affected operationally are those that still manually update certificates. Each time a certificate needs manual updating, errors could be introduced, Soroko says. Instead of the annual updates done today, a 30-day certificate (plus its proposed 17-day grace period) would require 12 updates annually, a multiplier of 12 in introducing errors and increasing risk.

"For smaller companies that don't have unlimited resources to manage their infrastructure, it's going to be quite a wake-up call," says Arvid Vermote, GlobalSign's worldwide CIO and CISO, a Brussels-based certificate and identification authority. "In the past, \[certificate authorities\] have been advocating automation. They have been providing the tools. But why change if it's not needed?"

As the certificates' time to live gradually shrinks, companies doing a manual process will soon realize that automation is not only a quicker way but also a more reliable way to renew certificates.

Updating certificates manually is not easy, Soroko notes.

"It's a very technical task, and it's not difficult to fat-finger it and make an error that takes a website down," he says, adding that most larger enterprises could not afford to have downtime on their Web assets, so they started to deploy CLM rather than manual updates years ago.

Regardless of the size of the company, Soroko says, the organization should automate updates. The technology is "ideally suited for everyone, and not just handing you a cert, but handing you visibility, automation, and discovery of \[digital\] certificates you don't even know you have," he says.

**CLM Casts Light on Shadow IT**

The frequent rotation of certificates means the CLM system will be scanning your environment often for certificates to update — possibly even finding digital certificates the IT department did not have on record, Soroko adds. This happens sometimes when enterprise department heads with signing authority to purchase services acquire software-as-a-service applications and Web services to address operational needs but do not report these services to the IT team.

With rogue applications running on virtual machines, Web servers, load balancers, and other hardware, it can be difficult to identify all elements of shadow IT. However, having the CLM systems constantly monitoring certificates can help identify new hardware, virtual servers, and cloud instances requiring digital certificates that might have been overlooked in the past. A certificate on an unknown device or virtual machine might be identified as an unauthorized connection or breach in progress.

The change in certificate life cycles likely will affect SMBs the most, Vermote says. In fact, this could be a good time for the CISO to go to the board and request funding for automation if they do not already have it.

"\[The\] CISO only gets money from the board if there is an incident," Vermote notes. "CIOs only get money from the board when systems are unavailable. In this case, it's both, because if the board doesn't give them the funding to properly automate and inventories of certificates expire, websites \[and\] legitimate services provided to customers, internal or external, will become unavailable."

Justin Lam, an analyst with 451 Research, says enterprises need to look at digital certificates from a proactive risk management perspective rather than a reactive compliance perspective. While certificates with a longer life always could be revoked in the case of a breach or incident, shorter life cycles mean there is more oversight — and hopefully better control — of certificates that IT might not have been made aware of.

"Many security professionals do not actually own the environments where these things are protected," Lam says.

And while managing all of the tools for cloud security posture management, zero trust, cloud-native application protection, and other security tools falls under the auspices of the CISO, many CISOs do not know when cloud sessions that require digital certificates are spun up. They have the responsibility to defend their networks but not necessarily the visibility into those networks — or the funding to protect everything.

**About the Author**

Contributing Writer

Stephen Lawton is a veteran journalist and cybersecurity subject matter expert who has been covering cybersecurity and business continuity for more than 30 years. He was named a Global Top 25 Data Expert for 2023 and a Global Top 20 Cybersecurity Expert for 2022. Stephen spent more than a decade with SC Magazine/SC Media/CyberRisk Alliance, where he served as editorial director of the content lab. Earlier he was chief editor for several national and regional award-winning publications, including MicroTimes and Digital News & Review. Stephen is the founder and senior consultant of the media and technology firm AFAB Consulting LLC. You can reach him at \[email protected\].

Digital Certificates With Shorter Lifespans Reduce Security Vulnerabilities

BCID mitigates the risk of consumers being harmed by fraud and bad actors by vetting to deliver a trusted, branded call experience for consumers.

Source: Andrey Suslov via Alamy Stock Photo

NEWS BRIEF

In an effort to convince consumers that it's safe to answer their phones, root of trust provider SecureG has partnered with CTIA, a trade association that represents the wireless communications industry, on an initiative intended to deliver a secure branded call experience for businesses.

Branded Calling ID (BCID) is an industry-led, standards-based Rich Call Data project to create a secure, interoperable ecosystem in which businesses can embed information like their logos and reason for calling when they reach out to consumers by phone. BCID digital signatures are secured by SecureG's public key infrastructure (PKI) solutions. 

"No one wants to answer their phone because of all the spam and scams, and it is only getting worse now that AI-generated voices can impersonate people and businesses," said Todd Warble, CTO of SecureG, in a statement. BCID has a secure-by-design foundation that enables consumers to trust the authenticity of the brands and intentions of the caller, Warble said.

To secure the caller's brand identity, SecureG provides high-assurance operations of the CTIA Secure Telephone Identity Certification Authority (CTIA STI-CA), Intermediate Certification Authority, and the Certificate Repository. The SecureG trust anchors, secured in hardened concrete bunkers, give BDIC the ability to authenticate participants to sign calls. The BCID system is designed to work across networks and mobile phones, and enterprise customers pay only for branded calls that are confirmed delivered. 

BCID allows businesses to brand their calls while preventing scammers and spammers from gaining access to NCID signing certificate. BCID is designed to work seamlessly across networks and mobile phones, so enterprise businesses can deliver trusted, branded calls to their consumers.

The initiative is aimed at reducing the risk of fraud and spam calls from bad actors who impersonate real businesses. A recent survey found that three-quarters of respondents would answer a call if the caller was authenticated by a name, logo, or reason for the call, the company said in a statement. BCID mitigates the risk of consumers being harmed by fraud and bad actors by vetting to deliver a trusted, branded call experience for consumers.

**About the Author**

Contributing Writer

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master's degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.

SecureG, CTIA Project Secures Business Phone Calls

Organizations that rely on their content delivery network provider for Web application firewall services may be inadvertently leaving themselves open to attack.

Source: ArtemisDiana via Shutterstock

Many organizations using Web application firewall (WAF) services from content delivery network (CDN) providers may be inadvertently leaving their back-end servers open to direct attacks over the Internet because of a common configuration error.

The problem is so pervasive that it affects nearly 40% of Fortune 100 companies leveraging their CDN providers for WAF services, according to researchers at Zafran who studied the cause and scope of the problem recently. Among the organizations that the researchers found susceptible to attacks included recognizable brands, including Chase, Visa, Intel, Berkshire Hathaway, and UnitedHealth.

**Pervasive Issue**

WAFs act as intermediaries between users and Web applications. They inspect traffic for a range of threats and block or filter anything deemed suspicious or matching known patterns of malicious activity. Many organizations have deployed WAFs in recent years to protect Web applications against vulnerabilities they haven't had time to patch.

Organizations have multiple options for deploying WAFs, including on-premises in the form of physical or virtual appliances. There are also cloud- and host-based WAFs.

In total, Zafran found some 2,028 domains belonging to 135 companies among the Fortune 1000 that contain at least one supposedly WAF-protected server that an attacker could directly access over the Internet to launch denial-of-service (DoS) attacks, distribute ransomware, and execute other malicious activities.

"The responsibility \[for\] the misconfiguration lies primarily \[with\] the customers of CDN/WAF providers," says Ben Seri, chief technology officer of Zafran. But CDN providers who offer WAF services share some responsibility as well for failing to offer customers proper risk avoidance measures and for not building their networks and services to circumvent misconfigurations in the first place, he says. 

The problem, as Seri explains it, has to do with organizations not adequately validating Web requests to back-end origin servers that host the actual content, applications, or data that users are trying to access.

**A Failure to Follow Best Practices**

With a CDN-integrated WAF service, the CDN provider — like a Cloudflare or an Akamai — provides the WAF as part of its edge infrastructure. All incoming traffic to an organization's Web applications is routed through the CDN's WAF — a reverse proxy server within the vendor's edge network. The reverse proxy identifies which back-end server or resource a particular Web request is intended for and then routes it there in an encrypted fashion. "This means that when a CDN service is used as a WAF, the web application it protects is open to Internet traffic and is expected to validate that it responds only to web traffic that originates from and by the CDN service," according to the Zafran blog post.

If the customer is using best practices, the IP address of the back-end server is something that only the customer and CDN provider would know. CDN providers also recommend that organizations add IP filtering mechanisms to ensure that only requests from the CDN provider's IP address range are permitted access to back-end servers. Other recommendations include using pre-shared digital secrets known only to the CDN provider and the back-end server as a validation mechanism, and using what is known as mutual TLS authentication to validate both the origin server and the CDN provider's proxy server.

These measures are effective in protecting back-end servers when implemented correctly. But what Zafran discovered was that many organizations have not adopted any of these recommended validation precautions, thereby leaving back-end servers directly accessible over the Internet. "It is a lack of validation in Web applications that are designed to be protected by a CDN/WAF that leaves them open to all Internet traffic," Seri says. "It is like having a private S3 bucket left open to the Internet as a public bucket. Only in this case, it is protected Web applications that are left open to the Internet, instead of allowing only inbound traffic from the CDN provider."

**Easy to Find**

Exacerbating the situation is the fact that the IP addresses of enterprise origin services are not as private as many assume, Zafran's researchers found. The security vendor pointed to certificate transparency (CT) logs as one example of a relatively easy place for attackers and researchers to discover all domains belonging to a specific organization. CT logs provide a publicly accessible record of all SSL/TLS certificates that certificate authorities issue to website operators and are meant to improve trust and accountability around certificate issuance. Unfortunately, they also provide a starting point for attackers to gather detailed information on all the domains and subdomains belonging to an organization, including those associated with critical back-end servers and services.

"The issue was discovered to be extremely widespread," Seri says. "From a random sample of Internet servers that were designed to be protected by Cloudflare, 13% were found to suffer from this misconfiguration. This means that, potentially, 13% of all domains protected by Cloudflare can be directly attacked." Unfortunately, CDN/WAF providers require the cooperation of their customers, who control their own load balancers and Web applications, to mitigate this threat, he adds. Zafran is contacting affected companies as well as impacted CDN/WAF providers to help them quickly identify the full extent of this misconfiguration and address it, Seri says.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Misconfigured WAFs Heighten DoS, Breach Risks

PRESS RELEASE

NEW YORK, Dec. 3, 2024 /PRNewswire/ -- BigID, a data security, privacy, compliance, and AI data management company, today announced the launch of Data Activity Monitoring. BigID empowers organizations to proactively identify risks, respond faster to potential threats, and help strengthen regulatory compliance. BigID's Data Activity Monitoring helps organizations manage the risk of data breaches and strengthens their overall security posture by alerting on potential insider risk, unauthorized access, and data misuse.

Unlike traditional Data Detection & Response (DDR) tools that are limited to sensitive data discovery and policy violations, BigID's Data Activity Monitoring goes further by tracking data access activity. With insights into who is accessing data, when, how, and what they're doing with it, Data Activity Monitoring enhances the contextual intelligence needed for comprehensive data security and proactive breach prevention.

Key Benefits of BigID's Data Activity Monitoring:

*   Enhanced Security Decision-Making: Get contextual, data-driven insights for more accurate decisions on access control, retention, and remediation.
    
*   Proactive Risk & Access Management: Monitor activity around sensitive data to identify unnecessary permissions, over-permissioned users, and potential insider threats before breaches occur.
    
*   Streamlined Compliance & Auditing: Generate detailed audit trails that help meet regulatory requirements, simplifying compliance and enhancing data governance.
    
*   Efficient Security Investigations: Gather contextual insights into data access patterns, enabling faster investigations and accurate remediation.
    
*   Improved Data Ownership Accountability: Track user interactions with data to clarify ownership and facilitate efficient delegation of security tasks.
    

"With Data Activity Monitoring, we're redefining the level of control and visibility organizations have over their data," said Dimitri Sirota, CEO of BigID. "Our customers need to be able to not only have visibility into their sensitive data but also understand how it's accessed and used, and enact controls around it. BigID's Data Activity Monitoring goes beyond detection, providing near real-time insights necessary to help prevent data breaches, support compliance, and empower security teams to make informed decisions."

To learn more: 

About BigID

BigID empowers organizations to know their enterprise data and take action for data-centric security, privacy, compliance, AI innovation, and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape.

BigID has earned numerous accolades, including being highlighted as CRN's top 100 security companies two years in a row in 2024 and 2023, a finalist in CRN's 2024 Tech Innovator Awards, recognized as the most innovative security company of the year for its AI data security in the 2024 Globee Awards, and named as a "Market Leader Data Security Posture Management (DSPM)" in the 2023 Global InfoSec Awards. Additionally, BigID's impressive growth earned it a spot on the 2024 Deloitte 500 for the fourth consecutive year, one of CNBC's Top 25 Startups for the Enterprise, named to the Forbes Cloud 100, and recognized on the 2024 Inc. 5000 for the fourth consecutive year.

You May Also Like

BigID Releases Data Activity Monitoring to Extend DDR, Detect Malicious Actors, and Strengthen Data Security Posture

PRESS RELEASE

TAMPA BAY, Fla., Dec. 3, 2024 /PRNewswire/ -- KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today released its Q3 2024 Phishing Report. This quarter's findings reveal the most frequently clicked email subjects in simulated phishing tests, demonstrating the continued efficacy of HR and IT-related phishing attempts.

KnowBe4's Q3 2024 Phishing Report reveals that HR and IT-related phishing emails claim a significant 48.6% share of top-clicked phishing types globally. Despite evolving techniques by bad actors, phishing emails remain among the most prevalent tools for executing cyberattacks. KnowBe4's 2024 Phishing by Industry Benchmarking Report reveals that about one in three users is susceptible to interacting with malicious links or fraudulent requests. Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into clicking malicious links or opening harmful attachments.

The report spotlights the ongoing threat posed by email-embedded phishing links, which continue to be the top attack vector of choice. These malicious links, PDF attachments and spoofed domains, when interacted with, often result in disastrous cyberattacks, including ransomware attacks and business email compromise. The report also reveals a surge in phishing campaigns leveraging QR codes. Popular QR code phishing subjects include HR reminders for policy reviews, DocuSign emails to sign an urgent document, and Zoom meeting invitations. These messages, often masquerading as communication from HR, colleagues or external vendors, pose substantial risks as they can easily be replicated by malicious actors.

"Our latest phishing report underscores the evolving sophistication of phishing tactics, with cybercriminals increasingly exploiting the trust employees place in internal communications," said Stu Sjouwerman, CEO of KnowBe4. "The prevalence of HR and IT-themed phishing attempts, coupled with emerging techniques like QR code integration, presents a complex threat landscape. These tactics are particularly deceptive as they leverage the perceived legitimacy of trusted sources, often prompting hasty actions before verification. In this rapidly changing environment, a well-trained workforce and a robust security culture are not just beneficial—they are essential. By prioritizing human risk management, organizations can effectively build a formidable defense against avoidable cyberthreats."

To download a copy of the Q3 2024 KnowBe4 Phishing Report infographic, visit here.

About KnowBe4 

KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven 'best-of-suite' platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization's biggest asset.

You May Also Like

KnowBe4 Releases the Latest Phishing Trends in Q3 2024 Phishing Report

A change in ownership and what it means for our readers.

Source: Informa TechTarget

Dear Reader,

Today, Informa Tech, the company behind Dark Reading, is combining with TechTarget's technology websites and Industry Dive's award-winning industry publications to create a new company: Informa TechTarget.

Our editorial footprint is greatly expanding. The combined Informa TechTarget newsroom features many of the most trusted publications in B2B media, over 300 world-class business journalists, and in-depth coverage across 30+ technology segments and 45+ industry verticals. In 2025 alone, we expect to produce over 60,000 stories that provide essential information for our readers across many markets. 

For more information, you can read the company's press release and check out our combined portfolio of publications.

Our commitment to you remains the same here at Dark Reading. Our group of highly experienced cybersecurity journalists will continue to independently report on the most notable developments, innovations, and disruptions in our industry. Whether navigating new technologies, cyber threats and vulnerabilities, regulations, or market dynamics, you need insight you can trust to make smart decisions and navigate the evolving cybersecurity business landscape. Readers who come to Dark Reading can expect reliable industry information they can't get anywhere else. 

Thank you for reading — and stay tuned for more vital coverage and resources as we continue to grow.

Kelly Jackson Higgins

Editor-in-Chief, Dark Reading

**About the Author**

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Note From the Editor-in-Chief

Cisco encourages users to update to an unaffected version of its Adaptive Security Appliance (ASA) software since there are no workarounds for the 2014 vulnerability.

Source: Kristoffer Tripplaar via Alamy Stock Photo

NEWS BRIEF

Cisco is warning customers of a security vulnerability impacting its Adaptive Security Appliance (ASA) that is actively being exploited by threat actors.

The bug, tracked as CVE-2014-2120 and a decade old, involves insufficient input validation in ASA's WebVPN login page, through which an unauthenticated remote attacker could enact a cross-site scripting (XSS) attack.

In 2014, Cisco noted that "the vulnerability is due to insufficient input validation of a parameter," adding that an attacker could exploit the vulnerability by convincing the user to click on a malicious link.

Cisco now reports it became aware of in-the-wild exploitation attempts in November 2024 and recommends that customers upgrade to a fixed software release to mitigate the vulnerability. There are no workarounds for this flaw.

"Exploiting decade-old vulnerabilities like the ASA WebVPN bug underscores a persistent challenge in cybersecurity, that legacy vulnerabilities often remain unaddressed due to the sheer volume of security issues organizations face today," Meny Har, CEO and co-founder of Opus Security, said in an emailed statement to Dark Reading. "Without effective prioritization frameworks, critical vulnerabilities can slip through the cracks."

Source

DARKReading