Connect with us

Cyber Security

Joe Raczka and Jerry King Join the Defendify Board of Directors

Published

on

“We’re extremely excited to have both Joe and Jerry on the Defendify Board of Directors,” said Rob Simopoulos, Co-Founder of Defendify. “Each brings a wealth of knowledge and success in driving technology solutions and business growth. They will add tremendous value in supporting Defendify’s vision

Defendify, the all-in-one, award-winning cybersecurity platform, today announced that Joe Raczka, Co-Founder and Managing Partner at York IE, and Jerry King, Technology Executive and Entrepreneur, have joined the Defendify Board of Directors.

“We’re extremely excited to have both Joe and Jerry on the Defendify Board of Directors,” said Rob Simopoulos, Co-Founder of Defendify. “Each brings a wealth of knowledge and success in driving technology solutions and business growth. They will add tremendous value in supporting Defendify’s vision and strategic goals.”

As co-founder and managing partner at York IE, Joe Raczka leads the firm’s strategic advisory and investment practice as the Chief Compliance Officer. As a member of the Defendify Board of Directors, Joe brings his experience in corporate strategy, growth planning, fundraising, monetization strategies, as well as M&A activities and strategic partnerships. As an avid angel investor and startup advisor focused primarily on the SaaS and IaaS markets, Joe is well connected across the investment banking, market analyst, venture capital, and private equity landscape.

Previously, Raczka served as Dyn’s Vice President of Corporate Development, raising $100 million of growth capital, participated and led diligence in eight acquisitions, and drove the strategic process and diligence that resulted in the acquisition by Oracle in 2016.

“Cybersecurity has never been more important, especially as so many businesses have been forced to work remotely during the pandemic,” said Raczka. “Defendify’s easy to use platform includes multiple layers of protection to keep growing businesses and their employees protected and informed about potential threats and vulnerabilities. I am thrilled to be joining Defendify’s Board of Directors as they are well positioned to be the household cybersecurity platform for businesses across the globe.”

Also added to the Defendify Board of Directors is Jerry King, an expert in growing early-stage companies. Most recently, Jerry served as the COO at Vets First Choice, now Covetrus (NASDAQ:CVET). Prior roles include COO at WHERE (acquired by eBay), VP and Board Director at C-bridge Internet Solutions (NASDAQ:CVET) and senior technology management roles within the software and financial services space. Jerry has over 40 years of experience bringing new software products and services to market, both in venture-backed and corporate environments.

Defendify’s innovation was supported by $2 million in funding for growth at the start of 2020 from the Maine Technology Institute, 3dot6 Ventures, Maine Venture Fund, York IE and Wasabi Ventures Partners. Throughout the year, the company expanded both its footprint and functionality and raised an additional $1.1M inside round of funding to accelerate growth in 2021.

Defendify is also part of York IE’s services practice, offering companies direct access to integrated growth advising in market and product strategy, business growth strategy, and marketing and communication services.

By consolidating multiple best-of-breed cybersecurity tools into a single platform, Defendify automates critical functions to help organizations manage a 24/7 comprehensive cybersecurity program without complexity.

Visit: https://www.defendify.io to learn more.

About Defendify:

Defendify is pioneering cybersecurity for organizations with limited security teams, including IT providers, by delivering multiple layers of protection through an all-in-one, easy-to-use platform designed to continuously strengthen overall cybersecurity posture across people, process and technology. Coupled with automation and expertise, Defendify streamlines cybersecurity assessments, testing, preparation, education, and protection in one consolidated and cost-effective cybersecurity solution. Interested in a free trial?

Share article on social media or email:

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.prweb.com/releases/joe_raczka_and_jerry_king_join_the_defendify_board_of_directors/prweb17909579.htm

Cyber Security

Microsoft WPBT Flaw Allows Hackers Install Rootkits on Windows

Published

on

Researchers discovered a hole in the Microsoft Windows Platform Binary Table (WPBT) that could be used to install rootkits on all Windows devices manufactured after 2012.

Rootkits are malicious tools created by threat actors to elude discovery by burrowing deep inside the operating system and being utilised to completely take over vulnerable systems while avoiding detection.

Starting with Windows 8, Microsoft introduced WPBT, a fixed firmware ACPI (Advanced Configuration and Power Interface) table that allows suppliers to run programmes every time a device starts.

However, this approach can allow attackers to deploy malicious programmes, as Microsoft cautions in its own literature, in addition to allowing OEMs to force install important software that can’t be supplied with Windows installation media.

“Because this feature provides the ability to persistently execute system software in the context of Windows, it becomes critical that WPBT-based solutions are as secure as possible and do not expose Windows users to exploitable conditions,” Microsoft explains.

“In particular, WPBT solutions must not include malware (i.e., malicious software or unwanted software installed without adequate user consent).”

All machines running Windows 8 or later are affected.

Eclypsium researchers discovered a flaw in Windows machines that has existed since 2012, when the feature was initially introduced with Windows 8.

SEE ALSO:

Adobe Warning for a Security Vulnerabilities Affecting its Popular Photoshop

These attacks can make use of a malicious bootloader or various approaches that allow writing to memory where ACPI tables (including WPBT) are stored.

This can be accomplished by exploiting the BootHole vulnerability, which bypasses Secure Boot, or by launching DMA attacks on weak peripherals or components.

“The Eclypsium research team has identified a weakness in Microsoft’s WPBT capability that can allow an attacker to run malicious code with kernel privileges when a device boots up,” Eclypsium researchers said.

“This weakness can be potentially exploited via multiple vectors (e.g. physical access, remote, and supply chain) and by multiple techniques (e.g. malicious bootloader, DMA, etc).”

WDAC policies are one type of mitigation measure.

Following Eclypsium’s notification of the flaw, Microsoft advised adopting a Windows Defender Application Control policy to control which binaries can execute on a Windows device.

According to Microsoft’s support article, “WDAC policy is also enforced for binaries included in the WPBT and should mitigate this issue,”

WDAC policies can only be created on Windows 10 1903 and later client editions, as well as Windows 11 and Windows Server 2016 and above.

You can use AppLocker policies to control which programmes are allowed to execute on a Windows client on systems running older Windows versions.

SEE ALSO:

Colonial Pipeline Initiated a Restart of Pipeline Operations at Approximately 5 PM ET

“These motherboard-level flaws can obviate initiatives like Secured-core because of the ubiquitous usage of ACPI and WPBT,” Eclypsium researchers added.

“Security professionals need to identify, verify and fortify the firmware used in their Windows systems. Organizations will need to consider these vectors, and employ a layered approach to security to ensure that all available fixes are applied and identify any potential compromises to devices.”

In the BIOSConnect function of Dell SupportAssist, a software that comes preloaded on most Dell Windows computers, Eclypsium discovered another vector of attack that allows threat actors to take control of a targeted device’s boot process and violate OS-level security protections.

The problem “affects 129 Dell types of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs,” according to the researchers, exposing around 30 million devices to attacks.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/microsoft-wpbt-flaw-allows-hackers-install-rootkits-on-windows/

Continue Reading

Cyber Security

The FBI’s Decision to Withhold the Decryption Keys for the Kaseya Ransomware has Sparked Discussion

Published

on

Many security professionals backed the FBI’s decision to leave Kaseya victims infected for weeks with ransomware.

The FBI had the decryption keys for victims of the massive Kaseya ransomware attack in July, according to the Washington Post, but did not disclose them for three weeks.

The Kaseya attack impacted hundreds of organisations, including dozens of hospitals, schools, businesses, and even a Swedish supermarket chain.

The FBI obtained the decryption keys after gaining access to the servers of REvil, the Russia-based criminal organisation that was behind the enormous attack, according to Washington Post reporters Ellen Nakashima and Rachel Lerman.

Before going black and shutting down large elements of its infrastructure shortly after the attack, REvil wanted a $70 million ransom from Kaseya and thousands of dollars from individual victims. Although the gang has since resurfaced, many organisations are still reeling from the July 4th attack.

Despite the vast number of people who were affected by the attack, the FBI chose to keep the decryption keys to themselves as they prepared to attack REvil’s infrastructure. The FBI did not want to give the decryption keys to REvil operators, according to The Washington Post.

According to The Washington Post, the FBI also indicated that “the impact was not as severe as initially anticipated.”

Officials told the newspaper that the FBI attack on REvil was never carried out as a result of REvil’s disappearance. On July 21, weeks after the incident, the FBI finally handed over the decryption keys to Kaseya. Several victims spoke to The Washington Post about the millions of dollars that were lost and the massive harm that the attacks caused.

SEE ALSO:

Researchers At IOActive Said ICS Hacked Through Barcode Scanners

Bitdefender received the decryption keys from another law enforcement source, which published a universal decryptor earlier this month for all victims affected before July 13, 2021. According to a Bitdefender spokesman, the decryptor has been utilised by more than 265 REvil victims.

During his appearance before Congress on Tuesday, FBI Director Christopher Wray blamed the delay on other law enforcement agencies and allies who allegedly requested that the keys not be released. He stated that he was constrained in what he could say about the matter because the incident is still being investigated.

“We make the decisions as a group, not unilaterally. These are complex…decisions, designed to create maximum impact, and that takes time in going against adversaries where we have to marshal resources not just around the country but all over the world. There’s a lot of engineering that’s required to develop a tool,” Wray told Congress. 

The news sparked heated debate among security professionals, with many defending the FBI’s decision to leave victims battling for weeks to recover from the attack.

Consider this: CISO Mike Hamilton, who dealt with a particularly tricky instance in which a Kaseya victim was left in the dark after paying a ransom just before REvil vanished, stated that being cautious about divulging procedures is a standard practise in law enforcement and intelligence.

“There is a ‘tell’ though, that we’ve confirmed ourselves. The FBI is quoted as saying that the damage wasn’t as bad as they thought and that provided some time to work with. This is because the event wasn’t a typical stealth infiltration, followed by pivoting through the network to find the key resources and backups. From all indications the only servers that were encrypted by the ransomware were the ones with the Kaseya agent installed; this was a smash-and-grab attack,” Hamilton said.

“If you had it deployed on a single server used to display the cafeteria menu, you could rebuild quickly and forget the whole thing happened. The fact that the world wasn’t really on fire, again, created time to dig further into the organization, likely for the ultimate purpose of identifying individual criminals. Those organizations that WERE hit hard had the agent deployed on on-premises domain controllers, Exchange servers, customer billing systems, etc.”

The FBI may have seen the need to prevent or shut down REvil’s operations as outweighing the need to save a smaller group of companies struggling in a single attack, according to Sean Nikkel, senior threat intel analyst at Digital Shadows.

Because of REvil’s growing scale of attacks and extortion demands, a rapidly evolving situation requiring an equally rapid response likely preempted a more measured response to the Kaseya victims, according to Nikkel, who added that while it is easy to judge the decision now that we have more information, it must have been a difficult decision at the time.

“Quietly reaching out directly to victims may have been a prudent step, but attackers seeing victims decrypting files or dropping out of negotiations en masse may have revealed the FBI’s ploy for countermeasures,” Nikkel told ZDNet.“Attackers then may have taken down infrastructure or otherwise changed tactics. There’s also the problem of the anonymous soundbite about decryption making its way into public media, which could also tip off attackers. Criminal groups pay attention to security news as much as researchers do, often with their own social media presence.” 

Open backchannel communications with incident response organisations involved, Nikkel indicated, would have been a preferable strategy to better coordinate resources and response, but he added that the FBI may have already done so.

The incident, according to BreachQuest CTO Jake Williams, is a textbook case of an intelligence gain/loss evaluation.

It’s easy, he continued, for individuals to play “Monday morning quarterback” and criticise the FBI for not disclosing the keys after the fact, as Nikkel did.

Williams did point out, however, that the direct financial impact was almost definitely greater than the FBI thought when it withheld the key to protect its operation.

“On the other hand, releasing the key solves an immediate need without addressing the larger issue of disrupting future ransomware operations. On balance, I do think the FBI made the wrong decision in withholding the key,” Williams said.“However, I also have the convenience of saying this now, after the situation played itself out. Given a similar situation again, I believe the FBI will release the keys unless a disruption operation is imminent (hours to days away). Because organizations aren’t required to report ransomware attacks, the FBI lacked the full context required to make the best decision in this case. I expect this will be used as a case study to justify reporting requirements.”

Critics must remember, according to John Bambenek, chief threat hunter at Netenrich, that the FBI is first and foremost a law enforcement institution that will always act in a way that optimises law enforcement outcomes.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/the-fbis-decision-to-withhold-the-decryption-keys-for-the-kaseya-ransomware-has-sparked-discussion/

Continue Reading

Cyber Security

Affordable Internet Service Provider

Published

on

Today internet has become more or less like oxygen because it has become essential for better human existence. You might feel like this is an exaggeration but it is true, for instance, when the pandemic hit and people started losing jobs, the internet helped them to survive, economically and emotionally. As people were not allowed to interact physically, they could stay connected with loved phones through social media.

Due to challenging times, people faced economic challenges and everyone cannot afford to pay $100 each month for a moderate internet speed. We are mentioning the best affordable internet service provider named Spectrum internet and WOW! internet that offers all kinds of packages. You can get high-speed internet at very affordable prices with Spectrum internet and WOW! internet.

Spectrum Affordable Package and Benefits

Spectrum is a very well-known telecommunication company that offers internet, home phone and cable TV service. With millions of users in more than 41 states all around the United States, Spectrum has been successful in making a strong customer base.

More than 50% of users prefer to use the regular internet plan that is offered by Spectrum internet. An average user who uses the internet for browsing, watching Netflix or Youtube and for socializing needs an average speed of 15 Mbps. If a user needs an internet connection for work, gaming, online classes and wants to connect up to 3 or 4 devices with Wi-Fi, he can get the regular internet speed of 100 Mbps.

SEE ALSO:

Reasons Why Your Growing Business Needs a Colocation Solution

Spectrum offers a speed of 100 Mbps for only $49.99 a month. This is an ideal package that offers a high speed that supports all kinds of internet usage. Spectrum offers unlimited internet data which sets you free from data restrictions. Spectrum has also ended the hassle of contracts and they require no contracts from any user.

Spectrum offers free access to hotspots that you can benefit from when you are away from your home. The ease that you get with Spectrum App is amazing because it allows you to monitor your equipment along with your account. You can also pay monthly bills through your App, which means no hassle of bill payment. These perks and benefits make Spectrum a wise choice.

WOW! Affordable Package and Benefits

Wide Open West or WOW! is a regional provider that is operating in 9 states, mainly around the Westside. They offer internet, cable TV and home phone services. WOW! offers three different internet plans with high internet speed.

The regular internet plan offered by WOW! has 200 Mbps which supports massive internet usage. You can easily connect up to 6 devices with the Wi-Fi without facing speed lag issues. You can work, watch as much Neflix you want, play games, and take online classes.

SEE ALSO:

Cybersecurity in Healthcare

Another way to assess an internet service provider is by looking at the features and benefits that you can get with an ISP. WOW! is one of the few providers that offer next-day installation service, you can get your internet service as soon as possible with them. Internet is unlimited, there will be no data restrictions.

WOW! internet also offers a 30-day money-back guarantee in which gives you some time to access the quality of an ISP and you can see if you are satisfied with the speed or not. WOW! also won an award for customer service, they offer 24/7 customer support and a free helpline to reach out whenever a user faces any issue.

Wrapping Up

Internet is a necessity but everyone cannot afford to pay a huge amount of bills each month. It is always better to choose an internet service provider that offers promotional discounted packagaes and high internet speeds.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/affordable-internet-service-provider/

Continue Reading

Cyber Security

SonicWall has Patched a critical Flaw impacting Several Secure Mobile Access (SMA)

Published

on

SonicWall fixes critical bug allowing SMA 100 device takeover

SonicWall has corrected a significant security hole that affects various Secure Mobile Access (SMA) 100 series products and allows unauthenticated attackers to get admin access on vulnerable devices remotely.

SMA 200, 210, 400, 410, and 500v appliances are vulnerable to attacks targeting the incorrect access control vulnerability listed as CVE-2021-20034.

There are no temporary mitigations to remove the attack vector, and SonicWall strongly advises impacted customers to install security updates as soon as possible to resolve the problem.

There will be no exploitation in the wild.

Attackers who successfully exploit this flaw can remove arbitrary files from unpatched SMA 100 secure access gateways, reboot the device to factory default settings, and potentially acquire administrator access.

“The vulnerability is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as nobody,” the company said.

SonicWall advised enterprises who use SMA 100 series appliances to immediately log in to MySonicWall.com and update the appliances to the patched firmware versions shown in the table below.

There is currently no evidence that this serious pre-auth vulnerability is being exploited in the wild, according to the business.

Product Platform Impacted Version Fixed Version
SMA 100 Series • SMA 200
• SMA 210
• SMA 400
• SMA 410
• SMA 500v (ESX, KVM, AWS, Azure)
10.2.1.0-17sv and earlier 10.2.1.1-19sv and higher
10.2.0.7-34sv and earlier 10.2.0.8-37sv and higher
9.0.0.10-28sv and earlier 9.0.0.11-31sv and higher

SEE ALSO:

US financial regulator warns of a massive phishing campaign

Targeted ransomware

Since the beginning of 2021, ransomware gangs have targeted SonicWall SMA 100 series appliances on many occasions, with the objective of migrating laterally into the target organization’s network.

For example, a threat organisation known as UNC2447 used the CVE-2021-20016 zero-day flaw in SonicWall SMA 100 appliances to spread the FiveHands ransomware strain (a DeathRansom variant just as HelloKitty).

Before security patches were issued in late February 2021, their attacks targeted a number of North American and European enterprises. In January, the same issue was utilised in attacks against SonicWall’s internal systems, and it was afterwards used indiscriminately in the wild.

SonicWall warned two months ago, in July, that unpatched end-of-life (EoL) SMA 100 series and Secure Remote Access (SRA) systems were at danger of ransomware attacks.

Security researchers from CrowdStrike and Coveware added to SonicWall’s warning, stating that the ransomware campaign was still active. Three days later, CISA validated the researchers’ findings, warning that threat actors were targeting a SonicWall vulnerability that had already been patched.

HelloKitty ransomware had been exploiting the weakness (recorded as CVE-2019-7481) for a few weeks before SonicWall’s ‘urgent security notification’ was issued, according to BleepingComputer.

SonicWall recently announced that its products are used by over 500,000 businesses in 215 countries and territories across the world. Many of them may be found on the networks of the world’s top companies, organisations, and government institutions.

SEE ALSO:

Top 5 Programming Languages to Learn for Cyber Security

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/sonicwall-has-patched-a-critical-flaw-impacting-several-secure-mobile-access-sma/

Continue Reading
Energy34 mins ago

Kehua Received 2021 Global UPS Competitive Strategy Innovation and Leadership Award from Frost & Sullivan

Energy1 hour ago

S&P Global Platts Launches Crude Carbon Intensity Calculations And Daily Carbon Offset Premiums

Esports2 hours ago

Overwatch’s competitive voice chat reportedly bugged

Esports2 hours ago

Blizzard seemingly removes a reference to Jeff Kaplan in Overwatch 2

Esports4 hours ago

Twitch celebrity meetup Sh*tCamp 2021 begins today

Esports4 hours ago

Most important takeaways from the Overwatch 2 exhibition match

Esports5 hours ago

Hell Let Loose, Mortal Kombat X reportedly headline October’s PlayStation Plus titles

South America
Esports5 hours ago

Sharks win DH September SA, win spot at EPL S15 Conference

Esports5 hours ago

New Holowear for Alolan Ninetails launching in Pokémon UNITE on Oct. 1

Esports6 hours ago

Best Stats for the Necromancer Diablo II: Resurrected

Esports6 hours ago

When Will the Next Super Smash Bros. Ultimate Fighter be Revealed?

Gaming6 hours ago

Tales of Luminaria Gets New Gameplay Trailer Introducing Michelle Bouquet

Esports6 hours ago

FIFA 22 Early Access Pack: How to Get

Gaming7 hours ago

Kena: Bridge of Spirits Will be Supported “for a While,” Developer Says

Gaming7 hours ago

Sony is Allegedly Working on a Multiplayer Marvel Game for the PS5

Esports7 hours ago

Player Calls for Apex Legends Season of Bug Fixes Debunked by Devs

Esports7 hours ago

When Does Star Wars: Knights of the Old Republic Release on Switch?

AI7 hours ago

Rich Dad Poor Dad’s Author Now Invests in ETH After BTC and Gold

AI7 hours ago

Rich Dad Poor Dad’s Author Now Invests in ETH After BTC and Gold

AI7 hours ago

Over 10 New Cryptocurrencies Are Being Launched Every Day, Data Shows

AI7 hours ago

Nayib Bukele: Chivo Bitcoin Wallet Has Now More Active Users Than Any Salvadorian Bank

AI7 hours ago

Nayib Bukele: Chivo Bitcoin Wallet Has Now More Active Users Than Any Salvadorian Bank

Gaming7 hours ago

Ghost of Tsushima: Legends is Getting Another New Survival Map on October 1

AI7 hours ago

Canadian Securities Regulators Target Misleading Advertising From Crypto Exchanges

AI7 hours ago

Canadian Securities Regulators Target Misleading Advertising From Crypto Exchanges

AI7 hours ago

Cardano Partners With Chainlink for DeFi Smart Contracts Development

AI7 hours ago

Cardano Partners With Chainlink for DeFi Smart Contracts Development

Esports7 hours ago

TOTW 2 Predictions FIFA 22: Who’s Getting in?

Cannabis8 hours ago

Roger Adams and the Unexpected Discovery of CBD

Esports8 hours ago

When is the Apex Legends Season 11 Start Date?

Trending