Non-human identities surge forward

CybersecurityHQ News

Welcome reader to your CybersecurityHQ report

Brought to you by:

Cypago enables strategic decision making through a full Cyber GRC product suite to help you avoid business reputation impact, financial or client trust losses

Important updates:

I’m excited to share a big milestone with you. After a year of hard work and negotiations, I’ve secured the domain CybersecurityHQ.com and moved all of our assets from CybersecurityHQ.io. This change is part of my commitment to building a strong, lasting community and continuing to bring you value.

You might notice some broken links in past newsletters, but don’t worry—we’re working on fixing them. Thank you for being part of this journey from the beginning. This isn’t just business for me—I genuinely love what I do, and it’s an honor to connect with you through every newsletter I send. Your support means everything as we continue to grow together.

In my last email, I accidentally shared the wrong link to our new AI daily and weekly podcast. Here's the correct link. These podcasts give a quick summary of the top news.

Massive Hack Exposes 50B Records

The US is now formally charging hackers who stole 50 billion customer records from AT&T, among other companies. The US Department of Justice has indicted Alexander Connor Moucka (arrested in Canada just two weeks ago) and John Binns (arrested in Turkey in the spring) for the massive data breach.

The hacking operation was carried out using infostealer malware to infiltrate Snowflake accounts. This gave them access to AT&T (“nearly all” of their cellular and landline customers were affected), Ticketmaster (the breach affected nearly half a billion people), Santander Bank (30 million customers were exposed), and Advance Auto Parts (which claims the breach cost millions of dollars). All told, the hack included 165 companies.

In the fallout from the initial hack, AT&T paid out $370,000 in ransom to get the threat actors to delete the information.

So, what exactly is included in such a staggering number of records? Call and text histories, banking information, DEA registration numbers, passport numbers, social security numbers, payroll records, etc.

Non-Human Identities Gain Momentum

CyberArk and Wiz have announced a strategic partnership to enhance multi-cloud security. By integrating CyberArk's Identity Security Platform with Wiz's Cloud Security Platform, the collaboration addresses the complexities of managing privileged access in cloud-native environments with proliferating identities. This integration will enable organizations to gain visibility into cloud access risks and enforce dynamic privilege controls for human, machine, and developer identities.

As part of the partnership, CyberArk joins the Wiz Integration Network (WIN), and Wiz integrates with the CyberArk C3 Alliance, offering unified solutions to strengthen security postures. Both companies aim to secure multi-cloud environments by leveraging Zero Standing Privileges and cloud velocity to manage identities effectively.

In another notable development, Silverfort has acquired Rezonate, a provider of identity-first security for cloud environments. This acquisition expands Silverfort’s capabilities in identity security for on-prem assets, cloud infrastructure, and SaaS applications. Rezonate's innovative architecture enhances Silverfort’s platform with advanced capabilities like non-human identity (NHI) security, identity threat detection and response (ITDR), and entitlement management.

The combined offering, available by mid-2025, will provide a unified platform for identity security, enabling organizations to protect all assets, including legacy systems and critical infrastructure, across on-prem and cloud environments. This consolidation promises improved visibility, reduced attack surfaces, and streamlined compliance, solidifying Silverfort’s position in the identity security landscape.

Pentagon Leaker Sentenced: 15 Years

Jack Teixeira, a former Air National Guardsman turned Pentagon leaker, received a 15-year prison sentence for releasing classified materials. The ruling is one more chapter in the unfolding story of one of the most consequential (yet seemingly ridiculous) breaches of the Espionage Act.

Teixeira, who used his top-secret clearance to leak hundreds of classified documents, exposed sensitive military data—including intelligence on Ukraine’s defenses and details involving global geopolitical players—within a small Discord group called “Thug Shaker Central” in 2022.

Judge Indira Talwani claims Teixeira knowingly disregarded national security to post confidential documents, a move to impress his fellow Discord server members with his high-level access. His actions eventually (some might even say inevitably) led to the materials spreading far and wide across the internet.

Texeira’s attorneys said that their client’s autism, combined with the extended isolation brought on by the pandemic, contributed to the decision to post the classified material on a Discord server.

Following his prison term, Teixeira will face a fine, supervised release, and a separate resolution of military charges.

iOS 18.1 Boosts Privacy Protections

A new iPhone feature may make them harder for police to unlock—leading to complaints by law enforcement and praise from privacy advocates. In the latest version of Apple’s mobile operating system, phones will reboot themselves while being stored for long periods of time (for instance, while awaiting forensic examination). The reboot makes it much harder for password-cracking tools to work.

Phones running iOS 18.1 will now reboot after being locked for four days.

Amazon Hit by Vendor Breach

Amazon recently confirmed that employee data was compromised following a security breach at a third-party vendor, which impacted multiple clients. Amazon spokesperson Adam Montgomery clarified that only work contact details, such as email addresses, desk numbers, and office locations, were exposed and that no sensitive data like Social Security or financial information was involved. The vendor has since resolved the vulnerability that led to the breach.

The incident surfaced after a hacker, “Nam3L3ss,” claimed on BreachForums to have data from Amazon and 25 other organizations, allegedly stemming from last year’s MOVEit Transfer vulnerability exploitation.

This major hack, attributed to the Clop ransomware gang, targeted over 1,000 organizations, including key government agencies, in the largest data breach of 2023. The hacker asserts they possess vast amounts of unreleased data, sparking ongoing concerns over data security among affected companies and organizations.

Scammers Defraud Vermont Town $24K

And now, some news showing how meanspirited hacking can be. The town of Rockingham, Vermont, recently fell victim to a cyber fraud, costing $24,000 after a scammer used a fake invoice sent from a vendor’s compromised email account.

The breach involved two automated clearing house (ACH) transfers and was traced to a server in Iceland, indicating a sophisticated attack.

In response, Town Manager Scott Pickup reported that the town implemented emergency security measures and hired a forensic analyst to investigate further. Pending the investigation, Rockingham has paused ACH transfers and reverted to paper checks, with payroll as the only exception. Fraud insurance will cover the loss minus a $1,000 deductible.

Critical Security Patches Released Worldwide

This week has seen a lot critical security patches, including from Intel, AMD, Ivanti, Zoom, and Chrome. 

Intel’s update includes 44 advisories for over 80 vulnerabilities, with high-severity flaws in server boards, graphics drivers, and Xeon processors. These could enable privilege escalation if exploited locally. Intel has patched most issues but provided guidance for vulnerabilities affecting discontinued products.

AMD issued eight advisories, highlighting high-severity vulnerabilities related to incorrect default permissions in products like Ryzen Master Utility and Cloud Manageability Service. These issues, discovered by a researcher known as 'Pwni,' could lead to unauthorized privilege escalation. Additionally, AMD warned of a cache-based side-channel vulnerability affecting Secure Encrypted Virtualization (SEV) and addressed security flaws in Ryzen AI software.

Ivanti announced patches for nearly 50 vulnerabilities, including critical flaws in Connect Secure and Endpoint Manager that allow for remote code execution (RCE). Ivanti’s critical bugs, with CVSS scores up to 9.8, include SQL injection flaws and argument injection vulnerabilities. Secure Access Client and Avalanche updates resolve additional high-severity issues that could lead to privilege escalation and denial-of-service (DoS). Ivanti confirmed no known exploits before public disclosure.

Zoom’s update fixes six vulnerabilities, including two high-severity issues (CVE-2024-45421 and CVE-2024-45419) impacting the Workplace App, Rooms Client, and SDKs. These flaws, with CVSS scores of 8.5 and 8.1, could enable privilege escalation or sensitive data leaks. Users are urged to update to secure versions.

Google also promoted Chrome version 131 to the stable channel, patching 12 vulnerabilities, including a high-severity bug in Blink (CVE-2024-11110) and several medium-severity issues. These updates enhance security for Autofill, Views, Paint, Media, and Accessibility. Chrome’s latest versions are rolling out across Windows, macOS, and Linux platforms.

$1.8M Boosts Marine Cybersecurity Efforts

Researchers at Memorial University have secured $1.8 million in funding from a federal consortium to bolster cybersecurity in the marine industry. Dr. Jonathan Anderson from MUN’s Faculty of Engineering and Applied Science is collaborating with the Marine Institute on two key projects.

The first initiative focuses on creating advanced training programs for marine industry professionals, including seafarers and shoreside personnel. Training will leverage cutting-edge technology, such as full-motion bridge simulators, to provide immersive, practical learning experiences. It aims to enhance awareness of cyber threats, their potential consequences, and effective defense strategies.

The second project targets the resilience, reliability, and security of critical marine infrastructure systems. Dr. Anderson emphasizes the importance of safeguarding these essential systems to protect against cyberattacks and ensure operational stability. Both projects highlight the growing need to address cyber risks in the maritime sector, ensuring safer and more secure operations across the industry.

CyberArk Leads 2024 Cybersecurity Surge

The cybersecurity industry continues to grow in importance as digital transformation and escalating cyber threats highlight the need for advanced protection. In our analysis of the 10 best-performing cybersecurity stocks in 2024, CyberArk Software Ltd. (NASDAQ: CYBR) stands out with a year-to-date performance of 36.31%. The company’s strategic acquisition of Venafi expanded its market potential by $10 billion, solidifying its leadership in identity security and machine identity management.

CyberArk’s robust financial performance includes a 28% revenue growth in Q2 2024 and a 50% increase in Annual Recurring Revenue (ARR), reaching $868 million. Analysts remain optimistic, with price targets from $315 to $340, driven by demand for its Workforce Access and Secrets Management solutions.

As AI reshapes cybersecurity, organizations like CyberArk integrate these technologies to address evolving threats. Despite its strong performance, the analysis highlights AI stocks as potentially more lucrative for shorter-term returns.

Upgrade your subscription for exclusive access to member-only insights and services.

Germany Strengthens Cybersecurity Before Election

Germany is bolstering its cybersecurity defenses ahead of a snap federal election, likely on February 23, following the collapse of Chancellor Olaf Scholz’s coalition government. Interior Minister Nancy Faeser emphasized the need to safeguard democracy against hacker attacks, manipulation, and disinformation. A report by Germany’s Federal Office for Information Security warns that the cybersecurity threat level remains high, citing risks linked to the Russian invasion of Ukraine. The report identifies 22 Advanced Persistent Threat (APT) groups targeting public and private sectors, alongside vulnerabilities in critical systems like firewalls and VPNs.

Recent updates to Germany’s IT security laws mandate stronger cybersecurity measures and attack reporting for companies in various sectors. While the 2021 election saw limited disinformation, past narratives questioning mail-in ballots underline the importance of countering misinformation. The upcoming election underscores Germany’s ongoing efforts to protect its democratic processes in an increasingly volatile digital landscape.

Xage XPAM Redefines Access Security

Xage Security has launched its Extended Privileged Access Management (XPAM) solution, revolutionizing cybersecurity by addressing the limitations of legacy PAM systems. Integrated into the Xage Fabric Platform, XPAM combines advanced privileged access management with Zero Trust principles to secure IT, OT, and cloud environments. Unlike traditional PAM solutions, XPAM offers immediate day-one protection without the complexity or high costs of prolonged deployments and professional services.

XPAM's decentralized architecture eliminates the risks of centralized vaults, ensuring quantum-proof security and offline protection in disconnected environments. It extends coverage beyond privileged accounts to safeguard overlooked non-privileged users and assets, making it ideal for critical industries like energy, defense, and manufacturing.

Xage XPAM enables rapid, comprehensive deployment, reduces total cost of ownership, and enhances security with features like multi-layer MFA and secure zones. As businesses face increasingly sophisticated threats, XPAM redefines PAM with simplicity, scalability, and unparalleled protection for modern enterprises.

Cybersecurity Pioneer Honored for Innovations

On Sept. 11, 2001, Gail-Joon Ahn, a cybersecurity researcher, attended a meeting at the NSA in Fort Meade, Maryland, to discuss future challenges in computer security. As news of the terrorist attacks unfolded on the conference room’s television, confusion turned to shock. What seemed like a drill quickly became a stark reminder of the urgent need to secure both physical and digital realms.

Later that year, Ahn became information director of SIGSAC, part of ACM, fostering collaboration among top cybersecurity experts. Now a professor at Arizona State University’s School of Computing and Augmented Intelligence, Ahn has advanced the field through pioneering research, patents, and leadership.

In October, he received the ACM SIGSAC Outstanding Contributions Award at the global ACM Conference on Computer and Communications Security, recognizing his profound impact. School director Ross Maciejewski praised Ahn as a trailblazer shaping the future of cybersecurity innovation and collaboration.

Nation-State Cyberattacks Grow Stealthier

Nation-state cyberattacks are evolving, shifting from destructive tactics to stealthy espionage. The Microsoft 2023 Digital Defense Report highlights a surge in sophisticated attacks aimed at evading detection. These attacks pose critical risks to U.S. infrastructure and protected data, endangering citizens. However, they also provide valuable insights for improving defenses.

The Cybersecurity & Infrastructure Security Agency (CISA) identifies four prominent actors—China, Russia, North Korea, and Iran—leveraging phishing, stolen credentials, and unpatched vulnerabilities. These actors often use “living-off-the-land” techniques, exploiting existing tools within networks to remain undetected.

To combat these threats, CISA emphasizes strong cybersecurity fundamentals: implementing multi-factor authentication, patching systems, training employees, and using antivirus solutions. Monitoring network activity and securing remote access are also critical.

Collaboration between agencies and enterprises is essential. CISA’s FCEB Operational Cybersecurity Alignment (FOCAL) plan and advisories help organizations detect, mitigate, and respond to evolving nation-state threats. Staying vigilant and adaptive remains key to defense.

Medcrypt Expands Healthcare Cybersecurity Partnerships

Medcrypt, a leader in proactive medical device security, has announced expanded partnerships with BioT, Extra Security, Real-Time Innovations (RTI), and Stratigos Security to bolster cybersecurity across the healthcare ecosystem. This collaboration addresses growing demand for secure, interoperable medical technologies by providing advanced capabilities, including cryptography, vulnerability management, penetration testing, and FDA compliance support.

The partnerships enhance Medcrypt’s offerings, ensuring secure device connectivity, threat detection, and regulatory alignment. BioT extends vulnerability analysis into actionable risk mitigation, Extra Security delivers FDA-focused security assessments, RTI integrates secure communication solutions, and Stratigos Security supports comprehensive regulatory readiness.

“By collaborating with these industry leaders, we provide end-to-end cybersecurity solutions tailored to healthcare technology,” said Om Mahida, VP of Product Management at Medcrypt.

Founded in 2016, Medcrypt has raised over $36M, including from Johnson & Johnson Innovations and Intuitive Ventures. The company continues to empower medical device manufacturers with secure, FDA-compliant technologies.

Reflectiz Prevents Costly GDPR Breach

A new case study highlights how Reflectiz, a cybersecurity company, helped a travel marketplace avoid a costly GDPR breach. The issue arose when a misconfigured TikTok pixel on a regional site sent sensitive user data to TikTok's servers without user consent. This oversight, though unintentional, violated GDPR, underscoring how mundane misconfigurations can pose significant risks.

Reflectiz's proprietary monitoring platform detected the problem early. Its browser simulation mapped third-party web apps and flagged the misconfigured pixel before further damage occurred, saving the company from potential fines and reputational harm. GDPR non-compliance can lead to severe penalties, including fines up to €20 million, reputational damage, and increased regulatory scrutiny.

This case emphasizes the importance of proactive monitoring. Reflectiz’s solution, requiring no installation, continuously scans web ecosystems for suspicious activities, ensuring compliance and safeguarding customer data. The incident serves as a reminder: even minor missteps in data handling can have major consequences.

Liquid C2 Unveils Secure360 Solution

Liquid C2, a subsidiary of Cassava Technologies, has launched Secure360, an all-encompassing cybersecurity solution designed to tackle Africa’s growing cyber threats. Secure360 integrates governance, risk, and compliance with cyber threat assurance, cyber defense, and security solutions, delivering proactive, intelligence-driven strategies to prevent breaches. It adopts an "assume compromise" approach, securing every layer of an organization’s infrastructure, from networks to cloud environments, using AI, machine learning, and advanced threat protection. This holistic defense enables businesses to safeguard critical data, meet compliance, and stay ahead of evolving threats.

Aligned with Gartner’s findings that 75% of organizations are consolidating security vendors, Secure360 streamlines operations, enhances visibility, and accelerates threat response. Supported by Liquid C2’s Cyber Security Fusion Centres across Africa and the Middle East, Secure360 offers bespoke, cost-effective solutions to empower digital transformation. With cutting-edge services, Liquid C2 positions itself as a key cybersecurity leader in the region, ensuring resilience in a dynamic landscape.

Interesting Read

Revolutionizing Cybersecurity Training Simulations

New spon-con on Wired shows a fun (and educational) way to test and train cybersecurity preparedness. Hack The Box's Crisis Control is a simulation that offers a chance to run your organizational response to cyber threats.

Traditional tabletop exercises (TTXs), which often use static decision trees, are now officially outdated. Crisis Control is much more immersive with scenarios that adapt in real-time and give you realistic scenarios—and yes, of course, it integrates AI to some degree. So, what more could you really ask for?

After each simulation, participants debrief to identify vulnerabilities, streamline procedures, and fortify their crisis response framework. 

It’s one of the more engaging ways to bring new ideas and strategies created by the cybersecurity team into the rest of the office. As we’ve seen from past data breaches, there’s a lot of chaos and confusion. Government agencies have to be reached, customers need to be informed, legal needs to respond, and so on.

Hyper-realistic training—wherever you get it—will play a greater and greater role in keeping organizations safe. And now, there is finally a growing field of simulations to bring your entire company up to date.

Cybersecurity Career Opportunities

Twitter Highlights

Stay Safe, Stay Secure.

The CybersecurityHQ Team

Reply

or to participate.