Tag Archives: BitGlass

Bad Rabbit is Crippling Networks: 10Fold Clients Have Answers

Bad Rabbit is a ransomware system that has been tearing apart parts of Eastern Europe since Tuesday, including three Russian websites, an airport in Ukraine and an underground railway in the capital city, Kiev. It’s methods are quite similar to the Petya and WannaCry disasters from earlier this year, but as of now has not caused quite as much damage. But while the outbreak has not yet racked up as much damage as its predecessors, many experts are warning it’s practically anyone’s guess as to how far the malware could actually spread.

Security experts have been pushing the same ideas as with previous ransomware attacks regarding the need for enterprise users to better secure their networks. Bitglass CEO Rich Campagna told SiliconANGLE: “The danger in new ransomware variants is the potential for spread to vulnerable devices. Where endpoints are not yet updated to detect these zero-day attacks, cloud app threat protection can serve as an organization’s first line of defense. As ransomware evolves and becomes more potent, the ability to identify malware in the cloud based on the characteristics of a file as opposed to hash or signature-based scans can prove critical.”

RELATED: WiFi Systems Exposed with KRACK, 10Fold Clients Comment

VP of Product and Design at Balbix Manoj Asnani commented on the situation, claiming that organizations seeking a defense against attacks such as Bad Rabbit, must maintain “instant visibility” of which systems and assets are vulnerable to third party access or attack. He elaborates; “Security teams must have automated systems in place that can continuously monitor these type of attack vectors and provide vital information instantly when needed. Organizations without automation in place are at a huge defensive disadvantage against fast-spreading malware like this.”

Gain some good insights from this piece? Check out some of our other content here.

WiFi Systems Exposed with KRACK, 10Fold Clients Comment

“Recent WiFi exploit causes reflections on internet security”

What is KRACK?

A recent security flaw in WPA2, the security protocol for most modern WiFi systems, could allow an attacker to steal sensitive data including emails, credit card numbers and passwords. The exploit was found and announced by researchers at Belgian university KU Leuven reported Monday.

Depending on the network configuration, the flaw also could allow an attacker to inject or manipulate information in the system — for example, inject ransomware or other malware into websites being used.

RELATED: 10Fold Clients Weigh in on Yahoo’s Ultimate Failure

10Fold Clients and security experts commented on the security flaw:

Fundamental flaws that impact all Web users like KRACK are “incredibly rare” but not unprecedented, said Rich Campagna, CEO of Bitglass. The Heartbleed vulnerability, which surfaced in 2014, is another example of a flaw that had widespread impact across the spectrum, he told TechNewsWorld.

He elaborated in the SiliconAngle: “This vulnerability speaks to the importance of ensuring that all connections from endpoints leverage strong encryption, such as the latest versions of Transport Layer Security,” he said. “Intermediary proxies can ensure that regardless of what the application supports, all connections from end-user devices leverage strong encryption.”

Gaurav Banga, CEO of Balbix, also discussed the attack exploiting the WPA2 flaw would require an adversary to be close to the target: “Remember that many public networks are wide open anyway, and enterprises expect TLS (HTTPS) and VPNs to provide the real protection, even if WiFi is open wide,” he told TechNewsWorld. “Perhaps this is why the vulnerability disclosure was not taken very seriously until this week.”

Bitglass is a total data protection company, a global cloud access security broker (CASB), and agentless mobile security company based in Silicon Valley.

Balbix produces a predictive breach risk platform to leverage predictive analytics and AI to provide enterprises with a comprehensive and continuous risk and resilience calculation.

Enjoy your read? Check out our other content here.

Into the Fold – BitGlass

Headquartered in Campbell, California, BitGlass is a cloud security firm whose products enable the ultimate encompassing of contextual control of data access. From any device, even unmanaged devices where agents can’t be deployed, enterprises can wipe data from lost, stolen, or deprovisioned devices. Users can detect and block potentially threatening user behaviors, such as a hacker (or even a rogue privileged user) login in from new devices or locations. CEO Rich Campagna was senior director of product management at F5 Networks responsible for access security prior to joining Bitglass, where he began as SVP Products and Marketing before assuming the position of CEO.

Many firms have taken advantage of the unique capabilities of BitGlass products, including Arapahoe House, and many others. 10Fold is honored to support BitGlass elevate its’ brand and thought leadership, including helping to obtain the 2016-2017 Cloud Awards Security Innovation of the Year, Best Cloud Security Product, and Best Cybersecurity Startup.

Find recent press coverage of BitGlass here. To learn more about BitGlass and its products, watch this short video:

Security Never Sleeps- BitGlass Talks Infosec, Equifax Failure

OurMine hacks video hosting service Vevo; leaks 3.12TB data online

“White hat hacking group strikes again”

The self proclaimed White Hat Hacking group OurMine is back in the news and this time it has targeted Vevo and released nearly 3.12TB of its internal data online. According to analysis, some of the documents released online are of sensitive nature.

Rich Campagna, CEO of 10Fold client Bitglass has commented on situations likes this before, saying that: “Acquiring credentials to access sensitive data is increasingly easy and incredibly lucrative for today’s hackers. The ease with which credentials can be compromised starts with risky behavior among users. Many end-users, for example, have a habit of recycling passwords across corporate and personal accounts, including personal social media, banking, and corporate email. This practice poses a risk to all data accessible to that user.”

EQUIFAX OFFICIALLY HAS NO EXCUSE

“Over a week of failures has taken its toll”

Incompetence, failures, and general shady behavior in responding to its massive data breach from Equifax has confirmed that attackers entered its system in mid-May through a web-application vulnerability that had a patch available in March. In other words, the credit-reporting giant had more than two months to take precautions that would have defended the personal data of 143 million people from being exposed. It didn’t.

Northern Exposure: Data on 600K Alaskan Voters is Leaked

“Personal details leaked”

Researchers at Kromtech Security Center have discovered the personal details of over half a million US voters exposed to the public internet, once again thanks to a misconfigured database. It was a CouchDB database of 593,328 Alaskan voter records including names, addresses, dates of birth, voting preferences, household income and much more. The data in question is part of Voterbase; a larger trove of info on 191 million voters and 58m unregistered US voters managed by a TargetSmart.

Enjoy your read? Check out our other content here.