March Madness: Technology coverage tops the press

Cyber Security, High Technology, Public Relations Posted Apr 6, 2018 by Kayla Krause

In typical March Madness fashion, this year was none the more surprising and revealing than in years past. We’re, of course, talking about technology – although, the men’s and women’s NCAA basketball tournaments were also full of Cinderella stories and upsets.

Similarly, the security industry also had an array of news ranging from vulnerabilities reappearing to power grids being hacked and new partnerships forming. Summarized below are these news stories, and more top technology bits from CHEN PR’s clients throughout the month of March.

 

Cadenza

Hartford Business Journal, UConn, Cadenza launch battery-tech research partnership

Cadenza announced its partnership with UConn energy researchers this month. UConn and Cadenza will work together to analyze and qualify graphite collected at a massive mine in Mozambique for use in lithium-ion batteries. The collaboration will pair Cadenza’s technical capability and key patents to develop game-changing battery technology, and UConn’s expertise and unmatched research facilities to conduct rigorous, reproducible, accurate specialty materials analysis.

 

Claroty

eWeek, U.S. Government Accuses Russia of Hacking the Power Grid

Claroty Co-founder Galina Antova applauded the U.S. government for publicly calling out nation state actors for attacking American grid operators, which she believes is crossing “red lines” – just like shutting off the power in Ukraine in December 2016. The government is historically hesitant to attribute cyberattacks especially to nation-states, so this is a significant first step – even more so when the industrial security community has been calling attention to persistent Russian campaigns for quite some time.

 

Digital Guardian

Information Management, Will data science, machine learning and AI ‘save’ IT security?

Penned by Will Gragido, Digital Guardian’s director of advanced threat protection, this byline tackles the subject of security automation. Will contends that such technologies are not silver bullets, and that prospective customers should thoroughly review their security teams’ grasp of security fundamentals as part of considering their options. Will frames his viewpoint in the backdrop of the upcoming RSA Conference in April, where such technology will be promoted to thousands of prospects.

 

Duo

The CyberWire Research Saturday Podcast, Code comments cause SAML conundrum

Duo Security Researcher Kelby Ludwig talks with the CyberWire about a significant vulnerability Duo found in an open standard used by a range of vendors that provide, or rely on, the single-sign-on protocol – SAML –to access cloud apps and services. If exploited, moderately technical attackers could trick the system into authenticating them as legitimate users without their credentials, effectively giving them the keys to all users’ apps and data.

 

Flashpoint

Channel Partners Online, ‘7 Minutes’ with Flashpoint CEO Josh Lefkowitz

Flashpoint’s partner program has been in place only since September, but has already attracted more than 60 resellers. Why? It’s because these channel partners see the top provider of business risk intelligence (BRI) as a solution for their customers when it comes to overcoming he potential chaos that lurks in the deep and dark web. The outlet interviewed Flashpoint CEO Josh Lefkowitz one-on-one to discuss Flashpoint’s Global Channel Program that addresses everything from what the BRI company mines on the dark web, to covering physical security, potential fraud, and third-party supplier and insider threats. Flashpoint has customers across 20+ verticals, with a focus on financial services, government, retailers and telecommunications.

 

Forum Systems

Independent Banker, Storms ahead for cloud-based infrastructure?

Cloud service providers are rapidly expanding amongst sectors—financial industry included. With this more efficient and cost-effective computing to streamlining data operations comes some security red flags, though. With almost two-thirds of databases in the public cloud not encrypted, it grants cybercriminals access to “piggyback” off the computing power of large corporations, like Amazon Web Services (AWS). Jason Macy, chief technology officer for Forum Systems, explains that insecure cloud servers have a high risk of unforeseen ramifications. These include forcing vendors to build Amazon Machine Images (AMIs), which is a format required to launch a virtual server on Amazon’s cloud service. This alone creates a vector of compromise – vulnerable to interception and takeover of machines by hackers.

 

 SafeBreach

Dark Reading, Online Sandboxing: A Stash for Exfiltrated Data?

SafeBreach continued research from last year’s Black Hat and DEFCON report, “Adventures of A/V and the Leaky Sandbox”, which demonstrated the ability to exfiltrate data from a highly restricted and segmented network, via exploitation of a cloud AV sandbox service (Kaspersky, ESET, etc.). The updated research takes advantage of the same techniques, but instead of a closed vendor solution, it exfiltrates targeted data from public online sandbox services. As an example, SafeBreach demonstrates exfiltration using the Google Virus Total and www.hybrid-analysis.com services.