Cybersecurity

Data management platform Cohesity has announced the general availability of its next ‘as a service’ offering disaster recovery as a service (DRaaS). This new offering extends the exceptional disaster recovery (DR) capabilities provided by Cohesity SiteContinuity and adds the ability to use Amazon Web Services (AWS) as a recovery location for failover and failback in a Software as a Service (SaaS) model. This not only provides customers with more choice and flexibility, but also offers the following benefits:

• Minimize downtime and data loss: This greatly reduces the risks of potential downtime and data loss with snapshot-based backup and near-sync replication that together help ensure all data is captured and ready to failover in the event of disaster or cyberattack.
• Meet service level agreements (SLAs): Customers can easily design recovery plans and assign SLAs – and design it in minutes rather than weeks – to deliver the right level of resiliency across a broad range of applications while meeting business requirements.
• Simplify operations: Cohesity uniquely combines disaster recovery orchestration, snapshot-based backup, near-sync replication, and seamless failover to the public cloud in a single comprehensive offering – all managed through a single user interface to significantly simplify disaster recovery operations.
• Lower costs and improve time-to-value: Reduce idle infrastructure by using on-demand pay-as-you-go cloud infrastructure from AWS in the event of a disaster or test drill. Cohesity uniquely supports standard AWS infrastructure, such as Amazon Elastic Compute Cloud (Amazon EC2), in a DRaaS model. Customers also can speed up time to value by quickly spinning up a disaster recovery strategy without having to procure additional hardware or physical data centers.

Read Article

• Security startup Valence aims to help businesses better protect what Valence calls the “business application mesh. Valence helps businesses better understand the connections between the many enterprise SaaS and self-hosted applications they now use. Often, after all, a company may use APIs, automation tools like Workato or Zapier or SaaS marketplaces to get more value from their various tools. But at the same time, this network, which Valence dubs the “business application mesh,” often grows without a lot of governance, leaving the door open for a variety of security issues from the shadow connectivity, over-provisioned privileges and unmanaged third-party access that is the inevitable result of connecting all of these disparate systems.
• Among other things, this leaves a company open to an unvetted third party having privileged access into the ecosystem of their corporate applications and data. By being able to scan the connections to a relatively small number of core systems, Valence can quickly detect potential issues like unvetted vendors and help its users disconnect these — or automate the process if needed. Some customers, are able to reduce their risk surface by dozens and sometimes even hundreds of applications within a few days of getting started with Valence.

Read Article

• A new phishing campaign is targeting employees in financial services using links that download what is described as a ‘weaponized’ Excel document. The phishing campaign, dubbed MirrorBlast, was detected by security firm ET Labs in early September. Fellow security firm Morphisec has now analyzed the malware and notes the malicious Excel files could bypass malware-detection systems because it contains “extremely lightweight” embedded macros, making it “particularly dangerous” for organizations that depend on detection-based security and sandboxing. the attack chain in MirrorBlast resembles techniques used by a well-established, financially motivated Russia-based cybercriminal group that’s tracked by researchers as TA505. While the MirrorBlast attack starts with a document attached to an email, it later uses a Google feedproxy URL with a SharePoint and OneDrive lure that poses as a file share request. Clicking the URL leads to a compromised SharePoint site or fake OneDrive site. Both versions lead to the weaponized Excel document. The sample MirrorBlast email shows the attackers are exploiting the theme of company-issued information about COVID-related changes to working arrangements. the macro code can be executed only on a 32-bit version of Office due to compatibility reasons with ActiveX objects.

Read Article

Starling Bank is introducing a new control feature to allow customers to set their own contactless payment limit when the new £100 limit is introduced. The upcoming hike in the contactless spending limit on consumer debit cards has raised fears that they could become a target for fraudsters, who can escape unchecked for at least five transactions up to a maximum of £300 when tapping to pay at high street retailers.  Starling bank customers will be able to select a limit of their choice between £0 and £100, in £10 increments via a new control feature in the app. Customers will also be able to turn off contactless payments entirely by setting the limit at £0. For those who keep the contactless limit but then fear they have lost their card they can use the app to lock and unlock it instantly. Alternatively, they can opt to disable contactless, chip and pin or online payments via the app.

Read Article

Computing company Cornami is bringing Fully Homomorphic Encryption (FHE) to market. FHE is a game-changer in cloud-computing security as it allows for extracting valuable data analytics without ever decrypting the data to expose the underlying plaintext data, whether it is sensitive intellectual property (IP), financial information, personally identifiable information (PII), intelligence insight, or beyond. However, the challenge to date has been that FHE is too computationally intensive and costly to be commercially practical. Cornami’s break-through TruStream software compiler technology and reconfigurable computational-fabric architecture scales without penalties to meet computing-performance requirements that are critical to complex applications, including FHE. Cornami’s proprietary programming model and scalable architecture aims to deliver real-time Fully Homomorphic Encryption, which will fundamentally change how data is shared and monetized.  Privacy and data confidentiality become achievable goals, allowing a wide range of services to become accessible while maintaining full confidentiality of the data, the application, and service results.

Read Article

• Unbound Security unveiled code signing key protection capabilities within Unbound CORE to ensure enterprises defend against the rise in software supply chain attacks. Unbound CORE’s advanced code signing solution offers an enhanced approach with server-side deployment to enable centralized management and “scan-before-sign” capabilities in addition to client-side code signing approaches. Having this functionality on the server-side avoids the need to install, manage and patch or upgrade client-side tools and makes it possible to prevent key misuse. With the platform’s new “scan-before-sign” functionality, enterprises can enforce global security policies, such as having code scanned for malware or checked by multiple internal stakeholders before it can be signed. This is a game-changer in the prevention of supply chain attacks, which continue to make headlines and are a major threat for software providers.
• Unbound CORE creates a virtual mesh of an enterprise’s key management and protection devices, wherever they are. This provides a unified approach to key storage, giving organizations unbeatable security and the freedom to choose the key store that best suits their needs. CORE can be deployed on-premise, on any cloud, across multiple clouds, and in hybrid environments. CORE also eases issues with vendor lock-in for cloud applications and key management systems.

Read Article

Yubico has announced the general availability of the YubiKey Bio Series, the first YubiKey series that supports fingerprint recognition for secure passwordless and second factor logins. Built for biometric authentication on desktops, the YubiKey Bio Series supports modern FIDO2/WebAuthn and U2F protocols, in both USB-A and USB-C form factors. the YubiKey Bio does not require any batteries, drivers, or associated software. The new security keys integrate with the native biometric enrollment and management features supported in the latest platforms and operating systems. Once a YubiKey Bio is set up, users will experience secure second factor and passwordless logins for desktop-based FIDO-supported services and applications.

Its three chip architecture allows the biometric fingerprint material to be stored in a separate secure element which delivers enhanced protection from physical attacks. The YubiKey Bio acts as a single, trusted hardware-backed root of trust which allows the user to authenticate with the same key across multiple desktop devices, operating systems, and applications. The YubiKey Bio enables biometric login on desktop with all applications and services that support FIDO protocols and works out-of-the-box with Citrix Workspace, Duo, GitHub, IBM Security Verify, Microsoft Azure Active Directory and Microsoft 365, Okta and Ping Identity.

Read Article

• Incident response and recover startup incident.io has built a command center for running an incident directly within Slack, keeping customer-support teams, management and engineering in the loop on the remediation work. Incidents are announced in a Slack channel so that people can get notified when something happens. People can create incidents with a /incident shortcut. After that, io automatically creates a separate channel about the specific issue with the current date. Once again, users can interact with the service from the chat box in Slack or click on buttons. For instance, users can assign an issue to someone, add a summary, escalate the issue and more. And because it’s a Slack channel, people can discuss the issue in that channel as well. This way, all information remains available in the same place. When people are added to an ongoing incident, they receive a summary from Incident.io so that they don’t have to ask unnecessary questions.
• That information isn’t just restricted to Slack. Customers get their own Incident.io dashboard with a list of incidents. Each incident gets its own page with participants and a timeline of events. For instance, GitHub pull requests are automatically added to these timelines. Essentially, companies using Incident.io likely handle issues more gracefully and are more transparent about those issues. It should lead to a better experience for both team members and customers.

Read Article

Large unauthorised contactless payments can be made on locked iPhones by exploiting how an Apple Pay feature designed to help commuters pay quickly at ticket barriers works with Visa. In a demonstration video seen by the BBC, researchers were able to make a Visa payment of £1,000 without unlocking the phone or authorising the payment. The problem, applies to Visa cards set up in ‘Express Transit’ mode in an iPhone’s wallet. ” The researchers have so far demonstrated the attack only in the “lab” – and there’s no evidence that criminals are currently exploiting the hack. it’s a similar attack to having a contactless credit card terminal tapped against your wallet or purse. But this attack was rather more insidious,  as it doesn’t need the card terminal any more – just a small box of electronics that can relay the fraudulent transaction elsewhere. Perhaps the greatest worry is for a lost or stolen phone. The crook doesn’t have to be concerned about being spotted by others as they carry out the attack any more.” The researchers also said the attack might be easiest to deploy against a stolen iPhone.

Read Article

Cybersecurity startup SenseOn, employs cloud-based, AI powered techniques for its so-called “triangulation” approach to the challenge of cybersecurity covering endpoints, networks and microservices. The problem that SenseOn has identified is that the world of securityhas evolved to contain a plethora of point solutions, as well as differing approaches within those point solutions, to address different aspects of the cybersecurity challenge. While some of these are very effective, they are only taking on some of the battle, and if an organization wants to adopt the most secure policy, it might use a number of these in tandem, which in turn can slow down systems and response, or create other issues within them. SenseOn’s solution has been to build a system that essentially aims to do everything together, with some parts of the solution built by itself, and some parts integrating with other products. The approach is not unlike “how a human analyst thinks” which is why the AI aspect of the service, balancing different streams of information, is central to the approach. SenseOn is building not just weapons that security specialists can use to do their jobs better — the platform and the apps — but also ammunition — in the form of data that SenseOn picks up and organizes — to use with those weapons.

Read Article