Exposed code included private key for Intel Boot Guard, meaning it can no longer be trusted, according to a researcher.

Intel has confirmed the leak of the Unified Extensible Firmware Interface (UEFI) BIOS of Alder Lake, the company's code name for its latest processor — the 12th generation Intel Core processor — which debuted in late 2021. 

According to reports, the Intel UEFI code was first leaked late last week on 4chan, and later GitHub, and it contained 5.97GB of data. It was dated 9-30-22, likely when it was exfiltrated, analysts reported. "In addition, one thing should be noted that the key pairs required by Boot Guard during provisioning stage is also included in the leaked content," researchers from Hardened Vault who analyzed the leaked data explained. 

Researcher Mark Ermolov noted the same thing on Twitter on Oct. 8, adding, "... the Intel Boot Guard on the vendor's platforms can no longer be trusted." 

The researchers at Hardened Vault pointed out the code could be particularly useful for malicious actors who want to reverse engineer the code to find vulnerabilities. 

In a statement provided to Security Week, Intel acknowledged the breach, attributing it to a third-party and downplaying its potential security risk. "Intel does not believe this exposes, or creates, any new security vulnerabilities as we do not rely on obfuscation of information as a security measure," Intel said in a statement. "We are reaching out to customers, partners and the security research community to keep them informed of this situation." 

The Hardened Vault team said it hasn't been able to trace the data back to the leaker but suggested that the developer of the firmware solution, Insyde, might have more information to share. "But it is still impossible to confirm the person who leaked it," the team wrote. "The leak is part of Insyde solution which integrate Intel’s resources. Perhaps Insyde knows more than we do."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Intel Processor UEFI Source Code Leaked

Ubuntu Security Notice 5667-1 - Selim Enes Karaduman discovered that a race condition existed in the General notification queue implementation of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information.

    ==========================================================================Ubuntu Security Notice USN-5667-1October 10, 2022linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-kvm,linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-raspivulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-kvm: Linux kernel for cloud environments- linux-lowlatency: Linux low latency kernel- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems- linux-hwe-5.15: Linux hardware enablement (HWE) kernel- linux-lowlatency-hwe-5.15: Linux low latency kernelDetails:Selim Enes Karaduman discovered that a race condition existed in theGeneral notification queue implementation of the Linux kernel, leading to ause-after-free vulnerability. A local attacker could use this to cause adenial of service (system crash) or possibly execute arbitrary code.(CVE-2022-1882)Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildanand Ariel Sabba discovered that some Intel processors with EnhancedIndirect Branch Restricted Speculation (eIBRS) did not properly handle RETinstructions after a VM exits. A local attacker could potentially use thisto expose sensitive information. (CVE-2022-26373)Eric Biggers discovered that a use-after-free vulnerability existed in theio_uring subsystem in the Linux kernel. A local attacker could possibly usethis to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2022-3176)It was discovered that the Netlink Transformation (XFRM) subsystem in theLinux kernel contained a reference counting error. A local attacker coulduse this to cause a denial of service (system crash). (CVE-2022-36879)Jann Horn discovered that the KVM subsystem in the Linux kernel did notproperly handle TLB flush operations in some situations. A local attackerin a guest VM could use this to cause a denial of service (guest crash) orpossibly execute arbitrary code in the guest kernel. (CVE-2022-39189)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   linux-image-5.15.0-1004-gkeop   5.15.0-1004.6   linux-image-5.15.0-1016-raspi   5.15.0-1016.18   linux-image-5.15.0-1016-raspi-nolpae  5.15.0-1016.18   linux-image-5.15.0-1017-gke     5.15.0-1017.20   linux-image-5.15.0-1019-gcp     5.15.0-1019.25   linux-image-5.15.0-1019-kvm     5.15.0-1019.23   linux-image-5.15.0-1019-oracle  5.15.0-1019.24   linux-image-5.15.0-1021-aws     5.15.0-1021.25   linux-image-5.15.0-1021-azure   5.15.0-1021.26   linux-image-5.15.0-50-generic   5.15.0-50.56   linux-image-5.15.0-50-generic-64k  5.15.0-50.56   linux-image-5.15.0-50-generic-lpae  5.15.0-50.56   linux-image-5.15.0-50-lowlatency  5.15.0-50.56   linux-image-5.15.0-50-lowlatency-64k  5.15.0-50.56   linux-image-aws                 5.15.0.1021.21   linux-image-aws-lts-22.04       5.15.0.1021.21   linux-image-azure               5.15.0.1021.20   linux-image-azure-lts-22.04     5.15.0.1021.20   linux-image-gcp                 5.15.0.1019.17   linux-image-generic             5.15.0.50.50   linux-image-generic-64k         5.15.0.50.50   linux-image-generic-64k-hwe-22.04  5.15.0.50.50   linux-image-generic-hwe-22.04   5.15.0.50.50   linux-image-generic-lpae        5.15.0.50.50   linux-image-generic-lpae-hwe-22.04  5.15.0.50.50   linux-image-gke                 5.15.0.1017.19   linux-image-gke-5.15            5.15.0.1017.19   linux-image-gkeop               5.15.0.1004.6   linux-image-gkeop-5.15          5.15.0.1004.6   linux-image-kvm                 5.15.0.1019.17   linux-image-lowlatency          5.15.0.50.46   linux-image-lowlatency-64k      5.15.0.50.46   linux-image-lowlatency-64k-hwe-22.04  5.15.0.50.46   linux-image-lowlatency-hwe-22.04  5.15.0.50.46   linux-image-oracle              5.15.0.1019.17   linux-image-raspi               5.15.0.1016.15   linux-image-raspi-nolpae        5.15.0.1016.15   linux-image-virtual             5.15.0.50.50   linux-image-virtual-hwe-22.04   5.15.0.50.50Ubuntu 20.04 LTS:   linux-image-5.15.0-1021-aws     5.15.0-1021.25~20.04.1   linux-image-5.15.0-1021-azure   5.15.0-1021.26~20.04.1   linux-image-5.15.0-50-generic   5.15.0-50.56~20.04.1   linux-image-5.15.0-50-generic-64k  5.15.0-50.56~20.04.1   linux-image-5.15.0-50-generic-lpae  5.15.0-50.56~20.04.1   linux-image-5.15.0-50-lowlatency  5.15.0-50.56~20.04.1   linux-image-5.15.0-50-lowlatency-64k  5.15.0-50.56~20.04.1   linux-image-aws                 5.15.0.1021.25~20.04.13   linux-image-azure               5.15.0.1021.26~20.04.14   linux-image-generic-64k-hwe-20.04  5.15.0.50.56~20.04.19   linux-image-generic-hwe-20.04   5.15.0.50.56~20.04.19   linux-image-generic-lpae-hwe-20.04  5.15.0.50.56~20.04.19   linux-image-lowlatency-64k-hwe-20.04  5.15.0.50.56~20.04.17   linux-image-lowlatency-hwe-20.04  5.15.0.50.56~20.04.17   linux-image-virtual-hwe-20.04   5.15.0.50.56~20.04.19After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-5667-1   CVE-2022-1882, CVE-2022-26373, CVE-2022-3176, CVE-2022-36879,   CVE-2022-39189Package Information:   https://launchpad.net/ubuntu/+source/linux/5.15.0-50.56   https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1021.25   https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1021.26   https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1019.25   https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1017.20   https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1004.6   https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1019.23   https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-50.56   https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1019.24   https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1016.18   https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1021.25~20.04.1   https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1021.26~20.04.1   https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-50.56~20.04.1 https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-50.56~20.04.1

Ubuntu Security Notice USN-5667-1

Ubuntu Security Notice 5668-1 - It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information. It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-5668-1  
October 10, 2022

linux, linux-aws, linux-bluefield, linux-gke, linux-gkeop, linux-hwe-5.4,  
linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux: Linux kernel  
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems  
- linux-bluefield: Linux kernel for NVIDIA BlueField platforms  
- linux-gke: Linux kernel for Google Container Engine (GKE) systems  
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems  
- linux-ibm: Linux kernel for IBM cloud systems  
- linux-kvm: Linux kernel for cloud environments  
- linux-oracle: Linux kernel for Oracle Cloud systems  
- linux-hwe-5.4: Linux hardware enablement (HWE) kernel  
- linux-ibm-5.4: Linux kernel for IBM cloud systems

Details:

It was discovered that the BPF verifier in the Linux kernel did not  
properly handle internal data structures. A local attacker could use this  
to expose sensitive information (kernel memory). (CVE-2021-4159)

It was discovered that an out-of-bounds write vulnerability existed in the  
Video for Linux 2 (V4L2) implementation in the Linux kernel. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2022-20369)

Duoming Zhou discovered that race conditions existed in the timer handling  
implementation of the Linux kernel's Rose X.25 protocol layer, resulting in  
use-after-free vulnerabilities. A local attacker could use this to cause a  
denial of service (system crash). (CVE-2022-2318)

Roger Pau Monné discovered that the Xen virtual block driver in the Linux  
kernel did not properly initialize memory pages to be used for shared  
communication with the backend. A local attacker could use this to expose  
sensitive information (guest kernel memory). (CVE-2022-26365)

Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan  
and Ariel Sabba discovered that some Intel processors with Enhanced  
Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET  
instructions after a VM exits. A local attacker could potentially use this  
to expose sensitive information. (CVE-2022-26373)

Eric Biggers discovered that a use-after-free vulnerability existed in the  
io_uring subsystem in the Linux kernel. A local attacker could possibly use  
this to cause a denial of service (system crash) or possibly execute  
arbitrary code. (CVE-2022-3176)

Roger Pau Monné discovered that the Xen paravirtualization frontend in the  
Linux kernel did not properly initialize memory pages to be used for shared  
communication with the backend. A local attacker could use this to expose  
sensitive information (guest kernel memory). (CVE-2022-33740)

It was discovered that the Xen paravirtualization frontend in the Linux  
kernel incorrectly shared unrelated data when communicating with certain  
backends. A local attacker could use this to cause a denial of service  
(guest crash) or expose sensitive information (guest kernel memory).  
(CVE-2022-33741, CVE-2022-33742)

Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in  
the Linux kernel on ARM platforms contained a race condition in certain  
situations. An attacker in a guest VM could use this to cause a denial of  
service in the host OS. (CVE-2022-33744)

It was discovered that the Netlink Transformation (XFRM) subsystem in the  
Linux kernel contained a reference counting error. A local attacker could  
use this to cause a denial of service (system crash). (CVE-2022-36879)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   linux-image-5.4.0-1034-ibm      5.4.0-1034.38  
   linux-image-5.4.0-1047-bluefield  5.4.0-1047.52  
   linux-image-5.4.0-1054-gkeop    5.4.0-1054.57  
   linux-image-5.4.0-1076-kvm      5.4.0-1076.81  
   linux-image-5.4.0-1084-gke      5.4.0-1084.90  
   linux-image-5.4.0-1084-oracle   5.4.0-1084.92  
   linux-image-5.4.0-1086-aws      5.4.0-1086.93  
   linux-image-5.4.0-128-generic   5.4.0-128.144  
   linux-image-5.4.0-128-generic-lpae  5.4.0-128.144  
   linux-image-5.4.0-128-lowlatency  5.4.0-128.144  
   linux-image-aws-lts-20.04       5.4.0.1086.86  
   linux-image-bluefield           5.4.0.1047.46  
   linux-image-generic             5.4.0.128.129  
   linux-image-generic-lpae        5.4.0.128.129  
   linux-image-gke                 5.4.0.1084.92  
   linux-image-gke-5.4             5.4.0.1084.92  
   linux-image-gkeop               5.4.0.1054.55  
   linux-image-gkeop-5.4           5.4.0.1054.55  
   linux-image-ibm                 5.4.0.1034.63  
   linux-image-ibm-lts-20.04       5.4.0.1034.63  
   linux-image-kvm                 5.4.0.1076.73  
   linux-image-lowlatency          5.4.0.128.129  
   linux-image-oem                 5.4.0.128.129  
   linux-image-oem-osp1            5.4.0.128.129  
   linux-image-oracle-lts-20.04    5.4.0.1084.81  
   linux-image-virtual             5.4.0.128.129

Ubuntu 18.04 LTS:  
   linux-image-5.4.0-1034-ibm      5.4.0-1034.38~18.04.1  
   linux-image-5.4.0-128-generic   5.4.0-128.144~18.04.1  
   linux-image-5.4.0-128-generic-lpae  5.4.0-128.144~18.04.1  
   linux-image-5.4.0-128-lowlatency  5.4.0-128.144~18.04.1  
   linux-image-generic-hwe-18.04   5.4.0.128.144~18.04.107  
   linux-image-generic-lpae-hwe-18.04  5.4.0.128.144~18.04.107  
   linux-image-ibm                 5.4.0.1034.48  
   linux-image-lowlatency-hwe-18.04  5.4.0.128.144~18.04.107  
   linux-image-oem                 5.4.0.128.144~18.04.107  
   linux-image-oem-osp1            5.4.0.128.144~18.04.107  
   linux-image-snapdragon-hwe-18.04  5.4.0.128.144~18.04.107  
   linux-image-virtual-hwe-18.04   5.4.0.128.144~18.04.107

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-5668-1  
   CVE-2021-4159, CVE-2022-20369, CVE-2022-2318, CVE-2022-26365,  
   CVE-2022-26373, CVE-2022-3176, CVE-2022-33740, CVE-2022-33741,  
   CVE-2022-33742, CVE-2022-33744, CVE-2022-36879

Package Information:  
   https://launchpad.net/ubuntu/+source/linux/5.4.0-128.144  
   https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1086.93  
   https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1047.52  
   https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1084.90  
   https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1054.57  
   https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1034.38  
   https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1076.81  
   https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1084.92  
   https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-128.144~18.04.1  
   https://launchpad.net/ubuntu/+source/linux-ibm-5.4/5.4.0-1034.38~18.04.1

Ubuntu Security Notice USN-5668-1

Skybox Security Cloud Edition ushers in a new era of proactive cybersecurity .

SAN JOSE, Calif., Oct. 11, 2022 — Skybox Security today announced the next generation of its award-winning Security Posture Management Platform – including the industry's first Software-as-a-Service (SaaS) solution for Security Policy and Vulnerability Management. Propelling its global customer base into the next era of proactive cybersecurity, major innovations advance its platform that continuously tests attack feasibility, exposure, remediation options, and compliance across hybrid environments.

"Today, we're delivering on our mission of building the world's leading Security Posture Management platform," said Skybox Security CEO and Founder Gidi Cohen. "Skybox equips customers with the hybrid network modeling, path analysis, and automation they need to reduce the risk of a significant data breach by 55%. Our latest innovations are significant for customers that deploy on-prem, as well as customers that will benefit from our new SaaS solution. The new Skybox Cloud Edition offering capitalizes on the speed, scale, innovation, and productivity benefits powered by the cloud to drive the pursuit of broader digital business opportunities."

**Expansion into Cyber Asset Attack Surface Management**

Challenging the status quo through a dynamic, fresh approach to Cyber Asset Attack Surface Management (CAASM), Skybox visualizes all assets through API integrations, identifies and prioritizes vulnerabilities using proprietary threat intelligence, sees gaps in security controls, and automatically provides remediation options. In addition, significant advancements to the proprietary Skybox network model enable customers to dynamically model operational technology, IT, and hybrid cloud environments – including all networking and security data related to a specific asset.

According to Gartner Research: "CAASM enables security teams to improve basic security hygiene by ensuring security controls, security posture, and asset exposure are understood and remediated. Organizations that deploy CAASM reduce dependencies on homegrown systems and manual collection processes, and remediate gaps either manually or via automated workflows. Organizations can visualize security tool coverage, support attack surface management (ASM) processes, and correct systems of record that may have stale or missing data."1

**Industry's First Solution To Automatically Map Vulnerabilities To Malware Type**

Skybox also introduced the industry's first Security Posture Management solution that connects Vulnerability Management with Threat Hunting. Building on its Exposure Management process that emphasizes publicly known vulnerabilities and identifies control gaps, Skybox now also associates vulnerabilities to malware by name, category, and distinct classes – including ransomware, Remote Access Trojans (RATs), botnets, cryptocurrency miners, trojans, and more.

"Executives and board members want to know if their cybersecurity teams are staying ahead of the latest celebrity malware such as TrickBot, REMCOS, FormBook, AZORult, Ursnif, Agent Tesla, and NanoCore," said Ran Abramson, Threat Intelligence Analyst, Skybox Research Lab. "Powered by Skybox threat intelligence, CISOs have automated analysis that can prove they retired millions of malware and exploits. No other cybersecurity solution can provide customers with our advanced vulnerability prioritization and threat trend reporting."

**Expanded Integrations Eliminate Complexity, Reduce Administrative Burden, and Provide More Effective Cybersecurity**

With over 150 integrations, Skybox Security is the only solution that builds an extensive model of a customer's unique hybrid environment, including all of the customer’s L3 devices. Expanded integrations include:

*   **Amazon Web Services (AWS):** Expanded cloud capabilities include support of AWS firewalls in distributed mode. Reduce risk while validating compliance by eliminating permissive, obsolete, shadowed, and redundant rules.
*   **Cisco Application Centric Infrastructure (ACI):** Adding new capabilities to its Cisco ACI integration, Skybox now delivers granular visibility into ACI Fabric tenants across spanning networking, micro-segmentation policies, and device attributes.
*   **Palo Alto Networks Prisma Cloud:** Furthering its commitment to shift-left security practices, vulnerabilities in container images across DevOps toolchains can now be identified and prioritized for remediation via the Skybox multi-factor risk scoring algorithm.

**Skybox Cloud Edition Accelerates Customer Value With Increased Flexibility, Scalability, Business Agility, and Resiliency**

Skybox Cloud Edition delivers the capabilities of the Skybox Security Posture Management Platform in a Software-as-a-Service (SaaS) offering to unlock additional business agility and resiliency benefits.

*   **First SaaS solution for Security Policy Management**: Leapfrogging the competition, Cloud Edition capabilities reduce software installation maintenance tasks. Streamlined licensing and deployment are designed to meet customer demand.
*   **Advanced Vulnerability and Exposure Management**: With the industry's most flexible deployment options for Vulnerability and Exposure Management (both on-premises and SaaS versions), customers can select the deployment model that aligns with their corporate and regulatory requirements.
*   **Limitless scalability**: Manage security policies, prioritize vulnerabilities, and remediate exposures across the most complex on-premises, cloud, operational technology (OT), and hybrid environments. Automate, verify, and operationalize risk reduction.
*   **Faster deployment options**: Cuts deployment time and reduces the need for procuring hardware, performing testing, and installing updates – enabling customers to unlock value faster. Customers with vast, global environments will reap huge benefits due to the size and diversity of their attack surface.
*   **Instant automatic updates**: Customers benefit immediately from the latest product innovations and platform updates. Upgrades are much less disruptive, with no need for change management resources. Seamless, automated upgrades are critical given the dynamic threat and regulatory landscapes.
*   **Guaranteed availability:** The solution is hosted in AWS for outstanding stability, performance, and guaranteed availability. Additionally, 24/7 monitoring of the tenants, across both the Network Operations Center (NOC) and Security Operations Center (SOC), maintains optimal network performance and performs real-time analysis for continuous threat mitigation.

**Customer Quotes**

"We had endless streams of vulnerability remedial work. Everything seemed extremely important. Hence why we moved to Skybox: Because it gave us exactly the prioritization model we needed." – Director of Cybersecurity, Manufacturing Organization

"The overall visibility that Skybox has given us of the network – that's something we didn't have before. You can't really put a number on that, but it's a massive impact." – Principal Network Engineer, IT Security Company

"They were getting burned out. So, this has changed at least one of my engineers' lives. He actually said it over and over, 'This is the best thing that's ever happened to me.' Had it been anyone else, I doubt we would have kept anyone in that position for long." – Information Security Manager, Financial Services Organization

"Assets that are critical are tracked in Skybox, and the risk is assessed. If there is a vulnerability, we can fix it immediately. It's reflected in Skybox, and we have evidence for future audits." – Information Security Manager, IT Security Company

**Additional Resources**

*   Skybox Security reduces the risk of data breach by 55%, Total Economic Impact™ Study reveals
*   Skybox Security featured in 6 Gartner® Hype CyclesTM, 2022

Skybox Cloud Edition is available now. To learn more about the Skybox Security Posture Management Platform, visit https://www.skyboxsecurity.com/products/security-posture-management-platform/.  
**About Skybox Security  
**Over 500 of the largest and most security-conscious enterprises in the world rely on Skybox for the insights and assurance required to stay ahead of dynamically changing attack surfaces. Our Security Posture Management Platform delivers complete visibility, analytics, and automation to quickly map, prioritize and remediate vulnerabilities across your organization. The vendor-agnostic solution intelligently optimizes security policies, actions, and change processes across all corporate networks and cloud environments. With Skybox, security teams can now focus on the most strategic business initiatives while ensuring enterprises remain protected.

Skybox Security Unveils Industry's First SaaS Solution For Security Policy and Vulnerability Management Across Hybrid Environments

REDWOOD CITY, Calif., Oct. 11, 2022 /PRNewswire/ — Delinea, a leading provider of Privileged Access Management (PAM) solutions for seamless security, today released _Cloud Server Privilege Management for Dummies_, a new eBook immediately available in print and digital editions. The complimentary resource puts best practices for cloud server security front and center to simplify complexities around securing access to business-critical resources.

According to the 2022 Thales Cloud Security Report, 45% of businesses have experienced a cloud-based data breach or failed audit in the past twelve months, suggesting that almost half of organizations are highly vulnerable to cloud server security breaches. Server security is critically tied to securing accounts and their associated entitlements for logging into machines and running privileged commands and applications.

"While the pandemic was a call to action for many organizations to expedite their cloud initiatives, most were already moving towards multi-cloud and hybrid infrastructure," said Tony Goulding, Senior Director, Technical Product Marketing at Delinea and co-author of the new Dummies book. "What many had not been focusing on as part of their efforts was shifting from a reactive to proactive security posture when it comes to privileged access management of cloud resources. This book helps any organization protect distributed IT server infrastructure in hybrid- or multi-cloud environments to reduce risk."

As with other editions in the popular Dummies books series, _Cloud Server Privilege Management for Dummies_ helps guide IT professionals in clear language and with examples to help them tackle some of their biggest cloud server security challenges, including:

*   Getting visibility into assets and permissions to facilitate proactive risk mitigation with granular controls
*   Reducing lateral movement between cloud resources to minimize the possibilities of data exfiltration or encryption for ransom in case of breach
*   Enforcing least privilege with a zero trust approach to ensure authenticated, legitimate users only have access to what they need, when they need it

"Time and again we see that the biggest risks to organizations are typically related to over-privileged users, standing privileges on resources, and not understanding the shared responsibility model when it comes to cloud," said Chris Smith, Chief Marketing Officer at Delinea. "This Dummies book clearly lays out how to address all of those areas of concern in one free resource."

Delinea offers a range of complimentary informative resources to further help organizations secure their on-premises, multi-cloud, and hybrid infrastructure, including six additional Dummies books, educational publications, whitepapers, tools, blogs, and more.

Visit delinea.com/resources to download _Cloud Server Privilege Management for Dummies_ and more.

**About Delinea  
**Delinea is a leading provider of privileged access management (PAM) solutions that make security seamless for the modern, hybrid enterprise. Our solutions empower organizations to secure critical data, devices, code, and cloud infrastructure to help reduce risk, ensure compliance, and simplify security. Delinea removes complexity and defines the boundaries of access for thousands of customers worldwide. Our customers range from small businesses to the world's largest financial institutions, intelligence agencies, and critical infrastructure companies. Learn more about Delinea on LinkedIn, Twitter, and YouTube.

Delinea Releases 'Cloud Server Privilege Management for Dummies' eBook

Investment led by Section 32 will be used to scale the product and team.

MOUNTAIN VIEW, Calif., Oct. 11, 2022 — Stairwell, a company that empowers security teams to outsmart any attacker, today announced a $45M Series B capitalization. The funding round was led by Section 32, with additional investments from Sequoia Capital, Accel, Lux Capital, Gradient Ventures, and angel investors Eric Schmidt and Michael Ovitz. This brings Stairwell’s total funding to date to $69.5 million as it looks to scale its flagship product, Inception, to become the most powerful continuous intelligence, detection, and response solution available.

“New vulnerabilities are discovered daily, and continuous monitoring, threat hunting, and response are needed for around-the-clock efforts to secure the enterprise. Our goal is to plug these gaps, while simultaneously strengthening organizations’ overall security stack via capturing, storing, and analyzing all executable files across their environment,” said Mike Wiacek, CEO and Founder of Stairwell. “This Series B reflects the confidence investors feel in Inception and Stairwell’s mission to enable security teams to take back control of their data and stay one step ahead of even the most advanced attackers.”

Following deals with key customers and MSSP partner Cyderes earlier this year, this Series B will enable Stairwell to meet increased demand for new Inception features as malware attacks continue to rise. By scaling the Inception platform, Stairwell will create a more intuitive and integrated experience for increased customer success in securing their organizations against any emerging malware threats, including supply chain attacks.

“The platform Stairwell has built is making a huge impact for security teams, and the company is led by some of the sharpest minds in cybersecurity,” said Andy Harrison, Managing Partner at Section 32. “The power and advanced capabilities of the Inception platform are clear to customers and partners, and it's rare to find a company with such a strong combination of product, engineering, customer focus, and executive leadership.”

This funding will also play a critical role in the expansion of Stairwell’s team. Since the Series B round closed, Stairwell has increased headcount by 100%, with plans to add significantly more employees this year. These hires will include specialized engineers to bring more functionality to Inception as a whole. Notable recent appointments within the company include Brian Lee as Vice President of Marketing and Eric Byrd as Head of Enterprise Sales.

Lee has spent the last decade at Ogilvy working with some of the most famous technology brands in the world, from large Fortune 500 companies (Google, Samsung, Qualcomm, Cummins) to exciting, high-growth start-ups. His vision for Stairwell’s marketing arm is to drive holistic growth for the company, building an enduring brand complemented with a robust marketing machine to drive awareness using the latest technology, data, and techniques.

“As a marketer, the best asset you can have is a good company and product. That’s what initially drew me to Stairwell,” said Lee. “We have a differentiated, innovative product in a category growing in importance. Add to that the incredible pedigree of our team, top investors, and positive business momentum. I knew from my first conversation with Mike Wiacek that I had to be a part of this company’s trajectory as Vice President of Marketing.”

Byrd comes from Red Canary, where he led a team of Senior Enterprise Account Executives across the Northeast and Southeast regions of the United States in securing new customers for security solutions. At Stairwell, Byrd will lead the sales team in identifying Stairwell’s next customers who will make significant strides in their security goals by partnering with the company.

“I've been really lucky to work with many incredible teams, so I've learned what it takes to build a strong security business that continues to improve its capabilities for customers as you grow,” said Byrd. “Understanding what leading security teams expect from their partners has prepared me to deliver exceptional service for Stairwell’s customers so they can take their security teams to new heights.”

For more information on the roles Stairwell is currently hiring for, please visit www.stairwell.com/careers.

**About Stairwell  
**Stairwell helps organizations with security solutions that attackers can't evade. Its Inception platform empowers security teams to outsmart any attacker by providing continuous intelligence, detection, and response. The Inception platform is used by a number of Fortune 500 companies. Stairwell is comprised of security industry leaders and engineers from Google and is backed by Sequoia Capital, Accel, Section 32, Lux Capital, and Gradient Ventures. For more information, visit www.stairwell.com or connect with us on Twitter or LinkedIn.

Stairwell Announces $45M Series B Funding Round

Pen testing solutions to empower businesses to proactively address application security vulnerabilities amid surging threats.

CHICAGO, Oct. 11, 2022 /PRNewswire-PRWeb/ — Today, Outpost24 announced the introduction of its Penetration Testing as a Service (PTaaS) solutions to the North American market to better empower businesses to understand and address threats in their web application attack surface. Outpost24's PTaaS solutions provide companies with on-demand, continuous monitoring, ensuring organizations are fully protected against threats in their application attack surface.

Web application attacks accounted for roughly 70% of security incidents in 2021, making application security a top priority. While penetration testing provides an effective way to detect application flaws before they turn into a serious threat, in the always-on economy, traditional penetration testing is no longer enough. Traditional penetration testing solutions often require long and disruptive set-up times and usually only examine a specific and isolated point in time - insufficient when application code changes multiple times per day.

Outpost24's PTaaS is a modernized approach to penetration testing with continuous, real-time monitoring. Additionally, providing customers with direct access to a team of penetration testers and a knowledge base to address vulnerabilities, it allows IT and development teams to remediate quickly and efficiently, making it well-suited for agile organizations who need a more flexible approach to review and secure web application code at scale. 

"In an agile application development cycle, security is imperative - but it can also be a roadblock," said Eren Cihangir, Product Engineer, Outpost24. "Outpost24 is meeting a critical gap in the market by providing ongoing monitoring to secure applications as they evolve while also saving developers time so they can stay focused on their real priority: Innovation."

Outpost24 PTaaS includes annual or project-based packages depending on an organization's priorities, including:

*   SWAT: Outpost24's flagship PTaaS offering that combines continuous monitoring with manual penetration testing to ensure continuous  
    protection for the most prevalent software vulnerabilities

*   Snapshot: A time-boxed PTaaS offering that provides on-demand penetration testing and deep analysis of web applications with expert  
    validation, support, and re-testing services for 30 days For more information about Outpost24's PTaaS offerings, check out outpost24.com and contact us today.

**  
About Outpost24**  
The Outpost24 group is pioneering cyber risk management with vulnerability management, application security testing, threat intelligence and access management - in a single solution. Over 2,500 customers in more than 65 countries trust Outpost24's unified solution to identify vulnerabilities, monitor external threats and reduce the attack surface with speed and confidence. Delivered through our cloud platform with powerful automation supported by our cyber security experts, Outpost24 enables organizations to improve business outcomes by focusing on the cyber risk that matters.

Outpost24 Announces Expansion of Penetration Testing Offerings to North America

Australian IT services provider Dialog has announced a breach, making it the third telecom company in the area compromised in less than a month.

First it was Optus, followed by Telstra. Now, a third Australian telecom company has disclosed it was breached — this time it's Dialog, an information technology services provider with a sizable market share of Aussie customers in both the public and private sectors. 

Dialog, a subsidiary of SingTel, said its servers were compromised on Sept. 10, and although initial investigations showed no signs of exfiltrated data, on Oct. 7, a sample of the company's employee personal data was available on the Dark Web. 

Dialog said it is still investigating the incident further. 

Just days before, Australia's largest telecom carrier, Telstra, announced its own breach, of personal and sensitive employee information, going back to 2017. 

Telstra's major competitor, Optus, was also recently targeted in a massive cyberattack, which successfully stole the personal information of nearly 10 million customers across Australia. Optus, also a SingTel subsidiary, first announced the cyberattack on Sept. 21, which then drew the attention of the FBI. 

Days later, the cybercriminals withdrew their ransom demand of $1 million, explaining there were "too many eyes" on the data. But before the attackers had a change of heart, they leaked more than 10,000 customer records, reportedly as proof of what they had. 

The attackers later apologized for leaking the stolen info. 

**Telcos Historically Draw Advanced Attacks**

Telecommunications companies will always be an attractive target for cybercrime because of the vast amounts of data they gather, process, and store on their customers, Erfan Shadabi, a cybersecurity expert with Comforte AG tells Dark Reading. 

"However, they have an obligation to keep this sensitive customer data safe and out of the hands of the wrong people, obligations that are both ethical and regulatory in nature. The outcome of not doing this is exactly what these companies face now," he adds.

John Bambanek, principal threat hunter with Netenrich, agrees, adding that IT providers, managed service providers (MSPs), managed security service providers (MSSPs), and telcos have always been prime targets from advanced threat actors. 

"These companies have privileged access so its easy to go from point A to points B through Z immediately," Bambanek explains to Dark Reading. He adds that intelligence services like the National Security Agency (NSA) also regularly turn the focus of their operations to telecommunications service providers because of the wealth of sensitive data inside their systems. 

"Eventually, targeting priorities and techniques filter from the intelligence world into sophisticated cybercriminals such as ransomware groups," Bambenek says. "Ultimately, the math is the same. Why attack one target and have only one victim when you can attack one target and have many victims? More victims means more money."

High-Value Targets: String of Aussie Telco Breaches Continues

LOUISVILLE, Ky., Oct. 11, 2022 /PRNewswire/ — Deloitte and the National Association of State Chief Information Officers (NASCIO) today released their 2022 Cybersecurity Study, "State Cybersecurity in a Heightened Risk Environment." The survey captures responses from chief information security officers (CISOs) in all 50 states and three territories about current cybersecurity trends, challenges and opportunities.

The survey found that state CISOs throughout the U.S. gained considerable strength and authority over the past few years, as they rapidly migrated government operations and services to a virtual environment and expedited digital transformations to meet the immediate needs of individuals and families. Due to the dedicated efforts of these CISOs, state agencies were able to continue providing high-quality service to their constituents, despite the challenges imposed by a global pandemic.  

Additional highlights from the 2022 Deloitte/NASCIO survey include:

*   **Addressing the talent gap**: In 2022, the demand for high-skilled workers has grown even more acute for public and private sector employers. In this environment, the lack of cybersecurity professionals and other staff remains among the top five barriers cited by state CISOs.
    *   Despite CISOs' growing responsibilities and the increasing sophistication of both technology and threats, **headcounts for state cybersecurity professionals remain about the same as in 2020, and more than 6 in 10 CISOs report gaps in competencies among their staffs**.
*   **Embracing the entire state**: It is an imperative to provide for greater security across the entire state through a tighter collaboration with local governments and state higher education institutions. CISOs made significant progress in enhancing their stature and visibility at the state executive and legislative levels, and they are continuing to get the institutional support and resources they need.
    *   All 50 states now have a CISO, and many are establishing new positions for chief privacy officers, chief risk officers and identity program directors.
    *   More state legislators are codifying the role of the CISO into state law and funding the position. They are also codifying several cyber initiatives into state law, such as enterprise risk management frameworks, cybersecurity legislative councils and cybersecurity training.
    *   More states now require CISOs to provide periodic reports to senior state officials, such as the governor, legislature and agency secretaries.
    *   CISOs are looking to establish and activate a shared security services approach to enable a whole-of-state approach to protecting local governments and public higher education institutions.
*   **Emerging technologies present new opportunities**: In the post-pandemic digital landscape, CISOs have an even more critical role to play in guiding the evaluation and implementation of new technologies.
    *   State CISOs confirm that many applications have migrated to the cloud. With remote work, digital and mobile platforms have become part of the fabric of daily life by which people work, communicate and transact.
    *   **States have taken a big step forward to provide digital identities for citizen services**. Capabilities, such as cloud computing, artificial intelligence and robotic process automation, enable states to further enhance digital modernization in service of their missions and constituents.

"The complexity of cyber challenges that the state CISOs tackle is increasing with the need to take a whole-of-state approach involving multiple jurisdictions and stakeholders," said Srini Subramanian, principal, Deloitte & Touche LLP, and Deloitte's global risk advisory leader for government and public services. "To address these challenges, state CISOs are increasingly laying the groundwork to adopt emerging technologies, promoting more collaboration with local government agencies and higher education institutions, upskilling state employees and transforming employment practices to attract the next-generation of highly capable cyber talent."

"State CISOs played critical roles helping the country successfully navigate the twists and turns of the pandemic, and this year's survey identifies the steps needed to grow this increasingly public role and meet the current and future challenges faced by state agencies," said Meredith Ward, director of policy and research at NASCIO and a co-author of the 2022 Deloitte/NASCIO Cybersecurity Study. "We're proud to again bring the perspectives of state CISOs to the forefront of conversations around cybersecurity."

Additional takeaways from the 2022 Deloitte/NASCIO survey include:

*   Thirty states increased their cybersecurity budgets from 2021 to 2022. And for the first time, CISOs report that a handful of states are allocating more than 10% of their IT budgets to cybersecurity, in alignment with federal government levels. However, most states still only allocate between 2% and 10% of their budgets to cybersecurity efforts.
*   Many state CISOs identified the drafting and implementation of the Zero Trust framework as a key initiative.
*   CISOs say that malware, ransomware and phishing attempts continue to present security challenges. Concern among CISOs about foreign state-sponsored espionage has also risen significantly, while the perceived threat from third parties and social engineering has declined.
*   CISOs found that the three leading causes of cyber incidents remain web applications, malicious code and financial fraud. However, CISOs note a rise in cyber incidents involving foreign state-sponsored espionage, zero-day attacks and attacks against cloud platforms.
*   Nearly one-third of state CISOs say that state agencies manage cyber incidents on their own, rather than working with a central state IT security group.
*   CISOs are increasingly contracting cybersecurity professionals and states are demonstrating more interest in outsourcing specific cybersecurity functions to managed service providers. In fact, more than half of CISOs report outsourcing security operations center tasks, which require 24x7 monitoring, and more than 60% of CISOs report having confidence in the cybersecurity services of third-party vendors.
*   State CISOs are starting to incorporate diversity, equity and inclusion (DEI) practices, such as designating a DEI leadership position or teams to foster a culture of inclusion. However, many CISOs say they do not know if they have such practices in place.

See here for the full survey results.

See here for learn more about Deloitte's cyber risk practice.

**About Deloitte**

Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world's most admired brands, including nearly 90% of the Fortune 500® and more than 7,000 private companies. Our people come together for the greater good and work across the industry sectors that drive and shape today's marketplace — delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthier society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Building on more than 175 years of service, our network of member firms spans more than 150 countries and territories. Learn how Deloitte's approximately 415,000 people worldwide connect for impact at www.deloitte.com.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.

Cybersecurity Survey of State CISOs Identifies Many Positive Trends

Cyber criminals are using a previously undocumented phishing-as-a-service (PhaaS) toolkit called Caffeine to effectively scale up their attacks and distribute nefarious payloads.
"This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and tools to its criminal clients to orchestrate and automate core elements of their phishing

Cyber criminals are using a previously undocumented phishing-as-a-service (PhaaS) toolkit called **Caffeine** to effectively scale up their attacks and distribute nefarious payloads.

"This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and tools to its criminal clients to orchestrate and automate core elements of their phishing campaigns," Mandiant said in a new report.

Some of the core features offered by the platform comprise the ability to craft customized phishing kits, manage redirect pages, dynamically generate URLs that host the payloads, and track the success of the campaigns.

The development comes a little over a month after Resecurity took the wraps off another PhaaS service dubbed EvilProxy that's offered for sale on dark web criminal forums.

But unlike EvilProxy, whose operators are known to vet prospective customers before activating the subscriptions, Caffeine is notable for running an open registration process, effectively enabling anyone with an email address to sign up for the service.

This restriction-free approach not only obviates the need for approaching the actors on underground forums or requiring a referral from an existing user, but also allows Caffeine to rapidly expand its clientele and lower the barrier for entry.

Making it further stand apart from the rest, the PhaaS toolkit is noteworthy for offering phishing email templates for use against Chinese and Russian targets.

"Although the use of phishing platforms is certainly not a novel mechanism to facilitate attacks, it is worth noting that such feature-rich options, like Caffeine, are readily accessible to cybercriminals," the researchers said.

PhaaS services typically entail an operator to develop and deploy a significant chunk of the phishing campaigns, right from fake sign-in pages, website hosting, site templates, and credential theft.

The evolution of email-based phishing threats into a service-based economy means that adversaries who aim to conduct phishing attacks can now simply purchase such resources and infrastructure without having to work on it themselves. Caffeine is no exception.

It requires users to create an account, and buy a subscription that costs $250 a month (Basic), $450 for three months (Professional), or $850 for a six-month license (Enterprise) to avail its wide range of services, including the campaign management dashboard and the tools to configure the attacks.

The ultimate goal of the phishing campaign is to facilitate the theft of Microsoft 365 credentials through rogue sign-in pages hosted on legitimate WordPress sites, indicating that the Caffeine actors are leveraging compromised admin accounts, misconfigured websites, or flaws in web infrastructure platforms to deploy the kits.

While the login pages are currently limited to Microsoft 365 credential harvesting lures, the Google-owned threat intelligence firm noted that additional login page formats could be introduced in the future as per customer demands.

"It is also important to keep in mind that defensive measures against PhaaS attacks can be a game of cat and mouse," Mandiant said. "As quickly as threat actor infrastructure gets taken down, new infrastructure can be spun up."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#intel