Archive for May 11, 2023

Mosaic Launches Global Primary Cyber Coverage With Safe Security Partnership

Posted in Commentary with tags on May 11, 2023 by itnerd

Mosaic today announced it is underwriting primary cyber insurance globally, offering $20 million in capacity across its network of underwriting hubs. The specialty insurer launched the new coverage under a pioneering partnership with tech leader Safe Security to embed real-time cyber-risk data into its underwriting process.

Mosaic’s primary product leverages Safe Security’s award-winning cyber-risk platform, offering inside-out evaluation to organizations and rewarding their investment in security solutions through premium-rate incentives. Participating clients will be the first to benefit from the Mosaic x SafeInside partnership.

Cyber was Mosaic’s first product in 2021 and has become an increasingly important part of its specialty portfolio amid rising threats from cyber warfare, data breaches, ransomware, and other attacks on systems and software. Mosaic’s primary offering builds on the past two years of successful excess coverage in the vital sector, and partners with top-level breach specialists to help insured businesses rapidly recover from a cyber event.

The Mosaic Cyber Insurance Policy offers:

  • Clear, concise, and comprehensive policy wording for both first-party and third-party security and privacy events,including liability, regulatory proceedings, business interruption, breach response costs, voluntary shutdown, betterment, and bricking coverages
  • Diversified capital through Mosaic’s unique model which delivers syndicated placements to clients globally through established underwriting partnerships
  • Deeply-experienced cyber underwriting and claims teams in seven regional centers: London, Bermuda, Chicago, New York, Toronto, Frankfurt and Dubai
  • Access to Safe Security’s real-time, inside-out analysis of a company’s enterprise-wide cyber risk, allowing the most accurate exposure analysis, coverage, and pricing for brokers and insureds through Mosaic x SafeInside
  • An online response and recovery roadmap, connecting insureds with cyber-event specialists who help them navigate any cyberattack
  • Mosaic’s highly-skilled claims team, which has full claims-settlement authority

Primary and excess policies are designed to protect diverse industry types—from financial services and retail to manufacturing and construction—for stand-alone cyber coverage. Mosaic supports insureds’ ability to not only proactively prevent an attack, but respond and minimize damage in the aftermath.

The specialty insurer capitalizes on strong collaboration with public agencies to combat theft of data and intellectual property by cybercriminals as well as to help shape industry best practices. To date, Mosaic’s cyber team has worked with the FBI, Department of Homeland Security, and National Institute of Standards & Technology (NIST) in the US; the UK National Cyber Security Centre; and the European Union Agency for Cybersecurity (ENISA).

Driven by market demand, global uncertainty, and an increasing number of attacks, cyber is the fastest growing of Mosaic’s seven lines of business. The company’s other divisions include transactional liability, environmental liability, financial institutions, political risk, political violence, and professional liability.

Food Distributor Sysco Gets Pwned… Employee, Business, And Customer Data Swiped

Posted in Commentary with tags on May 11, 2023 by itnerd

One week ago, Sysco, a major global food distributor, confirmed in both its 10-Q report and an internal memo that they discovered a security breach where attackers stole sensitive, US and Canadian business, customer, and employee data. Sysco generated over $68 billion in sales in 2022.

While the investigation is ongoing, stolen data is said to include employee names, social security numbers, account numbers, and similar information provided for payroll purposes as well as data relating to business operations and customers. 

Sysco’s network of those possibly affected includes more than 71,000 employees, 333 distribution facilities worldwide and around 700,000 customer locations, including restaurants, healthcare, and educational facilities.

Roy Akerman, Co-Founder & CEO, Rezonate had this to say:

   “As more data unfolds as to the cause and impact of the Sysco security breach, certain steps are required to validate a complete understanding of the attacker’s path, objectives, any possible backdoor, and even attribution are critical to nail down quickly. Data already lost is unfortunate yet maintaining business operations is important to limit cost and recovery from this incident. 

   “In addition to the ongoing investigation of affected identities and facilities, it is important thing to stay focused on areas that were not impacted – as attackers may remain in the network in stealth mode, be in the process of acting, or already have acted but without being detected.”

This is pretty bad and shows that security breaches are non-trivial events. Thus companies need to take steps to ensure their environments are as resistant as possible to these sorts of events because this is what happens if your defences are not in place or adequate enough to resist these sorts of attacks.

New Era of BEC 3.0 Phishing Attacks: Creating Malicious Content Hidden and Hosted on Squarespace

Posted in Commentary with tags on May 11, 2023 by itnerd

In the realm of Business Email Compromise (BEC) attacks, cybercriminals are finding new ways to utilize popular, trusted platforms to launch their malicious activities as the use of legitimate services to propagate attacks is the new norm. Today, Avanan, a Check Point Software Company, have released an attack brief that brings to light a new wave of BEC attacks. 

The report elucidates how hackers are creating malicious landing pages in Squarespace, a reputable website building and hosting company, to bypass security checks like VirusTotal.

The emails associated with these attacks are seemingly innocuous, originating from legitimate domains and containing no alarming text. However, the actions that follow the email click-through are malicious. This highlights the importance of good browser security in complementing email security, as the malicious payload is often nested a few layers past the email.

In light of this new BEC variant, it’s essential for security professionals to implement security measures that scrutinize all URLs and emulate the pages behind them, along with educating users on these new threats.

The detailed attack brief is available at:

Guest Post: Millennials Lose Over 80 Hours Yearly To Outdated Workplace Tech

Posted in Commentary with tags on May 11, 2023 by itnerd

Technology should make our lives easier and our work more efficient. But that is not the case when we have to deal with outdated tech.  

According to data presented by the Atlas VPN team, based on the Skynova survey, Millennials are losing an average of 19.3 minutes per day due to outdated workplace technology, which adds up to a staggering 84 hours annually or 10.5 days of working time per year.

Gen Xers and Gen Z workers are also affected, wasting approximately 18.8 minutes (close to 82 hours yearly) and 18.2 minutes (79 hours yearly), respectively.

When looking at the numbers by industry, the financial sector reports losing the most time to outdated workplace technology, with an average of 23.7 minutes daily or approximately 103 hours per year. Interestingly, the financial industry also has the newest technology among sectors, with an average age of 3.7 years. 

Outdated technology is also a significant issue in the healthcare industry, consuming an average of 23 minutes daily (or close to 100 hours yearly) of workers’ time.

In the meantime, workers in both the government and retail sectors waste an average of 19.4 minutes of their daily work time dealing with outdated technology, which amounts to 84 hours per year. 

The cost of outdated technology

Although cost reduction is a priority for many business owners, they often fail to consider the long-term implications of outdated technology. Using old tech introduces inefficiencies and vulnerabilities that can lead to increased costs over time. 

Outdated technology and software can make an organization more vulnerable to exploitation, both from internal and external sources. When an organization fails to keep its operating systems and software up to date, it increases the risk of cyber attacks exploiting known vulnerabilities in those systems, which can lead to data breaches or theft of valuable company information.

Although newer technology may come with a higher price tag, failing to upgrade means that the costs of using outdated tech will only continue to rise. In the end, investing in new technology can ultimately result in long-term savings and increased efficiency and security for businesses.

To read the full article, head over to:

GitHub Now Auto-Scans For Secrets, And It’s Working

Posted in Commentary with tags on May 11, 2023 by itnerd

GitHub’s beta push protection program is now open to the public, auto scanning for a list of 230 token types. The service will proactively prevent leaks by scanning for secrets before a ‘git push’ operation is accepted. “If you are pushing a commit containing a secret, a push protection prompt will appear with information on the secret type, location, and how to remediate the exposure,” GitHub said today.


To help developers and maintainers across open source proactively secure their code, GitHub is making push protection free for all public repositories.

Push protection prevents secret leaks without compromising the developer experience by scanning for highly identifiable secrets before they are committed.

In certain instances, you may need to push code that has a secret in it–for example, fixing an outage with speed and addressing the secrets after. You can bypass push protection by providing a reason, for example, it’s used for testing, is a false positive, or is an acceptable risk that will be fixed later. Repository and organization administrators and security managers will receive an email alert on all bypasses and can audit any bypasses via their enterprise and organization audit logs, alert view UI, REST API, or webhook events.

Ted Miracco, CEO, Approov Mobile Security had this to say:

“Overall, the push protection program by GitHub is a step in the right direction, and could be especially impactful in improving mobile app security, for critical fintech and healthcare apps that leak secrets in over 90% of the apps tested. This an excellent tool for developers to use in securing their code, however it is only effective if CISOs are committed to enforcing the use of the capabilities. 

   “Making push protection free for all public repositories is another positive that can lower the barriers to use of this technology. However, it’s worth noting that the push protection feature can slow down the development process, and this may lead developers to bypass the testing in certain instances. It will be very important for administrators to keep track of any exceptions and to audit regularly to ensure compliance with the security of the system.”

This is a good move as it protects users from their own mistakes. Which in today’s environment could have far reaching consequences. Good on you GitHub!

The INFORM Act May Pose A Challenge In Terms Of Compliance For Online Marketplaces

Posted in Commentary with tags on May 11, 2023 by itnerd

The INFORM Act or The Integrity, Notification, and Fairness in Online Market Retail Marketplaces for Consumers Act is a legislative effort to protect consumers from unknowingly purchasing stolen, counterfeit, or unsafe consumer products from online sellers. With a June 27, 2023 compliance deadline, operators of online marketplaces should start taking steps to comply with its mandates. 

Here’s the TL:DR: The act’s purpose is to establish a baseline level of transparency to make it easier for consumers to identify exactly who they are buying from while making it harder for deceitful sellers to avoid identification.

The INFORM Act imposes new and rather hefty due diligence and disclosure requirements on all online marketplaces: the electronically based, “consumer-directed” platforms that “facilitate or enable third party sellers to engage in the sale, purchase, payment, storage, shipping or delivery of a consumer product.” 

High-volume third-party sellers (defined as vendors with more than 20 transactions and $5,000 in sales revenue within in a 12-month period) will be required to provide verifiable authenticating information to eliminate the anonymity they sometimes enjoyed on some platforms. The marketplaces will be responsible for collecting and verifying that information. Which includes:

  • Bank account number
  • Tax ID number (corporate sellers) or social security number (individual sellers)
  • Working phone number
  • Working email address
  • Copy of a government-issued record or tax document that includes the business name and physical address

In addition, for sellers with annual revenue through a given marketplace of $20,000 or more, marketplaces must collect, verify, and display the seller’s name and physical address on a product page, in purchase confirmations, or in order details.

This will all be enforced by the FTC. Now all of this sounds great. But there might be a couple of hidden pitfalls, Ani Chaudhuri, CEO, Dasera speaks to that:

Implementing the INFORM Consumers Act aims to increase transparency and protect consumers from counterfeit, stolen, or dangerous products. However, the verification process may raise concerns about collecting, storing, and handling personal data. Online marketplaces must adhere to stringent data protection laws and ensure that the collected information is used solely for the purposes outlined in the Act. Additionally, they must safeguard sensitive information from unauthorized access and potential breaches to maintain consumer privacy.

To protect sensitive seller information, online marketplaces should implement robust security measures like data encryption, secure authentication protocols, and regular security audits. Furthermore, they should have a well-defined data retention and deletion policy to minimize risks associated with data storage. Marketplaces must also establish incident response plans and invest in employee training to ensure their staff can handle potential security breaches or unauthorized access.

Key provisions of the INFORM Consumers Act impacting high-volume third-party sellers include verifying their government ID, tax ID, bank account information, and contact details. Small business owners may face challenges, such as increased administrative burdens, potential privacy concerns, and additional costs associated with compliance. They may also experience increased competition due to heightened transparency, which could impact their online marketplace operations.

Experts expect the INFORM Consumers Act to change the online marketplace landscape significantly. Increased transparency and accountability may deter fraudulent sellers, creating a safer and more trustworthy consumer environment. Complying with the new regulations may lead to increased administrative work and costs for sellers, but it could also boost consumer trust in their products. Overall, the Act is expected to promote a more level playing field and foster healthy competition.

To comply with the INFORM Consumers Act without compromising operations or competitiveness, small business owners should:

a. Familiarize themselves with the Act’s requirements and implement necessary changes promptly.
b. Invest in secure data storage and management solutions to protect sensitive information.
c. Maintain transparent communication with customers to build trust and credibility.
d. Continuously monitor and adapt to changes in the online marketplace landscape to stay competitive.

Industry experts generally view the INFORM Consumers Act as a positive step toward ensuring integrity, notification, and fairness in online retail marketplaces. The Act aims to protect consumers and promote transparency. However, its effectiveness will depend on the FTC’s enforcement measures and the online marketplaces themselves. There may be areas for further consideration or refinement, such as addressing potential privacy concerns, minimizing administrative burdens on small businesses, and providing support to help them comply with the new requirements.

Hopefully online marketplaces can adapt to this new reality quickly. I can see this being a non-issue for big online marketplaces. But smaller ones may struggle to adapt. Let’s hope that everyone gets their respective houses in order by the implementation date of June 27 so that online commerce can be a better place for all.

Intensity of Ransomware Ops in April 2023 Decreased from Preceding Month: GuidePoint Security

Posted in Commentary on May 11, 2023 by itnerd

GuidePoint Security has published its monthly GuidePoint Research and Intelligence Team’s (GRIT) Ransomware Report, which observed interesting ransomware movements in April 2023.

The findings reveal the intensity of ransomware operations in April decreased from the preceding month across heavily attacked countries and industries. Notably, attacks on threat groups targeting government, automotive, transportation, telecommunications, and legal sectors saw a significant drop.

The report analyzes: 

  • How do top ransomware victims by country and geographic implications compare to the past?
  • What were the most active threat groups targeting which most frequently impacted industries? 
  • Why distinguish ransomware groups into categories: full-time, rebrand, splinter, and ephemeral?
  • Which ransomware trends and new threat actor groups were tracked last month?

You can read the research here.