Check Point Software, Sophos, Trend Micro, WatchGuard, and Zimperium published security reports last week. ManageEngine revealed that it had attained a Spanish cybersecurity certification. LogRhythm published a press release rounding up its success in H1 2023, and VMWare announced a partnership with AMD and Samsung.

Check Point released the 2023 Cloud Security Report. Key findings from the report based on over 1000 responses included:

TJ Gonen, VP of Cloud Security at Check Point Software Technologies, commented, Our survey found that cloud misconfigurations are the foremost concern for todays CISOs. However, what sets successful cloud security organizations apart, is not only the ability to identify misconfigurations, but also to grasp their contextual relevance and prioritize their resolution.

Understanding which misconfigurations truly pose a risk to business operations is paramount. As is the capability to swiftly and effectively address those vulnerabilities to maintain a strong security posture. It is imperative for enterprises to select a comprehensive solution that goes beyond surface-level detection.

Check Point Software also published its Environmental, Social, and Governance (ESG) report for 2022. The report covers Check Points sustainability-related projects, technology, business and activities over the last twelve months.

Key highlights include how Check Point is increasing Digital resilience, focusing on Carbon neutrality, its social responsibility, governance and ethics.

Gil Shwed, Founder and CEO at Check Point, said: Our report is an accurate reflection of what weve achieved so far, as well as a glimpse of our future plans. ESG is of paramount importance to us, and were taking definitive steps to continuously improve. From committing to achieving carbon neutrality by 2040, to extending cyber education programs to eager learners worldwide, these actions and many more embody what I believe to be the essence of Check Point making the world safer while also making it better.

LogRhythm reviewed its success, and the product updates rolled out over the first half 2023. It reviewed the improvements to its Axon, SIEM, and NDR solutions.

Chris OMalley, CEO of LogRhythm, commented, LogRhythm demonstrates in our actions a dedication to improving security analysts experience by providing them with the tools they need to navigate the evolving threat landscape effectively. Our latest product enhancements empower security analysts, improve operational efficiency, and offer unparalleled visibility into potential risks. We remain committed to our customers success and resilience against cyber threats.

LogRhythm also celebrated achievements such as:

The company also won several notable awards, including the Frost & Sullivan Competitive Leadership Awards, the Colorado Technology APEX Awards and the Globee Gold Awards.

ManageEngine announced that it has successfully obtained the Spanish governments Esquema Nacional de Seguridad (National Security Framework) certification. The company achieved this certification in the INTERMEDIATE (medium) category in its first attempt after a rigorous evaluation of all its cloud and on-premises solutions by BDO, an independent audit firm.

The evaluation, encompassing audits of the companys European Union data centres (located in Dublin and Amsterdam), announced ManageEngine as a certified company that met all the compliance policy requirements.

Rajesh Ganesan, president of ManageEngine, commented, Regulatory frameworks ensure high levels of trust for citizens using government, public and private digital services. Over the last 13 years, the National Security Framework (ENS) has evolved into a comprehensive framework that helps companies make modern technologies more secure so people can use them with confidence.

We at ManageEngine are excited to receive this certification, which is a testament to our continued efforts to fulfil the needs of our Spanish customers.

Sophies published the The State of Ransomware in Manufacturing and Production 2023 report. It found that the adversaries successfully encrypted data in 68% of ransomware attacks against this sector. This is the highest reported encryption rate for the sector over the past three years and is in line with a broader cross-sector trend of attackers more frequently succeeding in encrypting data.

Manufacturers are increasing the use of backups, 73% (58% 2022) but are taking longer to recover, 55% recovered in less than a week (2022 67%)

John Shier, field CTO Sophos, commented, Using backups as a primary recovery mechanism is encouraging, since the use of backups promotes a faster recovery. While ransom payments cannot always be avoided, we know from our survey response data that paying a ransom doubles the costs of recovery. With 77% of manufacturing organizations reporting lost revenue after a ransomware attack, this added cost burden should be avoided, and priority placed on earlier detection and response.

Longer recovery times in manufacturing are a concerning development. As weve seen in Sophos Active Adversary reports, based on incident response cases, the manufacturing sector is consistently at the top of organizations needing assistance recovering from attacks. This extended recovery is negatively impacting IT teams, where 69% report that addressing security incidents is consuming too much time and 66% are unable to work on other projects.

Sophos recommend several actions for manufacturers that other sectors are already taking:

Trend Micro sponsored and published a SANS Institute report, Breaking IT/OT Silos With ICS/OT Visibility. The report reveals that enterprise Security Operation Centers (SOCs) are expanding their capabilities to the OT domain, but major visibility and skills-related challenges are causing roadblocks.

Bill Malik, vice president of infrastructure strategies at Trend Micro, said, IT-OT integration is already driving digital transformation for many industrial organizations, but to effectively manage risk in these environments, IT and OT security operations (SecOps) must also converge. OT security programs may be lagging, but theres a fantastic opportunity to close the visibility and skills gap by consolidating onto a single SecOps platform like Trend Vision One.

The study also reveals the top challenges organisations looking to expand SecOps face.

Trend Micro also published an Omdia report that revealed that most enterprises invest 5-10% of their IT budgets specifically on private 5G network security, despite an assumption that the technology is secure by default. They will spend $12.9B on Private Network Security by 2027.

The research reveals that 72% of global enterprises believe the 3GPP approach1 to private 5G security is sufficient. These network architectures were built with security in mind, and because they are private, they are inherently more secure than public 5G. However, that doesnt mean they are impenetrable to determined attackers. The report highlights requirements and priorities shared by security leaders for their 5G deployments.

Greg Young, vice president of cybersecurity at Trend Micro, commented, When it comes to private 5G network technology, theres no such thing as secure by default, so its reassuring that enterprises are looking to add their own protections. What will be crucial going forward is educating this new user base about where the most critical security gaps are and what a shared responsibility model will look like in these environments.

VMWare has announced that it is joining forces with AMD, Samsung, and members of the RISC-V Keystone community to simplify the development and operations of confidential computing applications. VMware researched, developed and open-sourced the developer-focused Certifier Framework for Confidential Computing project.

AMD, Samsung and VMware aim to address a significant barrier to adopting confidential computing by standardising on an easy-to-use, platform-independent API for creating and operating confidential computing applications.

Kit Colbert, CTO of VMware, said, Confidential Computing has the potential to secure workloads no matter where they run including in multi-cloud and edge settings. The challenge has been to help customers adopt and implement the standard with ease. The collective efforts of the growing ecosystem of contributors to Certifier Framework will help bring those benefits to bear to ISVs, enterprise customers, and Sovereign Cloud providersenabling them to use this emerging technology more easily and effectively.

WatchGuard announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analyzed by WatchGuard Threat Lab researchers in Q1 2023. The key findings included the following:

Corey Nachreiner, the chief security officer at WatchGuard, commented, Organizations need to pay more active, ongoing attention to the existing security solutions and strategies their businesses rely on to stay protected against increasingly sophisticated threats.

The top themes and corresponding best practices our Threat Lab have outlined for this report strongly emphasize layered malware defenses to combat living-off-the-land attacks, which can be done simply and effectively with a platform for unified security run by dedicated managed service providers.

Zimperium published its Global Mobile Threat Report 2023. Key findings included the following:

Jon Paterson, CTO of Zimperium, commented, There is a fundamental issue that todays modern organizations must contend withhow can they capitalize on the opportunities of being mobile-powered without being exposed to evolving risks.

To thrive, it is critical that they employ a mobile-first security strategyone where they continually prioritize and assess risk as close to the user and device as possible, and baseline and continuously assess vulnerability posture to operate in a known state with complete visibility.

They must take responsive action on risk detection: leverage zero trust and conditional access workflows, leverage XDR and autonomous, 3rd party integrations and ensure they assess and stay updated on global privacy regulations and the risks that affect apps they develop and use.

Security News from the week beginning 19th June 2023

See original here:
Security news from the week beginning 26th June 2023 - - Enterprise Times

Two-day Event Provides Primer on Latest Internet Security and DNS Industry Trends

SINGAPORE, June 28, 2023 /PRNewswire/ -- The second Asia Pacific (APAC) Domain Name System (DNS) Forum 2023 will be held on 45 July 2023 at the Hong Kong Convention and Exhibition Centre in Hong Kong. Approximately 400 people from the Asia Pacific region have registered for the hybrid event, which will take place in Hong Kong for the first time. The forum is co-organized by the Hong Kong Internet Registration Corporation Limited (HKIRC) and the Internet Corporation for Assigned Names and Numbers (ICANN).

The event will bring together experts from different fields, including DNS architects, network engineers, cybersecurity experts, and business leaders. The forum provides a platform for stakeholders from around the world to convene and discuss issues related to the latest Internet developments, such as DNS abuse, big data applications, digital transformation, cybersecurity, and the marketization of Internet infrastructure.

"The DNS is the fundamental 'glue' that holds the Internet together. Continued growth of the Internet, as well as emerging technologies and services, all rely on the Internet's unique Identifier systems, which ICANN helps to keep working through its coordination role. We look forward to sharing more on this with the participants," said ICANN Senior Vice President and Chief Technology Officer, John Crain.

Expressing his pleasure with working with ICANN, HKIRC Chairman Simon Chan, B.B.S., J.P. said, "We are honored to work with ICANN to host this regional event in Hong Kong. As a leading player in the Internet industry, HKIRC is committed to promoting the development of a secure, stable, and resilient Internet infrastructure in Hong Kong and beyond. This event provides a unique opportunity to bring together industry experts to discuss critical issues facing the Internet today."

The forum features a range of topics related to the diverse applications of DNS and its significance in shaping the digital landscape, with particular emphasis on the contribution of DNS to digital transformation and the digital economy.

One of the key topics to be discussed at the event is cyber-attacks and DNS abuse. Experts will highlight the importance of implementing comprehensive security measures and DNS management practices to prevent cyber-attacks and DNS abuse, which are two different but related issues that organizations need to be aware of in today's digital environment. Attendees will gain actionable insights on how to combat these threats and protect their DNS infrastructure.

The forum will also showcase the latest trends and innovations in big data, digital infrastructure, blockchain technology, and artificial intelligence. These developments offer great potential to facilitate the adoption of big data, digital infrastructure, and the digital economy, encouraging users to embrace the digital future. Attendees will be provided with practical strategies for success in these areas.

The growth of the Internet has played a key role in fostering the digital economy, digital infrastructure, and promoting smart cities. As technology continues to advance, the importance of the Internet and digital infrastructure is likely to only continue to grow, providing new opportunities for economic growth and improving the quality of life for people in cities around the world.

Visit the APAC DNS Forum 2023 website for more information. Registration is free and required to attend the event (virtually or in person). The closing date for registration is 2 July 2023.

About ICANN

ICANN's mission is to help ensure a stable, secure, and unified global Internet. To reach another person on the Internet, you have to type an address - a name or a number - into your computer or other device. That address must be unique, so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation and a community with participants from all over the world.

About HKIRC

Hong Kong Internet Registration Corporation Limited (HKIRC) is a not-for-profit and non- statutory corporation designated by the HKSAR Government to administer the registration of Internet domain names under .hk and country-code top level domains. HKIRC provides registration services through its registrars for domain names ending with .com.hk, .org.hk, .gov.hk, .edu.hk, .net.hk, .idv.hk, ., .., .., .., .., .., .hk and ..

Photo - https://mma.prnewswire.com/media/2142767/HKIRC.jpgLogo - https://mma.prnewswire.com/media/1810953/ICANN_Logo.jpg

SOURCE ICANN

Read the original:
International Experts Share Cybersecurity Tips at Hong Kong Forum ... - PR Newswire

Kevin Swanson, 35, from Sioux City, Iowa, entered a guilty plea in federal court on May 4, 2023, to possession of child pornography.

In a plea agreement, Swanson admitted that between August 2020, and August 2021, he used an Internet-based, peer-to-peer (P2P) network to knowingly receive visual depictions of minors engaged in sexually explicit conduct, including depictions involving prepubescent minors who had not reached the age of 12. Swanson had over 1,168 images and 4 video files of child exploitation materials.

Sentencing before United States District Court Chief Judge Leonard T. Strand will be set for a later date after a presentence report is prepared. Swanson was taken into custody by the United States Marshal pending sentencing. Swanson faces a sentence of up to 20 years imprisonment without the possibility of parole, a fine of not more than $250,000, a mandatory special assessment of $100 and a term of supervised release of at least 5 years to life.

This case was brought as part of Project Safe Childhood, a nationwide initiative launched in May 2006 by the Department of Justice to combat the growing epidemic of child sexual exploitation and abuse. Led by the United States Attorneys Offices and the Criminal Division's Child Exploitation and Obscenity Section, Project Safe Childhood marshals federal, state, and local resources to locate, apprehend, and prosecute individuals who sexually exploit children, and to identify and rescue victims. For more information about Project Safe Childhood, please visit http://www.usdoj.gov/psc. For more information about internet safety education, please visit http://www.usdoj.gov/psc and click on the tab resources.

The case was investigated by Homeland Security Investigations, the Sioux City Police Department, and the Nebraska State Patrol. The case is being prosecuted by Assistant United States Attorney Kraig R. Hamit.

Court file information at https://ecf.iand.uscourts.gov/cgi-bin/login.pl.

The case file number is 22-4080. Follow us on Twitter @USAO_NDIA.

Read this article:
Iowa Air National Guardsman Pleads Guilty to Possessing Child ... - Department of Justice

There are all kinds of embarrassing Google searches. A weird rash, your ex, common knowledge you really should know and all the words you cant spell.

Lots of people use search engines as a dictionary these days.

But which words are the hardest to spell?

The folks at unscrambled words - a Scrabble cheater/helper site - looked at a year of Google Search data to spill the beans.

It's as simple as pie, right? Think again! That cluster of vowels in the middle makes this one challenging. Break it down into syllables: res-tau-rant. Or, hey, picture yourself taking a rest, holding a "U" sign and ranting about something.

The silent p will get you every time. Pneumonia is an infection in one or both lungs. The word itself is packed with pesky extra letters. Hey, at least you probably wont need to spell it often.

How many people doing a Google search for this one gave up and said thanks? It starts tricky with the double "P." Picture someone handing you an apple as a thank you.

Kim Komando hosts a weekly call-in show where she provides advice about technology gadgets, websites, smartphone apps and internet security.

Listen on 425+ radio stations or get the podcast. And join over 400,000 people who get her free 5-minute daily email newsletter.

Finally, one with a classic rule you probably know: I before E, except after C. This checks the boxes, though that PT combo at the end is tricky, too. Sorry, youre just going to have to memorize it.

Yeah, a little harder than pretty. It helps to focus on the "beau" part handsome or attractive. After that, it's pretty smooth sailing.

Fear not, dear aunts and uncles, theres a phrase you already know for this one: I before E. The C might throw you off, but its after the IE combo.

You're in complicated territory whenever multiple spots could be one letter or another. It doesn't help that maintain a word that feels like it should be spelled the same is a little different. For this word, break it down into syllables: main-te-nance.

This slang term means fancy or characteristic of luxury. And youll find lots of people spelling it boujee. Remember, its a fancy word and a G feels a little fancier than a J, right? Right. After all, it comes from the word "bourgeoisie."

Bet you knew that one was coming. Imagine the urgency with which Google users typed those letters. Theres no shortage of ways to spell this one wrong. To spell this stomach-churning word correctly, remember the double R + H.

We're willing to be it's that "T" in the middle that trips people up the most. The way most of us pronounce it, it could be a "D" instead. Just remember "congrats" or that you "congratulate," and you're on the right track.

The rest is here:
The everyday words people really SHOULD know how to spell - Daily Mail

Nikita Kislitsin, formerly the head of network security for one of Russias top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsins prosecution could soon put the Kazakhstan government in a sticky diplomatic position, as the Kremlin is already signaling that it intends to block his extradition to the United States.

Nikita Kislitsin, at a security conference in Russia.

Kislitsin is accused of hacking into the now-defunct social networking site Formspring in 2012, and conspiring with another Russian man convicted of stealing tens of millions of usernames and passwords from LinkedIn and Dropbox that same year.

In March 2020, the DOJ unsealed two criminal hacking indictments against Kislitsin, who was then head of security at Group-IB, a cybersecurity company that was founded in Russia in 2003 and operated there for more than a decade before relocating to Singapore.

Prosecutors in Northern California indicted Kislitsin in 2014 for his alleged role in stealing account data from Formspring. Kislitsin also was indicted in Nevada in 2013, but the Nevada indictment does not name his alleged victim(s) in that case.

However, documents unsealed in the California case indicate Kislitsin allegedly conspired with Yevgeniy Nikulin, a Russian man convicted in 2020 of stealing 117 million usernames and passwords from Dropbox, Formspring and LinkedIn in 2012. Nikulin is currently serving a seven-year sentence in the U.S. prison system.

As first reported by Cyberscoop in 2020, a trial brief in the California investigation identified Nikulin, Kislitsin and two alleged cybercriminals Oleg Tolstikh and Oleksandr Vitalyevich Ieremenko as being present during a 2012 meeting at a Moscow hotel, where participants allegedly discussed starting an internet caf business.

A 2010 indictment out of New Jersey accuses Ieremenko and six others with siphoning nonpublic information from the U.S. Securities & Exchange Commission (SEC) and public relations firms, and making $30 million in illegal stock trades based on the proprietary information they stole.

[The U.S. Secret Service has an outstanding $1 million reward for information leading to the arrest of Ieremenko ( ), who allegedly went by the hacker handles Zl0m and Lamarez.]

Kislitsin was hired by Group-IB in January 2013, nearly six months after the Formspring hack. Group-IB has since moved its headquarters to Singapore, and in April 2023 the company announced it had fully exited the Russian market.

In a statement provided to KrebsOnSecurity, Group-IB said Mr. Kislitsin is no longer an employee, and that he now works for a Russian organization called FACCT, which stands for Fight Against Cybercrime Technologies.

Dmitry Volkov, co-founder and CEO, sold his stake in Group-IBs Russia-based business to the companys local management, the statement reads. The stand-alone business in Russia has been operating under the new brand FACCT ever since and will continue to operate as a separate company with no connection to Group-IB.

FACCT says on its website that it is a Russian developer of technologies for combating cybercrime, and that it works with clients to fight targeted attacks, data leaks, fraud, phishing and brand abuse. In a statement published online, FACCT said Kislitsin is responsible for developing its network security business, and that he remains under temporary detention in Kazakhstan to study the basis for extradition arrest at the request of the United States.

According to the information we have, the claims against Kislitsin are not related to his work at FACCT, but are related to a case more than 10 years ago when Nikita worked as a journalist and independent researcher, FACCT wrote.

From 2006 to 2012, Kislitsin was editor-in-chief of Hacker, a popular Russian-language monthly magazine that includes articles on information and network security, programming, and frequently features interviews with and articles penned by notable or wanted Russian hackers.

We are convinced that there are no legal grounds for detention on the territory of Kazakhstan, the FACCT statement continued. The company has hired lawyers who have been providing Nikita with all the necessary assistance since last week, and we have also sent an appeal to the Consulate General of the Russian Federation in Kazakhstan to assist in protecting our employee.

FACCT indicated that the Kremlin has already intervened in the case, and the Russian government claims Kislitsin is wanted on criminal charges in Russia and must instead be repatriated to his homeland.

The FACCT emphasizes that the announcement of Nikita Kislitsin on the wanted list in the territory of the Russian Federation became known only today, June 28, 6 days after the arrest in Kazakhstan, FACCT wrote. The company is monitoring developments.

The Kremlin followed a similar playbook in the case ofAleksei Burkov, a cybercriminal who long operated two of Russias most exclusive underground hacking forums. Burkov was arrested in 2015 by Israeli authorities, and the Russian government fought Burkovs extradition to the U.S. for four years even arresting and jailing an Israeli woman on phony drug charges to force a prisoner swap.

That effort ultimately failed: Burkov was sent to America, pleaded guilty, and was sentenced to nine years in prison.

Alexei Burkov, seated second from right, attends a hearing in Jerusalem in 2015. Image: Andrei Shirokov / Tass via Getty Images.

Arkady Bukh is a U.S. attorney who has represented dozens of accused hackers from Russia and Eastern Europe who were extradited to the United States over the years. Bukh said Moscow is likely to turn the Kislitsin case into a diplomatic time bomb for Kazakhstan, which shares an enormous border and a great deal of cultural ties with Russia. A 2009 census found that Russians make up about 24 percent of the population of Kazakhstan.

That would put Kazakhstan at a crossroads to choose between unity with Russia or going with the West, Bukh said. If that happens, Kazakhstan may have to make some very unpleasant decisions.

Group-IBs exodus from Russia comes as its former founder and CEO Ilya Sachkov remains languishing in a Russian prison, awaiting a farcical trial and an inevitable conviction on charges of treason. In September 2021, the Kremlin issued treason charges against Sachkov, although it has so far refused to disclose any details about the allegations.

Sachkovs pending treason trial has been the subject of much speculation among denizens of Russian cybercrime forums, and the consensus seems to be that Sachkov and Group-IB were seen as a little too helpful to the DOJ in its various investigations involving top Russian hackers.

Indeed, since its inception in 2003, Group-IBs researchers have helped to identify, disrupt and even catch a number of high-profile Russian hackers, most of whom got busted after years of criminal hacking because they made the unforgivable mistake of stealing from their own citizens.

When the indictments against Kislitsin were unsealed in 2020, Group-IB issued a lengthy statement attesting to his character and saying they would help him with his legal defense. As part of that statement, Group-IB noted that representatives of the Group-IB company and, in particular, Kislitsin, in 2013, on their own initiative, met with employees of the US Department of Justice to inform them about the research work related to the underground, which was carried out by Kislitsin in 2012.

View original post here:
Russian Cybersecurity Executive Arrested for Alleged Role in 2012 ... - Krebs on Security