Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

What is the XDR paradox? It’s the hottest term in security but there is no consensus yet on the right definition. Why is that? Many organizations have deployed EDR and are benefiting from it, but also looking to the gaps that EDR can’t address such as unmanaged / compromised devices or network-centric TTPs. Likewise, many vendors of EDR/SIEM products have realized they have the same general workflow (analyze data, present an alert, triage it, etc).

I am excited to share a major milestone for our company: the Lookout Cloud Access Security Broker (CASB) has been named a Major Player in the 2021 IDC MarketScape Worldwide Cloud Security Gateways (CSG) Vendor Assessment (Doc # US48334521, November 2021). When Lookout acquired CipherCloud back in March 2021, the two companies came together with a mission to build a platform that provides intelligent Zero Trust access by leveraging in-depth telemetry from endpoint to cloud.

The COVID-19 pandemic changed many aspects of how businesses operate, remote work being one of the most significant. At the outbreak’s peak, 71% of American workers telecommuted at least part-time, 62% of whom rarely worked remotely before. This shift has impacted many industries, but the legal sector faces more disruption than most. Legal work rarely happened over telecommunication services before the COVID-19 pandemic.

The TMF Summit, a clinical documentation management conference hosted by industry observer Fierce Biotech, was held in late October in New Orleans. There was plenty of talk about familiar topics such as data quality and integrity, as well as data submission workflows and monitoring. But what stood out this year was how the pandemic continues to reshape the industry.

When it comes to construction technology, one size doesn’t necessarily fit all. Businesses often have different needs that require different tools to automate established processes, or standard operating procedures (SOPs). This creates a problem, however, because decision makers have to sift through the available technologies—and the depth and breadth of what processes they can cover—to find the right solution.

When organizations are attacked by ransomware, only a little more than half are able to recover their data using a backup. This begs the question, “What about the rest? Why might they be unable to recover?” One reason may be that their backup data has been compromised. Backups are a hot target for hackers. If they can get to an organization’s backup data, they have far more leverage.

We decided to try to run a well-known Remote Access Trojan (RAT) called Remcos used by FIN7. This tool has been around for some time and has a reputation for being stealthy and effective in controlling compromised hosts. Sold as a remote computer monitoring tool, this tool has plenty of features that can allow an operator behind the control to do multiple operations against a compromised system.

JFrog security research team (formerly Vdoo) has recently disclosed a code injection issue in one of the utilities shipped with Tensorflow, a popular Machine Learning platform that’s widely used in the industry. The issue has been assigned to CVE-2021-41228. This disclosure is hot on the heels of our previous, similar disclosure in Yamale which you can read about in our previous blog post.