PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability.

CVE-2022-35739: PRTG Network Monitor - Version History

Ursnif, a one-time banking Trojan also known as Gozi, becomes the latest codebase to be repurposed as a more general backdoor, as malware developers trend toward modularity.

Threat groups continue to recycle code from older tools into more generalized frameworks, a trend that will continue as the codebases incorporate more modularity, security experts said this week.

In the latest example, the threat group behind Ursnif — aka Gozi — recently moved the tool away from a focus on financial services to more general backdoor capabilities, cybersecurity services firm Mandiant stated in an analysis. The new variant, which the company has dubbed LDR4, is likely intended to facilitate the spread of ransomware and the theft of data for extortion.

The modular malware joins Trickbot, Emotet, Qakbot, IcedID, and Gootkit, among others, as tools that started as banking Trojans but have been repurposed as backdoors, without requiring the development effort of creating an entirely new codebase, says Jeremy Kennelly, senior manager for financial crime analysis at Mandiant.

"The developers working on banking Trojans have taken multiple approaches to retooling their malware as a backdoor to support intrusion operations, though a major code rewrite hasn’t generally been deemed necessary," he says. "These malware families — at their core — are just modular backdoors that have historically loaded secondary components enabling 'banker' functionality."

Mandiant's analysis of Ursnif points out that maintaining multiple codebases is a challenging task for malware developers, especially when one mistake could give defenders a way to block an attack and investigators a way to hunt down the attacker. Maintaining a single modular codebase is much more scalable, the company's analysis this week stated.

**A Malware Movement Toward Backdoor Modularity**

It's unsurprising that malware developers are moving to more general and modular code, says Max Gannon, a senior intelligence analyst at Cofense.

"In some cases, a purpose-built remote access Trojan (RAT), traditionally viewed as a backdoor, may be more conducive to the threat activity," he says. "However, a lot of threat actors want more than just a backdoor, and many commodity malware families have morphed to become multipurpose tools that simply include backdoor access."

The specialization of tools in the cybercriminal underground is also a reason why older codebases are being repurposed. By focusing specific tools on areas of attack — such as initial access, lateral movement, or data exfiltration — the developers of these tools are able to differentiate themselves against competitors and offer a unique set of features. Using existing codebases also saves time, and making such projects modular allows the tool to be customized for the customer's — read, "attacker's" — needs, says Jon Clay, vice president of threat intelligence at Trend Micro.

"The coders behind many of these toolkits create them and sell them within the cybercriminal underground markets, as they offer newbies and other malicious actors with a ready-made kits for executing attacks," he says. "Many of these offer automations now as well as GUI interfaces to manage the attacks and victim information/data."

The original Ursnif code appeared in the mid-2000s. The Zeus banking Trojan — used in thefts of tens of millions, and likely hundreds of millions, of dollars — has had a similar trajectory, with its adoption accelerated by a source code leak. Another banking Trojan, Emotet, has now become a general backdoor, allowing its development group to offer access as a service to other cybercriminals, a business relationship also demonstrated by Qakbot, another Trojan initially created as a banking Trojan.

All of these programs had the benefit of modularity, says Mandiant's Kennelly.

"All bankers that have been broadly repurposed as backdoors were already modular, which has the added benefit of limiting the complexity of the core malware while providing significant operational flexibility," he says. "These established malware families also had a proven track record and general familiarity to the actors using them."

**Swiss Army Knife Malware Delivery**

Rather than changes in functionality, a lot of the evolution in categorizing attackers tools has come about because labeling has had to catch up to changes in the malware design. By redesigning the codebases to be modular, defining a tool as a single thing — whether a banking Trojan, a spam bot, or a worm — becomes much more difficult. Adding a single new module would change the label for the code.

In the past, for example, computer viruses spread by infecting files, while worms used automated scanning and exploitation to spread quickly and more widely. However, a number of Trojans incorporated either or both functionality, leading to a more general term: malicious software, or malware.

A similar evolution has happened around the classification of attacker tools. Programs that were originally considered to be banking Trojans, RATs, or a scanning tools are now capabilities of more general frameworks, says Codefense's Gannon.

"If we think of a backdoor as software that sits on a machine to provide access that skirts normal security measures, banking Trojans inherently act as backdoors in order to perform their usual functions, so almost any banking Trojan can be used as one without the need for many changes," he says. "The difference is often simply in the intent of the user."

**How to Protect Against Modular Malware**

To combat the threat, companies should have tools that look for telltale signs that a backdoor or RAT are being used inside their network. Since phishing attacks are a common way to compromise end user's systems, multifactor authentication (MFA) and employee training can also help harden businesses against attacks.

Overall, having visibility into change to systems and anomalous traffic on the network can help immensely, Trend Micro's Clay says.

"The main thing to know is that in many cases there are early signs of these tools being used within the organization and that if seen," he says, "they should be taken very seriously that there is likely an active campaign against them."

Threat Groups Repurpose Banking Trojans into Backdoors

Cybersecurity pros discuss a trio of lessons from the Equifax hack and how to prevent similar attacks in the enterprise.

On the morning of Sept. 7, 2017, US credit bureau giant Equifax announced hackers had infiltrated its network and exfiltrated customer names, Social Security numbers, birthdates, and addresses. The news of the breach — which compromised the private records of 147.9 million Americans (almost 50% of the entire US population), 15.2 million Britons, and almost 19,000 Canadians — immediately created pandemonium across organizations, forcing many business leaders to reconsider their security postures. Much has changed over the past five years, but the lessons from the Equifax breach are still relevant for enterprises.

Equifax didn't reveal the breach as soon as it discovered it — the company sat on the information for more than a month. It was the perfect antithesis: A business known to provide credit score rating, fraud solutions, financial marketing, and analytical services had been hacked. The attackers had gotten in through an unpatched vulnerability in Apache Struts. The worst part? Apache had already warned about the flaw and a patch was available.

"The Equifax breach is a unique attack in that a conscious decision was made by a company and its leadership: not to patch the vulnerability when the software vendor announced the vulnerability and provided the patch," says James Turgal, vice president of cyber risk, strategy, and board relations at Optiv.

The attack, now linked to four hackers from the Chinese military, represents one of the most sweeping attacks conducted against US businesses by foreign nationals. Industry experts discuss with Dark Reading what lessons to draw from the breach and how organizations can prevent similar threats in their environments.

**Data Management Is Still an Enterprise Problem**

"Equifax shows that organizations need to focus on data management," Adam Marrè, CISO at Arctic Wolf and former FBI special agent/cyber investigator, tells Dark Reading.

"With so many different IT and security priorities, companies aren't thinking about data management in the right ways. Most organizations only think about how best to monetize data or how to use it to serve their customers, but they often miss the significant increase in risk that storing the data brings."

Turgal agrees, noting that enterprises and individuals are at risk of data exfiltration and identity theft.

"Every day, companies large and small fall victim to identity theft," he says. "Both the high volume of activity and large transactions occurring at the corporate level attract threat actors, using data that typically has been exfiltrated from another breach by a separate threat actor and sold to the highest bidder to impersonate the identity of a business to commit fraud."

Gartner estimates that until 2025, "80% of organizations seeking to scale digital business will fail because they do not take a modern approach to data governance." That's a lot of businesses, and it's a figure that Marrè agrees with.

"In my experience, most companies don't have a comprehensive picture of how they collect, store, and manage data," he says. "Especially from a security standpoint, most businesses have no idea who has access to what data, how to properly classify it, how to protect it, and even how to set up data retention policies to properly get rid of it. By focusing on these aspects, businesses can transform their data strategies and further protect themselves and their customers."

Turgal suggests that organizations can safeguard data and identity by doing the following:

*   Include artificial intelligence and machine-learning technologies into the business processes to quickly spot anomalous behavior.
*   Review and update access permissions and utilize data encryption when the data is in transit and at rest.
*   Establish protocols for user provisioning and deprovisioning of regular and privileged access holders.
*   Continually educate employees on how to minimize risk.

**Enterprises Aren't Paying Attention to the Basics**

The fundamentals of cybersecurity are still lacking in several enterprise efforts at securing user data. Leaning on his experience in the FBI and private sector, Marrè says he has seen so many organizations that are not adequately prioritizing security. With security incidents at high-profile businesses and rampant ransomware and extortion attacks worldwide, organizations can no longer afford to ignore or sideline their security, he says.

"Although there are new and exciting technologies that are aimed at solving different attack vectors, focusing on successfully executing the fundamentals of cybersecurity remains the most effective strategy," Marrè says. "When it comes to protecting your organization and your data, prevention is good, but detection is a must."

Many attacks can be avoided by implementing zero-trust architecture to the letter. In hindsight, for example, the Equifax attack could have been prevented if the organization had paid more attention to the multiple threat warnings the company had received before the hack.

The Equifax breach was "a strong example of why enterprises should evaluate their data to understand the business need and ensure it is classified appropriately," says Andrew Bayers, head of threat intelligence at Resilience, adding that data should be stored and transmitted securely — and ultimately retained for only the amount of time needed.

**Cyber Resilience Needs Action, Not Reaction**

While it's true that some players in the enterprise are investing heavily in cybersecurity, several others are still lagging — giving malicious actors an opening to capitalize on discrepancies and take control of critical data assets. Although its activities are not immediately noticeable, a proactive cybersecurity team is worth its weight in gold.

"Having a skilled security team is the backbone of a sound cybersecurity strategy," Marrè says. "Whether it's a world-class team from a partner or in-house experts, this should be a priority for all companies."

To become cyber resilient, Bayers adds, organizations should identify vulnerabilities in their systems and prioritize patching according to the risks they pose.

Equifax's Lessons Are Still Relevant, 5 Years Later

HEIDENHAIN Controller TNC on HARTFORD Machine

A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs.
Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been addressed in version 3.39.2 released on July 21

A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs.

Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been addressed in version 3.39.2 released on July 21, 2022.

"CVE-2022-35737 is exploitable on 64-bit systems, and exploitability depends on how the program is compiled," Trail of Bits researcher Andreas Kellas said in a technical write-up published today.

"Arbitrary code execution is confirmed when the library is compiled without stack canaries, but unconfirmed when stack canaries are present, and denial-of-service is confirmed in all cases."

Programmed in C, SQLite is the most widely used database engine, included by default in Android, iOS, Windows, and macOS, as well as popular web browsers such as Google Chrome, Mozilla Firefox, and Apple Safari.

The vulnerability discovered by Trail of Bits concerns an integer overflow bug that occurs when extremely large string inputs are passed as parameters to the SQLite implementations of the printf functions, which, in turn, make use of another function to handle the string formatting ("sqlite3\_str\_vappendf").

However, a successful weaponization of the flaw banks on the prerequisite that the string contains the %Q, %q, or %w format substitution types, potentially leading to a program crash when user-controlled data is written beyond the bounds of a stack-allocated buffer.

"If the format string contains the '!' special character to enable unicode character scanning, then it is possible to achieve arbitrary code execution in the worst case, or to cause the program to hang and loop (nearly) indefinitely," Kellas explained.

The vulnerability is also an example of a scenario that was once deemed impractical decades ago -- allocating 1GB strings as input -- rendered feasible with the advent of 64-bit computing systems.

"It's a bug that may not have seemed like an error at the time that it was written (dating back to 2000 in the SQLite source code) when systems were primarily 32-bit architectures," Kellas said.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library

BILBAO, Spain, Oct. 25, 2022 /PRNewswire/ — SealPath, a leading provider of zero-trust data-centric security and enterprise digital rights management, announced the launch of SealPath Data Classification powered by Getvisibility, leveraging the latest Artificial Intelligence and Machine Learning technologies to provide their customers with an advanced standard of visibility, protection, control, and a dynamic understanding of their data as it is being created.

This innovative AI-enhanced data classification solution provides the insights and continuous automated protection that enterprise customers need to securely and accurately classify data over its entire lifecycle. Thus, organisations across multiple business verticals gain the ability to prevent data leaks and achieve compliance with the strictest data protection regulations.

With SealPath's classification, the user receives suggestions about the classification level when creating and editing a document. The software learns and adapts to different document types, continuously improving accuracy through AI, and allows organisations to classify unstructured information with unprecedented confidence.

SealPath's information protection is 100% integrated with the new intelligent data classification system so that those files labeled with a certain classification level or subject to a specific regulation can be protected automatically and without user intervention.

"SealPath Data Classification powered by Getvisibility was born in response to the outdated technologies most modern companies currently utilise to classify and manage their data. The solution's machine learning models have been pre-trained for years via data containing a wide array of data types – from personal information, medical and financial to defense data. Combined with robust software specialised in data classification, these thoroughly trained models minimize human error, costs, and time in labelling corporate information. We expect this new AI-powered approach will transform how organisations classify and protect their data," Luis Angel del Valle, CEO of SealPath, stated.

SealPath Data Classification deploys a flexible approach, considering different dimensions such as data sensitivity, associated regulations, data types, and scope of dissemination. Consequently, the system can adapt the classification to the organisation based on the aforementioned dimensions, enabling the automated protection of tagged data via AI/ML algorithms.

SealPath's protection, coupled with the AI and Machine Learning-powered classification system, streamlines an organization's efforts to avoid sensitive information data classification errors quickly and cost-effectively.

**About SealPath**

SealPath is a European leader in Zero-Trust Data-Centric Security and Enterprise Digital Rights Management, working with major companies in more than 25 countries. SealPath has been helping organisations across multiple business verticals, such as Manufacturing, Oil & Gas, Retail, Finance, Healthcare, and Public Administrations, protect their data for over a decade. SealPath's client portfolio includes organisations within the Fortune 500 index and Eurostoxx 50. SealPath makes it easy to avoid costly mistakes, lower the risk of data leaks, ensure security for confidential information and protect data assets.

SealPath Data Classification Powered by Getvisibility Applies Artificial Intelligence to Improve Accuracy and Efficiency of Data Labelling and Protection

Identity fraud has increased at 84% of dealerships, with 60% losing three or more vehicles in the last year.

FOOTHILL RANCH, Calif., Oct. 25, 2022 /PRNewswire-PRWeb/ — Identity fraud has increased dramatically in auto dealerships since the pandemic, with 60% of auto dealerships reporting the loss of three or more vehicles to it in the past year, according to the new report, "Is Identity Fraud Jeopardizing Digital Retailing Profitability," from automotive fintech innovator eLEND Solutions. The report, based on a survey of over 700 auto dealerships across the U.S., reveals that while dealerships cite identity fraud as their top fraud challenge/concern, and almost unanimously agree that its increase is because of the increased digitization of the deal, 66% lack adequate identity fraud protections.

"The pandemic changed a lot of things in the auto industry - and that is particularly true when it comes to fraud which, as this report underscores, is causing more and more losses for dealers - an estimated $619 million\[1\] for franchise dealers alone," said Pete MacInnis, CEO, and Founder of eLEND Solutions. "Economic conditions and, especially, increasing digitization of the car buying process are driving more fraud but, unfortunately, this report reveals that most dealerships have not implemented ID verification technologies that can prevent it."

According to the report, 84% of dealerships have directly experienced identity fraud at their dealership since the pandemic, with a third seeing an over 20% increase in identity fraud-related activities since the pandemic started. And, in just the past year, 79% directly experienced an identity fraud-related vehicle loss at their dealership.

When asked to explain the increase in identity fraud, 95% relate it directly to the increase in the digitization of the deal and remote buying experiences, with 86% predicting that as more of the transaction moves online, identity fraud will increase and become harder to prevent. The report also reveals that losses are not limited to identity fraud, with the vast majority of dealerships reporting an increase in loan application fraud in the past year. Seventy-seven percent saw a 10- 20% increase or more, with over one-third reporting that one in every 100 applications at their dealership was fraudulent.

The report also investigates what dealerships have been doing to prevent fraud: "photocopying the driver's license / ID" (64%) is number one, with the "Red Flags Rule" (56%) at number two. Only 33% reported using critical document authentication as part of their process, a significant disconnect.

"Without actually validating/authenticating ID documents and buyer identities, dealerships remain particularly vulnerable," said MacInnis. "As more of the transaction becomes digital, embracing ID verification technologies that include forensic authentication of the driver's license document, in conjunction with matching data extracted from the document against hundreds of databases, can easily help dealers minimize fraud risks before it becomes an expensive problem."

Dealers were also asked about the timing of their credit pulls, a practice that rapidly evolved once the pandemic prompted more of the process to move online. As compared to 2018, when only 8% of dealers said they pulled credit before the test drive, today 40% report doing so, with only 20% today waiting until right before the F&I handoff, versus 39% in 2018.

"This shift in credit pull timing is a dramatic and positive change in the way auto dealerships do business and, with the right technology in place, has positive implications for preventing fraud if dealerships take the opportunity to validate customer identity upfront with the simple swipe of a driver's license - but only if document authentication is part of that process," concluded MacInnis.

**Key Data Takeaways**

*   84%, say there has been a noticeable increase in identity fraud since the pandemic.
*   79% of dealers experienced an identity fraud-related vehicle loss at their dealership in the past year.
*   Seventy-nine percent say that identity fraud has increased in their dealerships by over 10%, and nearly one-third say it has increased  
    between 21% and 30%, or more. 
*   60% reported a loss of three to five vehicles, or more, in the last twelve months.
*   89% of dealerships report an increase in loan application fraud in the past year.
*   34% report that one in every 100 applications at their dealership was fraudulent.
*   95% track identity fraud to the expansion of remote buying experiences and the digitization of the deal.
*   86% agree that as more of the transaction moves online, identity fraud will continue to grow and become even more challenging to prevent.
*   67% do not include driver's license document authentication to protect themselves from identity fraud.
*   40% report pulling credit before the test drive, vs 8% in 2018.
*   93% say that if a driver's license scan could be converted into a consumer consented pre-qualification it would be a meaningful benefit.

About eLEND Solutions: eLEND Solutions(TM) (DealerCentric rebranded) is an automotive FinTech company focused on deal generation solutions - that power transactional digital buying experiences for the retail automotive industry. The platform specializes in digital credit, identity, and finance solutions for remote and in-store shoppers, designed to accelerate conversions of digital end-to-end purchase experiences concluding with fundable, transactable deal structures.

For more information, please visit http://www.elendsolutions.com.

Dealers Report Dramatic Increase in Identity Fraud: Most Lack Effective Protection

Free service provides insights developers need to systematically identify and reduce container vulnerabilities.

DETROIT, Oct. 25, 2022 /PRNewswire-PRWeb/ — KUBECON + CLOUDNATIVECON NORTH AMERICA — In software supply chain security, knowing your software means knowing what's in it--for better or worse. Slim.AI, the Boston-based startup focused on optimizing and securing cloud-native applications, has today launched Container Intelligence, a free and open service that anyone can use to quickly gain  
valuable insights into what's in the most popular container images that they're baking into their software every day.

Despite the supercharged emphasis on security in the software industry, containers now have more vulnerabilities than ever before; moreover, a worrisome gap exists between developers and leadership on resources needed to address the problem. These findings are detailed in the second annual Slim.AI Public Container Report, published today and available for complimentary download.

Slim.AI aims to help close the gaps identified in the report by making Container Intelligence available to everyone, free. Container Intelligence scans more than 160 popular public container images making up 30% of total global pull volume using a combination of open-source and proprietary scanning tools. Slim.AI will quickly expand the dataset to cover the majority of public containers used by developers today across multiple registry providers. Developers can use Container Intelligence to make informed decisions when selecting containers or containerized applications for use in their tech stacks.

"Democratizing information about the security posture of public containers is critical if we want to meet the challenges of today's software supply chain," said John Amaral, co-founder and CEO at Slim.AI. "At Slim.AI, we believe in sharing information we have about the security and usability of public containers with developers so that they can make informed decisions about the containers they work with."

Key features of 'Container Intelligence' by Slim.AI:

*   Publicly available container profile pages on the Slim.AI website -- no login, no registration needed.
*   Profiles include vulnerability counts by severity, container construction details, and package information, along with comparisons to  
    similar public containers.
*   Containers are fully searchable and categorized according to use case (for example, base images, CMSs or DevOps tools).
*   The data is updated daily to ensure freshness.

Slim.AI will be adding more capabilities to Container Intelligence throughout the coming year. Future enhancements will include expanding the database to include more public registries, adding comparative analysis across images and providing container update notifications.

**Taking It to the Next Level with Slim.AI**

  
For those who want to know even more about their containers, developers can log in to the Slim.AI platform from the Container Intelligence page to analyze their own private containers, get vulnerability reports from multiple scanners, and automatically harden their container images for production.

Additionally, Slim.AI has been adding functionality for teams and is accepting a limited number of organizations into its design partner program. For more information, contact \[email protected\].

**Learn More About Container Security at KubeCon/CloudNativeCon**

  
For those interested in hearing more, Ayse Kaya, Slim.AI's senior director of strategy and insights, will present a keynote at KubeCon NA based on this dataset on Wednesday, October 26 at 10:05 a.m. EDT. Her presentation, "What We Learned Dissecting the World's Most Popular Containers," demonstrates the current paradox in software supply chain practices, especially the trade-offs teams make between "developer experience" and "production readiness."

Kaya's insights are based on a Dimensional Research survey of 300 software developers and DevOps engineers globally as well as an analysis of the most popular public container images used by developers today. This work forms the basis of the second annual Slim.AI Public Container Report.

"Perhaps the most stunning finding at a macro level is that after a year of intense focus on security, the cloud-native ecosystem is no safer today than it was this time last year," said Kaya. "The silver lining, however, is that awareness is increasing. The complexity of the problem is not our enemy; ignorance of the problem is. And our industry is taking strides to come together and make applications more secure."

Watch Kaya's keynote at KubeCon to learn more about her findings, which include:

1.  Of the top public containers Slim.AI observed over the past year, 60% actually contain more vulnerabilities today than they did one year ago. Most notably, high-severity vulnerabilities increased by 50%, followed by a 10% increase in critical vulnerabilities. The average public container has 287 vulnerabilities, 30% of which belong to a high/critical category (up from 20% last year).
2.  A discrepancy between executives and developers on both the capabilities required for supply chain security and the organization's preparedness. According to the survey, executives believe that more container security practices are happening in their organizations (49%) than frontline developers (34%).
3.  Developers are getting squeezed from both sides -- shifts to the left mean removing vulnerabilities from containers is a developer problem, with more and more customers demanding often unrealistic "zero vulnerabilities" in delivered software. Among developers, 88% said it is challenging to ensure containerized apps are free from vulnerabilities, complexity being the #1 contributing factor. Seventy percent stated their customers demand that their containers have zero vulnerabilities.

Visit Slim.AI at Booth SU64 to learn more from Slim.AI representatives.

**About Slim.AI**

  
Slim.AI helps developers create, build, deploy and run their cloud-native applications more efficiently and securely. The unique approach used by Slim.AI moves the focus on container optimization upstream in the DevOps lifecycle, giving developers the tools they need to author, manage and ship production-ready containers efficiently and effectively. More information at https://slim.ai and @SlimDevOps.

As Vulnerabilities Soar, Slim.AI Launches 'Container Intelligence' to Give In-Depth Analysis on Hundreds of Popular Container Images

New release extends best-in-class coverage of identity vulnerability discovery and remediation.

NEW YORK and TEL AVIV, Israel, Oct. 25, 2022 /PRNewswire/ — Illusive, a leader in identity threat detection and response (ITDR), today announced the release of its enhanced ITDR solution, enabling organizations to protect privileged identities, which are at risk of cyberattack and regulatory non-compliance. Account takeover attacks, which evade traditional detection and reduce attack dwell time to days instead of months, have become the top vector of cyberattacks.

According to Gartner®, "Deploying and maturing ITDR is a crucial security best practice."

Illusive's ITDR solution, Illusive Spotlight™ and Illusive Shadow™, enables the comprehensive discovery of the unmanaged, misconfigured and exposed identity risks that leave every organization vulnerable to attack. It delivers aggregated, prioritized and contextualized insights into identity risks, so that security teams can focus on responding to their greatest risks first. Further, the solution fully automates remediation where there is no risk to business impact.

Illusive's agentless approach scans directory structures (e.g., Active Directory), privileged access management (PAM) solutions (e.g., CyberArk, Delinea), endpoints, servers and services, revealing the gaps between the intention of an organization's identity security policies and the reality of their environment. Illusive prevents attacks by taking away what attackers need to succeed: privileged account access.

New features and benefits in Illusive's ITDR solution include:

*   **MITRE ATT&CK Risk Correlation** – Associate identity risk factors to MITRE ATT&CK tactics, techniques and sub-techniques. Dashboard-level information indicating an aggregate view of the percentage of identities vulnerable to any specific attacker tactics, such as initial access, privilege escalation or credential access, which can be drilled down into the individual identities for an aggregated view of risk.
*   **Kerberoastable Accounts** – Discover and remediate misconfigured Active Directory accounts with vulnerable Kerberos tickets that can be exploited by attackers to brute force credentials.
*   **Active Directory Domains & Trusts** – A graphical visualization of Active Directory forests, domains and trusts reveals misconfigurations that could enable an attacker to move between domains.
*   **ServiceNow Integration** – Integrate with ServiceNow to create identity-based incident tickets to facilitate identity risk resolution in the ServiceNow Incident module from within the Illusive console.
*   **Delinea Centrify Integration** – Connect with Delinea Centrify vault to continuously discover unmanaged accounts.
*   **Azure AD Privilege Classification** – Classify Azure AD user privileges based on automatically collected evidence, such as directory or subscription level privileged roles.

**About Illusive**

lllusive continuously discovers and automatically mitigates privileged identity risks that are exploited in all ransomware and other cyberattacks. Despite best-practice investments to protect identities, including deployment of PAM and MFA, 1 in 6 enterprise endpoints holds exploitable identity risks.

Illusive makes it easy for security teams to get visibility into the vulnerable identities sprawled across an organization's endpoints and servers, then eliminate them or deploy deception-based detection techniques as a compensating control to stop attackers. Illusive has participated in over 140 red team exercises and has never lost one!

Founded by nation state attackers, Illusive's technology is trusted by large global financial companies, retailers, services organizations, and pharmaceutical companies.

Illusive's Identity Threat Detection and Response (ITDR) Solution Protects Privileged Accounts

**BURLINGTON, Mass., October 24, 2022 —** Aware, Inc. (NASDAQ: AWRE), a leading authentication company applying proven and trusted adaptive authentication to solve everyday business challenges with biometrics, disrupted the industry today with the introduction of its newest product, AwareID™. Gone are the days when advanced security was only available to those organizations with large budgets, deep IT teams and time to spare. AwareID combines the historically-disjointed best practices behind identity verification, multi-factor authentication and multi-modal biometrics into a single, low-code platform that is pre-configured for the most common use cases and is functional right from the start.

“We know that the increased frequency of data breaches, the rising rate of fraud and the introduction of government regulations and mandates have driven organizations from all industries to look for security solutions that promise protection,” commented Bob Eckel, president and CEO of Aware. “The problem is, what they find when they go looking is a plethora of products from a variety of providers that all need to be technically integrated and multi-sourced to make a complete offering. This sourcing and integration takes time, money and advanced technical knowledge—thus preventing any organizations that don’t have those resources available from deploying the level of security they need. With AwareID, we’re making the latest in next-generation authentication available to the masses.”

Pre-configured for the most common use cases, and positioned at an affordable price point, AwareID tackles onboarding and authentication to help organizations of all sizes improve their security posture while enhancing the end-user experience. Non-IT professionals can protect their organization through AwareID’s intuitive, easy-to-use, low-code administrative platform. For those organizations that do have deep technical expertise, IT teams can override the pre-configuration and scale the realm of possibilities to fine tune for unique requirements—or to simply develop internal workflows and/or trade secrets to drive differentiation for their organization and offerings.

“From a consumer perspective we know that users are fed up with passwords, as reiterated in our recent survey. From a customer perspective, we know organizations are struggling to piece together disparate technology in an attempt to find the right balance of friction and security,” says Craig Herman, chief revenue officer at Aware. “AwareID takes the burden off the customer’s organization and provides a functional offering that can be deployed in a matter of minutes versus months, and at a fraction of the cost of existing piecemeal solutions.”

Aware is leveraging its 25+ years of proven implementation expertise and converging machine learning, artificial intelligence and biometrics to provide a next-generation authentication platform that aligns with the needs of organizations and protects identities against newly-emerging attack vectors. AwareID’s scalability and open environment allow it to continue to adapt to enterprise needs and the changing security landscape, giving Aware’s customers an edge they can’t find anywhere else.

To learn more about how AwareID can help your organization—and how you can bring trusted technology deployed within more than 20 countries, more than 80 government agencies (including within 12 of the 15 major Departments in the U.S. Federal Government), and more than 100 commercial leaders to your company—visit awareid.com.

**About Aware**  
Aware is a global authentication company that validates and secures identities using proven and trusted adaptive biometrics. Aware’s software and software-as-a-service offerings address the growing challenges that government and commercial enterprises face in knowing, authenticating and securing individuals through frictionless and highly secure user experiences. Aware’s algorithms are based on the most diverse data sets in the world and can be tailored to the unique security and requirements of each customer. The company empowers users to have control over identities through clear, intuitive opt-in/opt-out features, helping them feel secure and improving their lives. Aware is a publicly held company (Nasdaq: AWRE) based in Burlington, Massachusetts. To learn more, visit https://www.aware.com or follow Aware on Twitter @AwareBiometrics.

**Safe Harbor Warning**  
Portions of this release contain forward-looking statements regarding future events and are subject to risks and uncertainties, such as the projected benefits and success of AwareID, and the growth of the biometrics markets. Aware wishes to caution you that there are factors that could cause actual results to differ materially from the results indicated by such statements.

Risk factors related to our business include, but are not limited to: i) our operating results may fluctuate significantly and are difficult to predict; ii) we derive a significant portion of our revenue from government customers, and our business may be adversely affected by changes in the contracting or fiscal policies of those governmental entities; iii) a significant commercial market for biometrics technology may not develop, and if it does, we may not be successful in that market; iv) we derive a significant portion of our revenue from third party channel partners; v) the biometrics market may not experience significant growth or our products, including AwareID, may not achieve broad acceptance; vi) we face intense competition from other biometrics solution providers; vii) our business is subject to rapid technological change; viii) our software products may have errors, defects or bugs which could harm our business; ix) our business may be adversely affected by our use of open source software; x) we rely on third party software to develop and provide our solutions and significant defects in third party software could harm our business; xi) part of our future business is dependent on market demand for, and acceptance of, the cloud-based model for the use of software: xii) our operational systems and networks and products may be subject to an increasing risk of continually evolving cybersecurity or other technological risks which could result in the disclosure of company or customer confidential information, damage to our reputation, additional costs, regulatory penalties and financial losses; xiii) our intellectual property is subject to limited protection; xiv) we may be sued by third parties for alleged infringement of their proprietary rights; xv) we must attract and retain key personnel; xvii) our business may be affected by government regulations and adverse economic conditions; xviii) we may make acquisitions that could adversely affect our results, xix) we may have additional tax liabilities; and xx) we believe the effects caused by the COVID-19 pandemic may have an adverse impact on our revenue over the next several quarters.

We refer you to the documents Aware files from time to time with the Securities and Exchange Commission, specifically the section titled Risk Factors in our annual report on Form 10-K for the fiscal year ended December 31, 2021 and other reports and filings made with the Securities and Exchange Commission.

Tag

#mac