Connect with us


Microsoft Defender could protect your Android phone and Mac, too



Microsoft Defender could protect your Android phone and Mac, too

Windows Defender logo

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.

  • Windows
  • Windows Security

As PCWorld’s senior editor, Mark focuses on Microsoft news and chip technology, among other beats. He has formerly written for PCMag, BYTE, Slashdot, eWEEK, and ReadWrite.

Go to Source

Click to comment

Leave a Reply


Zero-trust network access provider, Cyolo, strengthens authentication offerings



We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

Cyolo, a provider of zero-trust network access 2.0 (ZTNA 2.0) solutions for IT and operational technology (OT), says the demand for data has increased dramatically in recent years and VPNs and other methods have failed to meet organizations’ demands. The company added that organizations now need a more secure way to connect individuals to the distributed resources that are essential to their job.

 ZTNA offers an alternative to VPNs for limiting remote server access. According to Gartner, 60% of organizations will switch from VPNs to ZTNA by 2023.

Almog Apirion, the CEO and cofounder of Cyolo, said that ensuring digital transformation is largely an identity problem. According to Apirion, enterprises can offer comprehensive identification-based access across all users, apps and assets when a solid digital identification is provided. 

Identity, he said, is the new access key since it allows users to access the resources they require without disclosing all of an organization’s digital assets. Gartner forecasts that by 2024, 30% of large enterprises will implement new identity-proofing tools to address common weaknesses in workforce identity life cycle processes.

Authentication and secure digital trust

Cyolo claims that it securely links all organization users (remote and onsite, third-party, OT and so on,) to all of their work environments (on-premises, cloud, hybrid), enabling them to be more productive while safeguarding the network from access-based hazards. Apirion claims that Cyolo addresses issues with high-risk access and third-parties. He asserted that whilst third-party users, such as vendors and contractors, are frequently essential to an organization’s success, they also provide a sizable risk.

In addition, Apirion said the lack of strong authentication is one of the problems Cyolo aims to solve. He said many traditional on-premises and legacy apps lack modern authentication like multifactor authentication (MFA) and single sign-on (SSO). He added that Cyolo allows organizations to extend cloud SSO and adaptive MFA to traditional applications, quickly, easily and cost-effectively. He claimed that the result is stronger security and greater compliance readiness.

Apirion claims Cyolo can also resolve the use of generic and shared accounts. He said that in order to handle operational complexity, enterprises are frequently compelled to manage several user accounts for each application and may be compelled to use generic accounts (re-sharing access credentials with many users). 

This behavior, he said, results in a lack of traceability, raises the danger of breaches and disregards important compliance obligations. He added that the business uses SSO to provide centralized secure user access and connectivity to resources and apps, allowing for more control and visibility.

Cyolo has also set out to strengthen enterprises’ OT remote and on-site access. According to Apirion, most firms find it challenging to secure remote access, but it becomes even more challenging when OT environments are involved.

 The Cyolo solution, he claims, is specifically designed to bring secure digital trust to OT systems. It includes compliance and surveillance features, such as ongoing and just-in-time identity-based authentication and verification with MFA, as well as time-of-day and geolocation-based user validation, session recording and controlled access to resources and applications.

According to the company, it enables organizations to build their own distributed clouds based on infrastructure-as-as-service (IaaS), software-as-a-service (SaaS) and the existing world (DCs, campuses, co-location facilities and industrial locations) by using a single solution, a single policy and a consistent user interface. Cyolo claims that because it doesn’t care where apps and users are located, it offers cloud benefits like infrastructure abstraction.

Through robust identity-based access restrictions, Apirion says that Cyolo enables enterprises to link geographically distributed users to their on-premise, IaaS or SaaS applications. The technology can  also integrate with numerous IdPs to enable third parties or M&A activities, as well as obtain visibility and control over who connects to what resource and what transpires.

Cyolo’s agentless-first strategy gives users a streamlined web-based procedure to access their resources. With this, bandwidth restrictions and VPN agent problems are no longer issues, according to Apirion. Organizations can use Cyolo to integrate their existing point solutions for IT and OT resources, MFA, SSO and other things and build consistent controls from a single dashboard.

By concealing their infrastructure behind Cyolo and blocking all public network access, organizations can reduce their overall attack surface. Apirion says that by doing so,  that organizations can apply complete, real-time user access and control to applications as well as hide application credentials from connected users, both trusted and untrusted.

Differentiating among the zero-trust network access market

Being a CISO, Apirion teamed up with two ethical hackers to establish Cyolo. According to Apirion, they decided to shake up the market by taking an original tack on the architecture that would support an organization’s ongoing digital transformation. He saysthis is the reason Cyolo’s identity-based access control is exclusive to the market.

Cyolo features a trustless architecture in which the company doesn’t view or maintain access keys, only the client does. Cyolo can provide MFA and SSO capabilities to offline systems and operates in all contexts, including cloud, on-premise and hybrid models. Apirion added that for compliance and reporting, Cyolo’s features provide session recording, supervised access and full visibility over who accessed where and what was happening.

One of its competitors, Zscaler, has an operation that depends on GRE tunnels, agents, or PAC files. Another rival service, Appgate, has a complex architecture, which Apirion claims has limited support for low-bandwidth connections because of its agent-based design. Netskope, another rival, has traffic passing through its cloud is repeatedly encrypted and decrypted, which significantly reduces performance, Apirion said.

According to the Cyolo CEO, the company has developed a security architecture where all data always stays with the client, unlike other cloud-based security technologies that store or process consumer information internally. He said that as a result, in contrast to other ZTNA suppliers, Cyolo has no access to or view into client data, effectively eradicating the possibility of data exposure.

Cyolo also just announced a $60 million series B funding led by National Grid Partners, the venture investing and innovation arm of National Grid. This brings the company’s total funding to $85 million, including a series A round completed in 2021.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.

Go to Source

Continue Reading


New cyber extortion op appears to have hit AMD



New cyber extortion op appears to have hit AMD

Negro Elkha – stock.adobe.com

Semiconductor specialist AMD has confirmed it is investigating reports that a ‘bad actor’ has stolen hundreds of gigabytes of its data

Alex Scroxton


Published: 29 Jun 2022 11:23

A relatively new data extortion operation going by the name RansomHouse appears to have turned over the systems of semiconductor specialist AMD, stealing more than 450GB of the organisation’s data and holding it to ransom.

As initially reported by Restore Privacy, which said it was tipped off by the gang itself, AMD’s systems were first compromised in January 2022. Samples of AMD’s data have now appeared on the group’s dark website, and Restore Privacy has verified that the data seems to be authentic.

The report went on to quote RansomHouse’s operative as claiming that those responsible for network protection at AMD had been using the password “password”. This may be an indication of a successful credential stuffing attack.

Successfully contacted by Bleeping Computer, the gang, which makes a point of stating it is not a traditional ransomware operation, said it had not contacted AMD to demand money, as it would be more worth its while to sell the stolen data to other threat actors.

In response to the report, AMD said it was aware of a malicious actor claiming to be in possession of its data and that it had started an investigation.

As always in such situations, there is a lack of clarity over the precise nature of the situation, including factors such as how the data was obtained and when – although there has been a persistent rumour that AMD was hit by ransomware earlier this year.

It would be unwise to take RansomHouse at its word, as cyber criminal operations are known to make false claims when courting publicity.

Who is RansomHouse?

A new player in the fast-evolving cyber criminal underground, RansomHouse emerged late in 2021 and, to date, its dark web leak site has listed a total of six victims. Its first victim, in December 2021, was Canada’s Saskatchewan Liquor and Gaming Authority (SLGA). More recently, it leaked data stolen from South Africa-based retailer ShopRite, which is Africa’s largest private sector employer.

According to intelligence published in May 2022 by Cyberint, the gang is notable for not cleaving to the traditional model of a data extortion operation, claiming to be motivated by more than just financial gain and depicting its victims as the real villains for not taking security seriously.

Cyberint said it had confirmed that RansomHouse’s campaigns were focused on extortion only, and that it did not possess or develop any encryption module.

Jim Simpson, director of threat intelligence at Searchlight Security, said RansomHouse seemed to be taking to an extreme the archetype of an “ethical” data extortion gang, the sort of malicious actors who claim their motivation is simply to improve the information security standards of their victims, albeit by conducting unscheduled penetration tests.

“While RansomHouse’s attitude might be unusual, their methods and motivations are as common and mercenary as any other criminal’s”
Jonathan Knudsen, Synopsys Cybersecurity Research Center

“RansomHouse claims its primary goal is to ‘minimise the damage that might be sustained by related parties and raising awareness of data security and privacy issues,” said Simpson.

“However, their stated frustration with ‘ridiculously small’ bug bounty amounts paid out by companies and the whole operation – holding data hostage until a victim pays the ransom, or selling it to other threat actors in the event they refuse – makes it clear they are a financially motivated threat and want money from their victims,” he added.

“If the victims refuse to pay the requested ransom, and no one decides to buy it, RansomHouse will publicly share the stolen data on their dark web PR site and Telegram channel,” continued Simpson.

“In another attempt to create a veneer of benevolence, the group claims that individuals who fear they are part of a soon-to-be-leaked dataset can request via Telegram to have their information removed before publication – however, our assessment is it is unlikely to be true.”

Jonathan Knudsen, head of global research at the Synopsys Cybersecurity Research Center, added: “Cyber security adversaries come in all shapes and sizes, with all kinds of motivations. Recently, RansomHouse has been engaging with a cyber twist on victim shaming. They claim that ‘the culprits are those who did not put a lock on the door leaving it wide open inviting everyone in’.

“[But] organisations who have poor cyber security do not deserve to be victims. If you were walking past a house and saw the door open, what would you do? You would not enter the house uninvited, and you would not steal a TV or jewellery just to prove that the house owner was not following good security practices.

“While RansomHouse’s attitude might be unusual, their methods and motivations are as common and mercenary as any other criminal’s,” noted Knudsen.

Read more on Hackers and cybercrime prevention

Go to Source

Continue Reading


Romance scammers exploit Ukraine war in cynical campaign



Romance scammers exploit Ukraine war in cynical campaign

Vladimir Gerasimov – stock.adobe

Romance scammers can make easy money exploiting people looking for love, but in this newly observed campaign linked to the Ukraine war they are playing on deeper emotions

Alex Scroxton


Published: 29 Jun 2022 10:45

Researchers at Bitdefender Labs have published research into a widespread online dating scam that is exploiting its victims with the promise of romantic connections and even relationships with women in war-torn Ukraine.

The campaign has ramped up since 10 June, and seems to be primarily targeting inboxes in the US, Ireland, Sweden, Germany and Denmark, and a smaller number in the UK. The spam emails originate from IP addresses located in Turkey.

Subject lines vary but are known to include Enjoy dating hot Ukrainian singles; Ukrainian beauties for love and more; New private message from your Ukrainian girl, and so on. Most of the communications analysed by Bitdefender’s team direct to two online dating platforms.

Targets foolish enough to click the links in the spam emails will be redirected to insecure dating platforms that solicit personally identifiable information (PII) including birthdates, gender and dating preferences.

They are then redirected to another online dating platform where they are able to start interacting with women. However, this doesn’t come for free, with packages running into the hundreds of dollars for the ability to send emails, chat, and unlock profile pictures.

The scam is a fairly typical example of its type that most internet-savvy users should be able to see coming a mile off, but it is one of the first romance scams observed to exploit Ukraine directly – although other phishing campaigns linked to the war have been observed.

“Every year, romance scammers steal hundreds of millions of dollars from unwary internet users who attempt to find love online,” wrote Bitdefender’s Alina Bízgǎ. “With losses surpassing half a billion in 2021, online dating scams are increasingly popular among fraudsters targeting lonely hearts across the globe.”

“Behind all the smoke and mirrors, users risk a lot of money in searching for their soul mate. Moreover, the likelihood of actually communicating with a Ukrainian woman is slim. Dating platforms such as these are notorious for using bots to facilitate communication with as many users as possible. Profiles seem too good to be true and many customer reviews reveal that despite breaking the bank to set up a real-life meeting with the women active on the website, none have shown up.”

The Bitdefender team has been following adult content and dating spam campaigns for some time, and has observed a relative consistent number of spam campaigns related to online dating throughout the past 18 months. This is likely linked to increased loneliness and isolation during the Covid-19 pandemic, said Bízgǎ.

“Although it [the campaign] does not align with the situation in Ukraine, it does profit from human emotional drivers and the lack of personal connection experienced by millions of individuals during the pandemic,” she wrote.

Bízgǎ added that while there is less immediate danger in interacting with this particular spam campaign – it is not, for example, a ransomware vector – it is not recommended that anybody access the websites or confirm any personal information.

More importantly, it is essential not to make any credit card or PayPal payments to the sites – they are unlikely to have adequate cyber security measures in place, and doing so risks compromising your financial details and opening yourself up to other forms of cyber crime further down the line.

Read more on Hackers and cybercrime prevention

Go to Source

Continue Reading
Home | Latest News | Tech | Microsoft Defender could protect your Android phone and Mac, too