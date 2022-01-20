ContributorsPublishersAdvertisers
Buyers Guide to Compliant Cloud Services for Defense Contractors

By Orlee Berlove
 3 days ago

When defense contractors look for a reliable source to store and share their controlled unclassified information (CUI), they will frequently turn to a cloud service provider (CSP). Cloud is a superior choice for contractors over storing on premise as cloud enables unlimited storage, access to data from anywhere, data resiliency, and...

Biden Signs Authority for NSS to NSA: Think CISA for Military, Intel Systems

Depending on how you look at it, President Biden’s Wednesday memorandum—which gave the NSA the type of authority over agencies operating national security systems that the Cybersecurity and Information Security Agency (CISA) has on civilian agencies—is either an example of the administration delivering on its promise to bolster cybersecurity or an example of it being a little slow putting teeth to the executive order the president signed last spring. Or maybe it’s both.
Entrust enables eIDAS-certified cloud signing services

US-based identity, payments, and data protection specialist Entrust has announced the completion of the Common Criteria evaluation of its Remote Qualified Signature Creation Device (QSCD). After completing the Common Criteria evaluation of the Entrust Remote Signing solution, Trust service providers can now guarantee the control of signers via digital signature...
Analysis of Xloader’s C2 Network Encryption

Xloader is an information stealing malware that is the successor to Formbook, which had been sold in hacking forums since early 2016. In October 2020, Formbook was rebranded as Xloader and some significant improvements were introduced, especially related to the command and control (C2) network encryption. With the arrival of Xloader, the malware authors also stopped selling the panel’s code together with the malware executable. When Formbook was sold, a web-based command and control (C2) panel was given to customers, so they could self-manage their own botnets. In 2017, Formbook’s panel source was leaked, and subsequently, the threat actor behind Xloader moved to a different business model. Rather than distributing a fully functional crimeware kit, Xloader C2 infrastructure is rented to customers. This malware-as-a-service (MaaS) business model is likely more profitable and makes piracy more difficult.
Datto Acquires Cybersecurity Company Infocyte

NORWALK, Conn., January 20, 2022 — Datto Holding Corp. (Datto) (NYSE:MSP), the leading global provider of cloud-based software and security solutions purpose-built for Managed Service Providers (MSPs), today announced that it has acquired threat detection and response company Infocyte, extending Datto’s security capabilities that protect, detect, and respond to cyberthreats found within endpoints and cloud environments.
SecZetta And Strivacity Announce Joint Offering to Automate Third-party Identity Risk Management and Customer Identity and Access Management (CIAM)

Solution offers easy-to-use risk-based access for partners and consultants – including vendors, consultants, and bots – with just a few clicks. Fall River, Mass. & Herndon, Va. – January 20, 2022 – SecZetta, a leading provider of third-party identity risk solutions, today announced a new partnership with Strivacity, a no-code customer identity and access management (CIAM) platform. Together, SecZetta and Strivacity offer organizations an automated solution for making risk-based decisions about when, where, and how non-employees, ranging from vendors to bots, can access their systems and data.
Observability, AI And Context: Protecting APIs From Today’s (And Tomorrow’s) Attacks

In today’s world, application programming interfaces (APIs) — the connective communication tissue between applications — are everywhere. Everyday consumer electronics, from cars to TVs, are busy talking to servers and to each other, enabled through APIs. Mission-critical enterprise applications have moved to the cloud, built on microservices architectures that communicate through APIs in order to work together in tandem, delivering critical services to users. Today’s digital economy is built on a foundation of APIs that enable critical communications, making it possible to deliver a richer set of services faster to users.
Digital Hygiene Tip From Our SOC: Update Your Cipher Suites and Certificates

It’s January, and most of us are hitting the gym, eating salads, and resolving to take better care of our health. This year, we’d encourage you to add “improve digital health.” We’re telling ThreatX customers to make sure their new year’s resolutions include good digital hygiene, such as updating cipher suites and certificates. 
What to Look for in an MSSP – Our Top 10 Tips, Plus Free Downloadable Checklist

When it comes to navigating the challenges presented by today’s cybersecurity landscape, most businesses need additional support. That’s where a managed security services provider (MSSP) can prove invaluable. MSSPs have their pulse on current and future cybersecurity needs, and can help clients navigate an ever-changing set of threats. But with hundreds of MSSPs out there, how do you choose the right one for your business? Read on to get our top 10 qualities to look for when evaluating an MSSP. As a bonus, we’ve included a free downloadable checklist at the end of this article.
Protecting Data in the Cloud: A Work in Progress

Throughout its history, the tech industry has had to deal with constant change, increasingly complex architectures and security challenges. Security is a particularly deep well of concepts to navigate. One offshoot of this is acronym fatigue, a never-ending, ever-changing mishmash of insider terms that are intended to define markets. The advent of cloud has taken this issue to an entirely new level.
What is a Cloud Native Application Protection Platform (CNAPP)?

When I first joined DeepFactor, I set out to learn as much as I could about the relevant markets and technology categories to inform our go-to-market strategy. One of the first questions I asked myself was “What category does DeepFactor fit into and what are the trends that are shaping that category?”
Deloitte Extends Managed Security Service to Include XDR

Deloitte today extended its portfolio of managed security services to include a managed extended detection and response (MXDR) offering that incorporates security monitoring and response capabilities developed by both Deloitte and its third-party partners. Curt Aubley, MXDR by Deloitte leader and a managing director for Deloitte Risk & Financial Advisory...
How ThreatX Can Help Address Cyber Insurance Critical Controls

Our customers often ask us for help addressing the requirements of insurers. It’s clear that securing APIs and web apps is increasingly top of mind for insurers; our customers tell us that these are the 10 most common controls insurers are looking at:. Managed vulnerabilities. Patched systems and applications.
6 Things Cyber Insurers Are Looking for in Cyberattack Claim Applications

The modern digital environment is more risky than ever before, and the incidence of cyberattacks only increased throughout the COVID-19 pandemic. In this day and age, even the most robust security systems may still be penetrated or breached by a sophisticated cyber-attack. This means companies can no longer afford to be complacent about security.
MSPs and MSSPs: 6 Password Management Tips

The majority of users, whether new employees or CEOs, don’t realize that even if their password meets complexity requirements, it doesn’t mean it’s secure. In fact, many common password policies are overdue for an update, as for several years now cybercriminals have been taking advantage of these password policy weaknesses.
Log4j Remediation (Case Study)

One of our clients was using the Log4j software library to manage their logging services and hence, they were one of the at-risk companies that required an immediate and resilient remediation solution. If not addressed promptly and properly, this vulnerability could have created devastating impacts including:. Disruption in regular business...
Tips for Defending Against Adversarial Actions Regardless of Their Origin

When an unfortunate event occurs, people tend to be curious about who was responsible for the event. It can be interesting and helpful to know who your enemy is and what their motives might be. But in cybersecurity, the primary focus is ultimately on preventative and detective measures to avoid similar issues.
Hunting for Log4j Vulnerabilities: A Fortune 100 Case Study

Finding Log4j Instances in Runtime and Tracking Completed Remediation at a Fortune 100 Company. Time is a funny thing. It’s hard to believe that it’s already been just over a month since Log4Shell, a zero-day vulnerability in the Java logging tool Log4j, was publicly disclosed on December 9th, 2021. The following day, I was contacted by one of our customers, a Fortune 100 company, for assistance with finding and patching Log4j instances amongst the millions of assets they manage. At the onset of the crisis they estimated it would take 2-3 months just to discover instances of Log4j across their environment, and several more months to remediate instances that were vulnerable.
Getting Ahead of Cybersecurity Challenges in 2022

2020 and 2021 saw more than their fair share of cybersecurity challenges, largely caused by the mass transition to remote work in response to the COVID-19 pandemic. As individuals and businesses rushed to ensure that work continued remotely during lockdowns, hackers were devising ways to take advantage of the resulting vulnerabilities. These issues, coupled with technological developments like the rapid adoption of IoT, saw cyberattacks and cybercrime rates rise rapidly. Businesses and individuals need to understand and be prepared to adjust their cybersecurity strategies in the coming year to adapt to the coming cybersecurity challenges that await in 2022.
A Cyber Attack Can Ruin Your Business – Are You Really Prepared?

‘If you fail to plan, you are planning to fail’. Without a proper cybersecurity program, you can’t guard your organization against data breaches, which makes it a powerful target for cybercriminals. Decision-makers can’t really exclusively depend on cybersecurity solutions like antivirus and firewalls as cybercriminals are getting smarter with their strategies each day.
