Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

My Take

 

ROUNDTABLE: CISA’s prominent role sharing threat intel could get choked off this weekend

By Byron V. Acohido

Once again, politicians are playing political football, threatening a fourth partial government shutdown in a decade.

Related: Biden’s cybersecurity strategy

As this political theater runs its course one of the many things at risk is national security, particularly on the cyber warfare front.

Given the divergent paths of the U.S. Senate and the U.S. House of representatives, federal agencies could see funding largely choked off on Sunday, resulting in the furloughing of hundreds of thousands of federal workers.

A wide range of federal government services, once more, would slow to a crawl —  everything from economic data releases to nutrition benefits for poor children. And the Cybersecurity and Infrastructure Security Agency (CISA) may be forced to send home some 80 percent of its workforce, drastically shrinking its capabilities as a catalyst for public-private sharing of fresh

Black Hat insights: Generative AI begins seeping into the security platforms that will carry us forward

By Byron V. Acohido

LAS VEGAS – Just when we appeared to be on the verge of materially shrinking the attack surface, along comes an unpredictable, potentially explosive wild card: generative AI.

Related: Can ‘CNAPP’ do it all?

Unsurprisingly, generative AI was in the spotlight at Black Hat USA 2023, which returned to its full pre-Covid grandeur here last week.

Maria Markstedter, founder of Azeria Labs, set the tone in her opening keynote address. Artificial intelligence has been in commercial use for many decades; Markstedter recounted why this potent iteration of AI is causing so much fuss, just now.

Generative AI makes use of a large language model (LLM) – an advanced algorithm that applies deep learning techniques to massive data sets. The popular service, ChatGPT, is based on OpenAI’s LLM, which taps into everything available across the Internet through 2021, plus anything a user cares

Black Hat insights: JupiterOne’s whodunnit puts CISOs on the trail of solving a devastating breach

By Byron V. Acohido

LAS VEGAS — One fundamental reason some 7,000 or so IT pros are making the trek here this week is that no one ever wants to get caught in the crossfire of a devastating data breach.

Related: A call to regulate facial recognition

That said, a few dozen CISOs attending Black Hat USA 2023 will get to experience, hands-on, what it must have been like to be in the crucible of milestone hacks like Capital One, SolarWinds and Colonial Pipeline.

They qualified, by means of solving a cipher, to attend a unique event put on by JupiterOne, a Morrisville, NC-based supplier of cyber asset visibility technology. On Tuesday evening, these CISOs will head over to a secret location and immerse themselves in The Data Heist, an audience-participation whodunnit starring Sounil Yu, JupiterOne’s Security Ambassador, who is also a CISO and an author, with a supporting cast of professional actors.

The Data Heist’s opening night, if you will, was in Boston a couple of weeks ago. The cybersecurity pros in attendance had a chance to apply their skills in a festive setting – while role-playing as cyber sleuths responding to a catastrophic network breach. The audience members enthusiastically solved ciphers, uncovered hidden

STEPS FORWARD: Can ‘CNAPP’ solutions truly unify cloud, on-premises best cybersecurity practices?

By Byron V. Acohido

A fledgling security category referred to as Cloud-Native Application Protection Platforms (CNAPP) is starting to reshape the cybersecurity landscape.

Related: Computing workloads return on-prem

CNAPP solutions assemble a varied mix of security tools and best practices and focuses them on intensively monitoring and managing cloud-native software, from development to deployment.

Companies are finding that CNAPP solutions can materially improve the security postures of both cloud-native and on-premises IT resources by unifying security and compliance capabilities. However, to achieve this higher-level payoff, CISOs and CIOs must first bury the hatchet and truly collaborate – a bonus return.

In a ringing endorsement, Microsoft recently unveiled its CNAPP offering, Microsoft Defender for Cloud; this is sure to put CNAPP on a rising adoption curve with many of the software giant’s enterprise customers, globally. Meanwhile, Cisco on May 24 completed its acquisition of Lightspin, boosting its CNAPP capabilities, and Palo Alto Networks has continued to steadily sharpen its CNAPP chops, most recently with the acquisition of Cider Security.

At RSA Conference 2023, I counted at least 35 other vendors aligning their core services to CNAPP, in one way or another;

MY TAKE: ‘IOWN’ makes the business case for fostering diversity, respecting individual privacy

By Byron V. Acohido

To tap the full potential of massively interconnected, fully interoperable digital systems we must solve privacy and cybersecurity, to be sure.

Preserving privacy for a greater good

But there’s yet another towering technology mountain to climb: we must also overcome the limitations of Moore’s Law.

After 30 years, we’ve reached the end of Moore’s Law, which states that the number of transistors on a silicon-based semiconductor chip doubles approximately every 18 months. In short, the mighty integrated circuit is maxed out.

Last spring, I attended NTT Research’s Upgrade 2023 conference in San Francisco and heard presentations by scientists and innovators working on what’s coming next.

I learned how a who’s who list of big tech companies, academic institutions and government agencies are hustling to, in essence,

My Take: Russian hackers put the squeeze on U.S agencies, global corps in MOVEit-Zellis hack

By Byron V. Acohido

It was bound to happen. Clop, the Russia-based ransomware gang that executed the MOVEit-Zellis supply chain hack, has commenced making extortion demands of some big name U.S. federal agencies, in addition to global corporations.

Related: Supply-chain hack ultimatum

The nefarious Clop gang initially compromised MOVEit, which provided them a beachhead to gain access to Zellis, a UK-based supplier of payroll services. Breaching Zellis then gave them a path to Zellis’ customer base.

According to Lawrence Abrams, Editor in Chief of Bleeping Computer, the Clop ransomware gang began listing victims on its data leak site on June 14th, warning that they will begin leaking stolen data on June 21st if their extortion demands are not met.

Among the victims listed were Shell, UnitedHealthcare Student Resources, the University of Georgia, University System of Georgia, Heidelberger Druck, and Landal Greenparks.

As for federal agencies, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed breaches due to this vulnerability. “CISA is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications,” said Eric Goldstein,

MY TAKE: Will companies now heed attackers’ ultimatum in the MOVEit-Zellis supply chain hack?

By Byron V. Acohido

The cybersecurity community is waiting for the next shoe to drop in the wake of the audacious MOVEit-Zellis hack orchestrated by the infamous Russian hacking collective, Clop.

Related: SolarWinds-style supply chain attacks on the rise

Clop operatives went live last week with an unusual ultimatum —  written in broken English and posted in a Dark Web forum —  giving the victimized organizations a June 14th deadline to make direct contact with them under threat of having sensitive stolen data made public.

The hackers took advantage of a SQL injection vulnerability – known as CVE-2023-34362 – that, left unpatched, leaves a path for an intruder to gain access to assets like MOVEit’s Transfer database.

Security strategist Delilah Schwartz of Cybersixgill, a Tel Aviv-based threat intelligence firm, noted that depending on the database engine being used, for instance, MySQL, Microsoft SQL Server or Azure SQL, an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements.

“These attacks are a glaring illustration of the imminent dangers we face in the cyber threat landscape,” Schwartz said.