Author: bacohido

Atlanta, Ga. June 20, 2023 – IRONSCALES, the leading enterprise cloud email security platform protecting more than 10,000 global organizations worldwide, today announced the Beta launch of Themis Co-pilot for Microsoft Outlook, a GPT-powered chat assistant for self-service threat reporting.

Powering Themis Co-pilot is PhishLLM, a cutting-edge large language model (LLM) hosted within the IRONSCALES infrastructure, which is the first in the IRONSCALES suite of generative AI apps for email security.

The announcement comes at a time when rates of BEC and other advanced phishing attacks are climbing exponentially as they expose vulnerabilities in traditional email security solutions with social engineering tactics. A recent report from Osterman Research revealed that large organizations are expecting a 43% increase in BEC attacks in the next 12 months.

In addition, cybercriminals specifically target the human element as it offers a convenient means of gaining unauthorized access to sensitive information, with phishing being one of their primary tactics. According to the 2023 Verizon Data Breach Investigations Report (DBIR), 74% of breaches involved a human element.

To combat the exponential rise in phishing, Themis Co-pilot, the first in a suite of generative AI apps, was designed to empower humans to be a critical cybersecurity defense. Built on top of PhishLLM, a proprietary, patent-pending large language model, these ground-breaking capabilities will allow enterprises to become more cyber resilient by enabling end-users, regardless of role, skill, or level, to detect sophisticated attacks.

Generative AI for email security

Currently available through a public Beta, Themis Co-pilot for Outlook enables IT and security admins to:

Empower end users and democratize email security: Mobilize your employees as a critical line of defense with the ability to question suspicious emails and gain real-time actionable insights to confidently report threats and take a more active part in threat hunting.

Reduce noise: Reduce the number of user-reported false positives and free up the security team for other important business initiatives.

Automatically stop emerging zero-day threats: As end-users leverage Themis Co-pilot to report emerging threats, proper classification will automatically remediate similar threats across the environment and train the IRONSCALES machine learning element to look for these threats in the future.

IRONSCALES’ innovation

Generative AI is changing the cybersecurity landscape, both in the volume and velocity of phishing attacks, but also in the way organizations can leverage it to make more informed decisions regarding emails.

IRONSCALES developed the industry’s first AI-powered security analyst, Themis AI, which utilizes the data from millions of security events from users, devices, and threat intel signals, in a continuous reinforcement learning from human feedback (RLHF) cycle. Adding to this powerful data set is the human insights collected from every mailbox user and 20,000+ security analysts across the IRONSCALES network of global admins. This massive dataset of human intelligence is used to stop breaches in real time. Only IRONSCALES brings this continuous feedback loop of AI and human insights together into the most powerful email security solution on the market.

“IRONSCALES has pioneered the use of artificial intelligence in email security to detect and remediate sophisticated phishing attempts. With the introduction of Themis Co-pilot, we’re delivering the next innovation that will help end users, of any skill level, improve their ability to stop attacks without adding additional cost or complexity to the organization,” said Eyal Benishti, CEO of IRONSCALES. “Our unique approach of combining AI and human insights is transforming email security. We believe our continuous feedback loop between our AI, human insights, and SAT capabilities is the most comprehensive approach to email security and remains unmatched by other vendors in the industry.”

About IRONSCALES: IRONSCALES is the leading cloud email security platform for the enterprise and the industry’s only solution that uses AI and human insights (HI) to stop advanced phishing.

Redwood City, Calif., June 21, 2023 – Appdome, the one-stop-shop for mobile app defense, today announced the release of Generation 5 of its in-app mobile defense framework, the core protection framework delivered by its cyber defense automation platform.

With “Gen5”, Appdome provides the most advanced cyber and anti-fraud defenses for the newest mobile platforms, more sophisticated in-app UX/UI choices and new telemetry and intelligence options for mobile brands globally.

As mobile applications become the dominant force in the consumer landscape, mobile operating system and device manufacturers are pushing the boundaries of what it means to be a mobile device. Evolutions in the languages and frameworks used to build mobile applications, new OS and device architectures and integrated devices like watches, VR headsets and more, offer compelling new experiences for all users.

At the same time, these new experiences create new engineering complexities for mobile app defense and new attack vectors for hackers and other malicious actors to exploit. Traditional mobile security and anti-fraud SDKs fall behind or end up as shelfware, unable to be deployed due to complexity, incompatibility or compromise.

“Gen5 represents Appdome’s commitment to simplifying and accelerating mobile app security, anti-fraud, anti-malware and other critical protections into the mobile app development process,” said Avi Yehuda, founder and co-creator of Appdome. “We’re building mobile app defense that developers can use with full support for the mobile frameworks and methods they’re using every day.”

Key highlights of Appdome’s Gen5 mobile defense framework include:

Symbiotic Detection & Defense in Mobile Apps. Gen5 levels up the in-app mobile experience and UX/UI choices when attacks happen with key upgrades to Threat-Events™, Appdome’s in-app threat intelligence and control framework.

For example, Threat-Events now includes deeper attack and threat data as well as optional conditional detection and enforcement policies, allowing the mobile application to inform Appdome when to inspect or enforce a given defense.

In Gen5, Threat-Events also includes a mobile device heartbeat, allowing Appdome to signal the mobile app about device and/or connection health before initiating a workflow (such as a transaction) in the mobile app.

Extended Threat Intelligence and Data. Gen5 also extends the role of Threat-Events, allowing its rich mobile application attack and threat data to be consumed outside of the mobile app.

For example, Threat-Events can now feed and inform external systems, such as Appdome’s ThreatScope™ (Appdome’s mobile XDR offering), web application firewalls (WAFs) as seen in Appdome’s new MOBILEBot™ Defense* solution and other systems.

To support this, Threat-Events was given its own Adhesive Network Stack, with built-in intelligence features, to allow for network handling and decision-making based on the payload and the ability to add or modify the header or traffic type in runtime.

Better Security with the Newest Mobile Methods and Architectures. Gen5 offers the highest performance mobile app defense on the market. Inside Gen5, mobile brands get:

•Mobile App Defense Designed to Scale. Gen5 takes full advantage of modern mobile architectures, methods, frameworks and processors to maintain the highest performance defense and intelligence actions, without compromising security.

•New Deep Threat Detection enabling a new class of mobile malware protections, including OS remount, unlocked bootloader, custom ROMs and geo-spoofing detection, all without unnecessary permissions.

•New Behavioral Detection Methods to detect advanced threats such as detecting digital manipulation techniques to create fake facial images to bypass facial authentication, accessibility malware defense and more, all without unnecessary permissions.

•New Dynamic Encryption to ensure that every block of data uses the most secure and optimized options available – as well as the ability to change the implementation on the fly based on the data and the encryption capabilities available.

•New Obfuscation techniques and optimizations for Kotlin and metadata, Java decoding and faster resolution of obfuscated classes – all while minimizing file size impact.

•Support for Mac M-series Processors for iPhone and iPad apps available in the Mac App Store.

•Support for VR-headsets including Meta Quest and Apple’s Vision Pro VR Headset.

•Built-in crash reporting to simplify troubleshooting of deployed apps.

•WYSIWYG, Fully Modular Architecture to avoid unnecessary file size impacts and support the widest range of devices and operating systems.

•Full Support for all Mobile Languages and Frameworks including all recent updates to Obj-C, C+, Java, JS, C#, C++, Swift, Kotlin, Flutter, React Native, Unity, Xamarin, Cordova and more.

•No-Code, No-SDK, Fully Automated Delivery purpose built for the mobile DevOps pipeline.

“The explosion of innovation in the mobile market means cyber and anti-fraud solutions have to keep up,” said Gil Hartman, VP of Engineering at Appdome. “With Gen5, mobile brands and developers can deploy any kind of mobile app defense on the newest architectures, in the newest frameworks and support the most dynamic languages, with much better information and control than anywhere else.”

Appdome Gen5 will be available to Appdome Dev+ customers beginning July 1, 2023. To learn more about the platform and its new features, visit: www.appdome.com. For more information about Appdome MOBILEBot™ Defense, also announced today, please see the related press release titled, “Appdome Unveils its New MOBILEBot™ Defense Solution, Revolutionizing the Way Mobile Brands Defeat Mobile Bots.”

About Appdome: Appdome, the mobile app economy’s one-stop-shop for mobile app defense, is on a mission to protect every mobile app in the world and the people who use mobile apps in their lives and at work. Appdome provides the mobile industry’s only mobile application Cyber Defense Automation platform, powered by a patented arti?cial-intelligence based coding engine, Threat-Events™ Threat-Aware UX/UI Control and ThreatScope™ Mobile XDR. Using Appdome, mobile brands eliminate complexity, save money and deliver 300+ Certified Secure™ mobile app security, anti-malware, anti-fraud, MOBILEBot™ Defense, anti-cheat, MiTM attack prevention, code obfuscation and other protections in Android and iOS apps with ease, all inside the mobile DevOps and CI/CD pipeline. Leading ?nancial, healthcare, mobile games, government and m-commerce brands use Appdome to protect Android and iOS apps, mobile customers and mobile businesses globally. Appdome holds several patents including U.S. Patents 9,934,017 B2, 10,310,870 B2, 10,606,582 B2, 11,243,748 B2 and 11,294,663 B2. Additional patents pending.

Santa Clara, Calif. – June 21, 2023 – Axiad, a leading provider of organization-wide passwordless orchestration, today announced the results of its Passwordless Authentication survey fielded by Enterprise Research Group (ERG), a full-service market research company.

The purpose of the survey was to gain insight into the top authentication challenges, user experiences and attitudes with modern authentication, and to determine organizational desires to address authentication challenges with phishing-resistant passwordless authentication.

More than 375 respondents, including developers, IT and cybersecurity professionals from mid-market to large enterprises across industry verticals such as financial, manufacturing, technology, communications, media and others, from both the U.S. and Canada were surveyed.

The top-five data points from the survey include:

•92% of respondents are concerned about compromised credentials because of phishing or social engineering attacks, which points to the recent rise and success of both these attack vectors.

•59% are confident that compromised accounts or credentials have led to a successful cyber-attack over the last 12 months, which indicates the growing concern about the general security of credentials and the vulnerability of those credentials to execute cyber-attacks.

•82% say moving to passwordless authentication is in their top five priorities, implying respondents know that passwords are at the root of the problem when it comes to data breaches.

•85% say they are moving to passwordless authentication in the next 12-24 months, suggesting that the death of passwords is inevitable for many organizations.

•86% say moving to passwordless authentication will have a positive impact on their help desks and IT support teams, which signifies additional cost-saving benefits to organizations by eliminating the time and money associated with password resets.

“The results of this survey make it crystal clear that the value of passwordless authentication is gaining traction in the marketplace as more and more organizations are being breached and realizing that password-based credentials just don’t cut it anymore,” said Yves Audebert, co-CEO of Axiad. “We’re uniquely poised to help organizations execute passwordless strategies with Axiad Cloud, which provides enterprise-grade multi-factor authentication, phishing-resistant authentication and certificate-based authentication for IAM, among other features – all of which greatly improve security posture for our customers.”

For more data points from the survey, read the Passwordless Authentication Survey eBook and view the survey infographic.

About Axiad: Axiad delivers organization-wide passwordless orchestration to secure people, machines, and interactions for enterprise and public sector organizations that must optimize their cybersecurity posture while navigating underlying IT complexity. For more information visit axiad.com and follow us on Twitter and LinkedIn.

Media Contacts: Meghan Locke, Three Rings Inc., 413-627-5335, axiad@threeringsinc.com

Santa Clara, Calif. — CybeReady, a global leader in security awareness training, today announced the release of its informative guide, “Five Workforce Security Strategies to Consider During Summer Holidays.”

Produced by the company’s security experts, the guide is part of the CISO Toolkit, which is designed to help cybersecurity managers to communicate tips and best practices and help employees in maintaining a higher level of security – easily and effectively. The Summer Guide focuses on employee awareness and vigilance while on vacation. Download the guide here.

While we all crave relaxed summer getaways, it’s crucial to understand that adversaries never go on vacation. So, as we unwind on vacation over the next few months, vigilance and adherence to security protocols are paramount. To properly prepare before leaving town, the following five actions are highly recommended:

•Opt for Mobile Data Plans or Use Secure WiFi: CybeReady experts warn against the dangers of freely available public WiFi, detailing the risk of man-in-the-middle attacks, rogue access points, and malware injections. The use of a Virtual Private Network (VPN) and careful selection of websites is highly recommended in order to minimize these risks.

•Safeguard Against Theft: In light of the summer season’s potential for theft, the use of screen locks, cloud-based backup systems, location tracking, and remote wipe features are advised. Also recommended is to carry a secure hard copy of essential travel documents.

•Restrict Sharing on Social Media Platforms: Given the rise in social media usage, the guide encourages individuals to be mindful of their online sharing habits. Restrict social media post visibility and be cautious about the details shared regarding location or travel plans.

•Use Only Official Websites: Using official airline and hotel apps for updates and notifications is much safer than relying on emails to reduce the risk of falling prey to phishing attempts.

•Maintain Vigilance and Adherence to Security Protocols: Stay aware with continued vigilance, even while on vacation and with a focus on maintaining the safety and security of both individuals and corporate data.

“Do not let the menace of cyber criminals overshadow a well-earned leisure time,” said Eitan Fogel, CEO of CybeReady. “By adhering to these tips and incorporating them into your vacation routine, you can secure a safe and delightful experience.”

About CybeReady: CybeReady offers the world’s most effective security training solution that evolves organizations from security awareness to cyber readiness with no IT effort. CybeReady’s solution engages more employees, more effectively, frequently, and easily. Infused with training expertise and powered by machine learning, CybeReady’s adaptive, easy-to-digest security training content program guarantees to reduce your high-risk employee group by 80%. CybeReady’s solution has been deployed by hundreds of enterprises worldwide, including Kion Group, Skoda Auto, NatWest, SodaStream, ING, Teva Pharmaceuticals, Avid Technology, and others, CybeReady is fully-managed, making it the security awareness training solution with the lowest total cost of ownership (TCO) available today. Founded in 2015, CybeReady is headquartered in Tel Aviv, Israel, with offices in the Silicon Valley and London.

# # #

The number one cybersecurity threat vector is unauthorized access via unused, expired or otherwise compromised access credentials.

Related: The rising role of PAM for small businesses

In the interconnected work environment, where users need immediate access to many platforms on and off-premises to do their jobs, keeping track of user activity and proper on and off-boarding is becoming more and more difficult.

Over 95 percent of cyberattacks are estimated to begin with a threat actor gaining unauthorized access to a computer system via poorly managed access credentials.

The sophistication of cyberattacks is perpetrated through unused, old, expired and otherwise mismanaged access credentials are increasing by the minute, at the same time as it’s becoming challenging to respond to these attacks in an organized and timely manner.

Privileged Access Management (PAM) – which enable granular access and monitor, detect and alerts to unauthorized access through policy guardrails- requires a big cultural shift upon implementation inside organizations that are used to workflow-based access systems or ticket-based systems.

PAM and other legacy access management systems do alert to unauthorized access, but the alerts lack a clear picture of the user’s intent and the context behind the alert.

Today’s alert fatigue is not caused by the sheer number of alerts but by the poor quality of individual alerts.

SaaS platforms have led to very different types of user profiles over the last few years. Users are now dynamic; they move from platform to platform, and their need for access changes continuously. A modern access management system should handle the following:

•Sprawling user roles. Users’ activities — and the varying levels of privileged access required – are growing at the same rate as the infrastructure proliferation.

•Outdated Role-Based Access Controls.  RBAC solutions  provide perpetual access based on a user’s roles – a methodology that has run its course. Even with the addition of zero-trust-based access on a granular level, RBAC is no longer enough.

•The dynamic nature of access. Today’s enterprise users wear multiple hats and use different software with varying privileges. The nature of these privileges has to be dynamic, or the access management system becomes a bottleneck.

•The need for flexibility. A user with a specific level of access may need to temporarily elevate their privilege because they need access to protected data to complete a task. Scaling workflow-based systems to match larger teams’ needs is difficult and creates a chaotic situation with many users simultaneously bombarding the security admins for approval.

•Smarter automation. Some access monitoring solutions rely heavily on automated access controls, such as group policies or other sets of criteria, that will allow access requests to be processed automatically. Automation lacks the intelligence to adapt to changing user behaviors and entitlements.

PAM and SIEM solutions are classic systems built on observability the issue alerts for unauthorized access. But, observability is no longer enough to keep your organization safe.

PAM and SIEM systems can also create a lot of extra noise, and experience shows that they are often not fully implemented. Another problem is that alerts come in after the fact and not in real time. Privileged access abuse is a here-and-now problem that must be addressed as it happens.

This is where a new approach, Automated Moving Target Defense, comes into play. AMTD solutions  can immediately remediate privileged user access abuse in-line. This is accomplished by determining the context and intent behind every user activity.

ATMD provides companies, for the first time, an aggregated view of users, their profiles and activities across different environments which is a big challenge faced by enterprises today.

Here at Inside-Out Defense, for instance, we provide a comprehensive 360-degree view of what every user is doing at any one time, along with an immutable forensic log, thereby enabling enterprises to stay in compliance.

We know that threat actors are constantly becoming more cybersecurity sophisticated as they work to find new avenues for disruption. Current solutions focusing on static signatures of threats often miss a crucial understanding of cyber attackers’ sophisticated yet unknown behaviors.

Organizations  need solutions like ours that can work at scale and in real-time to address some of the most persistent problems in network security.

About the essayist: By Ravi Srivatsav is the  co-founder and CEO of Inside-Out-Defense, a security startup supplying advanced solutions to privilege abuse.

London, UK, June 15, 2023 – Dropblock for mobile launches today, a free, Web3 storage application offering individuals, developers, and business users a unique and completely secure mobile storage and data sharing solution.

Simply download Dropblock today from the App Store or from the Google Play Store to get 5GB of secure blockchain storage for free.

Any data or files that you upload to your Dropblock app are fully secure and private at all times. This means that whatever you upload to your 5GB of free blockchain storage cannot be accessed by anybody else unless you choose to share it with them. Dropblock uses patented data encryption and artificial intelligence (AI) technology, developed by Web3 data storage specialists, OmniIndex.

How does Dropblock’s secure blockchain storage work?

“Data is securely stored in a Dropblock user’s isolated and unchangeable blockchain and is protected at all times by our patented 360-degree encryption technology,” explains Dropblock developer and CEO of OmniIndex, Simon Bain.

“Our unique fully homomorphic encryption (‘FHE’ for short) means that, unlike with end-to-end encryption, files are not exposed to attack when they are searched, analysed, or previewed. The combination of FHE with our Web3 and AI technology means that a user’s data is fully protected from ransomware and other attacks.”

How do you securely share data using Dropblock?

To share a file, Dropblock’s AI generates a unique key which you then share with the other person,” explains Bain. “It is then only possible for that file to be viewed by the person entering that unique encryption key and your Dropblock email address.”

“The recipient can uniquely preview the shared file, and they cannot reshare that file with anybody else. Plus, to ensure maximum security, no decrypted data is stored on the user’s phone when previewing the file.

“Finally, Dropblock also utilises our AI engine to automatically give users secure insights on their encrypted data, including sentiment and context analytics – without ever decrypting the user’s data thanks to our unique encryption and AI technology.”

How can I use Dropblock?

You can download Dropblock for iOS from the App Store or for Android from the Google Play Store now.

For further information on Dropblock for Mobile go to this link. Dropblock for Google Workspace and BigQuery will be available in the near future.

 Media contact: Lawrence Rosenberg/ Alex Henderson/ Martin Fitzgerald/ Sabihah Choudhury, Spreckley PR, +44 (0) 207 388 9988, omniindex@spreckley.co.uk