A vulnerability was identified in a PHP script where an off-by-one error in array access could lead to undefined behavior and potential DoS. The issue arises in a loop that iterates over an array using a < condition, allowing access to an out-of-bounds index. This can trigger errors or unexpected behavior when processing data, potentially crashing the application. Successful exploitation of this vulnerability can lead to a crash or disruption of service, especially if the script handles large data sets. This issue can be triggered via the rowCount POST parameter in the Electronic Security Control device update script.

Title: ABB Cylon Aspect 3.08.02 (escDevicesUpdate.php) Off-by-One Config Write DoS  
Advisory ID: ZSL-2025-5902  
Type: Local/Remote  
Impact: Security Bypass, Manipulation of Data, DoS, Exposure of System Information  
Risk: (5/5)  
Release Date: 09.01.2025

**Summary**

ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices.

**Description**

A vulnerability was identified in a PHP script where an off-by-one error in array access could lead to undefined behavior and potential DoS. The issue arises in a loop that iterates over an array using a < condition, allowing access to an out-of-bounds index. This can trigger errors or unexpected behavior when processing data, potentially crashing the application. Successful exploitation of this vulnerability can lead to a crash or disruption of service, especially if the script handles large data sets. This issue can be triggered via the rowCount POST parameter in the Electronic Security Control device update script.

**Vendor**

ABB Ltd. - https://www.global.abb

**Affected Version**

NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
Firmware: <=3.08.02

**Tested On**

GNU/Linux 3.15.10 (armv7l)  
GNU/Linux 3.10.0 (x86\_64)  
GNU/Linux 2.6.32 (x86\_64)  
Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
PHP/7.3.11  
PHP/5.6.30  
PHP/5.4.16  
PHP/4.4.8  
PHP/5.3.3  
AspectFT Automation Application Server  
lighttpd/1.4.32  
lighttpd/1.4.18  
Apache/2.2.15 (CentOS)  
OpenJDK Runtime Environment (rhel-2.6.22.1.-x86\_64)  
OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)  
ErgoTech MIX Deployment Server 2.0.0

**Vendor Status**

\[21.04.2024\] Vulnerability discovered.  
\[22.04.2024\] Vendor contacted.  
\[22.04.2024\] Vendor responds.  
\[02.05.2024\] Working with the vendor.  
\[03.12.2024\] Vendor releases version 3.08.03 to address this issue.  
\[09.01.2025\] Coordinated public security advisory released.

**PoC**

abb\_aspect\_obo2.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

\[1\] https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497&LanguageCode=en&DocumentPartId=&Action=Launch  
\[2\] https://www.cve.org/CVERecord?id=CVE-2024-48844  
\[3\] https://www.cisa.gov/news-events/ics-advisories/icsa-25-007-01  
\[4\] https://exchange.xforce.ibmcloud.com/vulnerabilities/390818  
\[5\] https://packetstorm.news/files/id/183447/

**Changelog**

\[09.01.2025\] - Initial release  
\[10.01.2025\] - Added reference \[4\] and \[5\]

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

ABB Cylon Aspect 3.08.02 (escDevicesUpdate.php) Off-by-One Config Write DoS

Organizations in the region should expect to see threat actors accelerate their use of AI tools and mount ongoing "harvest now, decrypt later" attacks for various malicious use cases.

Source: Tero Vesalainen via Shutterstock

If incidents this year are any indication, deepfakes and “harvest now, decrypt later” attacks spurred by the growing adoption of quantum computing projects are among the many concerns that organizations in the Asia-Pacific (APAC) region will need to deal with in 2025.

Over the past year, cybercriminals operating in the APAC region have increasingly leveraged AI to launch sophisticated campaigns — such as AI-generated phishing emails, adaptive malware, and deepfakes. The attacks have undermined trust in critical communications and exacerbated social tensions, says Clement Lee, security architect and evangelist at Check Point Software Technologies, Asia Pacific.

**An Increase in Deepfakes & Quantum Computing-Related Cyberattacks**

"This was starkly demonstrated during recent elections seen across APAC: in India where deepfakes fueled widespread disinformation; in Indonesia, where a doctored deepfake video aimed to stir anti-China sentiment; and in Hong Kong, a finance worker who was duped into sending $25 million by a deepfake impersonation of company executives," Lee says. As these tactics start extending from political spheres into the corporate realm, businesses must adopt AI-driven security defenses to counter them, Lee notes.

Simon Green, president of Asia, Pacific, and Japan at Palo Alto Networks, described the APAC region as being on the cusp of a "perfect storm of AI-driven cyber threats" heading into 2025. Attacks featuring deepfake audio and video will likely be the most visible manifestations of the trend, he noted.

Related:Middle East Cyberwar Rages On, With No End in Sight

"We can expect deepfakes to be used alone or as part of a larger attack much more often in 2025," Green said. The use of audio deepfakes in particular is likely to increase over the next 12 month, as technology for highly credible voice cloning becomes more easily accessible.

**AI-Focused Cybersecurity Preparations**

Expect also to see more organizations in the APAC region looking for ways to better protect their data as they implement AI-enabled projects.

"Our customers are asking how they can get more value out of their data, while maintaining robust security, especially as they look to benefit from GenAI products like Microsoft Copilot," adds Max McNamara, vice president and managing director Australia and New Zealand at AvePoint.

"This starts with having secure, accessible data, ensuring you can scale with solutions that don't compromise your security posture, and rigorously adhering to increasingly complex regulatory standards," he says. APAC organizations will increasingly be looking to ensure their data is not just accessible, but also fundamentally secure within their borders, he notes.

Related:'Dubai Police' Lures Anchor Wave of UAE Mobile Attacks

"Our customers are asking how they can get more value out of their data, while maintaining robust security, especially as they look to benefit from GenAI products like Microsoft Copilot," McNamara says, adding that this starts with having secure, accessible data, ensuring you can scale with solutions that don't compromise your security posture, and rigorously adhering to increasingly complex regulatory standards.

**Quantum Projects Will Drive Increase in Harvest Now, Decrypt Later Attacks**

The growing number of quantum computing projects in the APAC region is likely going to fuel an increase in "harvest now, decrypt later" attacks as well. Such attacks involve adversaries collecting and storing currently encrypted data with the intention of decrypting it in the future, when quantum computers become powerful enough to break today's encryption standards. The attacks pose a significant threat to sensitive information that needs to remain secure for extended periods of time.

According to Fortune Business Insights, Asia Pacific is the fastest growing quantum computing market in the world, with multiple companies including IBM, Microsoft, Google, Alibaba, Baidu, JSR, and D-Wave systems currently involved in large regional quantum software and hardware projects. One example is a new quantum computing cloud platform that Alibaba has deployed in collaboration with the Chinese Academy of Sciences. Some quantum projects in the APAC region are happening at a national level, such as India's US-funded National Mission on Quantum Technologies & Applications, and Singapore's Quantum Engineering Programs.

Related:Governments, Telcos Ward Off China's Hacking Typhoons

"The advent of quantum computing threatens to render current encryption standards obsolete, risking exposure of sensitive data and compromising critical infrastructure," Lee says. "Quantum-resistant cryptography will gain traction as organizations prepare for future decryption threats."

Organizations in the APAC region should expect increased interest in harvest now, decrypt later attacks from a wide range of adversaries, including nation-state-backed threat actors, according to Palo Alto Networks' Green. The attacks will pose a threat to governments and businesses, civilian and military communications, critical infrastructure, and organizations developing quantum projects, Green said. Organizations concerned about the trend should develop a quantum resistant road map that includes deployment of quantum resistant tunnelling, stronger crypto libraries and quantum key distribution, according to Palo Alto Networks.

Richard Sorosina, chief technology security officer and vice president of solution architecture at Qualys' EMEA & APAC operations, believes that the fast-evolving and increasingly sophisticated nature of the APAC threat landscape will likely accelerate ongoing consolidation of security capabilities at many organizations in the region. He expects organizations will increasingly move toward a unified security platform approach that will provide both a centralized view of risk across the organization and mechanisms to remediate that risk when found. Many of these efforts will be "driven by a need to reduce complexity, increase operational efficiency, enhance detection and response capabilities, and reduce overall cost," Sorosina says.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Deepfakes, Quantum Attacks Loom Over APAC in 2025

An overview of incidents and news surrounding Artificial Intelligence in 2024.

A popular saying is: “To err is human, but to really foul things up you need a computer.”

Even though the saying is older than you might think, it did not come about earlier than the concept of artificial intelligence (AI).

And as long as we have been waiting for AI technology to become commonplace, if AI has taught us one thing this year, then it’s that when humans and AI cooperate, amazing things can happen. But amazing is not always positive.

There have been some incidents in the past year that have made many people even more afraid of AI than they already were.

We started off 2024 with a warning from the British National Cyber Security Centre (NCSC) telling us it expects AI to heighten the global ransomware threat.

A lot of AI related stories this year dealt with social media and other public sources that were scraped to train an AI model.

For example, X was accused of unlawfully using the personal data of 60 million+ users to train its AI called Grok. Underlining that fear, we saw a hoax go viral on Instagram Stories that told people they could stop Meta from harvesting content by copying and pasting some text.

Facebook had to admit that it scrapes the public photos, posts and other data from the accounts of Australian adult users to train its AI models, which no doubt contributed to Australia’s ban on social media for children under the age of 16.

As with many developing technologies, sometimes the race to stay ahead is more important than security. This was best demonstrated when an AI companion site called Muah.ai got breached and details of all its users’ fantasies were stolen. The hacker described the platform as “a handful of open-source projects duct-taped together.”

We also saw an AI supply-chain breach when a chatbot provider exposed 346,000 customer files, including ID documents, resumes, and medical records.

And if the accidents didn’t scare people off, there were also some outright scams targeting people that were eager to use some of the popular applications of AI. A free AI editor lured victims into installing an information stealer which came in both Windows and MacOS flavors.

We saw further refinement of an ongoing type of AI-supported scam known as deepfakes. Deepfakes are AI-generated realistic media, created with the aim of tricking people into thinking the content of the video or image actually happened. Deepfakes can be used in scams and in disinformation campaigns.

A deepfake of Elon Musk was named the internet’s biggest scammer as it tricked an 82-year-old into paying $690,000 through a series of transactions. And AI-generated deepfakes of celebrities, including Taylor Swift, led to calls for laws to make the creation of such images illegal.

Video aside, we reported on scammers using AI to fake the voices of loved ones to tell them they’ve been in an accident. Reportedly, with the advancements in technology, only one or two minutes of audio—perhaps taken from social media or other online sources—are needed to generate a convincing deepfake recording.

Voice recognition doesn’t always work the other way around though. Some AI models have trouble understanding spoken words. McDonalds ended its AI drive through order taker experiment with IBM after too many incidents, including customers getting 260 Chicken McNuggets or bacon added to their ice cream.

To sign off on a positive note, a mobile network operator is using AI in the battle against phone scammers. AI Granny Daisy uses several AI models that work together listening to what scammers have to say, and then responding in a lifelike manner to give the scammers the idea they are working on an “easy” target. Playing on the scammers’ biases about older people, Daisy usually acts as a chatty granny while at the same time wasting the scammers’ time that they can’t use to work on real victims.

What do you think? Do the negatives outweigh the positives when it comes to AI, or is it the other way round? Let us know in the comments section.

 2024 in AI: It&#8217;s changed the world, but it’s not all good 

Working closely with CISOs, chief financial officers can become key players in protecting their organizations' critical assets and ensuring long-term financial stability.

Shai Gabay, Co-Founder & CEO, Trustmi

December 18, 2024

4 Min Read

Source: Dzmitry Skazau via Alamy Stock Photo

COMMENTARY

Cybersecurity has spurred many changes in the past five years, from the technology and tools needed to protect an organization from cyberattackers to the skill sets required by IT professionals. The consistent and ongoing ripple effect has also influenced organizational roles and responsibilities. Arguably, one of the most dramatic shifts has been the role of the chief financial officer (CFO).

Today's CFOs must be collaborative leaders, willing to embrace an expanding role that includes protecting critical assets and securing the bottom line. To do this, CFOs must work closely with chief information security officers (CISOs), due to the sophistication and financial impact of cyberattacks. Financial professionals understand data flows and financial processes, while security professionals know the latest cyber threats and best practices to combat those threats. Combining this expertise results in more informed technical investments, faster detection of anomalies, and stronger overall cybersecurity measures.

This enhanced approach is critical as we see payments and unsuspecting financial professionals increasingly become the targets of cyberattacks. Both are prime targets because of the volume of money and transactions they process, often manually leaving organizations even more vulnerable to phishing schemes that can go undetected for months. Collaboration between finance and security departments is crucial to threat detection, maintaining compliance, addressing third-party risks, and providing companywide cybersecurity education and training.

**The Impact of a Security Breach**

The increasing financial impact of a cyberattack alone mandates CFO involvement in cybersecurity matters. According to IBM's "Cost of a Data Breach Report 2024," the global average cost of a data breach reached $4.88 million in 2024, a 10% increase over last year. This substantial financial risk underscores why CFOs must now consider cybersecurity a primary concern for an organization's economic health.

CFOs are uniquely positioned to understand the potential financial devastation from cyber incidents. The costs associated with a breach extend beyond immediate financial losses, encompassing longer-term repercussions, such as reputational damage, legal liabilities, and regulatory fines. CFOs must measure and consider these potential financial impacts when participating in incident response planning.

**Compliance Requires Protection**

The regulatory landscape for CFOs has evolved significantly beyond Sarbanes-Oxley. The Securities and Exchange Commission's (SEC's) rules on cybersecurity risk management, strategy, governance, and incident disclosure have become a primary concern for CFOs and reflect the growing recognition of cybersecurity as a critical financial and operational risk.

The SEC's cybersecurity rules require public companies to disclose material cybersecurity incidents within four business days and provide periodic updates on their cybersecurity risk management, strategy, and governance. This places significant responsibilities on CFOs, who must ensure timely disclosure of cyber incidents and help to develop and implement risk management strategies. As a result, CFOs must work closely with CISOs, board members, and executives to establish effective cybersecurity governance and provide detailed reporting on the company's cybersecurity posture and incident response capabilities.

CFOs must also navigate other cybersecurity regulations, such as the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA), and similar state-level regulations, and adhere to industry-specific regulations like the Health Insurance Portability and Accountability Act (HIPAA). These regulations carry significant financial penalties for noncompliance, further emphasizing the critical role CFOs play in managing cyber-risks. As a result, CFOs must now be well-versed in cybersecurity best practices, incident response protocols, and the evolving regulatory landscape to protect their organizations' financial interests and maintain compliance effectively.

**Collaboration and Allocation**

Adding to the complexity, the CFO is now a cross-functional collaborator who must work closely with IT, legal, and other departments to prioritize cyber initiatives and investments. They must also work with the CISO and chief information officer (CIO) to educate the CEO and the board on cybersecurity matters and communicate broadly, at times, with employees, customers, partners, and investors.

CFOs needs to consider the corporate strategy and broader business decisions as they help determine the company's approach and investment in cybersecurity tools and technologies. This level of decision-making requires CFOs to understand the cyber landscape, threats and trends, and viable investment strategies. This expanded role requires CFOs to help their organizations build resilience against cyber threats while ensuring that security measures are cost-effective and aligned with overall business strategy.

**How CFOs Can Succeed**

Working closely with CISOs, CFOs can become key players in protecting their organizations' critical assets and ensuring long-term financial stability. To succeed in this new landscape, CFOs must foster strong partnerships with CIOs and CISOs, develop a deep understanding of cybersecurity risks and technologies, and integrate cybersecurity considerations into all aspects of financial planning and risk management. Doing so can help organizations build resilience against cyber threats while supporting broader business objectives and growth strategies.

**About the Author**

Co-Founder & CEO, Trustmi

Shai Gabay is the co-founder and CEO of Trustmi, a leading end-to-end payment security platform founded in Israel in 2021. Before Trustmi, he was General Manager at Opera and Vice President of Product and Services at Cynet. He also served as the CIO at Cyberbit and the CISO at Discount Bank, among other roles in cybersecurity and risk management. Shai holds a bachelor’s degree in software engineering from Shenkar College and a master’s in business administration and management from Tel Aviv University. Additionally, Shai was selected for the prestigious full scholarship executive excellence program at the Hoffman Kofman Foundation, a program tailored to outstanding alumni of the Israeli Defense Force's Elite Units. Through this program, he studied with prominent co-founders and leaders at renowned global tech companies and professors at elite universities.

The Importance of Empowering CFOs Against Cyber Threats

Getting inside the mind of a threat actor can help security pros understand how they operate and what they're looking for — in essence, what makes a soft target.

Ben Barrontine, Vice President of Executive Services & Partnerships, 360 Privacy

December 17, 2024

4 Min Read

Source: Igor Stevanovic via Alamy Stock Photo

COMMENTARY

What are cybercriminals thinking? Inside the mind of a threat actor, the devil is in the details. Cybersecurity is composed of so many details that it's easy to miss some of them. For instance, even if you have all other employees protected, just one person not using two-factor authentication could put them all at risk.

Back in the day, a 99% success rate for security solutions was considered good. But the problem is that there's still a 1% chance of an attack getting through. To defeat that 1% chance, you must have layers of security. If you've got 10 layers of 99% success, you stack the odds in your favor that you will catch just about every security threat.

Defenses are getting more advanced, so threat actors will always search for the point of least resistance. In our day and age, that point is the human element. According to IBM, 41% of all cybersecurity incidents start with phishing as the initial attack vector. Fortunately, though, it's not all doom and gloom. By understanding the enemy, you can better prepare your organization against cyberattacks.

**The State of Security: Understanding Where Threat Actors Look**

Many threat actors are returning to the basics of social engineering by using information they get from data brokers. They're using basic phishing tactics to hook a target, because it avoids the automated cybersecurity tools and directly engages the individual human.

Cybercriminals rarely commit direct attacks against the designated target person. They typically find someone in the target's support system: an executive assistant, a spouse, kids, or the live-in grandmother. Whoever is the softest target in that support system will be the one who clicks a link. It doesn't matter if they have the latest, greatest security software update. Think of the Trojan horse story: A walled city's defenses were no match for a clever scheme that went right past all those defenses. In fact, the defenders opened the gates wide and unwittingly let the threat in.

**Train the Company's Cyber-Spidey Senses**

You have to develop a certain level of "Spidey sense" in employees, and it can be as simple as realizing that they need a second opinion before clicking a link. They don't have to be subject matter experts; they just have to know enough to recognize when they should ask someone else. After all, the Verizon "2024 Data Breach Investigations Report" notes that more than two-thirds (68%) of breaches analyzed included a nonmalicious human element, which involves insider errors or falling for social engineering schemes.

Part of developing this sense is looking for red flags in emails. While this may be getting harder with AI, there are still some obvious signs. Misspellings, odd phrasing, strange fonts, or out-of-character requests are all good indicators that something is amiss. For example, you would never get an email from your mom saying, "Hello, I need you to buy me gift cards." In addition, train employees to hover over the sender's name to see the email address. If the subject line says "Comcast," but the email address ends in "gmail.com," they can bet the email is a scam.

If a bad actor can access someone's packets by Wi-Fi sniffing or other means, the actor doesn't have to follow the person — they can just build out an electronic pattern of life and figure out where the target is going. That jeopardizes physical and digital safety. So, employees need to know not to connect to free Wi-Fi without a VPN and to turn Wi-Fi off when not using it.

People sometimes have the mistaken notion that they aren't targets for bad actors because they aren't famous and don't have a high net worth. But that's simply not the case today. Anyone with any online presence is a potential target to attackers. That means everyone needs to know their cyber hygiene.

Basic cyber hygiene is essential and easy. Steps to train employees on include:

*   Be more stringent about the info they share online
    
*   Review and adjust privacy settings
    
*   Use strong and unique passwords
    
*   Enable two-factor authentication
    

*   Be skeptical of unsolicited requests
    
*   Regularly audit third-party apps
    

*   Separate personal and professional identities
    

All of these points can be taught and tested via ongoing training.

**Outmaneuvering the Cybercriminals**

Getting inside the mind of a threat actor can help security pros understand how they operate and what they're looking for — in essence, what makes a soft target. Criminals go after the low-hanging fruit, such as people who click on suspicious links. Your job is to harden all targets at your organization. 

One of the security layers needed to close that 1% gap mentioned earlier is ongoing cyber-hygiene training for all employees from the bottom to the top. This aspect of a full-spectrum security plan is crucial, as humans are typically the weakest link in the security chain. However, with the proper education and training, they can become a solid first line of defense that helps keep everyone in the organization safe.

**About the Author**

Vice President of Executive Services & Partnerships, 360 Privacy

Ben Barrontine joined 360 Privacy in 2021 and currently holds the position of vice president of executive services and partnerships. Prior to 360 Privacy, Ben worked as a targeting specialist with the National Security Agency (NSA) under the US Army’s CSS Program. During his time in service he has worked with the US Marshalls, Special Forces, and US Embassy Security Teams as a cyber and signals intelligence collector and targeting subject matter expert. Ben created and leads the Executive Services Division at 360 Privacy, which helps to educate and protect families, family offices, business executives, professional athletes, and entertainers.

To Defeat Cybercriminals, Understand How They Think

PRESS RELEASE

BOSTON — December 12, 2024 — Zerto, a Hewlett Packard Enterprise company, today announced the launch of the Zerto Cloud Vault, which delivers Zerto’s best-in-class cyber resilience capabilities as a service through managed service providers (MSPs). Zerto’s security-focused MSP partners at launch include Assurestor, Converge, LincolnIT, and Verinext. Built on the capabilities of the Zerto Cyber Resilience Vault, the Zerto Cloud Vault is a cloud-based, fully managed solution that offers logical air-gapping, immutability, and clean room recovery.

Ransomware attacks remain a harsh fact of life for most businesses with collective ransomware losses totaling over $1 billion in 2023 alone. This financial toll is exacerbated by the resulting data loss and downtime, with some estimates suggesting upwards of $1 million in losses per hour of downtime for larger businesses.

With Zerto Cloud Vault, customers can leverage MSPs that deliver tailored cyber resilience strategies to meet the specific requirements of their organizations. Cloud Vault is the latest offering in HPE’s comprehensive cyber resilience portfolio and complements the existing Zerto Cyber Resilience Vault, which is deployed as a self-hosted, on-premises stack.

Zerto Cloud Vault capabilities include:

*   Managed Cyber Services: Take advantage of MSP experts who know how to prevent and mitigate attacks and have built their services on top of Zerto’s award-winning technology.
    
*   Real-Time Encryption Detection: Detect encryption anomalies in real-time and be alerted within seconds to potential issues through integration with cybersecurity dashboards.
    
*   Immutable Data Copies: Retain data for up to 12 months and protect against ransomware attacks through immutable copies, all without impacting production workloads, without any agents or snapshots.
    
*   Clean Room Recovery: Leverage the elasticity of the cloud to create clean environments on demand with isolated networks that are protected from attackers. Use it to validate data, scrub malware, and perform forensics before recovering back into production.
    
*   Non-Disruptive Testing: With Zerto’s non-disruptive solutions, businesses can test more frequently and comprehensively, including conducting cyber recovery tests at any time on entire sites, multiple sites, or individual VMs. These tests can be used to validate recovery plans and train incident response teams.
    
*   Fully isolated from production environments: Ability to run different security postures within product and vault environments.
    

“Zerto’s disaster recovery and cyber resilience solutions offer peace of mind to businesses struggling to combat ransomware attacks,” said Jim O’Dorisio, senior vice president and general manager, HPE Storage. “Leveraging our cyber resilience capabilities, MSPs will be able to bring fully managed Cloud Vault services to even more organizations, helping them thwart the plans of attackers and keep precious business assets safe.”

Coupled with the expertise of Zerto’s vetted MSP partners, the hosted Zerto Cloud Vault mitigates the most devastating ransomware scenarios while keeping businesses in compliance with state and federal regulations — reducing the risk of substantial fines or prosecution. Where other solutions offer detrimental lengthy recovery point objectives (RPOs) and recovery time objectives (RTOs), Zerto Cloud Vault slashes both, minimizing the risks of disruption and allowing businesses to get back on their feet as fast as possible after the inevitable happens. Zerto is a part of HPE’s hybrid cloud business, helping HPE customers protect workloads and data across hybrid IT environments.

Partner Quotes

“Our Gold Standard for cyber recovery considers a product’s recoverability readiness, non-disruptive testing capability, and speed of data recovery; we found that Zerto substantially delivered on all these points. Combined with Cloud Vault, the protection provided from ransomware attacks was robust and allowed pinpoint recovery faster than any other products evaluated,” said Stephen Young, executive director, Assurestor.

“Ransomware attacks are a real threat to the data and operations of organizations of all sizes. Having the ability to offer a cloud vault with Zerto technology gives our clients added protection against ransomware and peace of mind that they can recover successfully,” said John Antimisiaris, executive vice president, LincolnIT.

“Some of our clients’ infrastructure protection needs to be kept with a very tight RPO, but they still need some deeper recovery options than simple replication can provide. A cyberattack is seldom clearly understood, even when recovery efforts have begun. Zerto Cloud Vault provides immutable protection history that can be leveraged to find the latest clean point in time for replicated hosts,” said Jeremy Brovage, product engineer and solutions architect, Converge Enterprise Cloud.

“Cyberattacks that encrypt data are one of the primary disruptors requiring data recovery. Zerto provides the best tools to recover quickly and with the least data loss in a cloud vault,” said Nick Martino, product manager, managed services, Verinext.

Explore the Zerto Cloud Vault and discover how it empowers businesses to safeguard their data and operations: Learn More. 

About Zerto

Zerto, a Hewlett Packard Enterprise company, empowers customers to run an always-on business by simplifying the protection, recovery, and mobility of on-premises and cloud applications. Zerto eliminates the risk and complexity of modernization and cloud adoption across private, public, and hybrid deployments. The simple, software-only solution uses continuous data protection at scale to solve for ransomware resilience, disaster recovery, and multi-cloud mobility. Zerto is trusted by over 9,500 customers globally, and is powering offerings for Microsoft Azure, IBM Cloud, Google Cloud, Oracle Cloud, and more than 350 managed service providers.

Zerto Introduces Cloud Vault Solution for Enhanced Cyber Resilience Through MSPs

Learn how blockchain and smart contracts improve cybersecurity factors in online transactions, remove the element of fraud, and…

Learn how blockchain and smart contracts improve cybersecurity factors in online transactions, remove the element of fraud, and promote trust with automation and transparency.

In this connected age, where data breaches and online fraud are rising concerns, blockchain technology and smart contracts have become powerful solutions for secure transactions. Their ability to provide transparency, remove middlemen, and enable fraud-resistant mechanisms has made them a key part of today’s financial systems and more.

****How Blockchain Builds a Secure Foundation****

Blockchain is best known as the technology behind cryptocurrencies like Bitcoin and Ethereum, but its uses go well beyond digital currencies. It works as a decentralized ledger, recording transactions across multiple points in a network, which makes it incredibly secure and nearly impossible for cybercriminals to tamper with or hack.

When it comes to digital payments, this decentralization is key. Traditional payment systems rely on central authorities, which are vulnerable to malware attacks, breaches and fraud.

Blockchain, on the other hand, distributes the transaction record across a network, reducing the risk of a single point of failure. The stability of blockchain also means that once a transaction is recorded, it cannot be changed, adding another layer of trust and accountability.

****The Role of Smart Contracts****

Smart contracts take blockchain’s security a step further. These self-executing agreements operate based on established criteria rules written into code. Once the conditions are met, the contract automatically executes, removing the need for intermediaries.

For example, imagine buying a digital service. A smart contract can be programmed to release payment only when the service is delivered and verified. This reduces the risk of fraud and disputes, as the terms are enforced automatically.

Another benefit is efficiency. By automating processes, smart contracts not only save time but also reduce costs associated with manual verification and third-party oversight. This makes them especially appealing for industries like supply chain management, insurance, and real estate, where trust and speed are paramount.

However, security vulnerabilities have also affected smart contracts, which need to be addressed by skilled blockchain developers or specialized auditing teams. According to Onchainpay, a European secure cryptocurrency payment gateway, smart contract vulnerabilities are one single major factor that continues to pose security risks within the blockchain infrastructure.

A recent systematic literature review identified 101 distinct vulnerabilities in Ethereum smart contracts, categorized into ten groups. In particular, in the first quarter of 2024 alone, exploits targeting these vulnerabilities resulted in nearly $45 million in losses across 16 incidents, averaging $2.8 million per exploit.

****Real-World Applications****

Nevertheless, despite ups and downs, Blockchain and smart contracts are already being used to secure payments and transactions globally. As noticed by Halborn, Microsoft, JPMorgan Chase, Walmart, IBM and Amazon are just some major examples.

In international payments, they enable faster and more transparent transfers without the hefty fees associated with traditional banking. In e-commerce, smart contracts can automate escrow services, protecting both buyers and sellers.

Even outside of payments, blockchain is enhancing security. From safeguarding healthcare records to verifying the authenticity of luxury goods, its applications are vast.

****What This Means for Businesses****

As cybersecurity threats grow, businesses opting for blockchain and smart contracts gain a competitive advantage in security and efficiency. For consumers, this means safer and more reliable transactions.

While the technology isn’t without challenges, such as regulatory hurdles and technical complexity, its benefits are clear. Businesses looking to adopt secure payment systems should consider solutions that leverage blockchain and smart contracts to protect their data and enhance trust in their transactions.

1.  **6 of the Best Crypto Bug Bounty Programs**
2.  **5 Platforms for Identifying Smart Contract Vulnerabilities**
3.  **Growing Importance of Secure Crypto Payment Gateways**
4.  **Best Crypto Marketing Agencies for Web3 Security Brands**
5.  **Why Hosting firms have started accepting crypto payments**
6.  **Top 5 Platforms for Identifying Smart Contract Vulnerabilities**

The Role of Blockchain and Smart Contracts in Securing Digital Transactions

The software supply chain is a growing target, and organizations need to take special care to safeguard it.

Source: Zoonar GmbH via Alamy Stock Photo

COMMENTARY

In 2011, Marc Andreessen coined a phrase we're now all familiar with: "Software is eating the world." More than 13 years later, the expression still rings true. The world runs on software, and each day it continues to transform industries and fuel the global economy. Companies are generating more software — faster than ever before — in order to keep up in today's dynamic and ultracompetitive business landscape.

Innovation is a beautiful thing, but the increased volume and velocity with which software is being built and delivered creates more opportunities for something to go wrong in the software supply chain. Over the past decade, we've seen this happen time and time again.

Around this time last year, Okta disclosed that it had experienced a significant security breach, where bad actors gained access to private customer data through its support management system, highlighting the dangers of third-party risk. In 2020, the SolarWinds platform update mechanism was compromised and used to send malicious software that impacted more than 18,000 of its customers. And back in 2017, Equifax suffered a massive breach due to a failure to patch a known security flaw in its software.

This is just a small sampling of the types of software supply chain attacks that have plagued organizations over the past decade. Unfortunately, these attacks show no signs of slowing down — quite the opposite, actually.

Research indicates software supply chain attacks are occurring at a rate of one successful attack every two days, and Gartner predicts that by 2025, 45% of organizations will have experienced a software supply chain attack. Alarmingly, one report found that there has been a staggering 742% increase in these attacks over the past three years.

The uptick in software supply chain attacks can be attributed to a combination of several factors. Often, organizations simply don't realize the breadth of their exposure. As software shops move toward more sophisticated software delivery and consumption models (e.g., continuous integration/continuous delivery \[CI/CD\] and cloud), their supply chains become more vulnerable. Additionally, typical attack vectors have become increasingly difficult to exploit (thanks to vendors incorporating more sophisticated security measures into platforms and software), which has forced bad actors to uncover new vulnerabilities and become more creative in their attacks. More recently, the spike in adoption of generative AI (GenAI) tools like coding assistants has created new and difficult-to-monitor security gaps. At the same time, attackers are leveraging GenAI themselves to carry out more sophisticated attacks at a higher volume.

Enterprises must urgently find a balance between creating and releasing high-quality software quickly, while upholding a high level of security at each link in the software supply chain.

Here's how they can maintain security without impeding innovation:

**Thoroughly Vet Vendors on an Ongoing Basis (and Treat GenAI Tools With the Same Level of Scrutiny)**

If anything can be learned from Okta's breach, it's that third-party vendors must be carefully vetted if they're to be trusted with private customer data and other sensitive information. Too often, development shops assume that the third-party code they consume is a black box.

Organizations need to look at each vendor's software bill of materials (SBOMs) so they're aware of any open source or third-party components of their code and can therefore identify possible vulnerabilities. They should also assess the vendor's track record for security and review its policies, procedures, and certifications.

Vetting vendors shouldn't be a box the organization checks at the beginning of their engagement and then forgets about. The vetting process must be ongoing: Organizations should continually be asking questions and keeping a pulse on the vendor's new offerings, policies, compliance certifications, and more.

Of note, GenAI tools should be subjected to the same level of scrutiny as third-party vendors. Organizations need visibility into how the large language model (LLM) works, what data it was trained on, whether the model is open or closed, and how user inputs and generated content are collected and used. They'll also need to assess the accuracy and quality of the code the LLM generates, as well as have a plan in place to mitigate any inaccurate or buggy code it produces.

**Consume Open Source Projects Carefully**

Open source projects are critical for rapid development and innovation, but organizations need to be very careful about how they consume open source code. Last year alone, researchers found 245,032 malicious packages in open source projects available for public download. Open source repositories are a prime target for bad actors, who can wreak havoc by attacking a single package that, in turn, impacts an entire ecosystem of companies and their customers.

Organizations should use code only from open source projects that adhere to strict compliance frameworks, such as the OpenSSF Scorecard, System Package Data Exchange (SPDX), and OpenVEX. This ensures they have visibility into the security hygiene of the project before they borrow its code. Additionally, organizations should adopt a software composition analysis (SCA) solution and have a plan in place to address any open source vulnerabilities, should they emerge.

**Evaluate the Security of Your Entire Software Delivery Process**

There's no silver bullet for securing the software supply chain. Organizations must diligently evaluate the security of each step of the software delivery process — including design, development, testing, deployment, maintenance, and beyond.

By infusing security measures throughout the CI/CD pipeline, companies can identify and remediate vulnerabilities early in the development process so they don't lead to a full-blown breach down the line. They can accomplish this through automated security solutions that flag potential issues and source composition analysis (SCA) tools that scan code for known vulnerabilities, and by implementing source code access controls to prevent unauthorized access.

The security cat-and-mouse game is never over. As the industry works diligently to expand its knowledge and strengthen security, attackers are just as hard at work planning and carrying out nefarious activities. The software supply chain is a growing target, and organizations need to take special care to safeguard it. By carefully vetting vendors, mindfully consuming open source, and securing the entire software delivery process, organizations can strike a balance between driving innovation and maintaining software supply chain security.

**About the Author**

Chief Architect Officer, Apiiro

Eldan Ben-Haim has a proven track record in technology leadership, with 25 years of experience in software development, many of them in cybersecurity. Currently CAO atApiiro, he previously served as CTO at Transmit Security and prior to that held the position of vice president of R&D at Trusteer, a cybersecurity company acquired by IBM.

Lessons From the Largest Software Supply Chain Incidents

Ubuntu Security Notice 7092-2 - USN-7092-1 fixed a vulnerability in mpg123. Bastien Roucariès discovered that the fix was incomplete on Ubuntu 20.04 LTS. This update fixes the problem. It was discovered that mpg123 incorrectly handled certain mp3 files. If a user or automated system were tricked into opening a specially crafted mp3 file, a remote attacker could use this issue to cause mpg123 to crash, resulting in a denial of service, or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-7092-2November 27, 2024mpg123 vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:mpg123 could be made to crash or run programs as your login if it opened aspecially crafted file.Software Description:- mpg123: MPEG layer 1/2/3 audio playerDetails:USN-7092-1 fixed a vulnerability in mpg123. Bastien Roucariès discoveredthat the fix was incomplete on Ubuntu 20.04 LTS. This update fixes theproblem.We apologize for the inconvenience.Original advisory details: It was discovered that mpg123 incorrectly handled certain mp3 files. If a user or automated system were tricked into opening a specially crafted mp3 file, a remote attacker could use this issue to cause mpg123 to crash, resulting in a denial of service, or possibly execute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  libmpg123-0                     1.25.13-1ubuntu0.2  mpg123                          1.25.13-1ubuntu0.2In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-7092-2  https://ubuntu.com/security/notices/USN-7092-1  CVE-2024-10573, https://launchpad.net/bugs/2089680Package Information:  https://launchpad.net/ubuntu/+source/mpg123/1.25.13-1ubuntu0.2

Ubuntu Security Notice USN-7092-2

The playbooks that accompany your incident response plan provide efficiency and consistency in responses, help reduce downtime and dwell time, and can be a cost-saving and reputational-saving measure for your organization.

James Bruhl, Director of Cyber Threat Intelligence, DefenseStorm

December 2, 2024

5 Min Read

Source: Yee Xin Tan via Alamy Stock Photo

COMMENTARY

When discussing an incident response (IR) library, it's not about the number of books on a shelf related to incident response planning, how to create plans and playbooks, or the latest theories or frameworks. It's about your actual incident response plan and its accompanying playbooks. Does your organization even have them, or, if something happens, do you just rely on someone from the IT department to handle it? Unfortunately, the latter scenario is often the case. Even if playbooks exist, they usually haven't been updated in years — and that's if anyone can find them or remember where they're kept. Let's explore the difference between various IR plans and playbooks, emphasizing the importance of playbooks and providing some basic guidance on how to construct them. 

**What Is an Incident Response Plan?**

The Cybersecurity and Infrastructure Security Agency (CISA) defines an IR plan as "a written document, formally approved by the senior leadership team, that helps your organization before, during, and after a confirmed or suspected security incident. Your IR plan will clarify roles and responsibilities and provide guidance on key activities. It should also include a list of key people who may be needed during a crisis." Essentially, it provides overall guidance for workflow when an incident occurs. 

Incident playbooks, on the other hand, should be part of the IR plan. They provide procedural guidance for specific incidents, helping to standardize responses and detailing actions to remediate specific incidents. Most organizations usually have some form of IR plan stored somewhere, but playbooks are often where documentation is lacking. 

Several reasons why playbooks are essential include: 

*   Standardization: They help standardize actions for a given incident. While each incident may have unique qualities, some standard steps can be documented and applied to nearly every case. For example, in an email account compromise, the compromised account should usually be disabled. 
    

*   Efficiency: Playbooks help decrease downtime by eliminating the need to find the one person who knows how to disable an account or isolate a host. A well-written playbook allows most people in similar roles to complete these actions. 
    
*   Confidence and trust: They build confidence and trust within the organization that incidents will be handled consistently and appropriately. 
    

*   Preparedness: Playbooks enhance overall preparedness and help companies comply with reporting guidelines. 
    

*   Cost reduction: Limiting downtime reduces the monetary cost of an incident (e.g., fines, penalties, legal costs) and mitigates reputational damage. According to IBM's "2023 Cost of a Data Breach Report," IR planning and testing, including playbook creation, are among the top three most effective cost mitigators. The report states that the average cost of a breach is now $4.45 million, with a difference of $1.49 million (34.1%) between organizations with high levels of IR planning and those with little to none. Additionally, organizations with a functioning and tested IR plan reduced dwell time by 54 days. 
    

**Creating Playbooks**

At their most basic, playbooks are procedural documents — a step-by-step guide on how to complete specific actions tied to an overall incident. Let's use a malware infection on a typical user workstation as an example. You get a notification of a malware detection — now what? 

*   Initial analysis: Who does the initial analysis, and using what tools/resources? What questions need to be answered at this phase to determine the next steps? 
    
*    Containment: How and who does this? Document the process and checks to ensure containment. 
    
*   Backup check: Check backups for infection and cleanliness before restoration. Determine how far back to restore from, how to restore, and what tools to use. 
    
*   Removal: How to remove the malware, what tools are used, a step-by-step guide, and how to verify removal. Decide whether to wipe and reimage or attempt manual removal. 
    

The above is not all-inclusive but provides a brief example of the type of information, steps, and considerations that could go into a malware removal playbook. This example can and should be expanded and made more granular. Using screenshots in your playbooks is also recommended. Generally, when constructing a playbook, you can follow an outline like this: 

*   Introduction: What are you solving for? What is the playbook for? 
    

*   Roles and responsibilities: Who is doing what and who is responsible for completing steps? 
    

*   Incident response phases: Tools used, how-tos, identification, containment, eradication, recovery, after-action. 
    

*   Communication Plan: Who should be notified, when to notifiy different teams, legal counsel and attorney client privilege considerations, C-suite notification, etc. 
    

The structure of this outline may be modified depending on the specific type of incident for which you are developing a playbook. 

**Topics for Crafting Playbooks**

Develop playbooks for every potential security issue imaginable. Some scenarios include malware infection, phishing attacks, account compromise, data breach, data loss prevention, insider threats, denial-of-service attacks, lost or stolen devices, unauthorized access incidents, and misconfigurations. 

Once playbooks are in place, ensure those who need to use them know where to find them. They are useless if no one knows where they are when needed. Regularly test and review them to ensure tooling and processes are still applicable. Do this at least twice a year.  

Ultimately, the importance of playbooks to accompany your IR plan cannot be understated. They provide efficiency and consistency in responses, help reduce downtime and dwell time, and can be a cost-saving and reputational-saving measure for your organization. 

**About the Author**

Director of Cyber Threat Intelligence, DefenseStorm

James Bruhl is the director of cyber threat intelligence at DefenseStorm, bringing 15 years of extensive experience as a dedicated law enforcement officer, where he acquired valuable skills in crime prevention, evidence collection, investigative techniques, and crisis management. He transitioned to the field of digital forensics, incident response, and cybersecurity, and in his role, he honed his skills in analyzing digital evidence, identifying cyber threats, and implementing robust security measures specializing in forensic examinations on various devices to uncover critical information and support investigations. He began at DefenseStorm as a security engineer and was then appointed director of cyber threat intelligence. James plays a vital role in incident response teams, coordinating efforts to mitigate the impact of breaches, identify vulnerabilities, and implement strategies to prevent future attacks. He continues to share his expertise by conducting training sessions, participating in conferences, and writing articles on topics related to digital forensics, incident response, and cybersecurity.

Tag

#ibm