Archive for November 4, 2021

Nine In 10 Enterprises Had An API Security Incident In 2020: F5

Posted in Commentary with tags on November 4, 2021 by itnerd

F5’s new report “Continuous API Sprawl: Challenges and Opportunities in an API-Driven Economy” exposes security threats posed by the global proliferation of APIs. It cites sectors such as retail and financial services, and notes more generally that: “More than nine out of ten of enterprises experienced an API security incident in 2020. Every API thus becomes a point on the security perimeter that can be potentially compromised if not properly architected or protected.”

“The number of APIs by 2030 will be in the 100s of millions, making it a significant scalability, manageability, and security challenge for our customers and the industry. It does not matter what parameters of the model we tweak; API sprawl will be a global problem. Discovery, networking, integration, and security are set to become significant challenges for the entire Dev and Ops ecosystem.” “APIs are prone to fraud and malicious behavior. External APIs must be validated continuously for trust, and internal API keys can be compromised, giving attackers access to critical infrastructure. If data is the new oil, then APIs could unfortunately become the new plastic, with byproducts wreaking havoc on the ecosystem.”

George McGregor, VP with Approov who is an API security expert offers third party perspective:

“The report does discuss the issue of “secrets sprawl”, highlighting how secrets such as API keys are often exposed when spread across a distributed infrastructure. It only takes one such key to allow an attacker to access illicitly an application service through an API and gain access to critical infrastructure. However, the report does not fully explore how the exploitation of such stolen secrets can actually be blocked in real-time. Such solutions do exist and should be evaluated by anyone who wants to take API security seriously.”

This is going to become a huge issue, if it isn’t already. Thus companies need to come to grips with this quickly.

UPDATE: I got additional commentary from Giora Engel, CEO and Cofounder, Neosec:

“APIs are the building blocks of digital transformation and quickly become the main asset that security teams need to focus on, to protect the business. Discovering APIs is a first critical step, but the real security value comes from analyzing the security posture and being able to Detect & Respond to protect critical business logic.”

UK Labour Party Pwned…. Data Swiped

Posted in Commentary with tags on November 4, 2021 by itnerd

The Labour Party in the UK has disclosed a “cyber incident” and that a “significant quantity of Party data” had been rendered inaccessible.

Or put another way, they were pwned by hackers who stole data.

The attack stemmed from a third-party affiliate which handles data on the Party’s behalf. The information stolen includes “information provided to the Party by its members, registered and affiliated supporters, and other individuals who have provided their information to the party”, this includes previous Party members, who have raised questions about why the Party has kept hold of their details. Take this Tweet for example:

The DPA is the Data Protection Act. While it’s not the GDPR, it isn’t trivial when it comes to dishing out penalties for this sort of thing.

Yan Michalevsky, CTO and Cofounder, Anjuna Security had this to say:

“Most data, unfortunately, is fundamentally naked and afraid. Once a bad actor has gotten past the castle gates, there is no defense. Data, for now, can’t protect itself.”

“Attackers can obtain privileged access to systems by means of zero-days acquired at the black market. Security technologies such as Confidential Computing can help protect data even in light of previously unknown privilege escalation techniques.”

Seeing as this is not the first time that the Labour Party has been pwned, they may want to do a significant re-think about their cyber defences.

StrikeReady Recognized As A Technology Innovator For Advanced Virtual Assistants In 2021 Gartner Report

Posted in Commentary with tags on November 4, 2021 by itnerd

StrikeReady, a cloud-based security operations and management company, announced today that it was named a Technology Innovator in Advance VAs by 2021 Gartner “Emerging Technologies: Tech Innovators in Advanced Virtual Assistants” report. According to Gartner, “this report highlights technology providers that advance and accelerate the use of virtual assistant technology. Technology providers were selected based on the observed ability to market and sell AI-based or AI-enabling technologies with proven capabilities for optimization and/or transformation.“

The Gartner report further states that, “By converging AI, data, automation and assist capabilities, software and business application providers within security and targeting other industries can help organizations to make more intelligent decisions faster with advanced VxAs. Domain-specific VAs can analyze data, automate processes, make order or supply chain adjustments, and enforce countermeasures in security or provide advice, while continuing to learn in real time, thus increasing their usefulness for employees and organizations.”

StrikeReady Inc. is a cybersecurity startup based out of California. The company was founded in 2019 and offers the industry’s first cloud-based security operations and management platform that enables organizations to increase the effectiveness, efficiency, and affordability of their security operations, while empowering and augmenting cybersecurity teams with institutional knowledge and automation.

StrikeReady is backed by several Bay Area VC firms, along with executives from FireEye, CrowdStrike, Zscalar, and others.

StrikeReady has won numerous awards and mentions in the short time that it has been in existence, including Security Today’s Product of the Year Award 2021, Globee’s Disruptor Award 2021, CB Insights 2021 Cyber Defender, and 2020 Red Herring’s Top 100 North America Award.

Connect with them at www.strikeready.co 

*Gartner, “Emerging Technologies: Tech Innovators in Advanced Virtual Assistants”, Annette JumpDanielle CaseyAdrian Lee, September 22, 2021.

SimScale Raises €25M Series C Extension Round To Transform Product Design And R&D

Posted in Commentary with tags on November 4, 2021 by itnerd

SimScale, the SaaS platform making high-fidelity simulation technically and economically accessible to engineers worldwide, today announces that it has raised an additional €25M as an extension to its Series C funding. The investment is co-led by Draper Esprit and New York-based global private equity and venture capital firm Insight Partners, with Earlybird, June, Vsquared, and USV also participating in the round. This follows on the heels of SimScale’s €27m Series C round in January 2020, bringing the total amount of funding raised in this round to €52m.

SimScale plans to use the new funding to expand into new industries, such as rotating machinery, electronics, and automotive, by adding additional simulation capabilities, as well as to broaden its enterprise offering to larger customers to further its vision of removing barriers to entry for engineering simulations across teams, applications, and industries.

Founded in 2012, SimScale’s web-based solution aims to remove the pain points of traditional, expensive computer-aided engineering (CAE) software so engineering teams can focus on what matters most: designing the best products. A cloud-native engineering simulation platform, the SimScale software enables engineering teams to get designs right faster by making highly accurate, end-to-end engineering simulations technically and economically accessible for any organization, anywhere in the world.

Many existing CAE solutions are difficult to use and cannot be scaled efficiently without the need for sizable amounts of both hardware and maintenance investment into software licenses, high-performance computing (HPC) hardware, and beyond. Existing software is also generally inflexible for customers looking for customizable engineering workflows and often requires significant time expenditures due to the difficulty of deploying the software.

SimScale’s SaaS solution delivers simulations via the cloud with the accuracy required for late-stage design validation, in addition to the ease of use needed for early-stage design simulation. With over 300,000 current users, the platform enables access to engineering simulations across R&D stages and cycles, applications and industries, and enables engineers to collaborate in real-time by default without the need for any hardware or maintenance investment.

According to a Jan 2021 report by Global Industry Analysts Inc, the global CAE market was worth an estimated $5.2B in 2020 and is anticipated to reach $8.7B by 2026, demonstrating the scale of the market opportunity. This new investment also comes off the back of SimScale’s recent strategic partnership with computational fluid dynamics (CFD) software company Simerics, making high-fidelity CFD models available in the cloud through the SimScale engineering simulation platform.

With SimScale, users are able to scale and optimize simulations and harness the virtually unlimited computational resources of the cloud to power best-in-class simulations of engineering problems. The SimScale platform also drives exceptional value for money through usage-based pricing, which makes the platform economically accessible and customizable based on budget.

Trend Micro’s Project 2030 – A Glimpse into the Future

Posted in Commentary with tags on November 4, 2021 by itnerd

Trend Micro today released a visionary new report and video dramatization articulating how the world might look at the start of the next decade — and how the security sector might respond to evolving cybercrime innovation.

By 2030, connectivity will impact every aspect of daily life, on both the physical and psychological levels. Malicious threat actors will evolve to use and abuse technological innovation – as they always do. Click here to learn more about Project 2030.

The report itself looks at the world in 2030 through the eyes of a fictional citizen, a business, and a government. It offers a detailed analysis of evolving cyber threats and how these might impact security stakeholders.

Among the predictions are:

  • AI tools democratize cybercrime on a whole new scale to individuals with no technical skill
  • Attacks cause chaos with supply chains and physical harm to humans through their cyber-implants
  • Social engineering and misinformation become more visceral and harder to ignore when delivered via ubiquitous Heads Up Displays (HUDs)
  • Massive IoT (MIoT) environments attract sabotage and extortion attacks targeting manufacturing, logistics, transportation, healthcare, education, retail, and the home environment
  • AI-powered obfuscation makes attribution virtually impossible, pushing the security industry’s focus towards incident response and IAM at the edge
  • 5G and 6G connectivity everywhere drive more sophisticated and precise attacks
  • “Everything as a Service” turns cloud providers into hugely lucrative targets for cyber-attackers
  • Grey markets emerge for those that want tools to confound workplace monitoring
  • Techno-nationalism becomes a key geostrategic tool of some of the world’s most powerful nations, with the gulf between them and the have-nots widening further

A successor to Trend Micro’s acclaimed 2012 report, Project 2020, the new paper was compiled from open-source research, vendor threat landscape reports, scientific abstracts, patents, an invitation-only online survey, and a CISO poll. The video dramatization of the report is meant to be an engaging, entertaining way to visualize the future and enable organizations to think about how they will need to adapt to new realities.

Just Dance 2022 – Launching Today

Posted in Commentary with tags on November 4, 2021 by itnerd

History has shown time and time again that nothing brings people together like dance. Unfortunately, our dance moves may have gotten a little rusty over the past year or two. It’s time to turn up the volume and break free with the return of Just Dance 2022!

This year’s version is accessible to any level of dance through several different modes. Team up with friends in Co-op Mode or get your heart rate up in Sweat Mode. Brush up on your dance moves casually or get a little competitive, the game is yours.

Featuring partner artist, Camilla Cabello, and in-game content from Taylor Swift, this year’s iteration of the popular game includes new hits and old classics. From Ciara’s “Level Up” to Katy Perry’s “Last Friday Night (T.G.I.F.)”, dancers can sharpen their moves and share in the groove with friends and family.

Just Dance 2022 is available for $59.99 on November 4, just in time for holiday celebrations! The game is available on Nintendo Switch and other platforms, and can be purchased at major Canadian retailers including Walmart Canada.