In the News
Featured
06/13/2024
Microsoft’s Brad Smith acknowledges past security failures, outlines new initiatives
Not everyone was as harsh on Microsoft’s previous mistakes. Jeff Williams, co-founder and chief technology officer at application security software platform provider Contrast Security Inc., noted that “while it’s pretty obvious in hindsight that they made a mistake, I think commentators are judging them without seeing the whole picture.”
“The unfortunate reality is that software is far more complex than most people understand,” he said. “A single application is built from dozens of source code repos, hundreds of open-source libraries, multiple application frameworks, server software and often multiple language platforms. And Microsoft has tens of thousands of applications, each of which has vulnerabilities reported all the time by tools, penetration testers, customers and more.”
05/10/2024
US government intervention in free markets goes way beyond TikTok
“There is a new arms race as the U.S., China, and Russia have stated in their national security strategies that achieving dominance in AI is a priority,” said Tom Kellermann, senior vice president of cyber strategy at Los Altos, California-based Contrast Security. “This race to singularity has been burgeoning for the past five years. This does represent a holistic and long-term effort by the U.S. government.”
05/09/2024
Exposed and Condemned: Russian Lockbit Ransomware Ringleader Revealed, Indicted, Sanctioned, and Banned
Tom Kellermann, SVP of Cyber Strategy at Contrast Security, expressed apprehensions about catching Khoroshev. He told Spiceworks, “Mr. Khoroshev is untouchable from Western law enforcement. He enjoys a protection racket with FSB and GRU. He is seen as a national asset and leader of a cyber militia. Ransomware payments must be banned and likened to sanctions evasion.”
05/08/2024
CI/CD pipelines and the cloud: Are your development secrets at risk?
Naomi Buckwalter, director of product security at Contrast Security, said the problem is rooted in the fact that CI/CD security has historically been overlooked by busy security teams.
"After all, development and operations teams generally 'own' what goes on within their build pipelines, and security teams don't necessarily want to be overly prescriptive when it comes to how software is built at their organizations. Indeed, the phrase 'staying in your lane' comes to mind when talking about CI/CD security."
—Naomi Buckwalter
05/08/2024
UnitedHealth's 'egregious negligence' led to Change Healthcare ransomware infection
INTERVIEW The cybersecurity practices that led up to the stunning Change Healthcare ransomware infection indicate "egregious negligence" on the part of parent company UnitedHealth, according to Tom Kellermann, SVP of cyber strategy at Contrast Security.
During the attack, ALPHV aka BlackCat criminals made it into the medical corporation's IT systems, stole a ton of protected health data, and then brought hospitals and pharmacies' prescription and billing services to a standstill, preventing patients from receiving medications and treatment as expected.
Kellermann spoke to The Register about the snafu after UnitedHealth CEO Andrew Witty testified to US lawmakers about how ALPHV's affiliates used stolen credentials to remotely access a Citrix portal that didn't have multi-factor authentication enabled.
05/08/2024
CI/CD pipelines and the cloud: Are your development secrets at risk?
David Lindner, CISO at Contrast Security, said it's not a great idea to store secrets in environment variables because they lack sufficient security controls, and rely solely on access controls to the running machine.
"Environment variables are typically easily accessible by any process running on the same machine, making them vulnerable to exposure if an attacker gains access to the machine. They can leak through accidental logging, inclusion in debugging dumps, or be visible in process listings."
—David Lindner
Storing secrets in environment variables also makes managing and rotating them across different environments more difficult, Lindner added.
05/08/2024
UnitedHealth's 'egregious negligence' led to Change Healthcare ransomware infection
"I'm blown away by the fact that they weren't using multi-factor authentication," Kellermann told The Register. "I'm blown away that the networks weren't segmented. And I'm blown away that they didn't conduct threat hunting robustly into that environment knowing that they had been compromised. I think it's egregious negligence, frankly."
05/07/2024
2024 Verizon DBIR: Major Surge in Unpatched Vulnerability Exploitation Due to MOVEit, Most Breaches Involve Non-Malicious Human Error
Tom Kellermann, SVP of Cyber Strategy at Contrast Security, sees the Russia issue as the central point to address: “Ransomware groups enjoy a pax mafioso with Russian intelligence services. The cybercriminals not only enjoy protection from prosecution, but they are armed with zero days by Russian intel to sow havoc in western cyberspace thus creating a free fire zone.”
05/07/2024
City of Wichita Public Services Disrupted After Ransomware Attack
Tom Kellermann, senior vice president of cyber strategy at security firm Contrast Security, suggested that Russia state-sponsored actors may be behind the attacks, as they have "punitively escalated their destructive attacks against U.S. cities as revenge" for a recently passed Congressional aid package for Ukraine. However, no culprit for the attack has yet been identified.
05/02/2024
Demo: A free tool for generating an SBOM
If software were a plate of food, its “bill of materials” would let eaters know which ingredients are fresh, and which ones have reached their sell-by date.
Naomi Buckwalter, director of product security at Contrast Security, recently demo’d the company’s free tool—software composition analysis (SCA)—for generating the ingredient list known as a software bill of materials, or SBOM.
05/02/2024
Global cybersecurity agencies issue alert on threat to OT systems from pro-Russia hacktivist activity
Commenting on the fact sheet, Tom Kellermann, senior vice president of cyber strategy at Contrast Security, wrote in an emailed statement “These are not hacktivists. Rather, they are cyber militias, and their attacks are geared to poisoning the U.S. water supply. Water utilities have never been sufficiently funded for cybersecurity, and now they are on the front lines.”
He added that the U.S. government must endow cybersecurity grants to these critical infrastructures, “as we face a clear and present danger.”
05/02/2024
Pro-Russia hackers target OT weaknesses in critical infrastructure
Tom Kellermann, senior vice president of cyber strategy at Contrast Security, said those responsible for the spate of critical infrastructure attacks should not be described as “hacktivists."
“Rather, they are cyber militias, and their attacks are geared to poisoning the U.S. water supply,” he said.
“Water utilities have never been sufficiently funded for cybersecurity, and now they are on the front lines. The U.S. government must endow cybersecurity grants to these critical infrastructures, as we face a clear and present danger.”
05/02/2024
Ukrainian National Sentenced for Role in REvil Ransomware Operation
Contrast Security Senior Vice President of Cyber Strategy, Tom Kellermann, stated: “The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups. REvil was top of the list.”