CISA is on the forefront in the war against malware and cybersecurity threats, tracking threats and working with organizations to counter them. The agency’s Malware Next-Gen is a malware analysis platform that uses a combination of methods to identify malware.

CISA’s Malware Next-Generation “Next-Gen” Analysis platform provides automated malware analysis support for all U.S. federal, state, local, tribal, and territorial government agencies. Analysis is performed by a combination of static and dynamic analysis tools in a secure environment and results are available in PDF and STIX 2.1 data formats.

CISA has made the tool available to the public, with the ability to use it as a registered or anonymous user, although only registered users will receive analysis reports.

Please note, the Malware Next-Gen Analysis platform is a U.S. government computer and information system. To receive analysis of any malware samples you submit to this system, you will need to create a user account and consent to monitoring of your activities. Access to this system is restricted to authorized users only and subject to rules of behavior.

Users who wish to submit malware samples without registering may use Anonymous submission. Unregistered users are not required to provide any contact information; however, users who use this submission method will not have access to analysis results.

Users can submit files anonymously here. Users who wish to register can do so at login.gov.

AlmaLinux began its life as a 1:1 RHEL-compatible Linux distro, giving organizations a less expensive alternative to RHEL. When Red Hat announced its controversial decision to restrict access to RHEL’s source code, AlmaLinux pivoted to become Application Binary Interface (ABI) compatible.

A major benefit of this approach is that AlmaLinux no longer needs to wait for RHEL to patch a vulnerability, a point the distro has just proven. AlmaLinux OS Foundation Chair benny Vasquez announced the fix for CVE-2024-1086 on the organization’s website.

In January of this year, a kernel flaw was disclosed and named CVE-2024-1086. This flaw is trivially exploitable on most RHEL-equivalent systems. There are many proof-of-concept posts available now, including one from our Infrastructure team lead, Jonathan Wright (Dealing with CVE-2024-1086). In multi-user scenarios, this flaw is especially problematic.

Though this was flagged as something to be fixed in Red Hat Enterprise Linux, Red Hat has only rated this as a moderate impact. Our users have asked us to patch this more quickly, and as such, we have opted to include patches ourselves. We released this kernel patch to the testing repo last weekend and plan to push it to production on Wednesday, April 3rd.

Vasquez also took the opportunity to assure users that AlmaLinux was not impacted by the recent XZ backdoor.

The entire open source world exploded last Friday as a reporter shared that they had identified a backdoor in the open source data compression utility XZ. Thanks to both the diligence of the reporter, Andres Freund, and the nature of beta and rolling releases being used for testing, this back door was identified much earlier than it might have otherwise been. Because enterprise Linux takes a bit longer to adopt those updates (sometimes to the chagrin of our users), the version of XZ that had the back door inserted hadn’t made it further than Fedora in our ecosystem.

Vasquez concluded by emphasizing the newfound freedom that comes with being a “Red Had equivalent operating system,” rather than a 1:1 compatible one.

Security is a priority at AlmaLinux, and once again we’re patching something we feel is super important. This is part of the freedom that comes with being a community-powered Red Hat equivalent operating system. We appreciate the members of our community that reported, worked to fix, and have tested our security updates.

Betz’s transition from Capital One to AWS was not merely a career move but a testament to the growing significance of cloud-based security solutions. “One of the things, as I spent several years there, that I kept on realizing was how much our work relied on the security of AWS. As you know, Capital One is all in the cloud and has closed its data centers. And so that journey at Capital One, the security work at Capital One with AWS led me to appreciate how incredibly important the technology we bring is to that trust and the security of so many businesses.”

Reflecting on his tenure at AWS, Betz highlighted the subtle yet profound shifts in perspective that come with assuming the role of CISO. “It’s one thing to hear about those conversations about security being Job Zero, the top priority at AWS. It’s another thing to live it, have those conversations, and be challenged by my business and technology partners about whether we are moving fast enough. Are we raising the bar enough? Are we staying ahead of the threats?”

Central to Betz’s approach is the recognition that effective cybersecurity transcends mere technical proficiency—it requires a fundamental shift in mindset and culture. “It does. There’s not a… Well, I mean, I’m in security, so every conversation I have will have that to some degree. But it’s amazing to be in meetings that are not even on security topics. As a senior leader, one of the things I do appreciate about AWS is that they involve security in non-security specific meetings. And I get to be part of those conversations and have other people bring up, ask about security, and think about how we do that better. Just like you said, that culture that is everywhere really, really matters.”

When measuring a security program’s effectiveness, Betz eschews conventional metrics in favor of a more nuanced approach. “It’s an excellent question. And often, when I’m asked that question, people expect me to jump to metrics or measurements. And there’s certainly a slew of metrics and measurements we can use to help describe what’s going on in security. But one of the things that I think is truly a leading indicator is the degree to which the business and the technology organizations see security as an enabler of them achieving their programs.”

In the realm of boardroom discussions, Betz emphasizes the need for security leaders to tailor their communication to the unique dynamics of each board. “That is a great question. And honestly, I have never seen two companies who do it the same way. Part of that is because it’s important to discuss risk within the business context.”

As Betz continues to navigate the ever-evolving landscape of cybersecurity, one thing remains clear: the CISO’s role is more critical than ever. With cyber threats growing in frequency and sophistication, organizations must invest not only in technology but also in the people and processes that form the foundation of effective cybersecurity. At AWS, under Betz’s leadership, the pursuit of security excellence remains steadfast, ensuring that businesses can trust in the integrity and resilience of the cloud.

Repsol’s commitment to the energy transition underscores its proactive stance towards embracing alternative energy sources and reducing carbon emissions. As Quintela explains, this shift necessitates a robust cybersecurity posture to mitigate risks associated with digital transformation initiatives. Quintela emphasizes the need for organizations to balance cybersecurity with operational efficiency, particularly in environments where information technology (IT) and operational technology (OT) converge.

Against the backdrop of an evolving threat landscape characterized by increasingly sophisticated cyber attacks, Quintela outlines three key strategies for critical infrastructure companies:

Understanding Cybersecurity as a Business Risk: Boards of directors must recognize cybersecurity as a business risk and assess its potential impact on organizational operations. This entails quantifying cyber threats and developing specific plans to achieve desired risk tolerance levels.

Staying Aware of Regulatory Requirements: Compliance with cybersecurity regulations, such as the NIS Directive in the EU and the SE Rule in the US, is essential. Boards must remain informed about evolving regulatory frameworks and ensure their organizations adhere to relevant laws and directives.

Investing in Resources and Specific Plans: Boards should support allocating resources and the development of comprehensive cybersecurity plans. This includes ongoing investments in cybersecurity controls and balancing security measures and operational needs.

Integral to effective cybersecurity is the integration of cybersecurity into company culture. Quintela underscores the importance of fostering a culture of cybersecurity awareness among employees at all levels. From business leaders making strategic decisions to frontline staff serving as the first line of defense against cyber threats, a culture where cybersecurity is ingrained in decision-making processes and everyday operations is paramount.

Quintela also discusses the criteria critical infrastructure companies consider when selecting trusted partners to assist in executing their OT cybersecurity roadmap. Compatibility, effectiveness, and innovation are key factors, ensuring that technology solutions are secure, adaptable, and capable of evolving alongside emerging threats.

Quintela’s insights underscore the critical role of cybersecurity in safeguarding critical infrastructure against cyber threats. By adopting proactive strategies, staying abreast of regulatory requirements, and fostering a culture of cybersecurity awareness, organizations can enhance their resilience and confidently navigate the cybersecurity landscape in an increasingly digitized world.

The conversation began with a reflection on the past as panelists reminisced about the early days of the CISO role. “When I started, the CSO role was kind of a unicorn,” remarked one participant. “You rarely encountered someone with that title, and security was often viewed as a utility rather than a strategic asset.”

Indeed, the role of the CISO has undergone a remarkable transformation over the years, transitioning from a technical position to a critical business function. As cybersecurity threats continue to evolve and multiply, organizations increasingly recognize the importance of proactive risk management and compliance.

“In the past, technical skills were a must for aspiring CISOs,” noted another panelist. “But today, while technical acumen is still valuable, the soft skills set successful CISOs apart. Communication, collaboration, and the ability to translate complex security concepts into business terms are now essential.”

The discussion also touched on the growing accountability placed on CISOs, particularly in light of new regulations and mandates. “CSOs today are facing new challenges and increasing workloads,” explained one participant. “They’re being held more accountable for security actions or inactions taken by the business, and the struggle is only going to get harder.”

Despite the challenges, the panelists were optimistic, emphasizing the importance of agility, adaptability, and continuous learning in the ever-changing cybersecurity landscape. “The key to success as a CISO is the ability to evolve and innovate,” remarked one industry expert. “It’s about anticipating future threats, navigating complex regulatory environments, and effectively communicating with stakeholders at all levels of the organization.”

As the discussion drew to a close, there was consensus that the role of the CISO will continue to evolve in response to emerging threats and technological advancements. “The future of cybersecurity is uncertain,” concluded one panelist. “But with the right leadership, collaboration, and commitment to excellence, we can rise to meet any challenge that comes our way.”

In a world where cybersecurity is no longer an afterthought but a strategic imperative, the role of the CISO has never been more important. As organizations navigate the complex cybersecurity landscape, they can take comfort in knowing that they have dedicated professionals at the helm, guiding them safely through the digital wilderness.

Palo Alto Networks surprised the market with a $600 million billings shortfall forecast, signaling cracks in its consolidation strategy. This development had a ripple effect, dragging down other consolidation players like CrowdStrike and Zscaler. However, a closer look at the dynamics reveals different stories for each company.

CrowdStrike’s Impressive Momentum

CrowdStrike’s recent earnings report showcased impressive momentum, with $3.44 billion in Annual Recurring Revenue (ARR), representing 34% growth. The company’s success can be attributed to its platform approach, which leverages AI and encompasses more than just endpoint security. CrowdStrike aims to expand beyond its core endpoint business, with cloud, identity, and next-gen security modules driving growth.

One of CrowdStrike’s key strengths lies in its ability to adapt and innovate, evident in its focus on AI-driven solutions like Charlotte Gen AI. This platform expansion strategy positions CrowdStrike as a formidable player in the cybersecurity space, with a clear path to becoming a next-generation software company.

Challenges for Palo Alto and Zscaler

On the other hand, Palo Alto Networks faced challenges with spending fatigue among customers and difficulties in converting them to its platform. This resulted in the company offering free trials to bridge the gap and retain customers. Meanwhile, Zscaler’s recent earnings report, despite beating expectations, faced scrutiny from analysts, leading to concerns about billing and guidance.

The Power of Platforms

The success of CrowdStrike underscores the importance of platforms in cybersecurity. Unlike traditional product-focused approaches, platforms offer unified solutions that simplify deployment and management for customers. CrowdStrike’s founder-led, mission-driven approach, coupled with its cloud-native architecture and AI capabilities, positions it as a leader in the space.

As cyber threats continue to escalate, organizations recognize the value of investing in robust cybersecurity solutions. While budget constraints may pose challenges, the ROI of cybersecurity lies in reducing the impact of breaches and mitigating associated risks. Ultimately, companies that prioritize innovation and adaptability, like CrowdStrike, are poised to thrive in an increasingly complex threat landscape.

Recent developments in the cybersecurity sector highlight the importance of platform-based approaches and innovation in addressing evolving threats. While challenges persist for some players, those that prioritize customer needs, leverage emerging technologies, and demonstrate resilience are well-positioned for long-term success.

Companies and organizations of all sizes are facing unprecedented cybersecurity threats, with AI increasingly being used to carry out attacks. Google is trying to turn the tables, using AI to help bolster cybersecurity. The company wants to help organizations tackle “Defender’s Dilemma” with its new AI Cyber Defense Initiative.

Phil Venables, Google Cloud VP, CISO, and Royal Hansen, VP of Engineering for Privacy, Safety, and Security outlined the initiative in a blog post:

Today, and for decades, the main challenge in cybersecurity has been that attackers need just one successful, novel threat to break through the best defenses. Defenders, meanwhile, need to deploy the best defenses at all times, across increasingly complex digital terrain — and there’s no margin for error. This is the “Defender’s Dilemma,” and there’s never been a reliable way to tip that balance.

Our experience deploying AI at scale informs our belief that AI can actually reverse this dynamic. AI allows security professionals and defenders to scale their work in threat detection, malware analysis, vulnerability detection, vulnerability fixing and incident response.

The executives outline Google’s three-part plan, including its efforts to foster a “secure by design and by default” AI ecosystem; empower organizations with expansions to its Google.org Cybersecurity Seminars Program and open-sourcing its AI-powered Magika that is used to help detect malware; and advancing AI-powered security researched with $2 million in research grants.

The company has a detailed report available for those looking to learn more.

IronNet surprised the industry when it announced it would file for bankruptcy and shut down. The firm originally launched to much fanfare, boasting former NSA director Keith Alexander as one of its founders.

Unfortunately, experts warn IronNet is just the beginning. The industry’s issues stem from what many see as unrealistic expectations regarding potential growth, setting firms up for disaster.

“We will see more of these bankruptcies with highly leveraged cybersecurity companies, even those with ‘unicorn status’,” Approov CEO Ted Miracco told SC Media, highlighting an IANS Research report showing a 6% expansion in security budgets.

“This is fundamentally incompatible with the large cadre of VC backed companies that expect triple-digit growth figures, especially in this current economic environment,” he added.

Mirraco says the firms that are best-positioned to survive are those that already have a track record of thriving in challenging environments and have a solid focus on innovation and profitability.

“With a fragile economy and a very crowded NDR market, it’s even more critical for those of us in this space to get back to these basic principles,” said Stamus Networks CEO Ken Gramley.

“Looney Tunables” is a GNU C Library (glibc) privilege escalation exploit that grants local users full root access. The flaw was discovered by security researchers at Qualys. Because of glibc’s widespread use, the vast majority of distributions are affected by this particular flaw, according to Saeed Abbasi, Product Manager – Threat Research Unit:

We have successfully identified and exploited this vulnerability (a local privilege escalation that grants full root privileges) on the default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13. It’s likely that other distributions are similarly susceptible, although we’ve noted that Alpine Linux remains an exception due to its use of musl libc instead of glibc. This vulnerability was introduced in April 2021.

Abbasi says the vulnerability poses “significant risks” to Linux distributions and their users:

Our successful exploitation, leading to full root privileges on major distributions like Fedora, Ubuntu, and Debian, highlights this vulnerability’s severity and widespread nature. Although we are withholding our exploit code for now, the ease with which the buffer overflow can be transformed into a data-only attack implies that other research teams could soon produce and release exploits. This could put countless systems at risk, especially given the extensive use of glibc across Linux distributions. While certain distributions like Alpine Linux are exempt due to their use of musl libc instead of glibc, many popular distributions are potentially vulnerable and could be exploited in the near future.

Fortunately, Debian, Gentoo, Ubuntu, and Red Hat have already patched the issue. Needless to say, users should update immediately.

Red Hat made the announcement in an email to the list:

This is a notification to inform all subscribers that on October 10, 2023, the rhsa-announce mailing list will be disabled by Red Hat Product Security, and no additional Security Advisory notifications will be sent to this list.

Moving forward, users will need to use their Red Hat account to receive security notifications, or subscribe to the company’s RSS feed:

To continue receiving information about released security advisories, logged-in users that have active Red Hat Subscriptions can set up notifications at:

https://www.redhat.com/wapps/ugc/protected/notif.html

Alternatively, all users can make use of the Red Hat Security Errata RSS feed published at:

https://access.redhat.com/security/data/metrics/rhsa.rss

Or consume security advisories in a machine-readable format at:

https://access.redhat.com/security/data/csaf/v2/advisories/

The company announced the news in a regulatory filing:

On September 29, 2023, given the unavailability of additional sources of liquidity and after considering strategic alternatives, IronNet, Inc. (the “Company”) ceased all activities of the Company and its subsidiaries and terminated the remaining employees of the Company and its subsidiaries. As a result, all of the material business activities and operations of the Company ceased, the Company does not have the ability to satisfy its debts and related obligations, the Company will no longer have the capability to prepare financial statements and other disclosures required for periodic reports for filing with the Securities and Exchange Commission, and the related actual and potential effects on the Company and its subsidiaries will be material and adverse. The board of directors of the Company further authorized the Company to take such actions necessary to prepare for and, subject to final approval by the board of directors to be given at a subsequent meeting, file a voluntary petition for relief under the applicable provisions of the United States Bankruptcy Code (the “Bankruptcy Code”) in the United States Bankruptcy Court (the “Bankruptcy Filing”) as expeditiously as possible.

The revelation is an ignominious end to a company that once held quite a bit of promise in the cybersecurity industry.

NordVPN is one of the most well-respected VPN providers in the world. The company is working to deliver even more cybersecurity tools and will use NordLabs to develop and test them, according to a company tweet:

NordLabs by NordVPN is here! NordLabs is a place where cutting-edge cybersecurity tools are born. It will let you try and experience new online security tools, evaluate them, and contribute to overall safety online. Sign up today: https://content.nordvpn.com/47Rq7QP

NordVPN (@NordVPN) — August 28, 2023

Among the areas of focus is using artificial intelligence to provide improved cybersecurity and combat threats posed by bad actors using AI.

One such effort is Project Sonar:

Turning the tables: Employ AI to identify phishing attacks*

Phishing attacks are evolving together with AI technology, and we’re here to beat cybercriminals in their own game. Meet Sonar, a browser extension that detects phishing emails. Install it, open an email, scan it, and Sonar will let you know how likely it is to be a phishing scam. It will also point out which aspects of the email affected that decision and tell you what signs to look out for. **

Phishing attacks are evolving together with AI technology, and we’re here to beat cybercriminals in their own game. Meet Sonar, a browser extension that detects phishing emails. Install it, open an email, scan it, and Sonar will let you know how likely it is to be a phishing scam. It will also point out which aspects of the email affected that decision and tell you what signs to look out for.

Another project is Project Pixray:

Fighting fire with fire: Using AI to detect AI generated images

A talented artist with a vivid imagination or a layperson with unlimited Midjourney credits? No need to count the fingers and teeth — upload images to Pixray and check them for AI-generated content.

The company is looking for feedback to help it identify which projects can become viable options to help keep users safe and secure:

And we are inviting you to join us — by using these experimental tools and giving feedback, you will help us understand which of them have a fighting chance to keep us safe from digital threats. Some tools will work flawlessly, others may have a bug or two, so expect the unexpected.

In a LinkedIn post, Yoran detailed how researchers at his company discovered a flaw in Azure that could “enable an unauthenticated attacker to access cross-tenant applications and sensitive data, such as authentication secrets. To give you an idea of how bad this is, our team very quickly discovered authentication secrets to a bank.”

Tenable’s researchers notified Microsoft of the issue in March 2023 when it was discovered. Unfortunately, Yoran says Microsoft didn’t fix the issue:

Did Microsoft quickly fix the issue that could effectively lead to the breach of multiple customers’ networks and services? Of course not. They took more than 90 days to implement a partial fix – and only for new applications loaded in the service.

Yoran then details the implications of Microsoft’s failure to address the problem:

That means that as of today, the bank I referenced above is still vulnerable, more than 120 days since we reported the issue, as are all of the other organizations that had launched the service prior to the fix. And, to the best of our knowledge, they still have no idea they are at risk and therefore can’t make an informed decision about compensating controls and other risk mitigating actions. Microsoft claims that they will fix the issue by the end of September, four months after we notified them. That’s grossly irresponsible, if not blatantly negligent. We know about the issue, Microsoft knows about the issue, and hopefully threat actors don’t.

In one of his most damning statements, Yoran cites Google Project Zero’s research showing that “Microsoft products have accounted for an aggregate 42.5% of all zero days discovered since 2014.”

Microsoft has faced growing scrutiny over its security practices, with Senator Ron Wyden writing a letter last week to the DOJ, CISA, and the FTC asking the agencies to “hold Microsoft responsible for its negligent cybersecurity practices, which enabled a successful Chinese espionage campaign against the United States government.”

Microsoft may be the second-largest cloud provider, nipping at the heels of AWS. If the company can’t get its act together when it comes to security, it may soon find itself losing ground in the cloud wars.

According to Wiz researchers Sagi Tzadik and Shir Tamari, the issues stem from Ubuntu’s OverlayFS module. Several years ago, Ubuntu made custom modifications to OverlayFS. When combined with the changes made to the mainline Linux kernel, however, vulnerabilities in Ubuntu were overlooked, as the researchers describe:

The two vulnerabilities are exclusive to Ubuntu because Ubuntu introduced several changes to the OverlayFS module in 2018. These modifications did not pose any risks at the time. In 2020, a security vulnerability was discovered and patched in the Linux kernel, however due to Ubuntu’s modifications, an additional vulnerable flow was never fixed in Ubuntu. This shows the complex relationship between Linux kernel and distro versions, when both are updating the kernel for different use cases. This complexity poses hard-to-predict risks.

The researchers say that Ubuntu’s modifications pose serious risks to users:

Our team has discovered significant flaws in Ubuntu’s modifications to OverlayFS. These flaws allow the creation of specialized executables, which, upon execution, grant the ability to escalate privileges to root on the affected machine. Linux has a feature called “file capabilities” that grants elevated privileges to executables while they’re executed. This feature is reserved for the root user, while lower-privileged users cannot create such files. However, we discovered that it’s possible to craft an executable file with “scoped” file capabilities and trick the Ubuntu kernel into copying it to a different location with “unscoped” capabilities, granting anyone who executes it root-like privileges.

Fortunately, the researchers say that remote exploitation of these vulnerabilities — labeled CVE-2023-2640 and CVE-2023-32629 — is “improbable,” and local access to a machine is likely required.

However, all users should update their kernel as soon as possible to mitigate these two security issues.

According to The Hacker News, the bug could allow an attacker to gain access to vulnerable instances remotely. The bug was labeled CVE-2023-24489 and given a severity score of 9.8.

While Citrix addressed the issue in an update in June, The Hacker News says the first evidence of active exploitation started showing up the following month, in July. This would seem to indicate that customers had not yet installed the necessary patch.

With CISA now including the vulnerability in its KEV catalog, any organizations that have still not installed the patch should do so immediately.

Lapsus$ scored a string of high-profile attacks in 2022, with Microsoft, Nvidia, Samsung, and Globant listed among its victims. As a result, Cyber Safety Review Board (CSRB) conducted Review Of The Attacks Associated with Lapsus$ And Related Threat Groups report, outlining steps organizations can and should take to better protect themselves in the future.

“Our ability to protect Americans from cyber vulnerabilities has never been stronger thanks to the community we are building through the Cyber Safety Review Board,” said Secretary of Homeland Security Alejandro N. Mayorkas. “As our threat environment evolves, so too must our detection and prevention capabilities. We must also evolve our ability to deploy those capabilities. The CSRB’s findings are not only timely, they are actionable and written with the guidance of real-world practitioners in the private sector.”

One of the big takeaways was that the hacking group often used very basic attack methods that could be easily thwarted with minimal effort:

The CSRB found that Lapsus$ and related threat actors used primarily simple techniques, like stealing cell phone numbers and phishing employees, to gain access to companies and their proprietary data. Among its findings, the Board saw a collective failure across organizations to account for the risks associated with using text messaging and voice calls for multi-factor authentication. It calls for organizations to immediately switch to more secure, easy-to-use, password-less solutions by design. The report also includes recommendations for cell phone carriers to better protect their customers by implementing stringent authentication methods, and for the Federal Communications Commission (FCC) and Federal Trade Commission (FTC) to mandate and standardize best practices to combat SIM swapping.

“The Board examined how a loosely organized group of hackers, some of them teenagers, were consistently able to break into the most well-defended companies in the world,” said CSRB Chair and DHS Under Secretary for Policy Robert Silvers. “We uncovered deficiencies in how companies ensure the security of their vendors; how cell phone carriers protect their customers from SIM swapping; and how organizations authenticate users on their systems. The Board put forward specific recommendations to address these issues and more, in line with the Board’s mandate to conduct comprehensive after-action reviews of the most significant cyber incidents.”

“The Cyber Safety Review Board took on this review to better understand Lapsus$’s tactics and help organizations protect themselves,” said CSRB Deputy Chair Heather Adkins. “Our findings noted the weaknesses with many current methods of authentication, and we provide timely and actionable recommendations for all organizations to put stronger defenses in place.”

“The CSRB’s latest report reinforces the need for all organizations to take urgent steps to increase their cyber resilience, including the implementation of phishing-resistant multi-factor authentication,” said Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly. “I look forward to working with our federal and industry partners to act on the CSRB’s recommendations, to include continuing our secure-by-design work with technology manufacturers to ensure that necessary security features are provided to customers without additional cost.”

The full report can be found here, and should be required reading for all cybersecurity personnel.

Microsoft’s recent August 2023 Patch Tuesday addressed a number of issues, including a vulnerability in .Net and Visual Studio that Microsoft classified as a proof-of-concept (PoC).

Spotted by The Hacker News, it appears CISA disagrees with Microsoft’s classification. While Microsoft flagged the vulnerability as “Exploitation More Likely,” CISA says the vulnerability has already been exploited, resulting in it being added to the KEV catalog.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

Needless to say, organizations should take immediate steps to apply the necessary security patch.

The CDHE became aware of the incident on June 19, 2023, and has been working with experts to understand the scope of the breach and return to normal operation. In the course of the investigation, the CDHE says data from a 16-year period was copied:

While this incident is still part of an ongoing criminal and internal investigation, we do know that an unauthorized actor(s) accessed CDHE systems between June 11 and June 19, 2023 and that certain data was copied from CDHE systems during this time. Over the past few weeks, our investigation has revealed that some of the impacted records include names and social security numbers or student identification numbers, as well as other education records.

The review of the impacted records is ongoing and once complete, CDHE will be notifying individuals who are potentially impacted by mail or email to the extent we have contact information. While the review is ongoing, those that attended a public institution of higher education in Colorado between 2007-2020, attended a Colorado public high school between 2004-2020, individuals with a Colorado K-12 public school educator license between 2010-2014, participated in the Dependent Tuition Assistance Program from 2009-2013, participated in Colorado Department of Education’s Adult Education Initiatives programs between 2013-2017, or obtained a GED between 2007-2011 may be impacted by this incident.

The CDHE is reviewing its policies and security measures in an effort to prevent future breaches, and is also providing impacted individuals with credit and identity theft monitoring services via Experian.

Ransomware is a growing threat, costing governments, organizations, and companies in money, effort, downtime, and lost data. Cisco is promising a solution, one that “brings near real-time recovery for business operations.”

The new feature works by reducing the time it takes to create a snapshot of working operations right as a ransomware attack begins to near zero, giving organizations a safe point to restore to.

“The exponential growth of ransomware and cyber extortion has made a platform approach crucial to effectively counter adversaries. Our objective is to build a resilient and open cybersecurity platform that can withstand ransomware assaults and recover with minimal impact, ensuring uninterrupted business operations,” said Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco. “As a global infrastructure provider that built the network, Cisco is redefining what a security product should deliver. Our innovations with automated ransomware recovery are a significant step towards achieving truly unified detection and response data, turning security insights into action.”

“Cisco is quickly disrupting the security landscape across their entire portfolio and their XDR solution could become the de facto reference architecture organizations turn to,” said Chris Konrad, Area Vice President, Global Cyber, World Wide Technology. “Not only does it provide broad visibility by integrating data across endpoints, network, cloud, and other sources – this extensive attack surface insight allows for superior threat detection using advanced analytics. Organizations should strongly consider the implementation of Cisco XDR to bolster their security posture and safeguard assets effectively. Cisco undoubtedly is contributing to the overall resilience of any organization.”

Interested parties can learn more here.

As cybersecurity incidents increase in frequency and cost, the impact on investors can be devastating. As a result, the SEC wants businesses to be more transparent about such incidents, disclosing them sooner.

“Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors,” said SEC Chair Gary Gensler. “Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way. Through helping to ensure that companies disclose material cybersecurity information, today’s rules will benefit investors, companies, and the markets connecting them.”

While the rules require businesses to disclose breaches within four business days of discovery, there is at least one instance in which a delay may be acceptable.

The disclosure may be delayed if the United States Attorney General determines that immediate disclosure would pose a substantial risk to national security or public safety and notifies the Commission of such determination in writing.

The new regulations will also require companies “to describe their processes, if any, assessing, identifying, and managing material risks from cybersecurity threats, as well as the material effects or reasonably likely material effects of risks from cybersecurity threats and previous cybersecurity incidents.”