Information Technology

Google on Thursday released an update for its measurement and analytics products, including a significant privacy update for Google Analytics. The company said the new capabilities stem from its investments in machine learning and modeling and are designed to help marketers operate without cookies and other identifiers on websites and apps.

In October, Google rolled out what it said was the biggest overhaul of Google Analytics in nearly a decade. The revamp ushered in new machine learning capabilities, unified app and web reporting, native integrations and privacy updates. This latest update builds on last year’s overhaul, with features aimed at helping the marketing industry evolve to new privacy expectations and shifts in consumer behavior. On the privacy front, Google said it will soon extend its advanced machine learning models to behavioral reporting in Analytics. For example, in User Acquisition reports, machine learning models will be able to fill any gaps in the numbers of new users a campaign has acquired. The idea is to enable marketers to track customer journeys without relying on cookies.Google also said it has developed an additional privacy-minded way to help preserve accurate conversion measurement when cookies aren’t available. The company’s new enhanced conversions allow tags to use consented, first-party data to generate insights related to performance, like conversion lift, and to improve measurement in cases where an ad is viewed on one device and clicked through on another. Google said the data is hashed to guard user privacy and security. “Now’s the time to adopt new privacy-safe techniques to ensure your measurement remains accurate and actionable,” said Vidhya Srinivasan, VP of Engineering for Google Ads. “And while this can seem daunting, we’re here to help you succeed in a world with fewer cookies and other identifiers with new ways to respect user consent, measure conversions and unlock granular insights from your sites and apps.”Google Analytics has been the industry standard web analytics tool since 2005. It doesn’t cost anything to sign up for and use the standard version of Google Analytics, which is ideal for individuals or small businesses. Larger enterprises can utilize Google Analytics 360, the premium version.  More

Colonial Pipeline reportedly paid the ransomware group responsible for a cyberattack last week close to $5 million to decrypt locked systems.

more coverage

On Thursday, Bloomberg reported that two people close to the matter said a blackmail demand was agreed to within hours of the cyberattack that has impacted the fuel giant’s systems for close to a week.On May 7, Colonial Pipeline experienced a ransomware attack which forced the company to temporarily close down its operations and freeze IT systems to isolate the infection. While pipelines are now back in business, it will be days before normal service resumes — and the issues surrounding supply have already caused panic buying across some cities in the United States.  The publication says that the payment was made to DarkSide malware operators in cryptocurrency in order to secure a decryption key and restore systems rendered inoperational by the ransomware.  See also: Colonial Pipeline attack: Everything you need to knowHowever, the decryptor was reported to be “so slow” that backups were also used in restoration efforts. 

The cyberattack was the work of DarkSide, a ransomware-as-a-service (RaaS) outfit. The DarkSide ransomware variant is provided to affiliates who sign up, and in return, partner groups give the malware’s developers a slice of any profits made through successful ransomware extortion attempts.  DarkSide affiliates may also use double-extortion tactics, in which corporate files are also stolen during an attack. If a company refuses to pay up to decrypt their systems, they are then threatened with the public leak of stolen data.  FireEye researchers say that DarkSide’s developers take a profit cut of 25% for ransom payments under $500,000, and this reduces to 10% for payments made over $5 million.

ZDNet Recommends

The FBI and Cybersecurity and Infrastructure Security Agency (CISA) issued an alert this week warning businesses of the ongoing threat of RaaS operations. Federal agencies do not condone paying ransom demands made by cybercriminals.  According to Reuters, Colonial Pipeline has cyber insurance coverage of at least $15 million.On Thursday, the organization said in an update that it “has made substantial progress in safely restarting our pipeline system and can report that product delivery has commenced in a majority of the markets we service.”ZDNet has reached out to Colonial Pipeline and we will update when we hear back.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Microsoft has devised new Azure Active Directory identity and access management capabilities that give organizations a better chance of fending off crafty techniques used by hackers to get around two-factor authentication.Microsoft’s CISO recently explained the identity problem facing most organizations. “People are very focused on taking advantage of identity, it’s become a classic: hackers don’t break in, they log in,” he told CNBC in an interview abut Microsoft’s efforts to kill the password.The software giant is introducing a GPS-based named locations and filters to its Azure AD “Conditional Access” feature, which looks at a range of signals for authorized user access.  “The GPS-based named locations and filters for devices enable a new set of scenarios, such as restricting access from specific countries or regions based on GPS location and securing the use of devices from Surface Hubs to privileged access workstations,” says Vasu Jakkal Corporate vice president or Microsoft Security, Compliance and Identity. Microsoft Security General Manager Andrew Conway gave ZDNet a breakdown of the new GPS-based conditional access feature, which should help organizations lock down their most important business applications. “An IP address may not be enough context to validate the location from which an employee is logging in, especially if that company has strict requirements for a particular application or resource,” Conway says. “In these strict access scenarios, a user will receive a prompt on the Microsoft Authenticator app requesting them to share their location to confirm the country. This could be layered on top of other policies, such as requiring multifactor authentication.”

The recent SolarWinds attack shows how sophisticated attacks are getting in their attempts to get around two-factor authentication. Microsoft president Brad Smith called the SolarWinds incident “a moment of reckoning”, in part because it caught the US’s most important cybersecurity companies off guard.The attack stung Microsoft and FireEye — two of the biggest cybersecurity companies in the world — via a tampered update from SolarWinds network monitoring software, Orion. FireEye’s breach began with the backdoor in the SolarWinds update, and the attackers then used the initial intrusion to acquire employee credentials. FireEye required employees to use a two-factor code to remotely access its VPN, but the attackers used the stolen credentials to enroll a second, non-authorized mobile device for one employee in the company’s two-factor authentication system, at which point it was spotted. For Microsoft’s new system to work, the organization would need to have connected their on-premises identity solution with Microsoft’s Azure AD cloud identity service to use the risk-based capabilities of Conditional Access.These additions to Conditional Access enable you to now target conditional access policies to a set of devices based on certain device attributes, such as whether it is a corporate-managed device or whether the device is in an allowed range says Microsoft.Conditional Access supports Windows, iOS, macOS, and Android devices that have been enrolled into Azure AD. “When using certain attributes as the properties for filters for devices, the device has to meet certain criteria, such as being managed by Microsoft Endpoint Manager, marked compliant, and hybrid Azure AD joined,” Conway adds. Microsoft is rolling out GPS-based conditional access as part of its own shift to hybrid work as more vaccines roll out and people start returning to offices on some days. Key to that strategy is its push for a “zero trust” architecture, where it assumes the company has been breached and that there is no border to the corporate network. But according to Microsoft’s Jakkal, only 18 percent of its own customers have enabled multi-factor authentication. “We saw a significant jump in usage when the pandemic began. And when that happened, we saw a significant decrease in aggregate compromises—people thought they were activating to protect only remote access, but MFA protects the entire network,” she says.  More

Hardly a week goes by when we don’t hear of a data breach, an exposed AWS bucket leaking the records of millions of people, or a serious cybersecurity incident that gives IT teams sleepless nights and prompts government agencies to issue alerts to warn the enterprise of new threats. Two incidents alone in 2021 — the Microsoft Exchange Server vulnerabilities debacle and the ransomware attack against the Colonial pipeline, which supplies 45% of the East Coast’s fuel — have highlighted the need for cybersecurity experts to protect both enterprise resources and core, critical services, and infrastructure. The industry does not necessarily demand certifications to get started, but there are options available to give you a thorough grounding in different concepts, explore different areas in the field to pursue, and deepen your knowledge and expertise. Below, we have listed the best options to get you started and to stand out when you apply for a role in this lucrative field. 

Free and paid courses

Cybrary is an excellent online resource for video-based courses in cybersecurity suiting a range of skill levels and existing qualifications. You can enroll in courses that explain the fundamentals of particular career paths — whether this is as a system administrator or network engineer — and if you can ignore the somewhat cheesy thumbnails used to tout some of the courses, the actual content is valuable and comes with an estimated time to completion and difficulty rating. You might want to explore some of these courses as introductory prep for other, formal qualifications such as Certified Ethical Hacking (CEH). Virtual labs for tools including Wireshark and practice tests for qualifications including CompTIA Security+, CISM, and CISSP are also available. Courses can be completed at your own pace and some, such as those offered by Cisco, result in formal qualifications after you pass. In addition, you can follow set ‘career paths’ with course recommendations. Some courses are free while others require an enrollment or test fee. 

View Now at Cybrary

A grounding in networks

It might not be as exciting as learning about penetration tools or software that can crack passwords, but a thorough understanding of networks is a necessity for today’s cybersecurity defenders. To get started, you should consider the CompTIA Network+ course, which teaches learners how to build a network from the ground up, how to identify different kinds of network topology and configurations — as well as explores the common types of network-based attacks.Following this entry-level course, you can take Security+, a baseline qualification in security concepts. CompTIA Security+ (SY0-501) is retiring this year, but SY0-601, the refreshed course, is now available. 

$338 at CompTIA

An intense deep dive

The SANS Institute is a well-known provider of professional cybersecurity courses and SEC401 is described as a “bootcamp” for those with some existing knowledge of IT, networking, and security. While certainly not a cheap undertaking, the in-depth course covers security metrics, audits, risk assessments, network protection, incident detection and response, and more. As a course for working professionals, SANS offers flexibility through on-demand, online, or in-person — where possible — training.  

$7,270 at SANS

Think offense, not defense

Offensive Security’s Penetration Testing with Kali Linux (PEN-200) is the organization’s foundation course in using the Kali Linux OS for ethical hacking. The vendor’s focus is on offense and hands-on learning rather than lectures and completely academic study. Offensive Security encourages critical thinking and problem-solving with its “Try Harder” slogan — after all, if you can learn to think like an attacker, you can better protect systems against them. You will need a solid understanding of networking principles and some understanding of Windows, Linux, and Bash/Python will help. Successfully completing the course will give you the OSCP certification — as long as you can handle the 24-hour exam.  

$999 at Offensive Security

A globally recognized qualification

CISSP, offered by the International Information System Security Certification Consortium, is one of the most well-known professional cybersecurity qualifications worldwide. The course covers the design and implementation of cybersecurity programs, including engineering, security architectures, risk management, identity and access management, and software security, among other topics. CISSP can be taken in the classroom and led by instructors in real-time, but you will need years of experience in the field as a prerequisite. Due to the pandemic, the CISSP, CCSP, SSCP, CAP, CSSLP, and HCISPP are currently available as online options for a lowered price. Costs vary but will be several thousands of dollars, depending on your region. 

View Now at (ISC)²

Moving into management

ISACA Certified Information Security Manager (CISM) certification is focused on four areas: information security governance, risk management, infosec program creation and management, and security incident management. Therefore, this qualification isn’t suitable as a foundation, but rather, could be valuable to move up the management chain in an enterprise role. To become certified, you need to both pass the exam and have acceptable work experience. The price is roughly $760, however, a discount is on offer for ISACA members. 

$760 at ISACA

Pick your roadmap

Global Information Assurance Certification (GIAC) is an institution that offers an array of IT and cybersecurity qualifications. GIAC’s offerings include topics such as security administration, management, legal, auditing, cyberforensics, and software security, and depending on your areas of interest, you can follow roadmaps with suggested courses to broaden your knowledge and skill set. GIAC is an affiliate of the SANS Institute and some courses, such as GIAC Security Essentials, correspond to training offered by its partner organization. Prices vary for different certifications.

View Now at GIAC

Should you pay for a course?

If you’re unsure, check out free courses on Cybrary, YouTube tutorial videos, and Hack The Box before you sign up for a qualification. We especially recommend these options for those who are not completely sure they want a career in cybersecurity.

Is it really important to learn about networking and PCs first?

Yes. If you don’t understand the fundamentals, this will lead to a flawed understanding of cybersecurity concepts. You should take the time to build yourself a foundation in IT knowledge first. 

Do you have to be certified?

There is a range of options out there: being self-taught, apprenticeships, degrees, and professional qualifications. If you’re serious about a career in cybersecurity and want to eventually move up the ladder, then just as in many other fields, qualifications can give you the leg-up you need. 

Which course is right for you?

Choosing a course should depend on your knowledge level and current skill set. Rather than jump right in with an advanced qualification, you may need to spend time learning the basics with a CompTIA, or you may already have enough industry experience to tackle one of the more advanced courses on our list. 

How did we select these courses?

While compiling our recommendations, we covered a range starting from entry-level and broad courses designed to give you foundational knowledge in IT — from the hardware to networks and how systems communicate — to more advanced, technical certifications that are sought-after by employers. 

ZDNet Recommends More

Four years ago, the UK’s National Health Service suddenly found itself one of the most high profile victims of a global cyber attack.On 12 May 2017, WannaCry ransomware hit organisations around the world, but hospitals and GP surgeries throughout England and Scotland were particularly badly affected. A significant number of services were disrupted as malware encrypted computers used by NHS trusts, forcing thousands of appointments to be cancelled and ambulances to be rerouted.Wannacry was launched by North Korea which used EternalBlue, a leaked NSA hacking tool, to spread as far and wide as possible – and it just so happened that many NHS Trusts were running Windows machines which had yet to receive the critical security patch released by Microsoft earlier.It was and still is the largest cyber attack to hit the UK to date and even if the NHS wasn’t actually a specific target of WannaCry – it was a wakeup call at to how ransomware and other cyber campaigns could be a risk to an organisation with 1.5 million employees which provides healthcare services across the entire country.WannaCry happened before ransomware rose to become the significant cybersecurity issue it is today and the NHS and National Cyber Security Centre know that if another ransomware campaign infiltrated the network, the impact could be devastating – particularly during the Covid-19 pandemic.”For the NHS, ransomware remains one of our biggest concerns,” said Ian McCormack, deputy director for government, NCSC, speaking during a panel discussion at the NCSC’s CYBERUK 21 virtual conference.”Ransomware packages have got much more sophisticated, ransomware is becoming much slicker in terms of how it’s developed”.

SEE: Network security policy (TechRepublic Premium)To protect networks from ransomware attacks, the NHS has learned the lessons from WannaCry and is aiming to ensure that it’s harder for cyber criminals to exploit vulnerabilities in order to distribute malware.One of those lessons is making NHS Trusts aware about newly disclosed security vulnerabilities and, if needed, providing support in order to apply the relevant patches. The NHS trusts which had applied the critical Microsoft update to patch EternalBlue avoided falling victim to WannaCry – so it’s hoped that by providing the resources to enable patch management, networks can be protected against future attacks which attempt to exploit new vulnerabilities.”Within NHS Digital and working closely with NHSX and NCSC, we offer a high severity alerts process, so we will review and triage vulnerabilities,” said Neil Bennett, chief information security officer (CISO)at NHS Digital, the national IT provider for the NHS.”And where we believe vulnerabilities are particularly critical and applicable to the NHS, we’ll push out alerts advising organisations to take action to remediate and put time scales around it”.Recent vulnerabilities NHS Digital has helped hospitals and GP surgeries protect their networks against include zero-day vulnerabilities Microsoft Exchange server, plus TCP/IP vulnerabilities discovered in millions of Internet of Things devices. If abused, both could enable cyber attacks to take control of machines and gain wider access to networks, helping lay the groundwork for additional attacks – so NHS Digital was keen to ensure the patches were applied.”We’ve encouraged organisations to move at pace and when needed, offer support,” said Bennett.But there’s more to protecting against a ransomware attack than just applying the correct security patches and a lot of effort has gone into ensuring there are backups for NHS systems across the country.That means if the worst happens and somehow a network did fall victim to a ransomware attack, it’s possible to restore the network from a recent point, without having to consider paying a ransom to cyber criminals. “Backups was a very key area of focus for us,” said Bennett, who described how in some cases, that has meant new backup systems entirely.”We provided support to individual trusts on reviewing their backups, very much aligned with the NCSC’s backup guidance. Then with the findings we’d support the organisations remediating against recommendations and in some cases NHSX actually funded new backup solutions, ideally cloud-based backup solutions,” he explained. It’s evident that cyber criminals will attempt to exploit any vulnerability they can in order to infect a network with ransomware or any other form of malware – and it’s hoped by regularly providing assistance with security patching and providing advice on backups, another WannaCry can be avoided, especially as cyber attacks against healthcare providers elsewhere have demonstrated how dangerous they can be.”There’s been numerous ransomware incidents around the world that have affected healthcare organisations in the US and France, for example and that shows that the health sector is certainly not immune to that threat,” said McCormack. MORE ON CYBERSECURITY More

Microsoft has issued an alert over a remote access tool (RAT) dubbed RevengeRAT that it says has been used to target aerospace and travel sectors with spear-phishing emails.  RevengeRAT, also known as AsyncRAT, is being distributed via carefully crafted email messages that prompt employees to open a file masquerading as an Adobe PDF file attachment that in fact downloads a malicious visual basic (VB) file.  

ZDNet Recommends

Security firm Morphisec recently flagged the two RATs as part of a sophisticated Crypter-as-a-Service that delivers multiple RAT families. SEE: Network security policy (TechRepublic Premium) According to Microsoft, the phishing emails distribute a loader that then delivers RevengeRAT or AsyncRAT. Morphisec says it also delivers the RAT Agent Tesla.  “The campaign uses emails that spoof legitimate organizations, with lures relevant to aviation, travel, or cargo. An image posing as a PDF file contains an embedded link (typically abusing legitimate web services) that downloads a malicious VBScript, which drops the RAT payloads,” Microsoft said.  Morphisec named the cryptor service “Snip3” based on a username taken from the malware it found across earlier variants. 

Snip3 has been configured to not load a RAT if it detects it’s being executed within the Windows Sandbox – a virtual machine security feature Microsoft introduced in 2018. The Windows Sandbox is meant to allow advanced users to run potentially malicious executables within a safe sandbox that won’t affect the host operating system.  “If configured by [the attacker], the PowerShell implements functions that attempt to detect if the script is executed within Microsoft Sandbox, VMWare, VirtualBox, or Sandboxie environments,” Morphisec notes.  “If the script identifies one of those virtual machine environments, the script terminates without loading the RAT payload.” But if the RATs are installed, they connect to a command and control (C2) server and download more malware from paste sites like pastebin.com.  They’re not good to find on any system, as the RATs are known to steal credentials, video and images from a webcam and anything that’s been copied to the system clipboard for pasting elsewhere.  “The RATs connect to a C2 server hosted on a dynamic hosting site to register with the attackers, and then uses a UTF-8-encoded PowerShell and fileless techniques to download three additional stages from pastebin[.]com or similar sites,” Microsoft Security Intelligence said.  “The Trojans continuously re-run components until they are able to inject into processes like RegAsm, InstallUtil, or RevSvcs. They steal credentials, screenshots and webcam data, browser and clipboard data, system and network into, and exfiltrates data often via SMTP Port 587.” Microsoft has published on GitHub some advanced hunting queries that security teams can use if they detect these threats on their network. SEE: Ransomware just got very real. And it’s likely to get worse It’s open-sourced threat-intelligence information to date includes keywords linked to Spin3 phishing emails that target the aviation sector as well as a query that looks for a function call to a method named DetectSandboxie. “This method is used in RevengeRAT and AsyncRAT instances involved in a campaign targeting the aviation industry, first observed in 2021. It has also been associated in the past with other malware, such as WannaCry and QuasarRAT,” Microsoft notes.   WannaCry ransomware spread rapidly across the world in mid-2017 and was attributed to North Korean hackers. QuasarRAT was used in 2018 to steal credentials from the Ukrainian government.   More

Researchers have discovered hundreds of malicious mobile apps that are exploiting interest in cryptocurrency and stocks to steal from victims. 

Sophos researchers said on Wednesday that a tip-off relating to a fake mobile trading app led to the discovery of a server containing “hundreds” of malicious trading, banking, foreign exchange, and cryptocurrency apps designed for the Android and iOS platforms. Mobility has meant that stock trading and investment opportunities are now widely available and far more accessible than before. Rather than having your money managed by a particular fund or agency in return for a fee, users can now select their own investments with a single swipe. Social media has become a hotbed of pump-and-dump or “meme” stock chat and trading tips, and cryptocurrency, too, has become a popular topic of discussion for eager investors.  However, the ease of downloading a mobile application to explore investment opportunities has also created an avenue for cybercriminals to exploit.  According to Sophos, the apps found included counterfeit software created to impersonate well-known, legitimate, and trusted brands including Barclays, Gemini, Kraken, TDBank, and Binance.  The operators have created dedicated websites linked to each individual app, tailored to appear as the impersonated organizations in an effort to improve the apparent legitimacy of the software — and the likelihood of a scam being successful. 

Sophos’ investigation into the apps began with a report of a single malicious app masquerading as a trading company based in Asia, Goldenway Group.  The victim, in this case, was targeted through social media and a dating website and lured to download the fake app. Rather than relying on mass spam emails or phishing, attackers may now also take a more personal approach and try to forge a relationship with their victim, such as by pretending to be a friend or a potential love match. Once trust is established, they will then offer some form of time-sensitive financial opportunity and may also promise guaranteed returns and excellent profits.  However, once a victim downloads a malicious app or visits a fake website and provides their details, they are lured into opening an account or cryptocurrency wallet and transferring funds. Scammers will then vanish with the money and block their victims.  Sophos says that the apps discovered on the server were being pushed through the same infrastructure and through a “Super Signature process” abused to bypass security protections and mechanisms used by official app repositories.  In the case of iOS, the process — designed for small app developers to conduct legitimate test deployments before submission — requires a target device to download and install a manifest file to accept the package, and then the device’s ID is sent to a registered developer account. An .IPA package containing the app is then pushed to the user for download.  “While many of these Super Signature developer services may be targeted at helping legitimate small app developers, we found in our investigation that the malware used many such third-party commercial app distribution services,” the researchers say. “These services offered options for ‘One-click upload of App Installation’ where you just need to provide the IPA file. They advertise themselves as an alternative to the iOS App Store, handling app distribution and registration of devices.” In some cases, the distribution services dropped web clips that added a link to a malicious web page directly to a victim’s home screen rather than pushed IPA files.  When it comes to Android abuse, users are asked to install and launch an app, create an account, and then begin trading. The apps appeared to be real and in some cases included elements such as cryptocurrency price tracking. However, wallets are either controlled by cybercriminals or the funds required to start trading are requested to be sent to bank accounts registered in Hong Kong. It appears that Asia is primarily being targeted by the network, as one of the servers referenced in an app led to the discovery of uploaded records including ID cards, driver’s licenses, passport photos, and more from nationals in South Korea, China, Malaysia, and Japan.  “We believe the ID details could have been used to legitimize financial transactions and receipts by the crooks as a confirmation about the deposits from the victims,” Sophos says. “We also found several profile pictures of attractive people likely used for creating fake dating profiles, which suggests that dating could have been used as a bait to lure victims.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Image: Getty Images
United States President Joe Biden signed an executive order on Wednesday to boost the cyber posture of the federal government. The order points to recent incidents including the ransomware attack on Colonial Pipeline, Exchange vulnerabilities that led to the FBI removing web shells from US servers, and the SolarWinds attack. The order said the federal government must lead by example.”Incremental improvements will not give us the security we need; instead, the federal government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life,” the order states. “The federal government must bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid. “The scope of protection and security must include systems that process data (information technology) and those that run the vital machinery that ensures our safety (operational technology).” The order mandates that agencies have 180 days to implement multi-factor authentication and encrypt data both at rest and in transit “to the maximum extent” available under federal records and other laws. Agencies that cannot meet the deadline will need to provide a written explanation why not.

“Outdated security models and unencrypted data have led to compromises of systems in the public and private sectors,” the White House said in a fact sheet. “The Federal government must lead the way and increase its adoption of security best practices, including by employing a zero-trust security model, accelerating movement to secure cloud services, and consistently deploying foundational security tools such as multifactor authentication and encryption.” A Cybersecurity Safety Review Board will be established under the order and be constituted by federal officials from the Department of Defense, Department of Justice, CISA, NSA, and FBI, as well as private-sector representatives to be determined by the Secretary of Homeland Security. The board will be chaired and co-chaired by one federal and one private-sector member. The board will meet following a “significant” cyber incident and analyse what happened and make recommendations. “When something goes wrong, the Administration and private sector need to ask the hard questions and make the necessary improvements,” the White House said. “This board is modelled after the National Transportation Safety Board, which is used after airplane crashes and other incidents.” A standardised playbook for incident response will also be created, as will a “government-wide endpoint detection and response system” and mandate to maintain logs to help in incident detection, investigation, and remediation. “Slow and inconsistent deployment of foundational cybersecurity tools and practices leaves an organisation exposed to adversaries,” the fact sheet states. Earlier on Wednesday, the Colonial Pipeline restarted operations. Related Coverage More