Content by Michael Novinson

Hackers Using MOVEit Flaw to Deploy Web Shells, Steal Data

Michael Novinson  •  June 2, 2023

Adversaries have taken advantage of a zero-day vulnerability in Progress Software's managed file transfer product to deploy web shells and steal data, Mandiant found. An unknown threat actor began exploiting the critical SQL injection vulnerability in MOVEit Transfer on May 27.

SentinelOne Lays Off 5% of Staff as Data Consumption Tumbles

Michael Novinson  •  June 1, 2023

SentinelOne plans to ax approximately 105 workers after a significant drop in data usage for products with consumption-based pricing caused revenue to fall short of expectations. The company revealed plans to reduce its staff by 5% to remain on track with achieving non-GAAP profitability next year.

Hackers Exploit Progress MOVEit File Transfer Vulnerability

Michael Novinson  •  June 1, 2023

Hackers have exploited a critical zero-day vulnerability in Progress Software's managed file transfer offering in several customer environments. Progress warned of a critical SQL injection vulnerability in MOVEit Transfer that allows for "escalated privileges and potential unauthorized access."

Cisco Buys Armorblox to Bring Generative AI to Its Portfolio

Michael Novinson  •  May 31, 2023

Cisco plans to make its third tuck-in cybersecurity acquisition of 2023 to protect email, cloud office applications and enterprise communications through natural language understanding. Cisco will take advantage of Armorblox's predictive and generative AI to help customers bolster their security.

Cisco's New XDR Tool Emphasizes Robust Telemetry Correlation

Michael Novinson  •  May 31, 2023

Cisco Security Executive Vice President and General Manager Jeetu Patel said the industry struggles to address multifaceted attacks that originate in email and include bad links, malware downloads to a device and more. Cyber defenders need correlated data from multiple sources of telemetry, he said.

Synopsys Extends Lead in Gartner MQ for App Security Testing

Michael Novinson  •  May 30, 2023

Synopsys stands head and shoulders above the competition in Gartner's application security testing rankings, with Snyk rising and HCL Software falling from the leaders category. Longtime app security players Veracode, Checkmarx and OpenText joined Synopsys and Snyk atop the Gartner Magic Quadrant.

Expel, CrowdStrike, Red Canary Dominate MDR Forrester Wave

Michael Novinson  •  May 26, 2023

Expel, CrowdStrike and Red Canary held steady atop Forrester's MDR rankings, while Secureworks and Binary Defense tumbled from the leaders category. Providers have turned their attention from maximizing their efficacy at detecting ransomware to finding faster and better ways to respond to attacks.

New Russian OT Malware Could Wreak Havoc on Electric Systems

Michael Novinson  •  May 25, 2023

A new strain of Russian operational technology malware could cause electric power disruption in Europe, the Middle East and Asia, Mandiant found. The malware wreaks havoc by interacting with devices such as remote terminal units that are used for electric transmission and distribution operations.

Why Cyber Seed Funding Has Blossomed in the Economic Drought

Michael Novinson  •  May 24, 2023

Seed funding for Israeli cybersecurity startups has blossomed despite the economic downturn, and both deal volume and size have strengthened in 2022 as compared to 2021. The indefinite closing of the initial public offering market in spring 2022 caused late-stage investment to fall off a cliff.

Profiles in Leadership: Michael D'Ambrosio

Michael Novinson  •  May 24, 2023

Organizations lack visibility into their network and assets to fully understand their threat and risk exposure, said Liberty Strategic Capital's Michael D'Ambrosio. The trend of accessing corporate networks from remote locations has made it tough for businesses to know what's on their network.

CyberArk CEO Touts New Browser That Secures Privileged Users

Michael Novinson  •  May 24, 2023

CyberArk's new Secure Browser prevents adversaries from harvesting the credentials of privileged users who are accessing sensitive web applications. CEO Matt Cohen said this solution will help thwart attackers who are hijacking sessions on consumer-grade browsers through the use of cookies.

How Failing to Address Physical Security Creates Cyber Risk

Michael Novinson  •  May 23, 2023

Cyber programs must go beyond the digital realm and address physical security challenges around buildings and data centers even though there isn't a tool to implement. Firms often adopt physical security measures such as a secure data center with cameras and locked doors only when it's required.

Avoiding Pitfalls in the Cyber Insurance Application Process

Michael Novinson  •  May 22, 2023

Cyber insurance applicants should provide detailed responses that clarify the nature of their business to avoid claim denials in the event of a security incident. Pasich LLP Senior Managing Associate Tae Andrews urged applicants to "interrogate the interrogator" to push back on vague questions.

LexisNexis, Experian, IBM, F5 Top Fraud Reduction Tech

Michael Novinson  •  May 19, 2023

New entrants LexisNexis Risk Solutions and F5 joined longtime leaders Experian and IBM atop KuppingerCole's Leadership Compass for fraud reduction intelligence platforms. Leading vendors help users detect bots and have capabilities spanning different sectors from finance to payments to e-commerce.

Data443 Buys Cyren Assets Out of Bankruptcy for Up to $3.5M

Michael Novinson  •  May 17, 2023

Data443 has bought Cyren's threat intelligence, URL categorization and email security technology out of bankruptcy for up to $3.5 million. Buying Cyren's anti-spam, virus outbreak detection, IP reputation, URL filtering and Threat InDepth data feeds will boost Data443's existing product portfolio.